Solved

Restoring GroupWise 7 emails

Posted on 2013-07-01
8
437 Views
Last Modified: 2013-11-12
For purposes of legal discovery, I'm charged with restoring a GroupWise 7 server to a NetWare 6.5/OES server--having no experience with either! So I'm stumbling along and have gotten a lot farther than I had expected to at this point. But now I need to know more about what I'm doing.

The system as it now exists:
WS2003 server running:

* Backup Exec 11d for Windows
* NW Client for Windows.
* ConsoleOne with the GW snap-in

NetWare OES server running:
* NDS
* Backup Exec Agent for NetWare
* GroupWise 7

I have successfully restored what appears to be the GroupWise server and its data to it from backups, with only this Error reported by Backup Exec:

Novell NetWare SMS errors were encountered.
Begin Novell SMS errors:
Fri Jun 21 14:51:10 2013
  Trustee CN=RKT.O=HOUSTON<OldOrgName> was not restored for APPS:, because the trustee IDs are different.
End Novell SMS errors.

RKT would have been a user account; APPS is the volume that contains the GW server.

I have not restored the Directory at this time. One concern is that if I do so, the "admin" account will be overwritten and I won't know the credentials. Another is that the Directory was on a separate server. I don't know if I can redirect the Directory restore, or if it can run on the same server as GroupWise, or if I'd have to set up a 2nd NW server.

In any event, without the original Directory, it's not a big surprise that RKT permissions could not be restored. The other concern is that I don't know if it's necessary to restore the Directory and don't want to waste time if there's some way I can use the Directory I just set up.

Likewise, Tree & Context don't match the originals, mainly because I didn't know what they were at the time I set up the server<g>.

Objective here is to do as little as possible to get access to all messages in all mailboxes, preferably all from one account ("admin").

When I view the Domain & Post Office in ConsoleOne, I see a list of users. Anything I try to do with them, or pretty much anything in the GW snap-in, is met with a credentials prompt, which defaults to the original Tree. When I enter admin credentials in the current tree & context, I get this message:

GroupWise View
An error occurred converting the GroupWise object to its eDirectory counterpart. <Domain>.<PO>.admin. Tree: <TreeName> Distinguished Name: admin.<OLDORGNAME>. The eDirectory counterpart of this object does not exist.

What's the most efficient way to move past where I am? That can include starting over if that's what's needed, as long as I know what I should be doing along the way. And I know more than I did the first time, at least.

But if there's a way to make the data available to the current Tree's "admin" account, that would be ideal.

TIA
0
Comment
Question by:JRVS
  • 5
  • 3
8 Comments
 
LVL 18

Accepted Solution

by:
ZENandEmailguy earned 500 total points
Comment Utility
Let's start with the easy fix...credentials.

Your being prompted for credentials because the NGW properties for all of the objects, users, etc., are tied to the original tree.  To fix that click on your organization object in the upper portion of Consoleone.  Then using the tools menu, choose GroupWise utilities, GW-eDirectory and then Graft GroupWise objects.

First graft the domain, post office, gateways then go back and graft the user objects.  You may have to specify contexts (containers) where the objects either already or or need to go.  you'll see a message that says do you really want to graft the objects into xxxxx tree and your answer will be yes or OK.

Without some work, you won't be able to access everyone's account all at once with one admin account.  The logged in admin user can change all of the GroupWise passwords (one at a time) and then access the GW account to find messages for the legal hold.

Let me know if the above helps get you going...

Scott
0
 

Author Comment

by:JRVS
Comment Utility
Thanks, Scott! I'll be back at this client site on Tuesday and hopefully will have some time to try this. Will report back, but sounds like this is what I need to move forward.
0
 

Author Comment

by:JRVS
Comment Utility
Hi Scott

Your steps were right on the money. Thanks!

I had to do this, first, probably because I didn't know what I was doing during setup... eDirectory schema not properly modified for GroupWise ...but the rest was as you described.

I've set the passwords for all the accounts, but when I launch the GroupWise 7 client, I'm told the password is not correct. It's a trivial password. I've triple-checked it; going so far as to type the password into Notepad, and then use the clipboard to enter the password in ConsoleOne and GW logon dialog to make sure I've got it right.

These are "GroupWise External Entities". I notice there is a "Convert External Entity to User" menu command; is that what I should be using on each Entity?

I'd just try it, but the stakes are kind of high; don't want to have to do another restore if I can avoid it.

Thanks!
0
 
LVL 18

Expert Comment

by:ZENandEmailguy
Comment Utility
Do you have the post office and the message transfer agent running on the server/computer where you restored to?

When you change a mailbox password in the ConsoleOne utility, an administrative message is generated by the C1 snapins and passed to the MTA which in turn passes it to the POA which in turn writes it to the user database so you can get into their mailbox with the password you've set.

If you've got a live GroupWise system somewhere on the network BE SURE to unplug the server where your restored copy/system is from the rest of the network.  I think I mentioned this before, when I do this I use a 4-port switch to plug my restore server in along with a management workstation and these are isolated from the production network.  Now, if you've restored to a Windows server/workstation (I've restored a whole system to a XP desktop) you can run the GW server agents along with C1 on the same box and leave it disconnect from the network.

Hope the second paragraph doesn't confuse you...

Scott
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:JRVS
Comment Utility
I'm usually at this client 3 days per week, but top priority has become setting up a new computer for the person I report to. You probably know how that goes...priorities<g>. Likely after that computer's done I can get back to GW. Anyway...

> Do you have the post office and the message transfer agent running on the server/computer where you restored to?

How do I determine that? If it helps, to the extent possible, I accepted all defaults for a new GW environment during setup.

> If you've got a live GroupWise system somewhere on the network<snip>

No worries; GroupWise has existed there only on DLT tape archives since early 2008!
0
 

Author Comment

by:JRVS
Comment Utility
Hey Scott

Back on this project again. I ran GW Administrator setup, and found where the POA and MTA are installed as a separate process from the initial install. So, no, they were not installed.

Now they are, and I can see "MTA" in the right pane when I click the Domain in the left pane, and I can see "POA" in the right pane when I click the PO in the left pane. I assume that's a good thing!

After installing them and restarting the server, I changed the password again on a mailbox. But I'm still getting a message that the password is incorrect.
0
 
LVL 18

Expert Comment

by:ZENandEmailguy
Comment Utility
Sorry for the delayed response, I was camping with 45,000 scouts and leaders last week at the National Scout Jamboree.  It was great fun.

Make sure in the services control panel that you see the MTA and POA and that they are running.  Both services need to be running in order for them to process password change messages into a user mailbox.

Scott
0
 

Author Comment

by:JRVS
Comment Utility
Hi Scott, thanks for your reply!

I was directed to this article, https://www.novell.com/support/kb/doc.php?id=3373106.

Since there's no production GW server, it was much simpler than the process described in the article. I set the PO to Direct Access & Client/Server using the existing .DB file and was able to open the "admin" mailbox and view spam from 2008<g>. That was the only mailbox that had a User Account; the rest were External Entities.

I created a new External Entity, converted it to a User, set its GW password, opened its mailbox, and verified I could convert it back to an External Entity, so I then knew it was a reversible change. Converted the other External Entities to Users, set their GW passwords, and could open their mailboxes.

Here's the kicker: Of 27 mailboxes, only 18 were backed up. I do not know why and the admin responsible was fired long ago. So I feel like Geraldo Rivera opening Al Capone's vault on live TV to find...nothing!

Many more backup tapes to check, just none designated as an "archive". Hopefully one of them will have what I'm looking for, now that I finally have access to the data!

Thanks for all your help. Marking your 2 July 2013 post as the Solution because it was certainly an important part of it.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Novell released its latest version of GroupWise a few weeks ago.  The version is 2012 and it only runs on Linux (SUSE Linux Enterprise Server 10/11 is the first choice and I'm not sure about other Linux distributions, such as Red Hat, Debian, etc.) …
Regular maintenance of GroupWise Mailbox keeps it running flawlessly. Sometimes, it is also seen that mailbox maintenance is needed for resolving various issues of mailbox and other Novell GroupWise database. By using the ‘Repair Mailbox’ feature, a…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now