If you are familiar with the GroupWise Upgrade Guides that have been produced by Caledonia in the past, you will know that we generally only cover “upgrade” items. However, the new administration model for GroupWise 2014 is such a departure from what we as administrators have been accustomed to, that it really is important to discuss the administrative changes in much more detail than we ever have in the past. This is not an Administration Guide though, so we will not get into a lot of detail on routine GroupWise Administration. We simply wish to familiarize you with the look and feel of the new administration model, and point out some interesting new options.
First let’s look at the components that are involved in the new GroupWise 2014 Administrative Model. They are:
- GroupWise Admin Service
- GroupWise Administration Console
- GroupWise Command Line Utilities
- Redesign of some GroupWise related directory structures
Now we will look at these components in more detail
The GroupWise Admin Service
In prior versions of GroupWise, administration was accomplished through ConsoleOne (or even NWAdmin or ad.exe if we go back far enough). The administrator needed direct file access to a domain database in order to do domain level administration (configure system, create objects, perform directory maintenance), and also required direct file access to a post office database in order to perform post office or user level maintenance (run stand-alone GWChecks, document properties maintenance, etc.).
As ConsoleOne became deprecated in all other Novell products, largely being replaced by iManager, the need for direct file access kept GroupWise tied tightly to ConsoleOne. The need to access databases directly made the idea of a web based tool very difficult to accomplish.
Enter HTTP REST (Representational State Transfer). Now, the inner workings of REST go far beyond the scope of this guide. However, in a nutshell, Novell’s implementation of REST for GroupWise 2014 allows instructions to be transmitted from the administrator’s web browser to the admin service of a GroupWise agent. The REST service has a direct file connection to the database, similarly to how ConsoleOne accessed the database. The Administration Console sends information through REST to be written to the database.
For writing instructions such as creating users, configuring links, defining Internet Addressing and the like, the connection by the Admin Console is to the “Admin Service Port” of the MTA. For functions such as restarting an agent, the connection by the Admin Console is to the Admin Service Port for the POA or GWIA in question. Thus, as you configure your GroupWise 2014 system, each agent that you configure will receive a unique “admin port”. The default ports for a given agent are:
- MTA: 9710
- POA: 9711
Thus, in addition to needing to configure things such as the MTP and HTTP ports for an MTA, you will also need an Admin port. The same goes for POAs. Like all other ports on a server, you can opt to not use the default ports, but really only should change them if you have a conflict.
The GroupWise Admin Service gathers the configured Admin ports for the agents on a given server, and feeds this information into the Admin Console to effect a connection between the administrator’s web browser and the agents on the servers where the databases actually reside. In this way, GroupWise administration can be accomplished from any web browser that has access to the admin ports in question. Direct file access and mapped drives is, for the most part, no longer necessary.
Take for example, the act of rebuilding a secondary domain database. In ConsoleOne, the Administrator needed a mapped drive to both the location of the primary domain database and that of the secondary domain database. If this was impractical, the administrator could rebuild the secondary’s domain database to a local drive and then somehow copy or transport it to the remote location. In GroupWise 2014, the Admin Service for the primary domain knows the IP addresses and port (location) of the Secondary Domain’s Admin Service. The Primary Domain Admin Servers communicates the necessity to rebuild the Secondary Domain, and Admin Service at the remote location completes the task. In this example, the administrator may or may not be aware of the exact physical location of the post office. That really is of little concern in this situation, as the process is being completed by the Admin Services, and not a utility connected via mapped drives to both locations.
While it would be possible to nat through to these admin ports even from the Internet at large, it is recommended that sites use a VPN and LAN access for accessing GroupWise administration.
The GroupWise Administration Console
Be gone ConsoleOne! Music to some administrators’ ears no doubt! Certainly, while Danita has played around a bit using ConsoleOne against a GroupWise 2014 domain, it is neither recommended nor supported by Novell. Once your GroupWise domain is upgraded to GroupWise 2014, you should no longer use ConsoleOne to manage those domain’s objects. In fact when you install the GroupWise 2014 “server” on a Linux server, the GroupWise administration snapins are removed from ConsoleOne on that server. The Windows snapins stay, not because it’s okay to use them on Windows, but because GroupWise snapins are not registered as an “installed” program in Windows and cannot be removed automatically during the installation.
First you must log into your Administration Console from your Web Browser. You can do that either by using the Icon on your Server Desktop (which is actually just a shortcut for your browser), or navigate directly to your Console by navigating to:
- The Administration Console Login Windows
Figure 6-2 shows the main GroupWise Administrative Console screen.
This guide is not a full GroupWise administration manual. That said, we want to make sure you can find your way around, and so we will point out instances where something has moved that might not be obvious.
Much of the Administration Console is hyperlinked so that you can move around from one location to a logical “next step” without having to “back out” to a new window. So, for example, if you are looking at a User (RobRoy in the image), there will be “breadcrumbs” at the top of the window that allow you to jump to the user’s Post Office (in our case Caledonia) or the Domain (here CNC).
- Navigating through the Administration Console
Check every opportunity you get to see if the name of an object is a link to assist in navigation.
For the rest of this chapter, we’ll show you how to access items that might not seem so obvious.
Accessing Objects from the Dashboard
From the main Console Dashboard, you can click on any of the objects you see (domains, post offices, GWIAs) to be taken directly to that object. In the case of a Post Office, clicking on the Post Office name will take you to the Post Office settings, whereas clicking on the “status light” and then clicking the word POA will take you to the POA settings. Also, clicking on the indicator circle next to the object will link you directly to the http monitor for the agent.
- Access the HTTP Monitors directly from the Dashboard Overview
In a large GroupWise System, you may have more domains on this dashboard than you are interested in seeing. You can remove them by clicking the X in the grey bar associated with each domain. To restore a domain that you have removed, you can click the cog icon in the System Overview line.
- Adding Domains to the Dashboard
You can also get to the Post Office or Post Office Agent settings, for example, by clicking on the desired object type in the left column, and then choosing the object in the resultant list. There are many, many ways to move about the Administration Console. No longer do you need to exit out of a range of windows only to need to open another set of windows to reach your destination. Of course, if you attempt to leave a window before saving a change, you will be reminded first!
The Global Search field allows you to search for objects by name without the need to click through the menus. Search for a user, a post office, a group.
Context Specific Search
When accessing lists, such as Users or Post Offices or Groups, there is a context specific search box to the right above the list.
Here you can type a single letter, part of a name, etc. to narrow down the list. There are, however, many more things you can do from this field.
Type Control-Space while in this field, and a popup appears to show you variables that can be searched.
- Context search popup
Thus you could search for the user with a specific FID, or find all Post Offices with client lock-out dates.
Any list type of view can be exported to csv. You can add columns to the list by clicking on the cog icon above the search field (See Figure 6-6 above). Thus, you could export a list of users, including last login date, or mailbox size. Or a list of post offices, with time zone listings. No longer must you use complicated log parsing to let a list of valuable information.
At the top of the Administration Console, you will find a list of recent used items, as well as a favorites list you can build to get to your most needed items quickly.
- Accessing Useful Lists
In ConsoleOne, the System Settings were found under Tools|GroupWise System Operations. In the Administration Console, they are simply under System. Additionally, many entries that were under Tools|GroupWise Utilities have also been relocated the System Settings.
- GroupWise System Settings
Most of the items you found under GroupWise System Operations in ConsoleOne can be found here, as well as some new items. We will not go over each of these items. Most of them will be obvious if you compare them with ConsoleOne. Let’s look at a few of the newer and/or relocated items.
When you upgraded your Primary Domain, you were prompted to create a GroupWise Administrator for your system. We suggested that you name this user something like gwadmin. Here you can assign any GroupWise user to be a System level administrator. This is the similar in eDirectory to giving a user “Admin” equivalence. The System level administrator has all rights to the system as the original administrator your created during your upgrade.
Any administrator you assign uses his or her GroupWise credentials to authenticate.
This is a new entry for facilitating mass association of Directory users (eDirectory or Active Directory) and GroupWise users. This is discussed in detail in “Directory Integration and Synchronization” on page 61.
Document Viewer Agents
In GroupWise 2014, Document Viewer agents become system objects that can then be assigned to Post Offices. When you upgraded your GroupWise Post Offices, if Document Viewer Agents were found on the Post Office servers, they continue to be utilized. If, however, you upgraded a Post Office that did not have a GWDVA installed, no GWDVA was configured, and you must manually create the object and attach it to your POA. We discuss this in “Configuring and Verifying a DVA for your Post Office” on page 141.
Email Address Lookup
This option allows you to enter an email address in the search field, and quickly find out which user this belongs to. At present, however, if the result is a nickname, you cannot quickly see here who the nickname belongs to
This location contains Gateway objects (such as WebAccess Agents) and Software Distribution Directories. Once you no longer have any need for these objects, you can delete them here.
In ConsoleOne, Link Configuration included Post Office Links. Post Office Links have been moved to the Domain settings, and will not be found here.
This setting allows you to import GroupWise users from an LDAP directory. Choose the users from the Directory for whom you wish to create accounts, and voila!
When you click on Domains, you can see all of the Domains in your system. There are a couple of items under Domains that will seem new to you.
- Domain Items
You can assign any GroupWise user to be a domain administrator. This allows the user to manage all aspects of the Domain.
Post Office Links
In ConsoleOne, Post Office Links were found under “Link Configuration”. These links are defined now under the Domain object.
In ConsoleOne, you accessed Maintenance in a separate Window. All Domain maintenance is now available right from the Domain object.
In addition to the Client Options that you are familiar with, the new settings for Client Auto-Update are also accessed here. We discuss Client Auto-Update settings in “Upgrading GroupWise Clients”.
Message Transfer Agents
You should be able to find your way around the MTA settings without too much difficulty. There are some new options here.
In the General Tab, you have the ability to control the agent (Start/Stop) and also launch directly into the HTTP Monitor from this screen.
- The MTA General Tab
- MTA Log Settings
Post Office Settings
Items are laid out a bit differently in the Post Office settings, but should not be difficult to navigate.
- Post Office Settings
You can assign any GroupWise user to be a post office administrator. This allows the user to manage all aspects of the Post Office.
In ConsoleOne, you accessed Maintenance in a separate Window. All Post Office maintenance is now available right from the Post Office object. This includes both Post Office database maintenance, and Mailbox/Library Maintenance for the entire Post Office.
In addition to the Client Options that you are familiar with, the new settings for Client Auto-Update are also accessed here. We discuss Client Auto-Update settings in “Upgrading GroupWise Clients”.
Replicate (Formerly Synchronize)
As you move through the objects of your GroupWise system, one of the options you will see under More is Replicate.
- The Replicate function
This is not a new function. It’s simply the former “Synchronize” renamed. This will take the information for the object and replicate it through the GroupWise system, just as the former Synchronize command did. This function name was changed to avoid confusion with the new “Directory Synchronization” for integration with eDirectory and Active Directory.
Post Office Agents
- Post Office Agent Settings
From the General Tab of the Post Office Agent, you can start and stop the agent (just click on the Stop/Start Agent button). From here you can also launch directly into the POA HTTP Monitor.
- The POA General Tab
While the Post Office Agent settings are easy to maneuver, you will notice that the Network Address for the agents has moved to the Agent Settings tab.
Document Viewer Agents
The Document Viewer Agent tab allows you to assign DVAs to your Post Office, and better load balance the indexing and rendering of agents. We discuss the Document Viewer Agent settings in more detail in “Configuring and Verifying a DVA for your Post Office” on page 141.
- Group Settings
GroupWise Distribution Lists have been changed back to simply “Groups”, which they were before the merging with eDirectory with GroupWise 5.0.
Clicking the Access Control Tab of Groups allows to you limit who can send to a particular Group, and also assign users to administer the Group.
Of all of the changes for GroupWise 2014, the command line utilities are the most unexpected for some. Since the beginning of GroupWise (really all the way back to the beginnings of WordPerfect Office), we’ve had direct database access in one form or another. From GENOFF to AD.EXE to NWADMIN to ConsoleOne, there was a direct link from the administration tool to the database in question. Granted GENOFF was a command line tool itself, so one could say we’ve come full circle with GroupWise 2014!
The web based Administration Console has been long awaited and much clamored for. Not that it is here, it poses some particular problems when dealing with many of the database functions for GroupWise 2014. The Administration Console connects to the domain database through a REST connection, which allows it to generate commands directly to the database it is controlling. This does allow for database maintenance for objects that are controlled by a REST process. For example, a GroupWise 2014 Post Office database can be rebuilt from the Administration Console, but a GroupWise 2012 or older Post Office database owned by a 2014 domain requires rebuilding from the command line. During your upgrade especially, but also in some special administrative situations, you will be required to perform actions at the command line using one of various command line utilities available. We’ll go over these now. Please note: This is not an Administration Guide. We’re not attempting to cover every single aspect of GroupWise Administration here. We simply wish to show you the new functionality of the command line and point out where things are different than you might expect. If you need further information there are great resources such as:
- Novell GroupWise Documentation (http://novell.com/documentation/groupwise2014)
- The Caledonia GroupWise Power Administrator Resource (http://caledonia.net/register)
So, on to the command line utilities. If you navigate to your <serverfiles>/admin directory you will see the following objects:
- The Server Admin Directory
We will explain the important utilities here, as they relate to your Upgrade and how they might differ from prior administration. Remember also that some of these functions are also available within the Administration Console (i.e., validating databases and the like). We will go over them here from the command line as well, for thoroughness.
gwadmintuil is used for all of the functions that were in Tools|GroupWise Utilities|System Maintenance in Console One. This includes rebuilding databases, merging systems, releasing domains, etc. In order to see all of the functions available with gwadminutil, simply type gwadminutil at the command line:
windermere:/opt/novell/groupwise/admin # ./gwadminutil.sh
GroupWise Admin Command Line Utility (188.8.131.52855)
Usage: gwadminutil <command>
All of the command line utilities have a modicum of instructions built in by simply invoking the command. For example, to find out usage for a rebuild, simply type gwadminutil rebuild will explain that the usage is:
example: gwadminutil rebuild -d /gw/dom1 -n Dom1.Po1 -o /tmp/po1 -cd
This will rebuild Po1, belonging to Dom1 (which is located at /gw/dom1). It will rebuild the post office to /tmp/po1 and create the necessary directory structure for the PO, including the dc files. The path /tmp/po1 must exist. In other words, this would essentially create a new post office directory for a severely damaged PO.
Rebuilding a Secondary Domain Database
During your upgrade we instruct you to validate your Secondary Domain database. The can be done in ConsoleOne, connected to the Secondary Domain. If the validation fails, you must rebuild the Secondary Domain from the Primary. You cannot run the rebuild from ConsoleOne, and you cannot rebuild a database lower than version 2014 from the Administration Console. Thus you must run the rebuild from the gwadminutil utility on the Primary Domain server. If you have the ability to connect to both servers at the same time (map a drive from the Primary Domain server to the Secondary Domain server in Windows, or mount the volume containing the Secondary Domain from the Primary Domain Linux server), you can rebuilt “in place”. Otherwise you can rebuild the Secondary Domain database to a temporary location on the local drive of the Primary Domain server, and copy the resultant wpdomain.db file to the Secondary Domain location. The command to rebuild the Secondary Domain is, for example:
gwadminutil rebuild -d /grpwise/domains/cnc -n cnc2 -o /tmp/cnc22
Once you have the new wpdomain.db file in /tmp/cnc2, you can copy that file to the actual directory for the domain CNC. The /tmp/cnc2 folder must exist.
Similarly to rebuilding a domain database above, you may be called upon during your upgrade to rebuild a post office database.
During your upgrade we instruct you to validate your post office database. If the domain and post office are on the same server, we suggest that you check them both at the same time from ConsoleOne. Even if the domain and post office are on different servers, this can often be done prior to upgrading the domain, provided that you do not intend to wait very long between the upgrades.
If you must validate and possibly rebuild the post office database after the owning domain is already at version 2014, it becomes more complicated. You either need to have access to both the domain and post office directories at the same time, or you can copy the wphost.db file to a temporary directory on the domain server. To validate a post office, run the following command:
gwadminutil validate /path
This will of course be either the actual path, if you have access to it from the domain server, or a temporary path where you have copied the wphost.db file.
If the validation fails, you will need to rebuild the database. If you have the ability to connect to both servers at the same time (map a drive from the Domain server to the Post Office Domain server in Windows, or mount the volume containing the Post Office from the Domain Linux server), you can rebuilt “in place”. Otherwise you can rebuild the Post Office database to a temporary location on the local drive of the Domain server, and copy the resultant wphost.db file to the Post Office location. The command to rebuild the Post Office is, for example:
gwadminutil rebuild -d /grpwise/domains/cnc2 -n cnc2.italia -o /tmp/italia
Once you have the new wphost.db file in /tmp/italia, you can copy that file to the actual directory for the post office Italia. The /tmp/italia folder must exist.
Checking Your Database Version
During the upgrade we generally tell administrators to look at the database version of their domains and post offices in the Administration Console. You can also do this with gwadmintul.
gwadminutil dbinfo /grpwise/domains/beta
System Name: CNCMAIL
System GUID: EC08E830-FE29-0097-B7C3-02608CA65E03
Database Version: 1400
Admin Service: 192.168.110.222:9999
In the chapter on “Installing the GroupWise Administration Service”, we used gwadmin-ipc a number of times to authenticate the installation token. Should this file be missing or damaged, you would not be able to access the Installation Console. Some other functions of the gwadmin-ipc include:
a. gwadmin-ipc query to give you status of gwadmin services;
gwlinux:/opt/novell/groupwise/admin # ./gwadmin-ipc query
b. can use it to manually add/remove an adminservice listener. This is mostly for clustering.
/opt/novell/groupwise/admin/gwadmin-ipc start utah cluster
The gwcheck.sh has not changed from prior versions. You can still launch mailbox/library maintenance from the Administration Console on individual users or entire post offices. You can also use gwcheck.sh as a command line tool. We like using the command line version for specific tasks:
- watching for a specific expected error to occur, rather than waiting for a log file to be emailed.
- checking a specific database (for example, msg201.db
- scripting gwcheck
The remaining utilities in the <serverfiles>/admin folder are used the by the admin service itself and are rarely accessed by mere mortals.
Connecting to other Domain Administration Consoles
In ConsoleOne, we frequently would need to “Connect” to a different Domain database. You would simply right-click on a Domain and choose “Connect”. You might do this to compare settings to make sure that address book listings were the same from all domains.
The “domain database” connection in GroupWise 2014 is not through direct access to a database as it was in ConsoleOne. Rather it is through the Admin Service running on the Domain server.
If you wish to connect to a different domain’s Admin Service, you simply follow these steps:
Click on the dropdown list at the top of your Administration Console, and choose the Domain’s Admin Service. You will only see GroupWise 2014 domains in the list. If you need connect to a database prior to GroupWise 2014 (perhaps to check directory synchronization or other listings), you must use ConsoleOne for your connection.
- Changing the Domain
While we’ve cautioned against using ConsoleOne for day-to-day administration, you may find yourself in a situation where you really need to access the GroupWise system via ConsoleOne. The Administration Service installation does not remove the snapins on Windows, but it does on Linux. Should you find yourself in a bind, and you really need them, you must install them manually with the rpm. This is very simple!
This assumes you have kept ConsoleOne on your server. If not, you will need to first go to your /consoleone directory of your older GroupWise software and install ConsoleOne.
With ConsoleOne installed on the server, change to the /admin folder of your older GroupWise media. you will see a novell-groupwise-admin-<version>.rpm file. To install type this:
rpm -Uvh novell-groupwise-admin-<version>.rpm
When you get to “admin” you can just press tab and then entire file name should be completed for you. That’s it. GroupWise snapins should be active again. Remember, this is only a “last resort” solution for when there simply isn’t a way to complete a task or fix a problem with the Administration Console!