GW14SP1HP2: SSO and POA GroupWise Name Server DNS records

Good afternoon,

our POA server is running on Linux server. Server and client are joined
into AD, there is Kerberos configured too. If we use FQDN (e.g.
gwpoa.example.net) of POA server, SSO is working fine, but we can clients
to connect automatically to POA so we can use GroupWise Name Server, e.g.
ngwnameserver.example.net or ngwnameserver2.example.net DNS records. The
GW doc says we can use this.

We discovered the only right way (SSO to be working) is use FQDN of POA,
not IP address nor GroupWise Name Server. Have we something missed or
overlooked in our configuration? What do you mean?

I would appreciate you to share your experience or advice.

---

Best regards,

-Jan

Tags:

  • Hi Jan,

    I haven't tired this, but have you tried creating CNAME records for ngwnameserver.example.net and ngwnameserver2.example.net?

    It's correct that the FQDN is needed to have SSO working seamlessly for the GroupWise client.... at least, that is my experience too.

    Cheers,
    Willem
  • On Wed, 15 Feb 2017 08:16:08 0000, magic31 wrote:

    > Hi Jan,
    >
    > I haven't tired this, but have you tried creating CNAME records for
    > ngwnameserver.example.net and ngwnameserver2.example.net?
    >
    > It's correct that the FQDN is needed to have SSO working seamlessly for
    > the GroupWise client.... at least, that is my experience too.
    >
    > Cheers,
    > Willem


    Hi,

    thank you for your answer.

    I have tried only ngwnameserver/ngwnameserver2 as CNAME records to
    gwpoa.example.net record. Is there difference between ngwnameserver to be
    CNAME or A record? I think there is a little difference according
    receiving answer from DNS point of view.

    Thanks in advance.

    ---

    -Jan


  • dus2002;2451034 wrote:

    I have tried only ngwnameserver/ngwnameserver2 as CNAME records to
    gwpoa.example.net record. Is there difference between ngwnameserver to be
    CNAME or A record? I think there is a little difference according
    receiving answer from DNS point of view.



    To elaborate on my thoughts here:

    The thing is that we want DNS to answer with the needed FQDN. But you are right, CNAME in itself will probably not achieve this... at least not right away. Hence my question if you have tried to see what it's effect would be.

    There is another option using DNS, and that's to use an URL record to do a redirect.

    Both options are meant as means to point and unconfigured GroupWise client to a PO at first contact.

    If you have the option to fix the PO the client needs to talk to, you can pre-populate the "IP Address" key found under "HKEY_CURRENT_USER\SOFTWARE\Novell\GroupWise\Login Parameters".
    ! Preferably set that parameter only once so the GroupWise client can manage the setting as needed.

    I will have the option to try this myself somewhere next week as I'm curious to see the exact workings here myself :)

    Cheers,
    Willem
  • On Thu, 16 Feb 2017 05:46:02 0000, magic31 wrote:

    > dus2002;2451034 Wrote:
    >>
    >> I have tried only ngwnameserver/ngwnameserver2 as CNAME records to
    >> gwpoa.example.net record. Is there difference between ngwnameserver to
    >> be CNAME or A record? I think there is a little difference according
    >> receiving answer from DNS point of view.
    >>
    >>

    >
    > To elaborate on my thoughts here:
    >
    > The thing is that we want DNS to answer with the needed FQDN. But you
    > are right, CNAME in itself will probably not achieve this... at least
    > not right away. Hence my question if you have tried to see what it's
    > effect would be.
    >
    > There is another option using DNS, and that's to use an URL record to do
    > a redirect.
    >
    > Both options are meant as means to point and unconfigured GroupWise
    > client to a PO at first contact.
    >
    > If you have the option to fix the PO the client needs to talk to, you
    > can pre-populate the "IP Address" key found under
    > "HKEY_CURRENT_USER\SOFTWARE\Novell\GroupWise\Login Parameters".
    > ! Preferably set that parameter only once so the GroupWise client can
    > manage the setting as needed.
    >
    > I will have the option to try this myself somewhere next week as I'm
    > curious to see the exact workings here myself :)
    >
    > Cheers,
    > Willem


    Good morning,

    we have created SR # 101054827541, no answer yet.

    I will inform if I learn anything new.


    Thank you for your helpful hands.

    ---

    -Jan
  • On Thu, 16 Mar 2017 06:38:48 0000, dus2002 wrote:

    > On Thu, 16 Feb 2017 05:46:02 0000, magic31 wrote:
    >
    >> dus2002;2451034 Wrote:
    >>>
    >>> I have tried only ngwnameserver/ngwnameserver2 as CNAME records to
    >>> gwpoa.example.net record. Is there difference between ngwnameserver to
    >>> be CNAME or A record? I think there is a little difference according
    >>> receiving answer from DNS point of view.
    >>>
    >>>
    >>>

    >> To elaborate on my thoughts here:
    >>
    >> The thing is that we want DNS to answer with the needed FQDN. But
    >> you are right, CNAME in itself will probably not achieve this... at
    >> least not right away. Hence my question if you have tried to see what
    >> it's effect would be.
    >>
    >> There is another option using DNS, and that's to use an URL record to
    >> do a redirect.
    >>
    >> Both options are meant as means to point and unconfigured GroupWise
    >> client to a PO at first contact.
    >>
    >> If you have the option to fix the PO the client needs to talk to, you
    >> can pre-populate the "IP Address" key found under
    >> "HKEY_CURRENT_USER\SOFTWARE\Novell\GroupWise\Login Parameters".
    >> ! Preferably set that parameter only once so the GroupWise client can
    >> manage the setting as needed.
    >>
    >> I will have the option to try this myself somewhere next week as I'm
    >> curious to see the exact workings here myself :)
    >>
    >> Cheers,
    >> Willem

    >
    > Good morning,
    >
    > we have created SR # 101054827541, no answer yet.
    >
    > I will inform if I learn anything new.
    >
    >
    > Thank you for your helpful hands.
    >
    > ---
    >
    > -Jan


    Good afternoon,

    I have got a good news finally. SSO is working as we expected now. But
    there is a need to create AD SCP (Service Connection Point) inside AD
    directory. We had to create it manually.

    The correct way of manual creation of AD SCP object was described in this
    TID https://www.novell.com/support/kb/doc.php?id=7018797 too. It has been
    release this week.

    Shame there is no information inside documentation about this.

    ---

    Regards,

    -Jan