Active Directory Authentication Fails

Upgrading GW801/eDirectory887 on Windows Server03 to GW2014 on 08r2 box, use AD authentication via System/LDAP directory-Server. I dbcopy the GW8 database to fresh install of GW2014 on new server. Fresh install has same system domain and PO names and paths. After dbcopy, reinstall as upgrade. In 10 tries I got it to work twice. All other times, Client users can not log on using AD password, client just sits waiting for correct password, and also, clients do not get cert request. What am I missing? Is there a best practice guide on this type upgrade? Have re-created PO/MTA/GWIA certs. no go. Is this upgrade to new box supported?
  • mwalker50 wrote:

    > Upgrading GW801/eDirectory887 on Windows Server03 to GW2014 on 08r2 box, use
    > AD authentication via System/LDAP directory-Server. I dbcopy the GW8 database
    > to fresh install of GW2014 on new server. Fresh install has same system domain
    > and PO names and paths. After dbcopy, reinstall as upgrade. In 10 tries I got
    > it to work twice. All other times, Client users can not log on using AD
    > password, client just sits waiting for correct password, and also, clients do
    > not get cert request. What am I missing? Is there a best practice guide on
    > this type upgrade? Have re-created PO/MTA/GWIA certs. no go. Is this upgrade
    > to new box supported?


    I guess I'm a little confused by the description here. You say you created a
    new system with a domain and PO on the server, and then copy the original
    databases over. That's really not what you want to do. You want to start with
    a clean server, copy the data from the existing server, and then "upgrade" it.

    As for the AD authentication, this is not necessarily related to the upgrade.
    It must all be configured in the new system (unless you were already using AD
    authentication on the old server, which is possible, but all manual).

    I think you need to start from scratch. And I hate to suggest you "purchase"
    something, but we have a comprehensive guide for sale in the link below.

    --
    Danita
    Novell Knowledge Partner
    Upgrading to GroupWise 2014? We've got you covered
    http://www.caledonia.net/store

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...
  • What I did:
    1 Install new 2014
    2 Copy the old data over.
    3 Upgrade old data.

    AD authentication works after configured #1, is broken by time I get #3 done

    Aware of books you offer. You have several. Guess ill have to try one
  • mwalker50 wrote:

    >
    > What I did:
    > 1 Install new 2014
    > 2 Copy the old data over.
    > 3 Upgrade old data.
    >
    > AD authentication works after configured #1, is broken by time I get #3
    > done
    >
    > Aware of books you offer. You have several. Guess ill have to try one
    >
    >


    You answered it write at the beginning. You installed a new server which I
    am assuming created a new domain and po as well. so you have new users from
    ad in that po that work fine. you copied the data and tried to upgrade which
    of course can't do upgrade after you created a new system. That is atleast
    how I read what posted.
  • mwalker50 wrote:

    > AD authentication works after configured #1, is broken by time I get #3 done


    You simply cannot do this! Do NOT configure anything before you copy the old
    data over. You've essentially wiped out all of the work you do in #1 when you
    copy the data over. Upgrade the data and THEN configure the AD stuff.

    --
    Danita
    Novell Knowledge Partner
    Upgrading to GroupWise 2014? We've got you covered
    http://www.caledonia.net/store

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...
  • Ok, this time I.....
    1) Copy Data Over
    2) Upgrade copied data.
    3) Configure to use Active Directory

    Have exact same issue

    Tried install half dozen times. Everything seems to work consistently accept the Active Directory Authentication. Some times it works correct, some times it does not work at all.

    When it DOES fail, I can see the following telltails:
    In Post Office /<mypostoffice>/ security I check the box "Use LDAP Authentication"
    ..AND YET...........
    in Post Office Agent/POA/General Tab/Launch POA console/Configure(at top) is says LDAP Authentication is false, AND when I try to add an SSL certificate to POA Agent I this error
    javax.ws.rs.WQebApplicationException:
    javax.xml.bind.MarshalException - with linked Exception:
    java.net.ConnectException: Connection refused: connect

    I can ALWAYS add a cert to the MTA and GWIA when all is working or not working. Only POA gives error.
    When is does work properly the POA configure screen says LDAP authentication enabled and no java error trying to add a POA cert

    FYI, have this all running in VMWare so I can quickly reload a VM Snapshot to reproduce test and results with minimum time, setup and few if any environment changes. Same Windows AD server for all tests.
    is a service not working correct? Why sometimes yes, sometimes no?
    What am I missing?
    Any pointers at all would be appreciated.
  • mwalker50 wrote:

    > What am I missing? Any pointers at all would be appreciated.


    I think at this point opening a Service Request with Novell is in order. I see
    no reason from here why this is failing.

    --
    Danita
    Novell Knowledge Partner
    Upgrading to GroupWise 2014? We've got you covered
    http://www.caledonia.net/store

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...
  • OK, more info
    ON a failed install, when looking at the POA Agent Console/Configuration page...
    MTP Inbound Traffic <my ip>:7101 is not listed at all yet the Agent Settings page does show 7101 as the port to use
    On a successful install it is listed!

    Contacting and having to pay Novell to fix a test install of their software is out of the question.
    I'm try this to see if I want to continue using GroupWise in our environment, knowing what previous upgrades required going from 6.5 to 7, then 7 to 8
    > What am I missing? Any pointers at all would be appreciated.

    I think at this point opening a Service Request with Novell is in order. I see
    no reason from here why this is failing.

    --
    Danita
    Novell Knowledge Partner
    Upgrading to GroupWise 2014? We've got you covered
    http://www.caledonia.net/store

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...
  • More discovery's
    Admin port 9711 also does not work even thought in Web administration it says its there.
    The cause of the failures I believe is the database file wphost.db ih PO directory. During install, for what ever reason, it does not get updated properly.
    By swapping out file for known good one from an identical install, never mind other issues caused by swap, the ports 9711 and 7101 show in config.
  • mwalker50 wrote:

    > Contacting and having to pay Novell to fix a test install of their software is
    > out of the question.


    Well, I'm happy to help you as much as I can for free, but honestly, it's
    difficult to troubleshoot things like this from afar. An SR would get Novell to
    "look" at your system and probably fix it within minutes.

    That said, have you tried rebuilding the post office database? You can do this
    from the command line (unload the POA first):

    /opt/novell/groupwise/admin/gwadminutil rebuild -d <pathtodomain> -n po.domain
    -o <pathforpofile>




    --
    Danita
    Novell Knowledge Partner
    Are you a GroupWise Power Administrator? Join our site.
    http://www.caledonia.net/register

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...
  • mwalker50 wrote:

    > The cause of the failures I believe is the database file wphost.db ih PO
    > directory. During install, for what ever reason, it does not get updated
    > properly.


    See my other post about rebuilding it.

    --
    Danita
    Novell Knowledge Partner
    Are you a GroupWise Power Administrator? Join our site.
    http://www.caledonia.net/register

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...