GroupWise Server issue with DNS and Windows Domain Membership

Usually this forum has an idea which will help. Running Groupwise 24.3 on SLES 15.6 on physical hardware. Introduced a new Windows Server DC and demoted the old DC (also switched DNS to new Server). I did have the Groupwise server configured as part of the Windows Domain for user access, etc. I also had a Docker gwweb on the server that worked fine before introducing the new Windows Server. I changed the DNS settings on the SLES 15.6 machine, and tried to configure a new gwweb with new DNS ip addr, but it won't work.  Now the SLES 15.6 says it isn't part of the domain anymore. I tried uninstalling domain share services and reinstall. Acts like it finds the new Windows Server, but still no go.  Any ideas on what I am doing wrong? Some hidden file settings somewhere?

  • 0  

    I do not get the whole story I think.

    Your Sles server is part of your Windows domain. This is because of user access. Is SSO the reason for this approach? Otherwise your AD connection will be based on LDAP only I assume. Do you use kerberos and klist utility to register your server in AD?

    Tell us a little bit more!


    Use "Verified Answers" if your problem/issue has been solved!

  • 0 in reply to   

    Single sign-on is a yes. But if there is a good alternative I would be happy to have select users sign on individually. As for kerberos or klist being used to register to AD. I simply chose YAST, and clicked on Windows Domain Membership utility. A box is checked for Use SMB information for Linux Authentication. Under expert settings it says "Kerberos Method secrets only". I thought maybe lack of SMBv1 on new Windows server was and issue, but I added it, and no impact.

  • 0   in reply to 

    Strange enough I have an open case for this - not solved. A remote session will happen next week ...

    Nevertheless, have you removed this server from AD and added it afterwards? A remove seems to be mandatary before registration.

    On the other side I assume that you did not change any pieces in the GW corner. So your POA is listening to a full qualified host name; including the domain. Your linux server shows the same information (hostname). And your certs (admin certs for GroupWise) show it too (openssl x509 -noout -text -in "admin.poa.cert").


    Use "Verified Answers" if your problem/issue has been solved!

  • 0 in reply to   

    Good to know. I did not remove this server from AD. I will undertake to do that, and then re-add.  As to GroupWise, POA etc are all funtioning well. No hostname issues, certs are all fine. Only issue is the docker gwweb module. I created a ticket as I downloaded the newest version and have learned in past that this can result in a download of an incompatible ver (the download could be looking for a 24.4 backend and failing to find it and terminating).

  • 0   in reply to 

    My remark because of hostname etc. is for SSO only. If they are not set properly, SSO will not work.

    If your GW server is not part of AD, then GW does not have a problem. This is only important for SSO. So, users have to login twice: once for the workstation and second time for GW.

    If SSO is not really important for you, then let's continue with gwweb. Did you run a webconfig?


    Use "Verified Answers" if your problem/issue has been solved!

  • 0 in reply to   

    Whoa, just as a test, to the docker run command I added  GWSOAP_SSL_VERIFY=off  and it launched. So it works now. Not sure why though. For now this solves it. Must be an SSL related issue. Running commercial certs.

  • 0 in reply to 

    Also solved the login issue. For some reason the format of entering full domain name is different. Perhaps some new server AD security requirement. So when you join the corporate domain and you login you can login but you have to do it with the full domain name and then your password. Like xxxx.xxxx.xxxx\Username   before new server it would accept a partial domain name. Go figure.

  • 0   in reply to 

    Hmm, interesting. Maybe a hint for the other customer ...


    Use "Verified Answers" if your problem/issue has been solved!