Vice Admiral
Vice Admiral
515 views

System Admin Cannot login to POA console

Running Gw 18.1.1 133172 on Sles 12 SP3 OES 2018. We have recently migrated our POs to these new servers with new iPs/DNS names with the intention of upgrading to 18.2.

Running into an odd issue . I have several users configured as System Administators in GWAC including myself, and  I can login to GWAC and all the MTA and POA consoles with my account. One user cannot. He can login to the MTA console but not any of the POAs. He can login to GWAC as an admin. As far as we know this just started happening. The other two system admins are on holidays so I can't check with them yet, but I did add another account to the system admins in GWAC and same thing. Can access the GWAC, login to MTA console but none of the POAs. I tried rebuilding a POA to see if that would fix it but no luck.

The POA start up files do not specify the httpusername/password - all that is configured in the GWAC. That user can login to POA console readonly mode as expected.

I'm not sure what else to check or look at or why its behaving this way?

0 Likes
19 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Hmm. If all ports are configured correctly (and unique) then rebuilding the PO DB should clean this up. There's one thing which could easily happen in older builds (as there was no warning): if running several agents on one box, configured with the same ip address (as e.g. a MTA and one or more POA(s)) each of them needs a dedicated admin port. As mentioned it could happen in earlier builds that they all were configured on port 9710, with the POA(s) "losing" most of the time. In such an offset granting rights to someone likely wouldn't get reflected in the PO DB.

 

If you like it: like it.
0 Likes
Vice Admiral
Vice Admiral

Thanks @mathiasbraun.
Only the POs (& adminservice) are running on these boxes - no other agent. Again it's odd that I can login to it, and I have the same rights as a system administrator..but he cannot? And odd that the rebuild didn't fix it either.
Not even for the test user I just added.

0 Likes
Micro Focus Expert
Micro Focus Expert

@squartec Hi,

Try rebuilding the PO's owning domain and then the PO.

Cheers,

Laura

Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Vice Admiral
Vice Admiral

Thanks @laurabuckley  I just rebuilt the owning domain and one post office - and I still can't login with the one  superadmin user I added today?!

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

---

Only the POs (& adminservice) are running on these boxes - no other agent.

---

Referring to "(&adminservice)": likely just a typo, but do you have a separate adminservice listener for each POA?

 

If you like it: like it.
0 Likes
Vice Admiral
Vice Admiral

Yes each Post office server has one poa and the gwadminservice running, listening on port 9710.

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Please forgive the question, you've for sure done that, but: did you restart the MTA and POA after rebuilding DOM and PO DBs? Did you have them down for the rebuilds?

 

If you like it: like it.
0 Likes
Vice Admiral
Vice Admiral

No worries. Yes I rebuilt both from the GWAC. Validated DB first,then rebuilt the databases. MTA first, then PO.
I had to restart the PO afterwards as admin console showed it was down (or red X even though it was up). The MTA saw that PO as closed as well.
So I restarted the PO, then restarted the MTA. Everything seemed happy at that point. I couldn't login to the POA admin console after that.
I got your response and for good measure I restarted the MTA just now, then the PO, and tried again and still cannot login ! 😞
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

If you add someone as a system admin and check

/var/log/novell/groupwise/gwadmin/gwadmin-audit.log

do you see something like "CREATE_ACCESS_CONTROL"?

That's how it looks if i add user "willi" (from po2 in dom1) as a sysadmin.

2020-08-28 17:46:00 Operation:{CREATE_ACCESS_CONTROL}, ObjectID:{SYSTEM_RECORD.GroupWiseSystem}, Associated ObjectID:{USER.dom1.po2.willi}, Admin:{admin}, Remote Host:{172.20.96.41}, Domain:{dom1}

If you like it: like it.
0 Likes
Vice Admiral
Vice Admiral

Yes I do see that in the audit logs - still I can log into the MTAs with this account but not the POAs.


2020-08-31 09:01:46 Operation:{UPDATE}, ObjectID:{CUSTOM_PREFERENCE.Novell.overview-layout}, Admin:{gwadmin}, Remote Host:{10.XX.XX.XXX}, Domain:{TBH}
2020-08-31 09:01:58 Operation:{CREATE_ACCESS_CONTROL}, ObjectID:{SYSTEM_RECORD.TBH_GW}, Associated ObjectID:{USER.TBH.PO_HSCRES.crizzotest}, Admin:{gwadmin}, Remote Host:{10.XX.XX.XXX}, Domain:{TBH}

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

And in the POA log (verbose), at about the same time, is there something like

ADM: Completed: Update object in post office -  Access Control  (Administrator: admin.GroupWiseSystem, Domain: dom1)
If you like it: like it.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.