ikazra
asked on
GWIA Issue
Hello,
I am having an issue with gwia authentication for all of my users. The problem started seemingly randomly, I am running groupwise 7 on a SLES 9 box. When users attempt to login to gwia it actsas though they have incorrectly entered the username/password (please login again...you must have typed username/pw incorrect). After several attemps its locks the mailbox for 15 minutes as it would usually do if incorrect credentials had been entered. I am not sure where to even start as nothing has changed as far as I know. - Additional info - the groupwise client does work internally but attempting to access gwia internally either via domain name or internal ip net the same result.
Any help will be greatly appriciated.
Thanks
I am having an issue with gwia authentication for all of my users. The problem started seemingly randomly, I am running groupwise 7 on a SLES 9 box. When users attempt to login to gwia it actsas though they have incorrectly entered the username/password (please login again...you must have typed username/pw incorrect). After several attemps its locks the mailbox for 15 minutes as it would usually do if incorrect credentials had been entered. I am not sure where to even start as nothing has changed as far as I know. - Additional info - the groupwise client does work internally but attempting to access gwia internally either via domain name or internal ip net the same result.
Any help will be greatly appriciated.
Thanks
ASKER
Sorry for the confusion, I just worded my question improperly. They can not authenticate with webaccess, that is my entire issue. They do not actually access the gwia backend. Using the groupwise client internally works fine. I have not installed any updates or changed anything, it just seemingly stopped working about 4 days ago.
Try the following:
Do you see the WebAccess login screen? If so that means apache2 and tomcat are working and we can move to the following:
rcgrpwise status which will tell you the status of all of the agents. Look for one probably call webac70a or webacc or <yourdomainname.webac70a>. What is the status (running, failed, unused)?
If you don't see the WebAccess login screen try these:
next rcapache2 status is it running, failed, unused?
next rcnovell-tomcat (4 or 5 I'm not sure which number to add to tomcat) status is it running or not?
Assuming you get the WebAccess login screen, what is the error you get when trying to login to Webaccess?
Thanks for clarifying the login problem...I didn't think you meant GWIA but wasn't sure and I didn't want to assume.
Scott
Do you see the WebAccess login screen? If so that means apache2 and tomcat are working and we can move to the following:
rcgrpwise status which will tell you the status of all of the agents. Look for one probably call webac70a or webacc or <yourdomainname.webac70a>.
If you don't see the WebAccess login screen try these:
next rcapache2 status is it running, failed, unused?
next rcnovell-tomcat (4 or 5 I'm not sure which number to add to tomcat) status is it running or not?
Assuming you get the WebAccess login screen, what is the error you get when trying to login to Webaccess?
Thanks for clarifying the login problem...I didn't think you meant GWIA but wasn't sure and I didn't want to assume.
Scott
ASKER
I do see the web access screen. When I enter correct credentials and attempt to login I recieve the error "Please login again, you may have typed your name or password incorrectly." After a few failed attempts at this it locks the mailbox for 15 minutes as it should do with an incorrect password entry. Running rcgrpwise status shows me that webac70a status is "done"
Thanks for the quick reply and the patience...I am an exchange guy trying to fix a group wise problem.
Thanks for the quick reply and the patience...I am an exchange guy trying to fix a group wise problem.
ok. The problem is in the apache web server. Find the webacc.cfg file (may have to do a find / -name webacc.cfg in a shell prompt). Once you find it, open it with an editor and go looking for a security.useclientIP=true (that may not be the exact but it will be close enough to take you to the right place in the file). Change it to false and then wait a few minutes. Apache and Tomcat refresh every 10 minutes or so. Or you can do a rcapache2 restart and a rcnovell-tomcat(with a number) restart
Then try and login.
Let me know.
Scott
Then try and login.
Let me know.
Scott
ASKER
I found the security.useclientIP=true and changed that to false, restarted apache and tomcat, and I am still getting the same thing at webaccess.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I get a 503 service unavailable error when i try to go to the specified port number.
ASKER
ASKER
Another thing - When i go to port 7211using the servers name it gives me an authentication dialog box, none of my credentials will work in this box though.
Go back to ConsoleOne, highlight the WebAccess gateway object and right click properties and then look for the GroupWise tab where you'll find Optional Gateway settings. At the bottom of that screen you'll find the http user and password. Change the user account to whatever entity you want and password (this shouldn't be a GW or eDirectory user, rather just a name and password you'll remember). After clicking OK, wait about 3 or so minutes and then try the login again.
You can do the above to all of the agents as you need in basically the same place in C1.
Scott
You can do the above to all of the agents as you need in basically the same place in C1.
Scott
ASKER
Hmm... we have three gateways listed, i changed the username and password for http access on all three, have waited several minutes and none of them work.
Do you get a windows login prompt? You may have to go into the /opt/novell/groupwise/agen ts/share directory on your SLES box and edit the webac70a.waa and add your username and password to the http section. Then type rcgrpwise stop webac70a and press enter. Wait for the gateway to shutdown and then type rcgrpwise start webac70a (enter) and wait for it to start up. Then go back to the browser and give it a try.
Another thing you may have to end up doing is rebuild the domain database. There is a possibility that something in the domain database for the domain that houses your WebAccess gateway (and others too) is corrupted or beginning to get corrupted. It is an easy process but the gateways and the MTA must be down in order to do the rebuild. Usually takes less than 5 minutes so if you can't get into WebAccess or the web console, a rebuild will likely be in the cards.
Another thing you may have to end up doing is rebuild the domain database. There is a possibility that something in the domain database for the domain that houses your WebAccess gateway (and others too) is corrupted or beginning to get corrupted. It is an easy process but the gateways and the MTA must be down in order to do the rebuild. Usually takes less than 5 minutes so if you can't get into WebAccess or the web console, a rebuild will likely be in the cards.
ASKER
I am no able to get to the web console and look at logs (thanks for bearing with me on that, your instructions were great) i restarted it so here is a fresh log file:
04-02-09 16:32:12 ***** WebAccess Configuration Information *****
04-02-09 16:32:12
04-02-09 16:32:12 General Settings:
04-02-09 16:32:12 Agent Version: 7.0.1 (6/13/2006)
04-02-09 16:32:12 Gateway Home Directory: /mail/nsddom/wpgate/webac7 0a
04-02-09 16:32:12 Linux Release 2.6.5-7.287.3-bigsmp
04-02-09 16:32:12 SNMP: Disabled
04-02-09 16:32:12 Work Directory: /opt/novell/groupwise/agen ts/share/t mpFiles
04-02-09 16:32:12
04-02-09 16:32:12 Log Settings:
04-02-09 16:32:12 Log File: /var/log/novell/groupwise/ nsd_domain .webac70a/ 000.prc/04 02web.004
04-02-09 16:32:12 Log Level: NORMAL
04-02-09 16:32:12 Max Log File Age (days): 7
04-02-09 16:32:12 Max Log Disk Space (kb): 65536
04-02-09 16:32:12
04-02-09 16:32:12 Client/Server Settings:
04-02-09 16:32:13 IP Address: server
04-02-09 16:32:13 TCP Port for Incoming Connections: 7205
04-02-09 16:32:13 Client/Server over SSL: Enabled
04-02-09 16:32:13 WebConsole: Enabled
04-02-09 16:32:13 WebConsole Url: https://server:7211
04-02-09 16:32:13
04-02-09 16:32:13 Performance Settings:
04-02-09 16:32:13 Processing Threads: 12 (Default)
04-02-09 16:32:13 Maximum users: 250
04-02-09 16:32:14 ************************** ********** ********** ********** ********
04-02-09 16:32:14 Warning: Public Userid for WebPublisher not configured
04-02-09 16:32:14 GWDVA is initialized and running
04-02-09 16:32:14 WebAccess Server is ready for work
04-02-09 16:33:26 Login failed: randomuser
the only thing i changed was the servername/ip and username for logon failure
Thanks
04-02-09 16:32:12 ***** WebAccess Configuration Information *****
04-02-09 16:32:12
04-02-09 16:32:12 General Settings:
04-02-09 16:32:12 Agent Version: 7.0.1 (6/13/2006)
04-02-09 16:32:12 Gateway Home Directory: /mail/nsddom/wpgate/webac7
04-02-09 16:32:12 Linux Release 2.6.5-7.287.3-bigsmp
04-02-09 16:32:12 SNMP: Disabled
04-02-09 16:32:12 Work Directory: /opt/novell/groupwise/agen
04-02-09 16:32:12
04-02-09 16:32:12 Log Settings:
04-02-09 16:32:12 Log File: /var/log/novell/groupwise/
04-02-09 16:32:12 Log Level: NORMAL
04-02-09 16:32:12 Max Log File Age (days): 7
04-02-09 16:32:12 Max Log Disk Space (kb): 65536
04-02-09 16:32:12
04-02-09 16:32:12 Client/Server Settings:
04-02-09 16:32:13 IP Address: server
04-02-09 16:32:13 TCP Port for Incoming Connections: 7205
04-02-09 16:32:13 Client/Server over SSL: Enabled
04-02-09 16:32:13 WebConsole: Enabled
04-02-09 16:32:13 WebConsole Url: https://server:7211
04-02-09 16:32:13
04-02-09 16:32:13 Performance Settings:
04-02-09 16:32:13 Processing Threads: 12 (Default)
04-02-09 16:32:13 Maximum users: 250
04-02-09 16:32:14 **************************
04-02-09 16:32:14 Warning: Public Userid for WebPublisher not configured
04-02-09 16:32:14 GWDVA is initialized and running
04-02-09 16:32:14 WebAccess Server is ready for work
04-02-09 16:33:26 Login failed: randomuser
the only thing i changed was the servername/ip and username for logon failure
Thanks
Looks like it is behaving normally except for the fact that you can't login.
Can you open the /opt/novell/groupwise/agen ts/share/w ebac70a.wa a file and look for the /loglevel (or perhaps --loglevel) and unremark it by removing the ; plus remove the text to the right of the hyphen and replace that text with verbose so it will look like:
/loglevel-verbose or --loglevel-verbose
Then save and exit the file (if you're using the vi utility it will be :wq enter) then rcgrpwise stop webac70a wait for it to stop and then rcgrpwise start webac70a.
Then try and login and look at the log file just like what you've posted. Hopefully in verbose mode, we'll be able to see more information for error code searching. If that doesn't offer anything, we'll proceed with a database rebuild. Are you onsite and perhaps callable for me to walk you through a rebuild?
Can you open the /opt/novell/groupwise/agen
/loglevel-verbose or --loglevel-verbose
Then save and exit the file (if you're using the vi utility it will be :wq enter) then rcgrpwise stop webac70a wait for it to stop and then rcgrpwise start webac70a.
Then try and login and look at the log file just like what you've posted. Hopefully in verbose mode, we'll be able to see more information for error code searching. If that doesn't offer anything, we'll proceed with a database rebuild. Are you onsite and perhaps callable for me to walk you through a rebuild?
ASKER
The log level now shows as verbose but the error is still just login failed. I am not onsite but have remote access to everything.
ASKER
One thing that I find confusing is that users can connect internally with the groupwise client, I would think that this would mean that there wasn't an issue with the database, but I don't really know.
Thanks
Thanks
I'll try to walk you through the domain database rebuild.
1) in a shell prompt type rcgrpwise status and copy down the name of the domain, the gwia, the webaccess (which we know is webac70a).
2) type rcgrpwise stop domain name then enter to stop the MTA
3) type rcgrpwise stop <the name of gwia>
4) type rcgrpwise stop webac70a
5) In ConsoleOne, find the domain that houses the webaccess and right click GroupWise Utilities | System Maintenance. Click the rebuild database and then click run. A box will appear with the path to where the database is located. Change this path to /tmp and then click ok to rebuild the db...if you get any error, please post them.
6) If you don't get any error or message other than database rebuild complete/successful, close out of the rebuild utility and then close ConsoleOne. Open a shell prompt and cd to the directory where the GroupWise domain database/directory is located.
7) Confirm (by typing ls wpdomain.db then enter) that you see a wpdomain.db file in the domain directory we just rebuild. If so, type mv wpdomain.db wpdomain.402 and press enter.
8) Confirm that you see wpdomain.402 by typing ls in the same directory.
9) Type mv /tmp/wpdomain.db . (single period). That puts the rebuilt database into place.
10) Repeat step 7 except for the rename part.
11) type rcgrpwise start name of domain wait for the green "done" then do the same for the gwia and the webaccesss.
12) When you're done reloading the agents, type ps -ef | grep gw and confirm that you see a process running webac70a.waa, one running gwia.cfg and one running domain mta.
By rebuilding the file to a separate location, you're protecting the one that is inplace and possibly broken.
Scott
1) in a shell prompt type rcgrpwise status and copy down the name of the domain, the gwia, the webaccess (which we know is webac70a).
2) type rcgrpwise stop domain name then enter to stop the MTA
3) type rcgrpwise stop <the name of gwia>
4) type rcgrpwise stop webac70a
5) In ConsoleOne, find the domain that houses the webaccess and right click GroupWise Utilities | System Maintenance. Click the rebuild database and then click run. A box will appear with the path to where the database is located. Change this path to /tmp and then click ok to rebuild the db...if you get any error, please post them.
6) If you don't get any error or message other than database rebuild complete/successful, close out of the rebuild utility and then close ConsoleOne. Open a shell prompt and cd to the directory where the GroupWise domain database/directory is located.
7) Confirm (by typing ls wpdomain.db then enter) that you see a wpdomain.db file in the domain directory we just rebuild. If so, type mv wpdomain.db wpdomain.402 and press enter.
8) Confirm that you see wpdomain.402 by typing ls in the same directory.
9) Type mv /tmp/wpdomain.db . (single period). That puts the rebuilt database into place.
10) Repeat step 7 except for the rename part.
11) type rcgrpwise start name of domain wait for the green "done" then do the same for the gwia and the webaccesss.
12) When you're done reloading the agents, type ps -ef | grep gw and confirm that you see a process running webac70a.waa, one running gwia.cfg and one running domain mta.
By rebuilding the file to a separate location, you're protecting the one that is inplace and possibly broken.
Scott
ASKER
Everything went well with the rebuild, new file is in place, all services started back up. Still same problem.
If you're still available tonight, send me an email to skunau-at-igtg-dot-net and we'll figure out a way for me to remote in and look. Otherwise, I'm available Friday morning.
One question:
When using the groupwise client, are the users authenticated to eDirectory, and is the POst office set to allow authenticated users to access Groupwise?
Or, are they using their Groupwise password to log in (not the eDirectory password - those are two different things) Becuase Webaccess will only authenticate a user with the Groupwise password, not the eDirectory password.
When using the groupwise client, are the users authenticated to eDirectory, and is the POst office set to allow authenticated users to access Groupwise?
Or, are they using their Groupwise password to log in (not the eDirectory password - those are two different things) Becuase Webaccess will only authenticate a user with the Groupwise password, not the eDirectory password.
Is the login problem with WebAccess solved? If so, what did it take to get it working?
Are you having the same issue with WebAccess and user authentication?
Scott