Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
elogjngf
New Member.
1199 views

GW 2018 Webaccess


Hi!



Documentation says tomcat6 is required for webaccess and SLES 11 SP4 is fine.



Installing webaccess installs a grpwise-tomcat8 version which fails to due to an old libtcnative-1 library.



What is going on? tomcat6 or 8, why the version error?



Thx,

Georg



PS: Accessing the new webaccess directly over the new tomcat 8 works fine, btw.
Labels (1)
0 Likes
7 Replies
Micro Focus Expert
Micro Focus Expert

Re: GW 2018 Webaccess

Hi Georg,

The documentation states that tomcat 7 is required: https://www.novell.com/documentation/groupwise18/gw18_guide_install/data/inst_req_admin_web_server.html

I'll see what I can find out about the error you reported. If I get any information for you I'll post back.

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
elogjngf
New Member.

Re: GW 2018 Webaccess


Hi!



Your link refers to the administration component.



The webaccess documentation only talks about Tomcat 6:

https://www.novell.com/documentation/groupwise18/gw18_guide_install/data/install_webacc_req.html



However, whether it is Tomcat 6 or 7 does not matter, the installation actually installs a grpwise-tomcat8 component which does not integrate well with an Apache 2.2 installation on a fully patched SLES 11 SP4 machine.



------

SEVERE [main] org.apache.catalina.core.AprLifecycleListener.init An incompatible version [1.1.30] of the APR based Apache Tomcat Native library is installed, while Tomcat requires version [1.2.14]

------



IMO a production machine should have the correct libraries for optimal performance. It does work, but i do not like the error.



Another thing, did the webaccess installation always install an automatic rewrite from http to https?

I think this is from a practical(!) view on security a really bad idea.. (and might break some setups, such as mine)



At least such a rewrite was not active on my prior webaccess (2014 R2) setup, but i do not recall if it wasn't installed in the first place or i just removed it.



I would appreciate any feedback you receive,

Georg




>>> laurabuckley<laurabuckley@no-mx.forums.microfocus.com> 06.01.2018 16:26 >>>







Hi Georg,




The documentation states that tomcat 7 is required:
https://www.novell.com/documentation/groupwise18/gw18_guide_install/data/inst_req_admin_web_server.html






I'll see what I can find out about the error you reported. If I get any

information for you I'll post back.




Cheers,







--

Laura Buckley




Views/comments expressed here are entirely my own.




If you find this post helpful and are logged into the web interface,

please show your appreciation and click on the star below...

------------------------------------------------------------------------
laurabuckley's Profile: https://forums.novell.com/member.php?userid=122


View this thread: https://forums.novell.com/showthread.php?t=506579
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: GW 2018 Webaccess

Hi Georg,

I am unable to duplicate your issue in my lab so, at this point, I do not know what's causing your error message.

Starting with GroupWise 18 an automatic http to https has been included. If you like your users sending user name and password in clear text over the wire then so be it - poor security in my opinion!

My apologies for the wrong doc. link.

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
elogjngf
New Member.

Re: GW 2018 Webaccess


Hi Laura,



Thx for checking. However, on my SLES 11 SP4 servers the tomcat native APR library is an old version and the severe error warning from tomcat 8 is totally obvious. No show-stopper, but not ok either.



The docs should also be updated to reflect the actual requirements.





@https-forward:



Because i do not like the http clear text option i think the automatic forward is a really bad idea.

(...and i do not like managing https certificates and prefer a very simple and 'debugable' https setup.)



Let me explain why an UNCHECKED automatic forward installation breaks my setup:



Reason A: technical



I have https disabled in the Apache 2.2 setup. So if an installer adds an automatic forward without checking that https is actually enabled in Apache is not very clever.



I do have https enabled, but only on a reverse proxy in front of the INTERNAL GroupWise webaccess server. The reverse proxy server talks to webaccess over a private VLAN. No need for additional certificate management, https setup (ciphers, etc.) on the webaccess server. A wildcard certificate on the reverse proxy can handle loads of internal servers - not just webaccess. It makes life so much easier!



Reason B: security consideration



I have http (clear text) disabled on the external reverse proxy. I require my users to actually go directly to https://

By allowing http:// and forwarding the users to https:// you are opening a HUGE attack vector:



If the users are e.g. in a public WLAN the http:// page they THINK they are going to, can easily be spoofed and be replaced by a forward to a compromised https:// page with a similar looking URL. An average users will not spot the difference in the url if only a single letter is replaced.



So why not simply go directly to https:// by typing one extra letter or saving a correct bookmark. I think this a much better and more secure approach compared to an inherently unsecure http to https forward. The real-life risk of the attack might be low, but why open http:// in the first place when https:// is the goal?



Georg




>>> laurabuckley<laurabuckley@no-mx.forums.microfocus.com> 08.01.2018 20:14 >>>







Hi Georg,




I am unable to duplicate your issue in my lab so, at this point, I do

not know what's causing your error message.




Starting with GroupWise 18 an automatic http to https has been

included. If you like your users sending user name and password in

clear text over the wire then so be it - poor security in my opinion!




My apologies for the wrong doc. link.




Cheers,







--

Laura Buckley




Views/comments expressed here are entirely my own.




If you find this post helpful and are logged into the web interface,

please show your appreciation and click on the star below...

------------------------------------------------------------------------
laurabuckley's Profile: https://forums.novell.com/member.php?userid=122


View this thread: https://forums.novell.com/showthread.php?t=506579
0 Likes
ebelcher Absent Member.
Absent Member.

Re: GW 2018 Webaccess

laurabuckley;2472992 wrote:
Hi Georg,

I am unable to duplicate your issue in my lab so, at this point, I do not know what's causing your error message.

Starting with GroupWise 18 an automatic http to https has been included. If you like your users sending user name and password in clear text over the wire then so be it - poor security in my opinion!

My apologies for the wrong doc. link.

Cheers,


Hi Laura,
Is there an update on this issue? I have just upgraded my Groupwise on SLES 11 SP4 from 2018.0.2 to 2018.1 and webmail is no longer working. I had to relink the rewrite.conf file in /etc/apache2/conf.d so at least apache and tomcat now start, but I still get a 403 error when trying to access webmail. Perhaps a downgrade on this particular component? What do you recommend?
0 Likes
Highlighted
ebelcher Absent Member.
Absent Member.

Re: GW 2018 Webaccess

Umm, I uninstalled webaccess and grpwise-tomcat and reinstalled after fixing the rewrite symbolic link mentioned before. After a configure and a reboot, web access is working again.
I wish I could be more definitive about what the problem was.
Thanks
Eric.
0 Likes
Knowledge Partner
Knowledge Partner

Re: GW 2018 Webaccess

On 15.01.2019 07:26, ebelcher wrote:
>
> Umm, I uninstalled webaccess and grpwise-tomcat and reinstalled after
> fixing the rewrite symbolic link mentioned before. After a configure and
> a reboot, web access is working again.
> I wish I could be more definitive about what the problem was.



I'm 99% certain you didn't run the (absolutely necessary) configuration
of webaccess the first time round, but just the install.

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.