shootdawg

Commodore
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2017-10-02
13:49
3935 views
unable to login - soap error - 9505
Posting this to document what I found in my environment was a fix for the login error 9505, SOAP configuration issue seen by my users.
Sometime during the past two weeks, my users started getting errors when attempting to login to their GroupWise accounts via WebAccess.
Random users, all post offices, but not all users, including my own account.
error 9505
Your post office is unavailable. The post office agent might not be configured for SOAP. Please contact your system administrator.
I changed nothing in our system leading up to the increase in errors.
1 domain, 4 servers, 4 post offices, 1 webaccess (located on server with post office)
Looked in the knowledge base, in the forums... SSL was the common theme..
post offices and webaccess were NOT using SSL, so that should be the issue...
Noticed I wasn't up to date with the latest patch, 14.2.2.1
Read the notes, saw SOAP mentioned, figured why not... applied the patch, no change in errors.
Found log files in /var/opt/novell/groupwise/webaccess/logs
starting walking through them.... and noticed these entries:
9:40:37, <SOAP>, -, INFO, USERNAME, SSL Error: Could not authenticate server certificate for user, potential MITM
9:40:37, <SOAP>, -, INFO, USERNAME, Exception invoking negotiateLoginRequest: HTTP transport error: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
9:40:37, <SOAP>, -, INFO, USERNAME, Unable to connect to the POA @ https://IP-ADDRESS-OF-POSTOFFICE:7191/soap
SSL, front and center. But we are not using SOAP SSL....
Not sure why, but I had the idea to check the certificates on the four GroupWise servers.
The certificates on all four servers had expired, imanager listed them as invalid.
Figured why not, lets fix this issue.
https://www.novell.com/communities/coolsolutions/cool_tools/certificate-recreation-script-oes1-and-oes2/
7+ days so far, and the issue/error has not returned.
Sometime during the past two weeks, my users started getting errors when attempting to login to their GroupWise accounts via WebAccess.
Random users, all post offices, but not all users, including my own account.
error 9505
Your post office is unavailable. The post office agent might not be configured for SOAP. Please contact your system administrator.
I changed nothing in our system leading up to the increase in errors.
1 domain, 4 servers, 4 post offices, 1 webaccess (located on server with post office)
Looked in the knowledge base, in the forums... SSL was the common theme..
post offices and webaccess were NOT using SSL, so that should be the issue...
Noticed I wasn't up to date with the latest patch, 14.2.2.1
Read the notes, saw SOAP mentioned, figured why not... applied the patch, no change in errors.
Found log files in /var/opt/novell/groupwise/webaccess/logs
starting walking through them.... and noticed these entries:
9:40:37, <SOAP>, -, INFO, USERNAME, SSL Error: Could not authenticate server certificate for user, potential MITM
9:40:37, <SOAP>, -, INFO, USERNAME, Exception invoking negotiateLoginRequest: HTTP transport error: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
9:40:37, <SOAP>, -, INFO, USERNAME, Unable to connect to the POA @ https://IP-ADDRESS-OF-POSTOFFICE:7191/soap
SSL, front and center. But we are not using SOAP SSL....
Not sure why, but I had the idea to check the certificates on the four GroupWise servers.
The certificates on all four servers had expired, imanager listed them as invalid.
Figured why not, lets fix this issue.
https://www.novell.com/communities/coolsolutions/cool_tools/certificate-recreation-script-oes1-and-oes2/
7+ days so far, and the issue/error has not returned.
5 Replies
laurabuckley

Micro Focus Expert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2017-10-06
09:43
Thank you for sharing your experience and knowledge with us, the community. I'm sure many will find this useful.
Laura Buckley
Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
shootdawg

Commodore
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2017-10-12
16:24
ShootDawg;2467260 wrote:
7+ days so far, and the issue/error has not returned.
well, looks like this wasn't a full fix .... started getting the errors again this week... right now, just affecting one of four post offices/servers.


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2017-10-12
22:13
In article <ShootDawg.869d9b@no-mx.forums.microfocus.com>, ShootDawg
wrote:
> well, looks like this wasn't a full fix .... started getting the
> errors again this week... right now, just affecting one of four post
> offices/servers.
Have any of the POAs been restarted since WebAccess was restarted?
I have one system that sometime gives me grief when WebAccess has been
up longer than the POA
Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!
wrote:
> well, looks like this wasn't a full fix .... started getting the
> errors again this week... right now, just affecting one of four post
> offices/servers.
Have any of the POAs been restarted since WebAccess was restarted?
I have one system that sometime gives me grief when WebAccess has been
up longer than the POA
Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!
___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
shootdawg

Commodore
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2017-10-13
15:57
konecnya;2468024 wrote:
In article <ShootDawg.869d9b@no-mx.forums.microfocus.com>, ShootDawg
wrote:
> well, looks like this wasn't a full fix .... started getting the
> errors again this week... right now, just affecting one of four post
> offices/servers.
Have any of the POAs been restarted since WebAccess was restarted?
I have one system that sometime gives me grief when WebAccess has been
up longer than the POA
Actually...the problem post office was reported down and restarted...then reports came in...
other three post offices were not affected.
gwia/mta on the server with the problem post office were not affected, remained running as normal.
found java at 197% cpu utilization on the webaccess server...
stopped apache2 and tomcat.....restarted them...so far, seems better..


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2017-10-13
17:12
In article <ShootDawg.86b6wo@no-mx.forums.microfocus.com>, ShootDawg
wrote:
> Actually...the problem post office was reported down and
> restarted...then reports came in...
> other three post offices were not affected.
I've been seeing that sort of pattern. I've been adjusting my patching
routine the last few months to make sure Webaccess is the last thing
restarted after patching. Hasn't been a big enough issue for me to
open an SR on this, but perhaps someone else might take that up.
Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!
wrote:
> Actually...the problem post office was reported down and
> restarted...then reports came in...
> other three post offices were not affected.
I've been seeing that sort of pattern. I've been adjusting my patching
routine the last few months to make sure Webaccess is the last thing
restarted after patching. Hasn't been a big enough issue for me to
open an SR on this, but perhaps someone else might take that up.
Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!
___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!