Outlook can't connect to gms

Hello.
I have problem with my GMS.
In outlook, i want to add exchange account., but everytime i want to log in outlook shows error "Log onto Exchange ActiveSync mail serwer (EAS): This serwer cannot be found."

I tried to turn off firewall etc. but that changes nothing.
Some ideas, what should i check?
  • In article <human122.7zghfb@no-mx.forums.microfocus.com>, Human122
    wrote:
    > I tried to turn off firewall etc. but that changes nothing.
    > Some ideas, what should i check?


    Which version of GMS is running? The Outlook support is a fairly new
    thing
    What version of Outlook are you trying this with?
    Is Outlook support enabled within GMS? This is not enabled by default,
    but is set under Config, Device, Allow Connections, with 'Outlook
    Client' and 'Outlook Mobile App' being difference selection options.


    Andy of
    http://KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!
    GMS troubleshooting tips at
    http://www.konecnyad.ca/andyk/gwmobility.htm


  • Hi,

    Version is 14.2.0, build 279.

    I have outlook 2013 and 2016. It's not working on both.
    Outlook support is enabled within GMS.
  • In article <human122.7zk85b@no-mx.forums.microfocus.com>, Human122
    wrote:
    > Version is 14.2.0, build 279.

    The first supported version, but there have been a couple Service
    Patches since that are highly recommended to be applied.

    > I have outlook 2013 and 2016. It's not working on both.
    > Outlook support is enabled within GMS.

    OK, so you have all these basic bits in place

    The error looks like it could be a configuration and/or name resolution
    error.
    Are you just entering the email address and letting Outlook
    autodiscover the details? If so then is autodiscovery actually setup
    for GMS? (Mostly telling the internet/DNS where things are)
    Https://www.novell.com/documentation/groupwisemobility2014r2/gwmob2014r
    2_guide_admin/data/admin_mgt_autodiscover.html
    If you are entering the GMS server name directly, try it in a browser
    in the form of https://your_gms_server.yourdomain
    - Does it resolve and get somewhere? Your error sounds like a DNS
    problem at this level, make sure this host name is resolving correctly.
    - Does it complain about the certificate? Then it might be time to
    make sure you have a certificate on GMS that has a trusted root CA that
    your Windows box knows about.
    - Do you get to the point of seeing "403 - Forbidden: Access is
    denied." This is the error you want to see, that says you have the
    correct address, but you aren't an ActiveSync device, hence denied.

    Outside those pointers I'd be running a packet capture of the Outlook
    attempts to see what it is really trying to do and where exactly it is
    tripping up.


    Andy of
    http://KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!
    GMS troubleshooting tips at
    http://www.konecnyad.ca/andyk/gwmobility.htm


  • Are you just entering the email address and letting Outlook
    autodiscover the details? If so then is autodiscovery actually setup
    for GMS? (Mostly telling the internet/DNS where things are)


    No, I'm using maual configuration. As mail server I'm using 192.168.42.3 (It's IP of GMS). Also i tried to use 192.168.42.3:8120.
    Btw, when I try to add account with GWProfileSetup it shows "Your GroupWise profile for Outlook could not be configured. Please contact your system administrator for assistance.
    In File GWProfileSetupLog I have this: "Failed to setup Active Sync account".

    If you are entering the GMS server name directly, try it in a browser
    in the form of https://your_gms_server.yourdomain
    - Does it resolve and get somewhere? Your error sounds like a DNS
    problem at this level, make sure this host name is resolving correctly.


    What do you mean? My GroupWise is not conneted with LDAP server.
    In my opinion everything is fine with DNS - I can ping GMS by IP and by server name. Both works.


    - Does it complain about the certificate? Then it might be time to
    make sure you have a certificate on GMS that has a trusted root CA that
    your Windows box knows about.


    Maybe problem is here...
    When I'm entering server adress and try to connect it shows error :The name of the security certificate is incompatible or does not match the site name" but still I can accept it.


    - Do you get to the point of seeing "403 - Forbidden: Access is
    denied." This is the error you want to see, that says you have the
    correct address, but you aren't an ActiveSync device, hence denied.


    Nah, I'm not getting error like this.
  • In article <human122.7zrehc@no-mx.forums.microfocus.com>, Human122 wrote:
    > No, I'm using maual configuration. As mail server I'm using 192.168.42.3
    > (It's IP of GMS). Also i tried to use 192.168.42.3:8120.

    I haven't seen anyone use just the IP, I wonder if you are tripping over an
    assumption somewhere that a host name will always be used. You shouldn't
    specify any port, it defaults to the only that is used which is 443. Port
    8120 is for administration and should only be used in a WebBrowser. As a
    test make sure that works from the machine in question to make sure basic
    connectivity is working. If you have a host name for the server that you
    can use with :8120 to get to the admin, try that name instead of the IP
    address

    > > If you are entering the GMS server name directly, try it in a browser
    > > in the form of https://your_gms_server.yourdomain
    > > - Does it resolve and get somewhere? Your error sounds like a DNS
    > > problem at this level, make sure this host name is resolving correctly.

    >
    > What do you mean? My GroupWise is not conneted with LDAP server.
    > In my opinion everything is fine with DNS - I can ping GMS by IP and by
    > server name. Both works.

    I wasn't talking about how GroupWise or GMS connects elsewhere, but what we
    are telling Outlook to connect. So you do have a host name that resolves
    which is good.

    >
    > > - Does it complain about the certificate? Then it might be time to
    > > make sure you have a certificate on GMS that has a trusted root CA that
    > > your Windows box knows about.

    >
    > Maybe problem is here...
    > When I'm entering server adress and try to connect it shows error :The
    > name of the security certificate is incompatible or does not match the
    > site name" but still I can accept it.

    That is what I thought the GWProfileSetup tool was support to sort out for
    this cases. The security certificate should have the host name of server,
    which is a big part of why we want to use that host name for connecting
    rather than the IP address.

    > > - Do you get to the point of seeing "403 - Forbidden: Access is
    > > denied." This is the error you want to see, that says you have the
    > > correct address, but you aren't an ActiveSync device, hence denied.

    >
    > Nah, I'm not getting error like this.

    Very strange, do you have any other devices working off of this GMS system?
    The IP address and un-patched version suggests it might be your lab
    network (same IP range as mine ;) You should see this error when you point
    your web browser at https://192.168.42.3

    Which OS/version is your GMS running on? What are the results of the
    following command on the server:
    cat /etc/*release

    On your GMS server, run dsapp, Checks
  • I haven't seen anyone use just the IP, I wonder if you are tripping over an
    assumption somewhere that a host name will always be used. You shouldn't
    specify any port, it defaults to the only that is used which is 443. Port
    8120 is for administration and should only be used in a WebBrowser. As a
    test make sure that works from the machine in question to make sure basic
    connectivity is working. If you have a host name for the server that you
    can use with :8120 to get to the admin, try that name instead of the IP
    address


    It works. I can Log in to administration by using https://sles11sp3:8120 in browser (sles11sp3 it's a server name)
    But it's not working in outlook :(


    Very strange, do you have any other devices working off of this GMS system?
    The IP address and un-patched version suggests it might be your lab
    network (same IP range as mine ;) You should see this error when you point
    your web browser at https://192.168.42.3



    Ok now I know what you mean. When I type http://192.168.42.3 in browser i see "Server Error 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied."
    When i use https://192.168.42.3 i get "This site is unreachable"

    Oh I'm sorry, and I forgot to say you that every time I want to connect my gms web browser it shows it:
    "The security certificate that was provided by this Web site was not issued by a trusted certification authority.
    The security certificate that was provided by this Web site was issued to the address of another site."


    Which OS/version is your GMS running on? What are the results of the
    following command on the server:
    cat /etc/*release


    sles11sp3:~ # cat /etc/*release
    LSB_VERSION="core-2.0-noarch:core-3.2-noarch:core-4.0-noarch:core-2.0-x86_64:core-3.2-x86_64:core-4.0-x86_64"
    SUSE Linux Enterprise Server 11 (x86_64)
    VERSION = 11
    PATCHLEVEL = 3

    On your GMS server, run dsapp, Checks
  • In article <human122.7ztjc0@no-mx.forums.microfocus.com>, Human122 wrote:
    > It works. I can Log in to administration by using https://sles11sp3:8120
    > in browser (sles11sp3 it's a server name)
    > But it's not working in outlook :(

    SLES 11.3 is a bit on the old side, getting up to sp4 would be a good
    thing. That is a safer name than my TestSLES or TestOES servers that my
    wife keeps giggling at, she insists in reading them in a different way
    (TestsLes and TestToes).
    Have you tried connecting any other ActiveSync client other that Outlook?
    I.e. Is this just an outlook problem because it is working with other
    clients, or is GMS just not working for any clients? It matters as to
    where we look at to fix.

    >
    > > Very strange, do you have any other devices working off of this GMS
    > > system?
    > > The IP address and un-patched version suggests it might be your lab
    > > network (same IP range as mine ;) You should see this error when you
    > > point
    > > your web browser at https://192.168.42.3

    >
    > Ok now I know what you mean. When I type http://192.168.42.3 in browser
    > i see "Server Error 403 - Forbidden: Access is denied. You do not have
    > permission to view this directory or page using the credentials that you
    > supplied."
    > When i use http*s*://192.168.42.3 i get "This site is unreachable"
    >
    > Oh I'm sorry, and I forgot to say you that every time I want to connect
    > my gms web browser it shows it:
    > "The security certificate that was provided by this Web site was not
    > issued by a trusted certification authority.
    > The security certificate that was provided by this Web site was issued
    > to the address of another site."

    This security complaint is because
    A) the certificate is self minted (i.e. Not paid for) and its CA hasn't
    been imported to the client/system trying to connect.
    B) the certificate was issued for the host name, not the IP address, so
    therefor a conflict. Trying should get rid of that last warning.
    Did you push past this error with an option such as "Continue to this
    website (not recommended)" If not, please try that again and if you still
    don't get the "Server Error 403 - Forbidden: Access is denied..." Message,
    then you have something interfearing with GMS on the server.
    On your server run the command "netstat -pln | grep 443" where you should
    see only one result that looks a lot like:
    tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN {PIDnumber}/python
    If anything else, please post results.


    It does feel like this is a test/explore lab setup. So please confirm as
    Lab vs production assumption sets are very different. We support and
    encourage labs, they are important, there are just fewer givens in them.


    Andy of
    http://KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!
    GMS troubleshooting tips at http://www.konecnyad.ca/andyk/gwmobility.htm


  • I'm sorry for being late.

    Have you tried connecting any other ActiveSync client other that Outlook?
    I.e. Is this just an outlook problem because it is working with other
    clients, or is GMS just not working for any clients? It matters as to
    where we look at to fix.


    I tried to connect from my phone, but it's not working.

    Trying should get rid of that last warning.
    Did you push past this error with an option such as "Continue to this
    website (not recommended)" If not, please try that again and if you still
    don't get the "Server Error 403 - Forbidden: Access is denied..." Message,
    then you have something interfearing with GMS on the server.
    On your server run the command "netstat -pln | grep 443" where you should
    see only one result that looks a lot like:
    tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN {PIDnumber}/python
    If anything else, please post results.


    https://192.168.42.3 - This site is unreachable
    http://192.168.42.3 - Access is denied
    https://192.168.42.3:8120 - Continue to this website (not recommended)


    grep 443 shows nothing. I can use grep 80:

    sles11sp3:~ # netstat -pln | grep 443
    sles11sp3:~ # netstat -pln | grep 80
    tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3545/python
    unix 2 [ ACC ] STREAM LISTENING 8030 2994/postgres /tmp/.s.PGSQL.5432
    unix 2 [ ACC ] STREAM LISTENING 11982 3809/uuidd /var/run/uuidd/request
    unix 2 [ ACC ] STREAM LISTENING 16187 4106/pulseaudio /root/.pulse/8dda70e7fb555a023b6d208058c721f7-runtime/native
    unix 2 [ ACC ] STREAM LISTENING 6808 2457/audispd /var/run/audispd_events
    unix 2 [ ACC ] STREAM LISTENING 15771 4058/nautilus /tmp/orbit-root/linc-fda-0-668062d3b5873

    It does feel like this is a test/explore lab setup. So please confirm as
    Lab vs production assumption sets are very different. We support and
    encourage labs, they are important, there are just fewer givens in them.


    We can accept that is test lab. On this server I have only GMS and it's not working so I can even reinstall it if that's necessarily.

    I don't know how to add an attachment so I'll paste everything form "generalHealthCheck.log" (sorry for long post)

    ##########################################################
    # General Health Check
    ##########################################################
    Gathered by dsapp v245 on Thu Jun 15 10:09:27 2017

    ==========================================================
    Checking Mobility Services..
    ==========================================================
    Checking for gms monitor: ..running
    Checking for gms config: ..running
    Checking for gms agent manager: ..running
    Checking for gms engine: ..running
    Checking for gms web admin: ..running
    Checking for PostgreSQL 8.3.23: ..running

    Mobility Connector listening on port 80: True
    GroupWise Connector listening on port 4500: True
    Web Admin listening on port 8120: True

    Connection successful on port 80
    Connection successful on port 4500
    Connection successful on port 8120

    Found interface '0.0.0.0' for mobility connector
    Found interface '192.168.42.3' for groupwise connector

    Passed

    ==========================================================
    Checking LDAP Connectivity..
    ==========================================================
    LDAP not enabled

    Skipped

    ==========================================================
    Checking Trusted Application..
    ==========================================================
    Trusted Application is valid

    Passed

    ==========================================================
    Checking Required XMLs..
    ==========================================================
    All required XMLs found

    Passed

    ==========================================================
    Checking XMLs..
    ==========================================================
    All found XMLs are valid

    Passed

    ==========================================================
    Checking PSQL Configuration..
    ==========================================================
    File: /var/lib/pgsql/data/pg_hba.conf
    All required lines found

    Passed

    ==========================================================
    Checking XML rpmsave..
    ==========================================================
    No rpmsave files found

    Passed

    ==========================================================
    Checking Proxy Configuration..
    ==========================================================
    No proxy detected

    Passed

    ==========================================================
    Checking Disk Space..
    ==========================================================
    System plików rozm. użyte dost. %uż. zamont. na
    /dev/sda2 133G 4,0G 128G 4% /
    udev 3,1G 103k 3,1G 1% /dev
    tmpfs 3,1G 107k 3,1G 1% /dev/shm
    /dev/sr0 3,4G 3,4G 0 100% /media/SLES-11-SP3-DVD-x86_6407031__
    /dev/sr1 13M 13M 0 100% /media/GroupWise_Mobility_Service__

    Passed

    ==========================================================
    Checking Memory..
    ==========================================================
    Number of devices: 0
    Total Memory: 5845MB

    Server meets recommended memory

    Passed

    ==========================================================
    Checking VMware-tools..
    ==========================================================
    VMware not detected

    Skipped

    ==========================================================
    Checking Automatic Startup..
    ==========================================================
    datasync-configengine on
    datasync-connectors on
    datasync-monitorengine on
    datasync-syncengine on
    datasync-webadmin on

    Passed

    ==========================================================
    Checking Database Schema..
    ==========================================================
    Schema version: 14.2.0.279
    Mobility version: 14.2.0.279

    Passed

    ==========================================================
    Checking Database Maintenance..
    ==========================================================
    relname | last_vacuum | days_ago
    ------------------- ------------- ----------
    services | |
    targets | |
    taskrecurrencemap | |
    retention | |
    consumerevents | |
    objectMappings | |
    cache | |
    customData | |
    fileStore | |
    membershipCache | |
    folderMappings | |
    (11 rows)

    relname | last_vacuum | days_ago
    ---------------- ------------- ----------
    gal | |
    galsync | |
    syncenginedata | |
    users | |
    attachments | |
    syncevents | |
    attachmentmaps | |
    foldermaps | |
    deviceevents | |
    deviceimages | |
    devices | |
    (11 rows)

    No maintenance required. Postgres DB created 16 day(s) ago

    Passed

    ==========================================================
    Checking Reference Count..
    ==========================================================
    All reference counts are correct

    Passed

    ==========================================================
    Checking Users FDN..
    ==========================================================
    LDAP check did not pass

    Skipped

    ==========================================================
    Checking Databases Integrity..
    ==========================================================
    All detected users found in both databases

    Passed

    ==========================================================
    Checking Targets Table..
    ==========================================================
    All targets on both connectors

    Passed

    ==========================================================
    Checking RPMs..
    ==========================================================
    All required RPMs found

    Passed

    ==========================================================
    Checking Disk IO..
    ==========================================================
    Disk IO meets recommended MB/sec

    Passed

    ==========================================================
    Checking Nightly Maintenance..
    ==========================================================
    Scanning logs for maintenance..

    Nightly Maintenance Settings:
    <databaseMaintenanceStartHour>0</databaseMaintenanceStartHour>
    <databaseMaintenance>1</databaseMaintenance>
    <databaseMaintenanceStopHour>6</databaseMaintenanceStopHour>
    <databaseMaintenanceDeleteDaysInPast>30</databaseMaintenanceDeleteDaysInPast>

    Nightly Maintenance History:
    mobility-agent.log
    2017-06-15 00:00:04.083 INFO [MaintenanceMonitor_Thread] [maintenanceMonitor:182] [userID:] [eventID:] [objectID:] [MaintenanceMonitor] Nightly maintenance starting removal of orphaned attachments.
    2017-06-15 00:00:04.084 INFO [MaintenanceMonitor_Thread] [maintenanceMonitor:187] [userID:] [eventID:] [objectID:] [MaintenanceMonitor] Nightly maintenance removal of orphaned attachments successful.
    2017-06-15 00:00:04.084 INFO [MaintenanceMonitor_Thread] [maintenanceMonitor:209] [userID:] [eventID:] [objectID:] [MaintenanceMonitor] Nightly maintenance request to verify the GAL data.
    2017-06-15 00:00:04.136 INFO [MaintenanceMonitor_Thread] [maintenanceMonitor:236] [userID:] [eventID:] [objectID:] [MaintenanceMonitor] Nightly maintenance request to verify the GAL data completed. Check the GroupWise Sync Agent log for details.
    2017-06-15 00:00:04.136 INFO [MaintenanceMonitor_Thread] [maintenanceMonitor:200] [userID:] [eventID:] [objectID:] [MaintenanceMonitor] Nightly maintenance successful for 1 out of 1 users.

    Passed

    ==========================================================
    Checking Server Date..
    ==========================================================
    (Source - year/month/day)
    Local - 17/6/15
    Google - 17/6/15

    NTP server(s)
    -------------------------
    time.nist.gov - 17/6/15

    Passed

    ==========================================================
    Checking Certificates..
    ==========================================================
    File: /var/lib/datasync/webadmin/server.pem
    Expiry date: May 28 17:35:47 2027 GMT

    File: /var/lib/datasync/common/CA/trustedroot.pem
    Expiry date: May 28 17:35:47 2027 GMT

    Handshake Successful
    Connect: 0.0.0.0:8120
    CA File: /var/lib/datasync/webadmin/server.pem

    Passed
  • In article <human122.804i8o@no-mx.forums.microfocus.com>, Human122
    wrote:
    > https://192.168.42.3 - This site is unreachable
    > http://192.168.42.3 - Access is denied
    > https://192.168.42.3:8120 - Continue to this website (not recommended)
    >
    > grep 443 shows nothing. I can use grep 80:
    >
    > sles11sp3:~ # netstat -pln | grep 443
    > sles11sp3:~ # netstat -pln | grep 80
    > tcp 0 0 0.0.0.0:80 0.0.0.0:*
    > LISTEN 3545/python


    OK, so your GMS is not set for SSL, that will cause one hunk of
    challenges along the way. All the ones I've done are only SSLize (on
    443 rather than 80) At least we see it listening properly on port 80.
    Technically that is acceptable, but so not a good practise. I've heard
    that some devices just won't work without SSL working and that could be
    what you are hitting. I've never tried any on port 80.

    The rest looks reasonable for having just one user configured.
    So login to GMS admin https://192.168.42.3:8120, Config, Device,
    check the Secure Enable box. That should change the port to 443, Save
    that, restart GMS, and try both devices again. (Outlook counts as a
    device in these cases)

    The netstat -pln | grep 443 should now show the expected result as well.


    Andy of
    http://KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!
    GMS troubleshooting tips at http://www.konecnyad.ca/andyk/gwmobility.htm


  • The rest looks reasonable for having just one user configured.
    So login to GMS admin https://192.168.42.3:8120, Config, Device,
    check the Secure Enable box. That should change the port to 443, Save
    that, restart GMS, and try both devices again. (Outlook counts as a
    device in these cases)

    The netstat -pln | grep 443 should now show the expected result as well.


    Ok, I change it as you said.

    Result of netstat -pln | grep 443 is:

    tcp 0 0.0.0.0:443 0.0.0.0:* LISTEN 3561/python

    It's weird. Looks like Outlook can connect with GMS in some ways - I add new account to outlook (outlook can Log onto Exchange ActiveSync mail serwer (EAS)), but when I want to synchronize email it show error:
    "Server configuration prevents synchronization. Contact your system administrator."
    When I click details button i get this:
    File: outlook\pstprx\storeas\utils\airsyncstatuscodes.h
    Line: 226
    HTTP/1.1 403 Forbidden
    FolderStatus: 403
    To re-try press F9...
    Error code: 0x80004005

    My phone still can't connect to GMS...