JRVS
asked on
Restoring GroupWise 7 emails
For purposes of legal discovery, I'm charged with restoring a GroupWise 7 server to a NetWare 6.5/OES server--having no experience with either! So I'm stumbling along and have gotten a lot farther than I had expected to at this point. But now I need to know more about what I'm doing.
The system as it now exists:
WS2003 server running:
* Backup Exec 11d for Windows
* NW Client for Windows.
* ConsoleOne with the GW snap-in
NetWare OES server running:
* NDS
* Backup Exec Agent for NetWare
* GroupWise 7
I have successfully restored what appears to be the GroupWise server and its data to it from backups, with only this Error reported by Backup Exec:
RKT would have been a user account; APPS is the volume that contains the GW server.
I have not restored the Directory at this time. One concern is that if I do so, the "admin" account will be overwritten and I won't know the credentials. Another is that the Directory was on a separate server. I don't know if I can redirect the Directory restore, or if it can run on the same server as GroupWise, or if I'd have to set up a 2nd NW server.
In any event, without the original Directory, it's not a big surprise that RKT permissions could not be restored. The other concern is that I don't know if it's necessary to restore the Directory and don't want to waste time if there's some way I can use the Directory I just set up.
Likewise, Tree & Context don't match the originals, mainly because I didn't know what they were at the time I set up the server<g>.
Objective here is to do as little as possible to get access to all messages in all mailboxes, preferably all from one account ("admin").
When I view the Domain & Post Office in ConsoleOne, I see a list of users. Anything I try to do with them, or pretty much anything in the GW snap-in, is met with a credentials prompt, which defaults to the original Tree. When I enter admin credentials in the current tree & context, I get this message:
What's the most efficient way to move past where I am? That can include starting over if that's what's needed, as long as I know what I should be doing along the way. And I know more than I did the first time, at least.
But if there's a way to make the data available to the current Tree's "admin" account, that would be ideal.
TIA
The system as it now exists:
WS2003 server running:
* Backup Exec 11d for Windows
* NW Client for Windows.
* ConsoleOne with the GW snap-in
NetWare OES server running:
* NDS
* Backup Exec Agent for NetWare
* GroupWise 7
I have successfully restored what appears to be the GroupWise server and its data to it from backups, with only this Error reported by Backup Exec:
Novell NetWare SMS errors were encountered.
Begin Novell SMS errors:
Fri Jun 21 14:51:10 2013
Trustee CN=RKT.O=HOUSTON<OldOrgNam
End Novell SMS errors.
Begin Novell SMS errors:
Fri Jun 21 14:51:10 2013
Trustee CN=RKT.O=HOUSTON<OldOrgNam
End Novell SMS errors.
RKT would have been a user account; APPS is the volume that contains the GW server.
I have not restored the Directory at this time. One concern is that if I do so, the "admin" account will be overwritten and I won't know the credentials. Another is that the Directory was on a separate server. I don't know if I can redirect the Directory restore, or if it can run on the same server as GroupWise, or if I'd have to set up a 2nd NW server.
In any event, without the original Directory, it's not a big surprise that RKT permissions could not be restored. The other concern is that I don't know if it's necessary to restore the Directory and don't want to waste time if there's some way I can use the Directory I just set up.
Likewise, Tree & Context don't match the originals, mainly because I didn't know what they were at the time I set up the server<g>.
Objective here is to do as little as possible to get access to all messages in all mailboxes, preferably all from one account ("admin").
When I view the Domain & Post Office in ConsoleOne, I see a list of users. Anything I try to do with them, or pretty much anything in the GW snap-in, is met with a credentials prompt, which defaults to the original Tree. When I enter admin credentials in the current tree & context, I get this message:
GroupWise View
An error occurred converting the GroupWise object to its eDirectory counterpart. <Domain>.<PO>.admin. Tree: <TreeName> Distinguished Name: admin.<OLDORGNAME>. The eDirectory counterpart of this object does not exist.
An error occurred converting the GroupWise object to its eDirectory counterpart. <Domain>.<PO>.admin. Tree: <TreeName> Distinguished Name: admin.<OLDORGNAME>. The eDirectory counterpart of this object does not exist.
What's the most efficient way to move past where I am? That can include starting over if that's what's needed, as long as I know what I should be doing along the way. And I know more than I did the first time, at least.
But if there's a way to make the data available to the current Tree's "admin" account, that would be ideal.
TIA
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Scott
Your steps were right on the money. Thanks!
I had to do this, first, probably because I didn't know what I was doing during setup... eDirectory schema not properly modified for GroupWise ...but the rest was as you described.
I've set the passwords for all the accounts, but when I launch the GroupWise 7 client, I'm told the password is not correct. It's a trivial password. I've triple-checked it; going so far as to type the password into Notepad, and then use the clipboard to enter the password in ConsoleOne and GW logon dialog to make sure I've got it right.
These are "GroupWise External Entities". I notice there is a "Convert External Entity to User" menu command; is that what I should be using on each Entity?
I'd just try it, but the stakes are kind of high; don't want to have to do another restore if I can avoid it.
Thanks!
Your steps were right on the money. Thanks!
I had to do this, first, probably because I didn't know what I was doing during setup... eDirectory schema not properly modified for GroupWise ...but the rest was as you described.
I've set the passwords for all the accounts, but when I launch the GroupWise 7 client, I'm told the password is not correct. It's a trivial password. I've triple-checked it; going so far as to type the password into Notepad, and then use the clipboard to enter the password in ConsoleOne and GW logon dialog to make sure I've got it right.
These are "GroupWise External Entities". I notice there is a "Convert External Entity to User" menu command; is that what I should be using on each Entity?
I'd just try it, but the stakes are kind of high; don't want to have to do another restore if I can avoid it.
Thanks!
Do you have the post office and the message transfer agent running on the server/computer where you restored to?
When you change a mailbox password in the ConsoleOne utility, an administrative message is generated by the C1 snapins and passed to the MTA which in turn passes it to the POA which in turn writes it to the user database so you can get into their mailbox with the password you've set.
If you've got a live GroupWise system somewhere on the network BE SURE to unplug the server where your restored copy/system is from the rest of the network. I think I mentioned this before, when I do this I use a 4-port switch to plug my restore server in along with a management workstation and these are isolated from the production network. Now, if you've restored to a Windows server/workstation (I've restored a whole system to a XP desktop) you can run the GW server agents along with C1 on the same box and leave it disconnect from the network.
Hope the second paragraph doesn't confuse you...
Scott
When you change a mailbox password in the ConsoleOne utility, an administrative message is generated by the C1 snapins and passed to the MTA which in turn passes it to the POA which in turn writes it to the user database so you can get into their mailbox with the password you've set.
If you've got a live GroupWise system somewhere on the network BE SURE to unplug the server where your restored copy/system is from the rest of the network. I think I mentioned this before, when I do this I use a 4-port switch to plug my restore server in along with a management workstation and these are isolated from the production network. Now, if you've restored to a Windows server/workstation (I've restored a whole system to a XP desktop) you can run the GW server agents along with C1 on the same box and leave it disconnect from the network.
Hope the second paragraph doesn't confuse you...
Scott
ASKER
I'm usually at this client 3 days per week, but top priority has become setting up a new computer for the person I report to. You probably know how that goes...priorities<g>. Likely after that computer's done I can get back to GW. Anyway...
> Do you have the post office and the message transfer agent running on the server/computer where you restored to?
How do I determine that? If it helps, to the extent possible, I accepted all defaults for a new GW environment during setup.
> If you've got a live GroupWise system somewhere on the network<snip>
No worries; GroupWise has existed there only on DLT tape archives since early 2008!
> Do you have the post office and the message transfer agent running on the server/computer where you restored to?
How do I determine that? If it helps, to the extent possible, I accepted all defaults for a new GW environment during setup.
> If you've got a live GroupWise system somewhere on the network<snip>
No worries; GroupWise has existed there only on DLT tape archives since early 2008!
ASKER
Hey Scott
Back on this project again. I ran GW Administrator setup, and found where the POA and MTA are installed as a separate process from the initial install. So, no, they were not installed.
Now they are, and I can see "MTA" in the right pane when I click the Domain in the left pane, and I can see "POA" in the right pane when I click the PO in the left pane. I assume that's a good thing!
After installing them and restarting the server, I changed the password again on a mailbox. But I'm still getting a message that the password is incorrect.
Back on this project again. I ran GW Administrator setup, and found where the POA and MTA are installed as a separate process from the initial install. So, no, they were not installed.
Now they are, and I can see "MTA" in the right pane when I click the Domain in the left pane, and I can see "POA" in the right pane when I click the PO in the left pane. I assume that's a good thing!
After installing them and restarting the server, I changed the password again on a mailbox. But I'm still getting a message that the password is incorrect.
Sorry for the delayed response, I was camping with 45,000 scouts and leaders last week at the National Scout Jamboree. It was great fun.
Make sure in the services control panel that you see the MTA and POA and that they are running. Both services need to be running in order for them to process password change messages into a user mailbox.
Scott
Make sure in the services control panel that you see the MTA and POA and that they are running. Both services need to be running in order for them to process password change messages into a user mailbox.
Scott
ASKER
Hi Scott, thanks for your reply!
I was directed to this article, https://www.novell.com/support/kb/doc.php?id=3373106.
Since there's no production GW server, it was much simpler than the process described in the article. I set the PO to Direct Access & Client/Server using the existing .DB file and was able to open the "admin" mailbox and view spam from 2008<g>. That was the only mailbox that had a User Account; the rest were External Entities.
I created a new External Entity, converted it to a User, set its GW password, opened its mailbox, and verified I could convert it back to an External Entity, so I then knew it was a reversible change. Converted the other External Entities to Users, set their GW passwords, and could open their mailboxes.
Here's the kicker: Of 27 mailboxes, only 18 were backed up. I do not know why and the admin responsible was fired long ago. So I feel like Geraldo Rivera opening Al Capone's vault on live TV to find...nothing!
Many more backup tapes to check, just none designated as an "archive". Hopefully one of them will have what I'm looking for, now that I finally have access to the data!
Thanks for all your help. Marking your 2 July 2013 post as the Solution because it was certainly an important part of it.
I was directed to this article, https://www.novell.com/support/kb/doc.php?id=3373106.
Since there's no production GW server, it was much simpler than the process described in the article. I set the PO to Direct Access & Client/Server using the existing .DB file and was able to open the "admin" mailbox and view spam from 2008<g>. That was the only mailbox that had a User Account; the rest were External Entities.
I created a new External Entity, converted it to a User, set its GW password, opened its mailbox, and verified I could convert it back to an External Entity, so I then knew it was a reversible change. Converted the other External Entities to Users, set their GW passwords, and could open their mailboxes.
Here's the kicker: Of 27 mailboxes, only 18 were backed up. I do not know why and the admin responsible was fired long ago. So I feel like Geraldo Rivera opening Al Capone's vault on live TV to find...nothing!
Many more backup tapes to check, just none designated as an "archive". Hopefully one of them will have what I'm looking for, now that I finally have access to the data!
Thanks for all your help. Marking your 2 July 2013 post as the Solution because it was certainly an important part of it.
ASKER