Highlighted
Absent Member.
Absent Member.
2406 views

Active Directory Authentication Fails

Upgrading GW801/eDirectory887 on Windows Server03 to GW2014 on 08r2 box, use AD authentication via System/LDAP directory-Server. I dbcopy the GW8 database to fresh install of GW2014 on new server. Fresh install has same system domain and PO names and paths. After dbcopy, reinstall as upgrade. In 10 tries I got it to work twice. All other times, Client users can not log on using AD password, client just sits waiting for correct password, and also, clients do not get cert request. What am I missing? Is there a best practice guide on this type upgrade? Have re-created PO/MTA/GWIA certs. no go. Is this upgrade to new box supported?
Labels (1)
0 Likes
12 Replies
Highlighted
Absent Member.
Absent Member.

Re: Active Directory Authentication Fails

mwalker50 wrote:

> Upgrading GW801/eDirectory887 on Windows Server03 to GW2014 on 08r2 box, use
> AD authentication via System/LDAP directory-Server. I dbcopy the GW8 database
> to fresh install of GW2014 on new server. Fresh install has same system domain
> and PO names and paths. After dbcopy, reinstall as upgrade. In 10 tries I got
> it to work twice. All other times, Client users can not log on using AD
> password, client just sits waiting for correct password, and also, clients do
> not get cert request. What am I missing? Is there a best practice guide on
> this type upgrade? Have re-created PO/MTA/GWIA certs. no go. Is this upgrade
> to new box supported?


I guess I'm a little confused by the description here. You say you created a
new system with a domain and PO on the server, and then copy the original
databases over. That's really not what you want to do. You want to start with
a clean server, copy the data from the existing server, and then "upgrade" it.

As for the AD authentication, this is not necessarily related to the upgrade.
It must all be configured in the new system (unless you were already using AD
authentication on the old server, which is possible, but all manual).

I think you need to start from scratch. And I hate to suggest you "purchase"
something, but we have a comprehensive guide for sale in the link below.

--
Danita
Novell Knowledge Partner
Upgrading to GroupWise 2014? We've got you covered
http://www.caledonia.net/store

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Active Directory Authentication Fails

What I did:
1 Install new 2014
2 Copy the old data over.
3 Upgrade old data.

AD authentication works after configured #1, is broken by time I get #3 done

Aware of books you offer. You have several. Guess ill have to try one
0 Likes
Highlighted
Outstanding Contributor.
Outstanding Contributor.

Re: Active Directory Authentication Fails

mwalker50 wrote:

>
> What I did:
> 1 Install new 2014
> 2 Copy the old data over.
> 3 Upgrade old data.
>
> AD authentication works after configured #1, is broken by time I get #3
> done
>
> Aware of books you offer. You have several. Guess ill have to try one
>
>


You answered it write at the beginning. You installed a new server which I
am assuming created a new domain and po as well. so you have new users from
ad in that po that work fine. you copied the data and tried to upgrade which
of course can't do upgrade after you created a new system. That is atleast
how I read what posted.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Active Directory Authentication Fails

mwalker50 wrote:

> AD authentication works after configured #1, is broken by time I get #3 done


You simply cannot do this! Do NOT configure anything before you copy the old
data over. You've essentially wiped out all of the work you do in #1 when you
copy the data over. Upgrade the data and THEN configure the AD stuff.

--
Danita
Novell Knowledge Partner
Upgrading to GroupWise 2014? We've got you covered
http://www.caledonia.net/store

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Active Directory Authentication Fails

Ok, this time I.....
1) Copy Data Over
2) Upgrade copied data.
3) Configure to use Active Directory

Have exact same issue

Tried install half dozen times. Everything seems to work consistently accept the Active Directory Authentication. Some times it works correct, some times it does not work at all.

When it DOES fail, I can see the following telltails:
In Post Office /<mypostoffice>/ security I check the box "Use LDAP Authentication"
..AND YET...........
in Post Office Agent/POA/General Tab/Launch POA console/Configure(at top) is says LDAP Authentication is false, AND when I try to add an SSL certificate to POA Agent I this error
javax.ws.rs.WQebApplicationException:
javax.xml.bind.MarshalException - with linked Exception:
java.net.ConnectException: Connection refused: connect

I can ALWAYS add a cert to the MTA and GWIA when all is working or not working. Only POA gives error.
When is does work properly the POA configure screen says LDAP authentication enabled and no java error trying to add a POA cert

FYI, have this all running in VMWare so I can quickly reload a VM Snapshot to reproduce test and results with minimum time, setup and few if any environment changes. Same Windows AD server for all tests.
is a service not working correct? Why sometimes yes, sometimes no?
What am I missing?
Any pointers at all would be appreciated.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Active Directory Authentication Fails

mwalker50 wrote:

> What am I missing? Any pointers at all would be appreciated.


I think at this point opening a Service Request with Novell is in order. I see
no reason from here why this is failing.

--
Danita
Novell Knowledge Partner
Upgrading to GroupWise 2014? We've got you covered
http://www.caledonia.net/store

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Active Directory Authentication Fails

OK, more info
ON a failed install, when looking at the POA Agent Console/Configuration page...
MTP Inbound Traffic <my ip>:7101 is not listed at all yet the Agent Settings page does show 7101 as the port to use
On a successful install it is listed!

Contacting and having to pay Novell to fix a test install of their software is out of the question.
I'm try this to see if I want to continue using GroupWise in our environment, knowing what previous upgrades required going from 6.5 to 7, then 7 to 8
> What am I missing? Any pointers at all would be appreciated.

I think at this point opening a Service Request with Novell is in order. I see
no reason from here why this is failing.

--
Danita
Novell Knowledge Partner
Upgrading to GroupWise 2014? We've got you covered
http://www.caledonia.net/store

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Active Directory Authentication Fails

More discovery's
Admin port 9711 also does not work even thought in Web administration it says its there.
The cause of the failures I believe is the database file wphost.db ih PO directory. During install, for what ever reason, it does not get updated properly.
By swapping out file for known good one from an identical install, never mind other issues caused by swap, the ports 9711 and 7101 show in config.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Active Directory Authentication Fails

mwalker50 wrote:

> Contacting and having to pay Novell to fix a test install of their software is
> out of the question.


Well, I'm happy to help you as much as I can for free, but honestly, it's
difficult to troubleshoot things like this from afar. An SR would get Novell to
"look" at your system and probably fix it within minutes.

That said, have you tried rebuilding the post office database? You can do this
from the command line (unload the POA first):

/opt/novell/groupwise/admin/gwadminutil rebuild -d <pathtodomain> -n po.domain
-o <pathforpofile>




--
Danita
Novell Knowledge Partner
Are you a GroupWise Power Administrator? Join our site.
http://www.caledonia.net/register

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Active Directory Authentication Fails

mwalker50 wrote:

> The cause of the failures I believe is the database file wphost.db ih PO
> directory. During install, for what ever reason, it does not get updated
> properly.


See my other post about rebuilding it.

--
Danita
Novell Knowledge Partner
Are you a GroupWise Power Administrator? Join our site.
http://www.caledonia.net/register

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Active Directory Authentication Fails

Yes, you did it. That fixed it!
gwadminutil rebuild -d C:\Groupwise\Domain -n homepo -o C:\Groupwise\PO
Missing POA port showed up in config with new number 7201 instead of default 7101
Admin ports 9710 and 9711 show up when I run netstat -an
Can now add Certificate with out error, so I can use ssl
Now Ill see if I can repeat it. and then move forward
Thank You!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.