Solved

GWIA Issue

Posted on 2009-04-01
22
1,292 Views
Last Modified: 2013-12-05
Hello,

I am having an issue with gwia authentication for all of my users.  The problem started seemingly randomly,  I am running groupwise 7 on a SLES 9 box.  When users attempt to login to gwia it actsas though they have incorrectly entered the username/password (please login again...you must have typed username/pw incorrect).  After several attemps its locks the mailbox for 15 minutes as it would usually do if incorrect credentials had been entered.  I am not sure where to even start as nothing has changed as far as I know.  - Additional info - the groupwise client does work internally but attempting to access gwia internally either via domain name or internal ip net the same result.

Any help will be greatly appriciated.

Thanks
0
Comment
Question by:ikazra
  • 11
  • 10
22 Comments
 
LVL 18

Expert Comment

by:ZENandEmailguy
Comment Utility
What is the purpose for your users to access the GWIA with login and password?  IMAP or POP?  Has this worked in the past?  What has changed in the past few days with regards to patches, updates, etc. on the server?

Are you having the same issue with WebAccess and user authentication?

Scott
0
 

Author Comment

by:ikazra
Comment Utility
Sorry for the confusion, I just worded my question improperly.  They can not authenticate with webaccess, that is my entire issue.  They do not actually access the gwia backend.  Using the groupwise client internally works fine.  I have not installed any updates or changed anything, it just seemingly stopped working about 4 days ago.
0
 
LVL 18

Expert Comment

by:ZENandEmailguy
Comment Utility
Try the following:

Do you see the WebAccess login screen?  If so that means apache2 and tomcat are working and we can move to the following:

rcgrpwise status which will tell you the status of all of the agents.  Look for one probably call webac70a or webacc or <yourdomainname.webac70a>.  What is the status (running, failed, unused)?

If you don't see the WebAccess login screen try these:

next rcapache2 status  is it running, failed, unused?
next rcnovell-tomcat (4 or 5 I'm not sure which number to add to tomcat) status  is it running or not?

Assuming you get the WebAccess login screen, what is the error you get when trying to login to Webaccess?

Thanks for clarifying the login problem...I didn't think you meant GWIA but wasn't sure and I didn't want to assume.

Scott
0
 

Author Comment

by:ikazra
Comment Utility
I do see the web access screen.  When I enter correct credentials and attempt to login I recieve the error "Please login again, you may have typed your name or password incorrectly."  After a few failed attempts at this it locks the mailbox for 15 minutes as it should do with an incorrect password entry.  Running rcgrpwise status shows me that webac70a status is "done"

Thanks for the quick reply and the patience...I am an exchange guy trying to fix a group wise problem.
0
 
LVL 18

Expert Comment

by:ZENandEmailguy
Comment Utility
ok.  The problem is in the apache web server.  Find the webacc.cfg file (may have to do a find / -name webacc.cfg in a shell prompt).  Once you find it, open it with an editor and go looking for a security.useclientIP=true (that may not be the exact but it will be close enough to take you to the right place in the file).  Change it to false and then wait a few minutes.  Apache and Tomcat refresh every 10 minutes or so.  Or you can do a rcapache2 restart and a rcnovell-tomcat(with a number) restart

Then try and login.

Let me know.

Scott
0
 

Author Comment

by:ikazra
Comment Utility
I found the security.useclientIP=true and changed that to false, restarted apache and tomcat, and I am still getting the same thing at webaccess.
0
 
LVL 18

Accepted Solution

by:
ZENandEmailguy earned 500 total points
Comment Utility
Can you open the WebAccess web console by going to http://<yourserverIP>:7211 and getting into the logs and seeing what the exact error code or error words are showing up.  If you don't see anything that is helpful, check to see that you are in verbose logging for the agent by opening ConsoleOne, going to the domain that is hosting the WebAccess agent, right click Properties | GroupWise tab and logging and change to Verbose.  Wait about 2-3 minutes and then try to login and then check the logs again.

Thanks.
0
 

Author Comment

by:ikazra
Comment Utility
I get a 503 service unavailable error when i try to go to the specified port number.
0
 

Author Comment

by:ikazra
Comment Utility
One thing i did notice though is it redirects me to https:// when i attempt to access that port through http://

I don't know if that is usual behavior for that or not.

Thanks
0
 

Author Comment

by:ikazra
Comment Utility
Another thing - When i go to port 7211using the servers name it gives me an authentication dialog box, none of my credentials will work in this box though.
0
 
LVL 18

Expert Comment

by:ZENandEmailguy
Comment Utility
Go back to ConsoleOne, highlight the WebAccess gateway object and right click properties and then look for the GroupWise tab where you'll find Optional Gateway settings.  At the bottom of that screen you'll find the http user and password.  Change the user account to whatever entity you want and password (this shouldn't be a GW or eDirectory user, rather just a name and password you'll remember).  After clicking OK, wait about 3 or so minutes and then try the login again.

You can do the above to all of the agents as you need in basically the same place in C1.

Scott
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:ikazra
Comment Utility
Hmm... we have three gateways listed, i changed the username and password for http access on all three, have waited several minutes and none of them work.
0
 
LVL 18

Expert Comment

by:ZENandEmailguy
Comment Utility
Do you get a windows login prompt?  You may have to go into the /opt/novell/groupwise/agents/share directory on your SLES box and edit the webac70a.waa and add your username and password to the http section.  Then type rcgrpwise stop webac70a and press enter.  Wait for the gateway to shutdown and then type rcgrpwise start webac70a (enter) and wait for it to start up.  Then go back to the browser and give it a try.

Another thing you may have to end up doing is rebuild the domain database.  There is a possibility that something in the domain database for the domain that houses your WebAccess gateway (and others too) is corrupted or beginning to get corrupted.  It is an easy process but the gateways and the MTA must be down in order to do the rebuild.  Usually takes less than 5 minutes so if you can't get into WebAccess or the web console, a rebuild will likely be in the cards.
0
 

Author Comment

by:ikazra
Comment Utility
I am no able to get to the web console and look at logs (thanks for bearing with me on that, your instructions were great)  i restarted it so here is a fresh log file:

04-02-09 16:32:12 ***** WebAccess Configuration Information *****
04-02-09 16:32:12  
04-02-09 16:32:12 General Settings:
04-02-09 16:32:12   Agent Version: 7.0.1  (6/13/2006)
04-02-09 16:32:12   Gateway Home Directory: /mail/nsddom/wpgate/webac70a
04-02-09 16:32:12 Linux Release 2.6.5-7.287.3-bigsmp
04-02-09 16:32:12   SNMP: Disabled
04-02-09 16:32:12   Work Directory: /opt/novell/groupwise/agents/share/tmpFiles
04-02-09 16:32:12  
04-02-09 16:32:12 Log Settings:
04-02-09 16:32:12   Log File: /var/log/novell/groupwise/nsd_domain.webac70a/000.prc/0402web.004
04-02-09 16:32:12   Log Level: NORMAL
04-02-09 16:32:12   Max Log File Age (days): 7
04-02-09 16:32:12   Max Log Disk Space (kb): 65536
04-02-09 16:32:12  
04-02-09 16:32:12 Client/Server Settings:
04-02-09 16:32:13   IP Address: server
04-02-09 16:32:13   TCP Port for Incoming Connections: 7205
04-02-09 16:32:13   Client/Server over SSL: Enabled
04-02-09 16:32:13   WebConsole: Enabled
04-02-09 16:32:13   WebConsole Url: https://server:7211
04-02-09 16:32:13  
04-02-09 16:32:13 Performance Settings:
04-02-09 16:32:13   Processing Threads: 12 (Default)
04-02-09 16:32:13   Maximum users: 250
04-02-09 16:32:14 ****************************************************************
04-02-09 16:32:14 Warning: Public Userid for WebPublisher not configured
04-02-09 16:32:14 GWDVA is initialized and running
04-02-09 16:32:14 WebAccess Server is ready for work
04-02-09 16:33:26 Login failed: randomuser


the only thing i changed was the servername/ip and username for logon failure

Thanks
0
 
LVL 18

Expert Comment

by:ZENandEmailguy
Comment Utility
Looks like it is behaving normally except for the fact that you can't login.

Can you open the /opt/novell/groupwise/agents/share/webac70a.waa file and look for the /loglevel (or perhaps --loglevel) and unremark it by removing the ; plus remove the text to the right of the hyphen and replace that text with verbose so it will look like:

/loglevel-verbose  or --loglevel-verbose

Then save and exit the file (if you're using the vi utility it will be :wq enter)  then rcgrpwise stop webac70a wait for it to stop and then rcgrpwise start webac70a.

Then try and login and look at the log file just like what you've posted.  Hopefully in verbose mode, we'll be able to see more information for error code searching.  If that doesn't offer anything, we'll proceed with a database rebuild.  Are you onsite and perhaps callable for me to walk you through a rebuild?
0
 

Author Comment

by:ikazra
Comment Utility
The log level now shows as verbose but the error is still just login failed.  I am not onsite but have remote access to everything.  
0
 

Author Comment

by:ikazra
Comment Utility
One thing that I find confusing is that users can connect internally with the groupwise client, I would think that this would mean that there wasn't an issue with the database, but I don't really know.


Thanks
0
 
LVL 18

Expert Comment

by:ZENandEmailguy
Comment Utility
I'll try to walk you through the domain database rebuild.

1) in a shell prompt type rcgrpwise status and copy down the name of the domain, the gwia, the webaccess (which we know is webac70a).

2) type rcgrpwise stop domain name then enter to stop the MTA
3) type rcgrpwise stop <the name of gwia>
4) type rcgrpwise stop webac70a

5) In ConsoleOne, find the domain that houses the webaccess and right click GroupWise Utilities | System Maintenance.  Click the rebuild database and then click run.  A box will appear with the path to where the database is located.  Change this path to /tmp and then click ok to rebuild the db...if you get any error, please post them.

6) If you don't get any error or message other than database rebuild complete/successful, close out of the rebuild utility and then close ConsoleOne.  Open a shell prompt and cd to the directory where the GroupWise domain database/directory is located.

7) Confirm (by typing ls wpdomain.db then enter) that you see a wpdomain.db file in the domain directory we just rebuild.  If so, type mv wpdomain.db wpdomain.402 and press enter.

8) Confirm that you see wpdomain.402 by typing ls in the same directory.

9) Type mv /tmp/wpdomain.db . (single period).  That puts the rebuilt database into place.

10) Repeat step 7 except for the rename part.

11) type rcgrpwise start name of domain wait for the green "done" then do the same for the gwia and the webaccesss.

12) When you're done reloading the agents, type ps -ef | grep gw and confirm that you see a process running webac70a.waa, one running gwia.cfg and one running domain mta.

By rebuilding the file to a separate location, you're protecting the one that is inplace and possibly broken.

Scott

0
 

Author Comment

by:ikazra
Comment Utility
Everything went well with the rebuild, new file is in place, all services started back up.  Still same problem.  
0
 
LVL 18

Expert Comment

by:ZENandEmailguy
Comment Utility
If you're still available tonight, send me an email to skunau-at-igtg-dot-net and we'll figure out a way for me to remote in and look.  Otherwise, I'm available Friday morning.
0
 

Expert Comment

by:bekito
Comment Utility
One question:

When using the groupwise client, are the users authenticated to eDirectory, and is the POst office set to allow authenticated users to access Groupwise?  

Or, are they using their Groupwise password to log in (not the eDirectory password - those are two different things) Becuase Webaccess will only authenticate a user with the Groupwise password, not the eDirectory password.  
0
 
LVL 18

Expert Comment

by:ZENandEmailguy
Comment Utility
Is the login problem with WebAccess solved?  If so, what did it take to get it working?
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now