unable to login - soap error - 9505

Posting this to document what I found in my environment was a fix for the login error 9505, SOAP configuration issue seen by my users.

Sometime during the past two weeks, my users started getting errors when attempting to login to their GroupWise accounts via WebAccess.
Random users, all post offices, but not all users, including my own account.

error 9505
Your post office is unavailable. The post office agent might not be configured for SOAP. Please contact your system administrator.


I changed nothing in our system leading up to the increase in errors.
1 domain, 4 servers, 4 post offices, 1 webaccess (located on server with post office)

Looked in the knowledge base, in the forums... SSL was the common theme..
post offices and webaccess were NOT using SSL, so that should be the issue...

Noticed I wasn't up to date with the latest patch, 14.2.2.1
Read the notes, saw SOAP mentioned, figured why not... applied the patch, no change in errors.

Found log files in /var/opt/novell/groupwise/webaccess/logs
starting walking through them.... and noticed these entries:
9:40:37, <SOAP>, -, INFO, USERNAME, SSL Error: Could not authenticate server certificate for user, potential MITM
9:40:37, <SOAP>, -, INFO, USERNAME, Exception invoking negotiateLoginRequest: HTTP transport error: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
9:40:37, <SOAP>, -, INFO, USERNAME, Unable to connect to the POA @ https://IP-ADDRESS-OF-POSTOFFICE:7191/soap


SSL, front and center. But we are not using SOAP SSL....

Not sure why, but I had the idea to check the certificates on the four GroupWise servers.
The certificates on all four servers had expired, imanager listed them as invalid.

Figured why not, lets fix this issue.
https://www.novell.com/communities/coolsolutions/cool_tools/certificate-recreation-script-oes1-and-oes2/


7 days so far, and the issue/error has not returned.
  • Thank you for sharing your experience and knowledge with us, the community. I'm sure many will find this useful.
  • ShootDawg;2467260 wrote:

    7 days so far, and the issue/error has not returned.



    well, looks like this wasn't a full fix .... started getting the errors again this week... right now, just affecting one of four post offices/servers.
  • In article <ShootDawg.869d9b@no-mx.forums.microfocus.com>, ShootDawg
    wrote:
    > well, looks like this wasn't a full fix .... started getting the
    > errors again this week... right now, just affecting one of four post
    > offices/servers.


    Have any of the POAs been restarted since WebAccess was restarted?
    I have one system that sometime gives me grief when WebAccess has been
    up longer than the POA


    Andy of
    http://KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!

  • konecnya;2468024 wrote:
    In article <ShootDawg.869d9b@no-mx.forums.microfocus.com>, ShootDawg
    wrote:
    > well, looks like this wasn't a full fix .... started getting the
    > errors again this week... right now, just affecting one of four post
    > offices/servers.


    Have any of the POAs been restarted since WebAccess was restarted?
    I have one system that sometime gives me grief when WebAccess has been
    up longer than the POA


    Actually...the problem post office was reported down and restarted...then reports came in...
    other three post offices were not affected.
    gwia/mta on the server with the problem post office were not affected, remained running as normal.

    found java at 197% cpu utilization on the webaccess server...
    stopped apache2 and tomcat.....restarted them...so far, seems better..
  • In article <ShootDawg.86b6wo@no-mx.forums.microfocus.com>, ShootDawg
    wrote:
    > Actually...the problem post office was reported down and
    > restarted...then reports came in...
    > other three post offices were not affected.


    I've been seeing that sort of pattern. I've been adjusting my patching
    routine the last few months to make sure Webaccess is the last thing
    restarted after patching. Hasn't been a big enough issue for me to
    open an SR on this, but perhaps someone else might take that up.


    Andy of
    http://KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!