2014R2: could not add secondary domain

Hi,

Environment:
GW2014 R2 HP1
primary domain on OES11

Goal:
I want to create a new secondary domain on Windows server

Error messages:
If I click finish in the install console on the windows server to create
the domain I get the message "Secondary domain () could not added"

Checks:
The services (admin service, MTA) are created, admin service is running,
mta service is stopped.
If I manually start the MTA service, it will stop after few seconds

I checked the domain folder on the windows server and missed wpcsin,
wpcsout, wpgate, wpoffice, wptemp folders.
I copied these folders from a running windows mta.
If I start the MTA using startagent.cmd..
startagent.cmd reports:
"SSL Configuration has been disabled because of failure in setting up
SSL rc= [8201]"

After changing Domain type to Windows and activating monitor, I
restarted the MTA in debug window and got the messages
"waiting for task NGW-P0-GW-<domainname> to complete"
"waiting for task NGW-P2-GW-<domainname> to complete"

Aunt Google could not present an answer...

I think, it´s the SSL message preventing the clean start, but how to
solve this?
admin console reports the location of certs in
c:\programdata\novell\groupwise\... , may be, it´s a secured place not
reachable?

Gotthard Anger

--
Gotthard Anger
Anwenderbetreuung Netzwerkadministration
Landeskirchenamt der EKM
gotthardanger@no-mx.forums.novell.com
http://forums.novell.com/member.php?u=35038

Mails an diese Adresse werden nur nach vorheriger Ansage gelesen!
Mails for this address will only be read if you trigger me before.
  • Hi.

    Am 29.04.2016 um 09:00 schrieb Gotthard Anger:
    >
    > Error messages:
    > If I click finish in the install console on the windows server to create
    > the domain I get the message "Secondary domain () could not added"
    >
    > Checks:
    > The services (admin service, MTA) are created, admin service is running,
    > mta service is stopped.
    > If I manually start the MTA service, it will stop after few seconds
    >
    > I checked the domain folder on the windows server and missed wpcsin,
    > wpcsout, wpgate, wpoffice, wptemp folders.
    > I copied these folders from a running windows mta.


    That's normal, those folders get created by the MTA when it starts.
    Yours doesn't start, which is also why you get the error at creation time.

    > If I start the MTA using startagent.cmd..
    > startagent.cmd reports:
    > "SSL Configuration has been disabled because of failure in setting up
    > SSL rc= [8201]"


    There you go. That's usually a port conflict. The port your MTA wants to
    listen on is already used on the machine.

    One other (rare) reason for that error is a file access error, e.g
    missing rights, a file being opened by something else (AV scanner?)

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • Massimo,

    thx for your answer.

    Am 29.04.2016 um 10:50 schrieb Massimo Rosen:
    >> "SSL Configuration has been disabled because of failure in setting up
    >> SSL rc= [8201]"

    >
    > There you go. That's usually a port conflict. The port your MTA wants to
    > listen on is already used on the machine.


    port 7100 not used, if the mta is down
    when started, netstat reports 7100 as listening, also the primary domain
    mta has connected to port 7100.
    >
    > One other (rare) reason for that error is a file access error, e.g
    > missing rights, a file being opened by something else (AV scanner?)

    Avira, central managed and I have no access to the settings - have to
    ask my partners.

    Go

    --
    Gotthard Anger
    Anwenderbetreuung Netzwerkadministration
    Landeskirchenamt der EKM
    gotthardanger@no-mx.forums.novell.com
    http://forums.novell.com/member.php?u=35038

    Mails an diese Adresse werden nur nach vorheriger Ansage gelesen!
    Mails for this address will only be read if you trigger me before.
  • Am 29.04.2016 um 12:05 schrieb Gotthard Anger:
    > Massimo,
    >
    > thx for your answer.
    >
    > Am 29.04.2016 um 10:50 schrieb Massimo Rosen:
    >>> "SSL Configuration has been disabled because of failure in setting up
    >>> SSL rc= [8201]"

    >>
    >> There you go. That's usually a port conflict. The port your MTA wants to
    >> listen on is already used on the machine.

    >
    > port 7100 not used, if the mta is down
    > when started, netstat reports 7100 as listening, also the primary domain
    > mta has connected to port 7100.


    But there are more ports a MTA uses, for instance the http(s) port for
    the console.

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • Hello,

    Am 29.04.2016 um 19:58 schrieb Massimo Rosen:
    > But there are more ports a MTA uses, for instance the http(s) port for
    > the console.


    This is the logfile:
    00:00:00 1730 LOG: Opening new log file: 0502mta.001
    00:00:00 1730 General Settings:
    00:00:00 1730 GroupWise Agent Build Version: 14.2.0 -122092
    00:00:00 1730 GroupWise Agent Build Date: 12-03-15
    00:00:00 1730 Domain Directory: e:\grpwise\gwhndom02
    00:00:00 1730 Work Directory: e:\grpwise\gwhndom02\mslocal
    00:00:00 1730 Database Version: 1420
    00:00:00 1730 Preferred GWIA: HN-DOM1.GWIA
    00:00:00 1730 Default Route: HN-DOM1
    00:00:00 1730 Known IDomains: *eblsa.de
    00:00:00 1730 Known IDomains: *ekmd.de
    00:00:00 1730 Allow Direct Send to Other Systems: No
    00:00:00 1730 Force Route: No
    00:00:00 1730 Error Mail to Administrator: No
    00:00:00 1730 Display the Active Log Window Initially: Yes
    00:00:00 1730 Directory Authenticated: No
    00:00:00 1730 Directory User Synchronization: Yes
    00:00:00 1730 Admin Task Processing: Yes
    00:00:00 1730 Database Recovery: Yes
    00:00:00 1730 Simple Network Management Protocol (SNMP): Disabled
    00:00:00 1730 TCP/IP Settings:
    00:00:00 1730 Maximum Inbound TCP/IP Connections: 50
    00:00:00 1730 TCP/IP Address: x.x.x.x
    00:00:00 1730 TCP Port for Incoming Connections: 7100
    00:00:00 1730 Message Transfer over SSL: Disabled
    00:00:00 1730 TCP Port for HTTP Connections: 7180
    00:00:00 1730 HTTP Refresh Rate: 60 secs
    00:00:00 1730 HTTP over SSL: Disabled
    00:00:00 1730 TCP/IP Connection Timeout: 20
    00:00:00 1730 TCP/IP Data Timeout: 40
    00:00:00 1730 Event Log Settings:
    00:00:00 1730 Log Level: Normal
    00:00:00 1730 Disk Logging: Yes
    00:00:00 1730 Log Directory: e:\grpwise\gwhndom02\mslocal
    00:00:00 1730 Maximum Log File Age: 30 Days
    00:00:00 1730 Maximum Log Disk Space: 100 MB (Default)
    00:00:00 1730 Performance Settings:
    00:00:00 1730 Additional High Priority Scanner Thread: Yes
    00:00:00 1730 Additional Mail Priority Scanner Thread: Yes
    00:00:00 1730 Low Priority Scan Cycle: 15 Seconds
    00:00:00 1730 High Priority Scan Cycle: 5 Seconds
    00:00:00 1730 Message Log Settings:
    00:00:00 1730 Message logging disabled (/NOMSGLOG)
    00:00:00 1730 Scheduled Event Settings:
    00:00:00 1730 Today's Directory User Sync Event Times:
    07:00:05 174C RTR: GW-HNDOM02: 00000838.00A: Routing
    e:\grpwise\gwhndom02\mslocal\gwinprog\2\00000838.00A (1 kb)
    12:06:42 172C DIS: Processing shutdown request
    12:06:42 172C DIS: MTA shutdown in progress
    12:06:42 172C Shutdown of Threads

    at first, I can see no port conflict
    and then: Who´s triggering the shutdown?

    Go


    --
    Gotthard Anger
    Anwenderbetreuung Netzwerkadministration
    Landeskirchenamt der EKM
    gotthardanger@no-mx.forums.novell.com
    http://forums.novell.com/member.php?u=35038

    Mails an diese Adresse werden nur nach vorheriger Ansage gelesen!
    Mails for this address will only be read if you trigger me before.
  • Am 02.05.2016 um 12:11 schrieb Gotthard Anger:
    > Hello,
    >
    > Am 29.04.2016 um 19:58 schrieb Massimo Rosen:
    >> But there are more ports a MTA uses, for instance the http(s) port for
    >> the console.

    >
    > This is the logfile:
    > 00:00:00 1730 LOG: Opening new log file: 0502mta.001
    > 00:00:00 1730 General Settings:
    > 00:00:00 1730 GroupWise Agent Build Version: 14.2.0 -122092
    > 00:00:00 1730 GroupWise Agent Build Date: 12-03-15
    > 00:00:00 1730 Domain Directory: e:\grpwise\gwhndom02
    > 00:00:00 1730 Work Directory: e:\grpwise\gwhndom02\mslocal
    > 00:00:00 1730 Database Version: 1420
    > 00:00:00 1730 Preferred GWIA: HN-DOM1.GWIA
    > 00:00:00 1730 Default Route: HN-DOM1
    > 00:00:00 1730 Known IDomains: *eblsa.de
    > 00:00:00 1730 Known IDomains: *ekmd.de
    > 00:00:00 1730 Allow Direct Send to Other Systems: No
    > 00:00:00 1730 Force Route: No
    > 00:00:00 1730 Error Mail to Administrator: No
    > 00:00:00 1730 Display the Active Log Window Initially: Yes
    > 00:00:00 1730 Directory Authenticated: No
    > 00:00:00 1730 Directory User Synchronization: Yes
    > 00:00:00 1730 Admin Task Processing: Yes
    > 00:00:00 1730 Database Recovery: Yes
    > 00:00:00 1730 Simple Network Management Protocol (SNMP): Disabled
    > 00:00:00 1730 TCP/IP Settings:
    > 00:00:00 1730 Maximum Inbound TCP/IP Connections: 50
    > 00:00:00 1730 TCP/IP Address: x.x.x.x
    > 00:00:00 1730 TCP Port for Incoming Connections: 7100
    > 00:00:00 1730 Message Transfer over SSL: Disabled
    > 00:00:00 1730 TCP Port for HTTP Connections: 7180
    > 00:00:00 1730 HTTP Refresh Rate: 60 secs
    > 00:00:00 1730 HTTP over SSL: Disabled
    > 00:00:00 1730 TCP/IP Connection Timeout: 20
    > 00:00:00 1730 TCP/IP Data Timeout: 40
    > 00:00:00 1730 Event Log Settings:
    > 00:00:00 1730 Log Level: Normal
    > 00:00:00 1730 Disk Logging: Yes
    > 00:00:00 1730 Log Directory: e:\grpwise\gwhndom02\mslocal
    > 00:00:00 1730 Maximum Log File Age: 30 Days
    > 00:00:00 1730 Maximum Log Disk Space: 100 MB (Default)
    > 00:00:00 1730 Performance Settings:
    > 00:00:00 1730 Additional High Priority Scanner Thread: Yes
    > 00:00:00 1730 Additional Mail Priority Scanner Thread: Yes
    > 00:00:00 1730 Low Priority Scan Cycle: 15 Seconds
    > 00:00:00 1730 High Priority Scan Cycle: 5 Seconds
    > 00:00:00 1730 Message Log Settings:
    > 00:00:00 1730 Message logging disabled (/NOMSGLOG)
    > 00:00:00 1730 Scheduled Event Settings:
    > 00:00:00 1730 Today's Directory User Sync Event Times:
    > 07:00:05 174C RTR: GW-HNDOM02: 00000838.00A: Routing
    > e:\grpwise\gwhndom02\mslocal\gwinprog\2\00000838.00A (1 kb)
    > 12:06:42 172C DIS: Processing shutdown request
    > 12:06:42 172C DIS: MTA shutdown in progress
    > 12:06:42 172C Shutdown of Threads
    >
    > at first, I can see no port conflict
    > and then: Who´s triggering the shutdown?


    You can't see a port conflict there. You have to check yourself if port
    7100 and 7180 are unused.

    And I'm thoroughly confused by your log. Which domain is that? Is there
    nothing else happening in those 12 hours? And in your first post you
    said it's 2014R2 HP1. This log says it isn't, it's 2014R2 without HP1.

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • Am 02.05.2016 um 12:27 schrieb Massimo Rosen:
    > Am 02.05.2016 um 12:11 schrieb Gotthard Anger:
    >> Hello,
    >>
    >> Am 29.04.2016 um 19:58 schrieb Massimo Rosen:
    >>> But there are more ports a MTA uses, for instance the http(s) port for
    >>> the console.

    >>
    >> This is the logfile:


    > You can't see a port conflict there. You have to check yourself if port
    > 7100 and 7180 are unused.
    >
    > And I'm thoroughly confused by your log. Which domain is that? Is there
    > nothing else happening in those 12 hours?

    Excuse me, this was the log from the manual started mta. If I take the
    mmc to start the mta, no log will written.
    The Domain is empty and contains no postoffice.

    If the MTA is down, netstat reports no listening on port 7100 and 7180.
    Port 9710 is listening.

    > And in your first post you
    > said it's 2014R2 HP1. This log says it isn't, it's 2014R2 without HP1.

    Oh! I just downloaded the zip from customer center and forgot to verify
    the version. Update will follow

    Go
    --
    Gotthard Anger
    Anwenderbetreuung Netzwerkadministration
    Landeskirchenamt der EKM
    gotthardanger@no-mx.forums.novell.com
    http://forums.novell.com/member.php?u=35038

    Mails an diese Adresse werden nur nach vorheriger Ansage gelesen!
    Mails for this address will only be read if you trigger me before.
  • I just had the exact same thing happen. I opened a ticket with support. They asked if the .DC files were in the secondary domain directory. They were not. Pam from support said to copy those (4) .DC files from the primary domain directory to the secondary domain directory. When I did that, the MTA started right up.
  • Am 02.05.2016 um 20:06 schrieb plessm:
    >
    > I just had the exact same thing happen. I opened a ticket with support.
    > They asked if the .DC files were in the secondary domain directory.
    > They were not. Pam from support said to copy those (4) .DC files from
    > the primary domain directory to the secondary domain directory. When I
    > did that, the MTA started right up.
    >
    >

    Yeah, this is it.

    May be that´s a bug: admin service could not copy the dc files from
    primary domain to secondary domain folder, if primary domain on OES and
    secondary domain on windows. Same bug occurs if you create a postoffice
    on the windows machine. gwpo.dc and ngwguard.dc are missed in po folder
    after creating. Admin console says ok but the PO service will not run.

    @massimo: groupwise files are upgraded to HP1 with same behaviour

    Thx
    Gotthard

    --
    Gotthard Anger
    Anwenderbetreuung Netzwerkadministration
    Landeskirchenamt der EKM
    gotthardanger@no-mx.forums.novell.com
    http://forums.novell.com/member.php?u=35038

    Mails an diese Adresse werden nur nach vorheriger Ansage gelesen!
    Mails for this address will only be read if you trigger me before.
  • Am 02.05.2016 um 20:06 schrieb plessm:
    >
    > I just had the exact same thing happen. I opened a ticket with support.
    > They asked if the .DC files were in the secondary domain directory.
    > They were not. Pam from support said to copy those (4) .DC files from
    > the primary domain directory to the secondary domain directory. When I
    > did that, the MTA started right up.
    >
    >

    Yeah, this is it.

    May be that´s a bug: admin service could not copy the dc files from
    primary domain to secondary domain folder, if primary domain on OES and
    secondary domain on windows. Same bug occurs if you create a postoffice
    on the windows machine. gwpo.dc and ngwguard.dc are missed in po folder
    after creating. Admin console says ok but the PO service will not run.

    @massimo: groupwise files are upgraded to HP1 with same behaviour

    Thx
    Gotthard

    --
    Gotthard Anger
    Anwenderbetreuung Netzwerkadministration
    Landeskirchenamt der EKM
    gotthardanger@no-mx.forums.novell.com
    http://forums.novell.com/member.php?u=35038

    Mails an diese Adresse werden nur nach vorheriger Ansage gelesen!
    Mails for this address will only be read if you trigger me before.