Mobility Service CE 24.3 stopped running after migrating to SLES 15.6

Only way I could fix this issue was by deleting the migrated VM and restoring and re-registering a backup VM machine. I would however like to migrate to sp6 just to be fully patched and secure. Other GroupWise installations run fine with sp6 and had no conflict. Not gms.

Three possible conflicts were identified during migration. I thought I copied the conflict messages, but copy did not save. Had something to do with libraries and python. I stupidly chose to update thinking the CE 24.3 was likely built to tolerate newest security. Wrong. Probably broke something. I suspect it might have something to do with cyrptography.

If I run pip list | grep cryptography
it reports that I am running 41.0.3

The Dashboard error says:
ERROR: Cannot validate GroupWise maintenance. GroupWise maintenance status: Unknown. Services are stopped. To resume service, fix the GroupWise maintenance issue.
Device Sync Agent shows starting
Groupwise Sync Agent shows stopped.

If I try to reinstall gms CE 24.3 I get:

Using -iter or -pbkdf2 would be better.
bad decrypt
4067C4B4C27F0000:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad decrypt:providers/implementations/ciphers/ciphercommon_block.c:129:
Failed to verify GW Admin App settings

The install also asks for Password for user datasync_user: 

But despite entering the correct password, the install can't get past the password request.

I opened a tech support issue, but no help whatsoever.

I suppose I can backup restored VM, and try migrating again and choose to keep all the conflicts and see what happens.

Any suggestions?

Parents
  • 0  

    From my field experience, the problem is in the ssl certificate on the GroupWise side. However, it cannot be ruled out that there are fundamental changes in openssl in SLES 15 SP6, this still needs to be checked.The error message regarding openssl says that there is probably a salt ssl problem, the password used is invalid or the SSL certificate itself has problems. 

    please check the following:

    Does the GWadmin account password contain special characters? If so, this can be a problem, I know this from the field.

    how long is the internal self signed CA still valid or is a "weak" Certifkat?

    check the certificat with openssl, it is especially important that there is no ip in the cn but an FQDN and that an FQDN is also entered where the server name can be found

    George

    “You can't teach a person anything, you can only help them to discover it within themselves.” Galileo Galilei

  • 0 in reply to   

    Same issue here, tried upgrade the  Server GMS first, same problem as described above. 

    Restored snapshot 

    I think I will wait to 24.4 

    Rainer

Reply Children
No Data