• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1332
  • Last Modified:

GWIA Issue

Hello,

I am having an issue with gwia authentication for all of my users.  The problem started seemingly randomly,  I am running groupwise 7 on a SLES 9 box.  When users attempt to login to gwia it actsas though they have incorrectly entered the username/password (please login again...you must have typed username/pw incorrect).  After several attemps its locks the mailbox for 15 minutes as it would usually do if incorrect credentials had been entered.  I am not sure where to even start as nothing has changed as far as I know.  - Additional info - the groupwise client does work internally but attempting to access gwia internally either via domain name or internal ip net the same result.

Any help will be greatly appriciated.

Thanks
0
ikazra
Asked:
ikazra
  • 11
  • 10
1 Solution
 
ZENandEmailguyCommented:
What is the purpose for your users to access the GWIA with login and password?  IMAP or POP?  Has this worked in the past?  What has changed in the past few days with regards to patches, updates, etc. on the server?

Are you having the same issue with WebAccess and user authentication?

Scott
0
 
ikazraAuthor Commented:
Sorry for the confusion, I just worded my question improperly.  They can not authenticate with webaccess, that is my entire issue.  They do not actually access the gwia backend.  Using the groupwise client internally works fine.  I have not installed any updates or changed anything, it just seemingly stopped working about 4 days ago.
0
 
ZENandEmailguyCommented:
Try the following:

Do you see the WebAccess login screen?  If so that means apache2 and tomcat are working and we can move to the following:

rcgrpwise status which will tell you the status of all of the agents.  Look for one probably call webac70a or webacc or <yourdomainname.webac70a>.  What is the status (running, failed, unused)?

If you don't see the WebAccess login screen try these:

next rcapache2 status  is it running, failed, unused?
next rcnovell-tomcat (4 or 5 I'm not sure which number to add to tomcat) status  is it running or not?

Assuming you get the WebAccess login screen, what is the error you get when trying to login to Webaccess?

Thanks for clarifying the login problem...I didn't think you meant GWIA but wasn't sure and I didn't want to assume.

Scott
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
ikazraAuthor Commented:
I do see the web access screen.  When I enter correct credentials and attempt to login I recieve the error "Please login again, you may have typed your name or password incorrectly."  After a few failed attempts at this it locks the mailbox for 15 minutes as it should do with an incorrect password entry.  Running rcgrpwise status shows me that webac70a status is "done"

Thanks for the quick reply and the patience...I am an exchange guy trying to fix a group wise problem.
0
 
ZENandEmailguyCommented:
ok.  The problem is in the apache web server.  Find the webacc.cfg file (may have to do a find / -name webacc.cfg in a shell prompt).  Once you find it, open it with an editor and go looking for a security.useclientIP=true (that may not be the exact but it will be close enough to take you to the right place in the file).  Change it to false and then wait a few minutes.  Apache and Tomcat refresh every 10 minutes or so.  Or you can do a rcapache2 restart and a rcnovell-tomcat(with a number) restart

Then try and login.

Let me know.

Scott
0
 
ikazraAuthor Commented:
I found the security.useclientIP=true and changed that to false, restarted apache and tomcat, and I am still getting the same thing at webaccess.
0
 
ZENandEmailguyCommented:
Can you open the WebAccess web console by going to http://<yourserverIP>:7211 and getting into the logs and seeing what the exact error code or error words are showing up.  If you don't see anything that is helpful, check to see that you are in verbose logging for the agent by opening ConsoleOne, going to the domain that is hosting the WebAccess agent, right click Properties | GroupWise tab and logging and change to Verbose.  Wait about 2-3 minutes and then try to login and then check the logs again.

Thanks.
0
 
ikazraAuthor Commented:
I get a 503 service unavailable error when i try to go to the specified port number.
0
 
ikazraAuthor Commented:
One thing i did notice though is it redirects me to https:// when i attempt to access that port through http://

I don't know if that is usual behavior for that or not.

Thanks
0
 
ikazraAuthor Commented:
Another thing - When i go to port 7211using the servers name it gives me an authentication dialog box, none of my credentials will work in this box though.
0
 
ZENandEmailguyCommented:
Go back to ConsoleOne, highlight the WebAccess gateway object and right click properties and then look for the GroupWise tab where you'll find Optional Gateway settings.  At the bottom of that screen you'll find the http user and password.  Change the user account to whatever entity you want and password (this shouldn't be a GW or eDirectory user, rather just a name and password you'll remember).  After clicking OK, wait about 3 or so minutes and then try the login again.

You can do the above to all of the agents as you need in basically the same place in C1.

Scott
0
 
ikazraAuthor Commented:
Hmm... we have three gateways listed, i changed the username and password for http access on all three, have waited several minutes and none of them work.
0
 
ZENandEmailguyCommented:
Do you get a windows login prompt?  You may have to go into the /opt/novell/groupwise/agents/share directory on your SLES box and edit the webac70a.waa and add your username and password to the http section.  Then type rcgrpwise stop webac70a and press enter.  Wait for the gateway to shutdown and then type rcgrpwise start webac70a (enter) and wait for it to start up.  Then go back to the browser and give it a try.

Another thing you may have to end up doing is rebuild the domain database.  There is a possibility that something in the domain database for the domain that houses your WebAccess gateway (and others too) is corrupted or beginning to get corrupted.  It is an easy process but the gateways and the MTA must be down in order to do the rebuild.  Usually takes less than 5 minutes so if you can't get into WebAccess or the web console, a rebuild will likely be in the cards.
0
 
ikazraAuthor Commented:
I am no able to get to the web console and look at logs (thanks for bearing with me on that, your instructions were great)  i restarted it so here is a fresh log file:

04-02-09 16:32:12 ***** WebAccess Configuration Information *****
04-02-09 16:32:12  
04-02-09 16:32:12 General Settings:
04-02-09 16:32:12   Agent Version: 7.0.1  (6/13/2006)
04-02-09 16:32:12   Gateway Home Directory: /mail/nsddom/wpgate/webac70a
04-02-09 16:32:12 Linux Release 2.6.5-7.287.3-bigsmp
04-02-09 16:32:12   SNMP: Disabled
04-02-09 16:32:12   Work Directory: /opt/novell/groupwise/agents/share/tmpFiles
04-02-09 16:32:12  
04-02-09 16:32:12 Log Settings:
04-02-09 16:32:12   Log File: /var/log/novell/groupwise/nsd_domain.webac70a/000.prc/0402web.004
04-02-09 16:32:12   Log Level: NORMAL
04-02-09 16:32:12   Max Log File Age (days): 7
04-02-09 16:32:12   Max Log Disk Space (kb): 65536
04-02-09 16:32:12  
04-02-09 16:32:12 Client/Server Settings:
04-02-09 16:32:13   IP Address: server
04-02-09 16:32:13   TCP Port for Incoming Connections: 7205
04-02-09 16:32:13   Client/Server over SSL: Enabled
04-02-09 16:32:13   WebConsole: Enabled
04-02-09 16:32:13   WebConsole Url: https://server:7211
04-02-09 16:32:13  
04-02-09 16:32:13 Performance Settings:
04-02-09 16:32:13   Processing Threads: 12 (Default)
04-02-09 16:32:13   Maximum users: 250
04-02-09 16:32:14 ****************************************************************
04-02-09 16:32:14 Warning: Public Userid for WebPublisher not configured
04-02-09 16:32:14 GWDVA is initialized and running
04-02-09 16:32:14 WebAccess Server is ready for work
04-02-09 16:33:26 Login failed: randomuser


the only thing i changed was the servername/ip and username for logon failure

Thanks
0
 
ZENandEmailguyCommented:
Looks like it is behaving normally except for the fact that you can't login.

Can you open the /opt/novell/groupwise/agents/share/webac70a.waa file and look for the /loglevel (or perhaps --loglevel) and unremark it by removing the ; plus remove the text to the right of the hyphen and replace that text with verbose so it will look like:

/loglevel-verbose  or --loglevel-verbose

Then save and exit the file (if you're using the vi utility it will be :wq enter)  then rcgrpwise stop webac70a wait for it to stop and then rcgrpwise start webac70a.

Then try and login and look at the log file just like what you've posted.  Hopefully in verbose mode, we'll be able to see more information for error code searching.  If that doesn't offer anything, we'll proceed with a database rebuild.  Are you onsite and perhaps callable for me to walk you through a rebuild?
0
 
ikazraAuthor Commented:
The log level now shows as verbose but the error is still just login failed.  I am not onsite but have remote access to everything.  
0
 
ikazraAuthor Commented:
One thing that I find confusing is that users can connect internally with the groupwise client, I would think that this would mean that there wasn't an issue with the database, but I don't really know.


Thanks
0
 
ZENandEmailguyCommented:
I'll try to walk you through the domain database rebuild.

1) in a shell prompt type rcgrpwise status and copy down the name of the domain, the gwia, the webaccess (which we know is webac70a).

2) type rcgrpwise stop domain name then enter to stop the MTA
3) type rcgrpwise stop <the name of gwia>
4) type rcgrpwise stop webac70a

5) In ConsoleOne, find the domain that houses the webaccess and right click GroupWise Utilities | System Maintenance.  Click the rebuild database and then click run.  A box will appear with the path to where the database is located.  Change this path to /tmp and then click ok to rebuild the db...if you get any error, please post them.

6) If you don't get any error or message other than database rebuild complete/successful, close out of the rebuild utility and then close ConsoleOne.  Open a shell prompt and cd to the directory where the GroupWise domain database/directory is located.

7) Confirm (by typing ls wpdomain.db then enter) that you see a wpdomain.db file in the domain directory we just rebuild.  If so, type mv wpdomain.db wpdomain.402 and press enter.

8) Confirm that you see wpdomain.402 by typing ls in the same directory.

9) Type mv /tmp/wpdomain.db . (single period).  That puts the rebuilt database into place.

10) Repeat step 7 except for the rename part.

11) type rcgrpwise start name of domain wait for the green "done" then do the same for the gwia and the webaccesss.

12) When you're done reloading the agents, type ps -ef | grep gw and confirm that you see a process running webac70a.waa, one running gwia.cfg and one running domain mta.

By rebuilding the file to a separate location, you're protecting the one that is inplace and possibly broken.

Scott

0
 
ikazraAuthor Commented:
Everything went well with the rebuild, new file is in place, all services started back up.  Still same problem.  
0
 
ZENandEmailguyCommented:
If you're still available tonight, send me an email to skunau-at-igtg-dot-net and we'll figure out a way for me to remote in and look.  Otherwise, I'm available Friday morning.
0
 
bekitoCommented:
One question:

When using the groupwise client, are the users authenticated to eDirectory, and is the POst office set to allow authenticated users to access Groupwise?  

Or, are they using their Groupwise password to log in (not the eDirectory password - those are two different things) Becuase Webaccess will only authenticate a user with the Groupwise password, not the eDirectory password.  
0
 
ZENandEmailguyCommented:
Is the login problem with WebAccess solved?  If so, what did it take to get it working?
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 11
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now