When it comes to Novell, I’ve been called an evangelist.
But... is this taking fanaticism too far?

Thanks to the talented Kathy for creating this sticker for me.

Tags: motorcycles

Unisys: The one I worked for.


Novell: the one I’d like to work for.

Today GroupWise turns 20 years old. Gone is the gangly teen cause it’s all growed up.

So, ready Mr. Music?

Happy Birthday to you,
Happy Birthday to you,
Happy Birthday dear GroupWise,
Happy Birthday to you.

Hip Hip Hooray!
Hip Hip Hooray!
Hip Hip Hooray!

You can find the WP Chronology here.
You can read Dean Lythgoe’s blog entry here.

Tags: Novell, groupwise

A bit more information from Novell regarding iPhone integration with GW.

List: ngw
Subject: [ngw] Novell GroupWise and the Apple iPhone
From: "Alex Evans"
Date: 2008-06-13 15:23:21
Message-ID: 48523C89.4E3C.0093.1 () novell ! com
[Download message RAW]

[Attachment #2 (text/plain)]

Novell GroupWise and the Apple iPhone
Apple recently announced iPhone support for Microsoft Exchange, based on the \
ActiveSync technology that Apple paid Microsoft for. This has prompted GroupWise \
customers to ask what Novell's plans are for iPhone support. Novell is committed to \
providing a solution that allows users access to their email, calendar and contacts \
on the iPhone, and is pursuing multiple avenues to address this goal.

NotifyLink and Toffa both plan to offer iPhone support to GroupWise customers.

There are a number of options that we have been considering:
1. Nokia enhance GMS to provide iPhone support. This had to be postponed due to the \
Apple SDK limitations. And I do mean postponed, not rejected. 2. Jailbreak the \
iPhone and use unauthorized APIs. That is not something that we feel we can \
recommend to corporate customers as an enterprise solution. 3. Create a web \
browser solution like IBM has. Not ideal as it does not sync any data to the device, \
allowing offline access. Much of the value of these kinds of solutions is having all \
the data to hand. 4. Rely on the SDK and create something in house. The SDK is very \
limited and does not allow enough access to the native apps and for services to run \
in the background 5. Do something around ActiveSync - a possibility that we are \
looking closely at, but it is a longer term strategy.

We are currently assessing other options and yes, we are also talking directly to \
Apple.

As Jay Parker mentioned in a previous post, IMAP and iTunes will work to allow cradle \
sync to the device

Thanks
Alex





Alex Evans
GroupWise Product Manager
aevans@novell.com
T: +1 801 861 7288
M: +1 801 368 8930
Blog: http://www.novell.com/communities/user/565

Tags: technology, apple, Iphone, groupwise

We’d all like to know what Novell is doing in the iPhone integration space. (So I use the term “ALL” loosely)

Toy or not, companies will be looking to integrate the iPhone purchased by those “execs” that must be seen to have the latest shiny-shiny, to make up for their I-have-no-idea-what-this-is-or-what-it-does-but-everyone-has-one-so-I’d-better-have-one-too.

What is Novell doing? Here is an excerpt from Dean Lythgoe’s blog on GroupWise integration.

“iPhone - Apple. As you know, this is a very hot topic right now and many are looking to Novell to provide a solution in this space. We have been very hesitant to discuss publicly what our plans and discussions have been. As I said, this is a sensitive topic. I will say a few things. Novell is working with Apple. Apple's integration with Exchange was done by Apple using internal proprietary Apple interfaces and by licensing ActiveSync. The integration was NOT done by Microsoft. There are at least two GroupWise partners, NotifyLink and Toffa, who have announced solutions in this space. Novell is continuing to evaluate and work on solutions. See a post by Alex Evans in the NGWList for other information.”
His full blog entry can be found here.

Keep up the good work Dean.

Tags: Iphone, groupwise, technology

Today's project was to do a hardware migration of my IDM server to new hardware, you could use this process for any server but I'm focussing on the IDM stuff.

This is how I accomplished it, and some of the problems/resolutions I found during the process are listed at the end. I'm not going to list a blow-by-blow account of the Server Consolidation Migration Utility as it's very straight forward. However, if you'd like some info let me know and I can give you the step-by-step process. I may even include this in a separate blog entry.

If you've read any of my other Novell Blog entries you'll know that my IDM system runs on NetWare... let me hear you say YEAH!!!

Because I'm still running Netware, migrating to other hardware is quite easy. Novell has provided a neat little utility called the Server Consolidation and Migration Utility and it's a good time saver. Download this free product before you begin and I highly recommend you run this process through your test environment.

A few notes before we start.

I don't recommend trying to migrate to a higher DS level than the one your source server is on. ie, don't migrate from 8.7.3 to 8.8. If you wish to upgrade your DS version, do it after the migration has settled.

I do recommend using the latest patches and version of Netware as your destination server.

Side note: because my source server was a NW65SP7 server that was updated from SP6, I am still running eDir 8.7.3.9 and this is by choice. If you've installed a new Netware server from the SP7 overlay DVD you'll notice the default version of DS is 8.8sp2. So to get around this I install the pre-migration server with the SP6 overlay CD's and then apply the downloaded SP7.

Let the games begin.

1. Take note of the products/services your original server is running. You're going to re-install these on the new server so it helps to know what the old one did. Go make yourself a coffee and get comfortable.

2. Build the migration server ensuring all hardware is functioning correctly.
Use the Pre-migration server installation option in the Netware install. This installs a bare-bones Netware server with no additional products.

Note at this point: to cut down on editing in the comparison step later on, I recommend your temporary eDirectory has the same containment structure of your original tree. Create the same structure down to the server location. The following is what I typically used:

TREE Name: TEMPTREE
Server Name: OLDSERVERNAME1
Server context: Same structure as original server in production tree.
Server IP: something in the same network as the original server

3. On the source server comment out all unnecessary load lines in the AUTOEXEC.NCF. Backup clients and anything else that is not immediately required (which should be nothing as you're working inside a maintenance window or scheduled outage.. right??)

4. Stop all drivers running on the server and set them to manual start. Unload any backup clients or other applications to ensure files are not in use.

5. Export all driver configurations.

6. Start the Server Consolidation Migration utility and create a new project for your server. I usually just name the project after the server name being migrated followed by the date. Eg: SERVER1_220408

7. If your server is not a file server (ie doesn't have any volumes other than SYS) you can "next" your way through to the data copy. You can run this stage of the migration days ahead if you like. Then do a final update copy for any files that have changed at the time of the migration. This is a HUGE time-saver. This step simply backs up the trustees on the server and copies the entire contents of the SYS volume to the SYS:\SYS.MIG directory on the destination server.

Note at this point: take a bit of time to clean up your source server, delete any old patches etc that might be lingering around. The data copy stage will copy EVERYTHING, even stuff you don't necessarily need.

8. Complete the Migration process. I usually just accept the defaults given (unless you've done a pre-copy). Read each screen carefully and ensure you follow any additional steps that are suggested. Pay particular attention to the configuration file comparisons. You'll get a second warning about the Server name and IP address. Make sure these are correct.

9. At this point, your original server should be down and turned off, and your new server has now taken on the identity of the original. It's now time to install all the goodies again, but take a moment to yank the network and power cables from the old box.

10. Insert the SP7 overlay DVD and start installing the additional products. My server also ran DNS so I installed it at this point along with the following:

General:
Tomcat 4 and 5
Apache2
iManager 2.7
Novell Modular Authentication Services
reboot server.

Products required for IDM 3.5.1
Security Services 2.0.5
NMAS updates
CIMOM updates
reboot server.

11. Reinstall IDM 3.5.1 engine/utilities and any drivers. I have a blog entry on upgrading from 3.0.1 to 3.5.1 and I just followed these steps.

12. Load DSTRACE using the following:

load dstrace
load dstrace screen on
load dstrace +dvrs dxml

13. Start iManager and fire up the drivers one at a time. Watch the trace screen in step 12 for any errors. Once you've confirmed all is running, edit the driver configurations and set the drivers to auto-start.

14. Pat yourself on the back for a job well done.

Problems encountered:

The above process is exactly how it all went... in test.

In production, however, things were slightly more "interesting".

My hardware migration went perfectly and the new server became the old one as expected. I then went and started installing all the Netware products and patches. Still all good at this point.

I then installed IDM on the server and for good measure, rebooted.

When I attempted to start the first driver, the process failed with a -783 error. This TID pointed in the right direction but didn't help me. DIRXML was loading but was not functioning.

I investigated the logger screen and saw an error loading DXLDAP.NLM and followed this TID. However, unloading DIRXML or DS simply locked the console screen and after 20 minutes still wouldn't unload the nlm's. I could see from the DSTRACE screen the drivers were caching any changes so updates weren't going to be lost.

At this point I figured something hadn't installed correctly. DS was working perfectly but DIRXML was being a precious petal. To prevent DIRXML from loading I renamed the dirxml.nlm to dirxml.old and rebooted.

After the reboot I reinstalled IDM and rebooted, but had the same problem. Did the rename dirxml.nlm thing again, rebooted. This time I uninstalled IDM and did the following:

1. Ran the Product install again and re-installed all the products and update in step 10 above.
2. Ran the IDM install again
3. Added the server back to the driver set as it was removed because of the -783 error above.
4. Enabled the drivers but didn't automatically synchronize (drivers are disabled if the server is removed from the set)
5. Started the drivers, this time all went well.

Post investigation seems to point to the NMAS installation, but I haven't confirmed this.

All is working perfectly now and the pointy-haird boss is blissfully unaware of my numerous missed heartbeats this morning.

Tags: Identity Manager, Netware, IDM

So it's time to upgrade to the latest Novell Identity Manager code. This is a rather straight-forward process but still one you'll want to run through a test environment.

I came across a few hiccups in test that I didn't hit in production, but this only helps in the preparation.

I have two eDirectory Trees to contend with. Tree 1 has eDir, MAD, Delimited Text drivers. Tree 2 has eDir, GroupWise, and UserApplication drivers. All IDM servers are OES2 Netware with the exception of the UserApplication server. This is required to be linux.

The really good news is all these drivers will work together at different version levels, allowing you to take your time in the completing the process.

Here is my take on the process of getting to the latest and greatest.

Approach

Prepare for the upgrade
Test roll-back plan
Upgrade the Meta-directory engine in Tree 1
Upgrade the drivers in Tree 1
Upgrade the MAD remote loader and PassSync.
Upgrade the Meta-directory engine in Tree 2
Upgrade the drivers in Tree 2
Install new UserApplication

I have chosen to create a new install of the UserApplication as currently it's only used for password self-service. The original server is a SLES9 box and the new one I want to be an SLES 10.1 box.

Prepare for the upgrade

1. Upgrade IDM servers in both Trees to NW65SP7
2. Upgrade Security Services to 2.0.5
3. Upgrade NMAS to 3.2.0.1
4. Export current driver sets
5. Export each individual driver in both sets
6. Refresh documentation of current settings noting passwords etc
7. Rename sys:\ni\update directory on both IDM servers
8. All software including previous versions of IDM to hand.
9. Set trace level on all drivers to 3

Roll-back plan

1. Ensure there is a current backup of the SYS volume
2. Export of all drivers

Should the installation fail with no ability to continue:

1. remove the new software if possible
2. Install previous version of software

Should the upgrade of the drivers fail with no ability to continue:

1. Delete drivers in driver set and re-import or;
2. Delete driver set and re-import.

Update Process

Schema update

Schema updates are done as part of the Installation of the IDM 3.5.1 Metadirectory engine. This is done once per tree.

TREE 1 (1hr 30mins)
1. Set all drivers to manual start and apply.
2. Stop all drivers
3. Install Metadirectory Server, Web components and utilities to server
4. Deselect all drivers and select

Delimited Text
eDirectory

5. Select Application components
6. Complete install and restart the server
7. Load DSTRACE and set DSTRACE to DXML and DVRS
8. Start all drivers and confirm no errors on trace
9. Apply authorization to Directory set
10. restart all drivers to check for authorization
11. Upgrade eDirectory driver and restart
12. Upgrade Delimited Text driver and restart
13. Upgrade Active Directory driver and restart


AD remote loader (30mins)
1. Stop AD remote loader on Domain Controller.
2. Edit settings and set trace level to 3
3. Copy the remote loader config file C:\Novell\RemoteLoader\ADRemoteLoader-Config.txt to ADRemoteLoader-Config.backup
4. Install new remote loader and start

TREE 2 (1hr 30mins)
1. Set all drivers to manual start and apply.
2. Stop all drivers
3. Export individual drivers and driver set
4. Install Metadirectory Server, Web components and utilities to server
5. Deselect all drivers and select

GroupWise
eDirectory

6. Select Application components
7. Complete install and restart the server
8. Load DSTRACE and set DSTRACE to DXML and DVRS
9. Start all drivers and confirm no errors on trace
10. Apply authorization to Directory set
11. Restart all drivers to check for authorization
12. Upgrade eDirectory driver and restart
13. Upgrade GroupWise driver and restart
14. Upgrade UserApplication driver and restart


UserApplication Install
(Yet to be completed)
1. Install new SLES 10.1 server
2. Install additional software including development tools
3. Create a new instance of the IDM UserApplication using different port number to the original
4. Duplicate settings between UserApp drivers but leave the new one stopped
5. Install and configure UserApplication on new server


Problems encountered

Problem: Error updating NMAS methods during IDM install on server.
Solution: Rename sys:\ni\update directory

Problem: Error on eDir driver start using certificates
Solution: Re-issue certificates using the NDS-to-NDS certificate wizard

Problem: Unable to deploy new UserApplication driver from Designer
Solution: Run Project Checker in Designer and redeploy


And there you have it, an upgraded IDM system.

Tags: Identity Manager, IDM, Netware

So your NetWare server has been running flawlessly for years, and you've just restarted it to find it wont boot.

Boot loader not found...

or

No operating system found...

You know the error, I'm sure you've seen it all before.

You could go through and boot from a utility disk and try and repair the partition, or you can recreate it with the NetWare install CD. How you proceed will depend on your comfort level, how/if you've done it before, and how many pointy-haired bosses you have yelling at you at the time. I'll take you through using the NetWare install CD.

Things you'll need to know are:
a) Your current OS version and patch level.
b) Any new driver updates you may have applied and modifications to the STARTUP.NCF file.
Get these ready, tell your pointy-haired boss to back-off before you insert the CD up his ...

...and focus.

1. Insert your NetWare CD with the latest patch overlaid (you can download this from Novell).

2. Start the install and select "Manual" so you get to choose all the options.

3. At the screen that asks you for the Boot Partition you'll see the current FAT16 partition. Delete this taking note of the size.

4. Create a new boot partition of the same size and continue with the install.

5. At the screen that asks for the SYS: partition DO NOTHING. You only have two options... recreate the partition or format the existing one. YOU DON'T WANT TO DO EITHER.

6. Switch to the Console screen (Alt+Esc and screen 1)

7. Down the server by typing "Down" and pressing enter.

8. Power cycle the server.

9. When the server comes back up it will be sitting at a DOS prompt. This is because the AUTOEXEC.BAT file is not created till later in the install. Edit the AUTOEXEC.BAT file and add the following:

@echo off
CD NWSERVER
SERVER -nl

(the -nl just turns off the splash screen so you can see any errors that may occur)

10. If you did NOT use an overlay CD at the same patch level as your server, you will need to copy the files from the patch CD. You will need the updated SERVER.EXE and any other updates. You can browse the patch CD for these files.

11. If you have a backup copy of your STARTUP.NCF file simply copy it back into C:\NWSERVER. You may be able to recreate it based on another server if you have another of similar hardware. If not, don't despair. Leave it alone and go to the next step.

12. Type AUTOEXEC and press enter to start the server. If you don't have a copy of your STARTUP.NCF file, once the server has started and is sitting at the console, type HWDETECT and press enter. Your NetWare box will go through and scan for new hardware and load the necessary drivers, or prompt you for them.

13. Once all the hardware is taken care of, reboot and you should be right to go.

As simple as that.
There are multiple ways of rebuilding your DOS partition and I think I've tried most of them. I didn't have any time constraints this time around so I thought I'd test out this method. It works a treat.

Last step.
Because you've had problems with your DOS partition, you should run a Pool verify over the NSS pools after you get the server back up. Regardless of the pressure you're under, don't put this off.

NSS /poolverify

Tags: Netware

This is how I upgraded my Novell GroupWise 6.5.7 system to 7.0.2.

Novell have ensured that the upgrade process to GroupWise 7 is as smooth as possible, and realise that it may not be completed in a single task. As such the upgrade can be broken up over a number of days spread over months if required. This is a good thing, as initially I had only a single 3hr maintenance window per week to work with. In the end I managed to get a Saturday to do the work, and roped in a few mates to help out with some of the other tasks.

My overall process follows Novell's guidelines and goes like this:

Create SDD in advance called GW7SDD
Upgrade the primary domain
Upgrade the secondary domain
Upgrade the post offices in the primary domain
Install new GWIA in the primary domain
Upgrade the post offices in the secondary domain
Install new GWIA in the secondary domain
Create new WebAccess environment

Preparation for the upgrade included the following:

Top-down rebuild of GW 6.5.7 system
Printed config documentation from the Webconsoles of each MTA/POA/GWIA/Webacc
Copied GW7 snapins to ConsoleOne
Logged a service call with Novell for support if required.
(With this last one I gave Novell Technical Support a date and time that I was intending to conduct the upgrade so that they could be on hand should a fan distribute the proverbial).

My rollback plan consisted of a number of technologies.

First of all, I was installing the new GW7 components into a subdirectory of SYS:\SYSTEM so that they wouldn't over-write the 6.5 nlms.
I also had the SAN administrator take a clone of the mail LUNS on the SAN
I had copies of SYS:\SYSTEM on both mail servers
I took copies of the Domain and PO databases

The rollback process was to be like this:

Unload all agents
Comment out all agent load lines in the AUTOEXEC.NCF
Dismount all mail volumes on server
Detach LUN's
Attache SAN clone and mount on server
Load original 6.5 agents

I tested this procedure a number of times in a test environment and it worked perfectly. I didn't have to use the rollback however.

The update process.

The first step in the update process is to upgrade the schema. As I was already running 6.5, this wasn't required.

My original process worked along the lines of several 3 hour sessions of work.

Session 1
Set all logging to VERBOSE in ConsoleOne
Stop the GW driver in IDM and unload DIRXML.NLM
Unload all POA's, MTA and GWIA on servers
Shutdown the webaccess services
Clone mail LUNs
Start all MTA's and POA's
Disable incoming SMTP mail at gateway
Comment out the MTA load line in AUTOEXEC.NCF
Copy the GW7SDD to the server
Unload the MTA for the Primary domain
Change the GW driver in IDM to GW7.0
Create a backup copy of WPDOMAIN.DB
Connect to Primary domain with ConsoleOne and run RECOVER to actual location
Run a validate to actual location
Copy the *.dc files from \gw7sdd\domain to the domain directory
Copy the *.dc files from \gw7sdd\po to the wpoffice directory under the domain directory
Run the \gw7sdd\agents\install.exe and install to sys:\system\gw70
Add the primary domain to the upgrade list
Complete the install but do not launch the MTA automatically
Edit the autoexec.ncf and modify the load line for the MTA to suite
Load the MTA and wait 60 seconds, watching the admin recover status until complete
Confirm the domain is upgraded in ConsoleOne
Allow 15mins for admin changes to sync to the rest of the system
Total time - 35mins

Repeat the above process for Secondary domains ensuring to connect to the secondary domain.

Upgrade Post Offices in Primary Domain

Comment out the load lines for the POA's in the AUTOEXEC.NCF
Unload the POA
Create a backup copy of WPHOST.DB
Connect to Primary domain and rebuild the post office
Copy the *.dc files from \gw7sdd\po to the root of the post office folder
Run the \gw7sdd\agents\install.exe and install into sys:\system\gw70
Select the post office and complete the install, do not launch the POA automatically.
Edit the load line for the poa to suite the install location
Load POA and watch the console screen for the agent for errors
Confirm PO has been upgraded in ConsoleOne.
(IMPORTANT) Copy the \gw7sdd\client\ofviews\win\*.vew to the PO\ofviews\win folder on the server
Total time: 30mins

Repeat for all other PO's in the primary domain.

Install new GWIA in the primary domain

Unload the GWIA on the server
Comment out the load lines in the AUTOEXEC.NCF
Create a copy of the gwia.cfg in sys:\system\
Run \gw7sdd\internet\gwia\install.exe and install into sys:\system\gw70
Enter the path to the primary domain
Finish the install and check the database version for the GWIA in ConsoleOne. Change to 7.0.1 if necessary
Edit the AUTOEXEC.NCF to reflect the path to the new GWIA location
Load the GWIA
Transfer the settings from the old GWIA to the new one by comparing them in ConsoleOne.

Post session 1 upgrade activity
Re-enable SMTP gateway traffic
Restart WebAccess
Re-enable the GW IDM driver
Install GW7 client and test login
Set appearance to GW 6.5 at the domain level
Remove unused SAN clones

Session 2
Disable incoming SMTP traffic at gateway
Unload POA's MTA's, GWIA of secondary domain
Clone the email LUNs
Load MTA and POA's on secondary domain

Upgrade Domain, Post offices and GWIA's as per session 1 ensuring you connect to the owning domain.

WebAccess

I created a completely new WebAccess environment running along side the old 6.5.
I created two WebAccess servers and configured them for fail-over (How I did this will be the subject of another blog). In front of the WebAccess application is a content switch to load balance between them.

Tags: groupwise, Novell

Just recently I implemented Novell Audit 2.0.3 at work. I chose this product because of its ability to audit a wide range of systems, collect information from a wide range of sources, and is extensible. You can import log schemas and extend the capabilities of the software.

The Audit starter pack is free and the secure logging server can run on Netware, Linux and Windows. It integrates with eDirectory and uses iManager for administration. Data can be stored in a number of different databases (I chose MySQL) and also a flat file. Straight out of the box, Audit can log events from Identity Manager, Netware, Windows event logs, eDirectory, iChain, syslogs and a number of other sources. Audit can also audit itself, have the agents sign each event, and send information securely.

Because I'm storing information in a MySQL database I can easily query it with SQL either from within iManager, or as I do using a free SQL query tool. Audit comes with a reporting tool of its own, but it's time bombed for 10mins unless you upgrade the starter pack to a fully licensed install.

My installation process was fairly straight forward. The documentation is quite easy to follow but I did make sure I upgraded MySQL, PERL and PHP to the latest versions available. Uninstallation is just as easy and the uninstall will also remove the schema extensions leaving your TREE clean.

My secure logging server is Netware (of course). MySQL on Netware absolutely screams... read incredibly fast. I will probably move the secure logging service to Linux in the future, but at the moment I am completely confident with Netware.

I have installed instrumentation and agents on all my primary servers for Netware, DNS, FS, eDirectory, Identity Manger, and on AD domain controllers. These are configured easily with a single file, logevent.cfg or logevent.conf, and should the secure logging server go offline, the agents will automatically cache events locally until they detect the logging server is back. The eDirectory instrumentation is also clever enough to ignore or accept replicated events.

I'm logging most events but not all of them and to give an indication of data storage required the MySQL database is growing by around 750MB per day.

The FREE starter pack does most of what you'll need it to do. Download it from Novell today and give it a try, you'll breeze through your next audit with ease.

Tags: Novell

In preperation for using the Entitlements driver in our IDM solution I had to restrict our driverset to a single server (version 3.5 of IDM overcomes this restriction but I was also trying to streamline). This meant moving the GroupWise driver from one server to another. There are a number of ways to do this but ultimately they involve, exporting the driver, deleting the driver, importing the driver specifying another server and then deleting the superfluous server from the driverset. You can do this with Designer, but I've not taken a liking to it yet and prefer to use iManager. Before doing any work with the driver, install the GW components on the new recipient server.

To export the driver with iManager do the following:

1. Browse to the driver set and click on the driver in question

2. Select export and follow the prompts, exporting to an xml file on your PC

3. Once exported, delete the driver from the driverset

Import the Driver back into the driverset

1. Now that it's gone, we need to import it back in. Import the driver back into the same driverset selecting the other server and following the prompts

2. Because in my case the GW driver is not on a server other than the primary domain database, we have to specify a user account with RWCEMFs rights to the Domain DB. We also need to specify the IP address of the GW server and the path to the Domain DB.

3. Start the driver

NB: if you're running the IDM drivers on a Netware server, make sure you add a search path for the GW driver components before starting the driver. I add the following line up high in the AUTOEXEC.NCF file.

SEARCH ADD SYS:\SYSTEM\GWDRIVER

Once added to the AUTOEXEC.NCF file, type the same line at the console and press ENTER.

Because we didn't change the name of the driver in the driverset all associations remain current.. so no need for the driver to go off madly reassociating objects.

The final step is to delete the old server from the driver set.

1. Click on the IDM overview in iManager and then select the red X next to the server list.

2. Select the server about to be removed from the driverset and click apply.

3. Done. Go grab yourself a coffee.

FINAL NOTE: Run this process through your test environment. iManager crashed on me during test which cause a few skipped heartbeats. Plus I forgot to add the search line on the recipient server which accounted for a couple more.

Tags: Novell, Netware, IDM, Identity Manager

I had an interesting problem a few weeks ago with an IDM 3.0.1 driver on one of my NetWare 6.5 servers. While all drivers in the driver set on the particular server were set to auto-start, one of them refused to do so. After doing some digging it appears that drivers start in the order of creation time. The first driver created is the first to load. I verified this by looking at the driver logs. The driver I was having trouble with, was the first driver created in this driver set.

So what could be causing the first driver to fail to start but the second, and subsequent others, to load just fine?

The core of IDM is DIRXML.NLM which is loaded automatically by DS.NLM which is in turn automatically loaded when the SYS: volume is mounted. Working backwards, IDM uses JAVA to run the drivers. So if JAVA is not loaded or finished loading by the time DIRXML is trying to load the drivers it will fail. In my case, DIRXML was loading the first driver before JAVA was ready.

But if it's all loading automatically how do you ensure JAVA is ready for DIRXML?

Easy.

DS.NLM is loading DIRXML.NLM, so if you rename DIRXML.NLM to DIRXMLA.NLM, DS will not be able to find it and not load it. Now that we have stopped DIRXML from loading we need to wait for JAVA to finish. This is accomplished by ensuring load statements for JAVA (tomcat) are as early in the AUTOEXEC.NCF file as possible. Then add a DELAY command at the end of the AUTOEXEC.NCF, followed by the load command for the DIRXMLA.NLM file. Something like this...

DELAY 30
LOAD DIRXMLA.NLM

DELAY 30 will put a pause in the execution for 30 seconds before continuing with the next line. This should be plenty of time for JAVA to finish loading.

DIRXMLA.NLM will then load and start all the drivers.

As simple as that.

Tags: Novell, IDM, Identity Manager

So for one reason or another you need to move your GroupWise post-office to a new server. I have used the following process with GW7 but there should be no reason you can't use it with version 5.x and 6.x. The key is to do it in a test environment first, in case things turn pear-shaped. If your GroupWise system is using UNC paths for access links between the agents, I recommend you change this now to TCP links. The GroupWise documentation covers this.

You're going to need to bring down the MTA and POA to do this so pick a time when people aren't needing the system urgently.
We work in I.T. We're used to doing the late shift... aren't we?

First things first. Know a little about your GW system. Are your POA's, MTA's etc configured for TCP links or UNC paths? Also know where your log files are currently going and where to change this information.

1. Shutdown the MTA and POA. If you have more than 1 post office in your domain, shut the others down also.

2. Copy the PO data to the new location.
You can use whatever you like. I'm lucky, my PO resides on a SAN LUN so it can be easily pointed at any server with a HBA. But you can use XCOPY, DBCOPY, even the Server Migration Utility. While the copy is occurring carry on with the next steps.

3. Edit the post-office object in ConsoleOne and change the UNC path to reflect the new location.

4. Edit the post-office agent in ConsoleOne and change the network address to reflect the new server. You can also change the port if required. Check the log file UNC path to ensure it's still valid and change if necessary. I like to keep logs local to the post-office so I change this to reflect a path on the local server.

5. Select the Domain MTA and edit the Link configuration of the post-office in ConsoleOne to reflect the network address and port of the new server. Save this.

6. Edit the links for your Web Access Gateway if you use it, to reflect the new server network address. Save this.

7. Edit the links for your GWIA to reflect the new server network address. Save this.

8. If your NGWNameserver DNS entry points to the old server, make sure you update this information if required.

9. Load the MTA for the domain if the data copy has completed.

10. Rename and rebuild all post-offices in the domain and reload the agents on their respective servers. (I have two post-offices in the domain and until I had rebuilt the second post-office it wouldn't redirect clients to the moved post-office)

11. From the MTA Agent screen press F10 and view the configuration information. Ensure it reflects the changed network address/port of the new server for the PO in question.

12. Test.

As mentioned previously I assume the use of TCP links rather than UNC between the different agents. If you use UNC paths the process is the same except you will need to ensure the /USER-userid has the required filesystem rights to the new post-office location.

LINUX. If you're running your GW system on Linux the process is the same. But rather than use the MTA agent screens that appear on NetWare, you will need to use the web consoles for your agents.

I highly recommend you run up a test environment and test your proposed course of action.

Tags: Novell, groupwise, Netware

While this doesn't apply specifically to Novell, it's what I've been playing with.

Thanks to Eddie for being a ready-reference, you're a LEGEND!

I had to extend our eDirectory schema at work with an auxiliary class for the Users. Easily done. However actually extending all the user objects with the new class information was a little more challenging...only slightly. Yes it can be done in C1 and iManager but I needed to do this to 21,000 users at once as well as apply some attribute values.

LDAP to the rescue.

Using a text editor and C1 you can easily manipulate values in a Directory using the power of LDAP. This doesn't just apply to eDirectory, you can do similar things with MAD or any LDAP directory. This is how I did it.

1. Backup your Directory

2. You need a list of accounts to modify. Using C1 do an export of objectclass=inetOrgPerson and select Entry names only.
This gives you a nice list of distinguished usernames. Perfect.

3. Now you'll need a good editor. TextWrangler is my choice but anything that can search and replace including special characters like CR... so Notepad is out, and so is Wordpad. I'm not sure about Word but you could give it a shot. If you have a MAC, use TextWrangler, it's hard to beat. Excel can be used initially also.

For each user record you need the following in your LDIF file:

dn: ‹username›
changetype: modify
add: objectClass
objectClass: ‹name of your aux class›
-
add: ‹attribute name›
‹attribute name›: ‹attribute value›
-
add: ‹attribute name›
‹attribute name›: ‹attribute value›

Continue on for all additional attributes leaving a space or two between useraccounts. Some creative search and replacing will do it.

3. Import using the wizard in C1 and 5mins later all 21,000 accounts have been updated. It helps if you tell C1 not to stop on errors, if you've done the above correctly you shouldn't get any but you don't want to walk away from the PC only to find the import stopped on record 55 of 21,000.

Deleting is just as easy. Simply change your LDIF file to something like this:

To delete the attribute:

dn: ‹username›
changetype: modify
delete: ‹attribute name›


To delete the class extension (essentially deleting all auxiliary attributes that were part of the auxiliary class we extended the user with, and removing the extension from the object. Be very careful with this!!!!!):

dn: ‹username›
changetype: modify
add: objectClass
objectClass: ‹name of your aux class›

Note: ensure you are not still using the attribute data before deleting it. You might want to consider doing an LDAP export of all data before making any deletes, in case you need to put it all back in a hurry.
Note: Step 1

Tags: Novell, Netware, edirectory

On a recent forum the question was raised "what does GroupWise client have that Outlook doesn't?" This was the response. I'm sure there's more but I've copied this verbatim from the forum at the last update that I could find.

"Yes, there are features that Outlook/Exchange has that GroupWise does not, and we hear about those all the time. What we don't hear is the dozens of client features lost when you go to Exchange/Outlook. Let's face it, the people asking to go to Outlook are end users, not IT people. So it's the features that matter to them.

Here's a few highlights of features lost when moving to Outlook ...

1) Cannot silently retract messages: Outlook can retract, but whether successful or not, the recipient knows that the attempt was made (and the attempt includes the subject line).

2) Tracking sent items: Outlook sends copies of messages to every recipient; it is not a link as it is in GroupWise. Therefore, if you want to know if someone opened or received your email, you must ask for a receipt at the time you send it. However, not getting a receipt back does not mean the email delivery failed. It could be that the recipient's system doesn't want to give you back a receipt (Outlook users can make that choice themselves, separate from their server). Additionally, GroupWise users often track a message to see that it was deleted and never opened - or that the message had been replied to. You'll never be able to tell that with Outlook.

3) Viewing attachments: In Outlook, attachments must be opened or saved. There are no viewers. So if you get an attachment made with a program you don't have, you are out of luck. Well, IT-savvy folks will figure a way around it, but regular users won't know to save it, then Open With a compatible program. BTW, there is no "Open With" in Outlook.

4) Reminder Notes: No such thing in Outlook. There are notes, which are dated, but they are not related to the calendar and therefore cannot recur. The equivalent in Outlook is an All Day Event. All Day Events appear at the top of the calendar day before 8 a.m. (or whatever is set for the work time).

5) Recurring appointments: Not all recurring appointments are a pattern (every Monday, the last Friday of the month, every 14 days, etc.). Some are random, like taking vacation days. GroupWise has a calendar where you can just point and click the dates you want to recur. Outlook does not. To use the recurring feature in Outlook, there must be a pattern.

6) Calendar PopOut: In any GroupWise calendar, you can hover your mouse over an item (appointment, note or task) and a yellow popout will display giving you all the details except for the message (from, to, cc, place, time, subject). In Outlook, there is no popout. So a lengthy subject or a place or the from or the due date of a task is viewable only when you open the item. Yes, it's a few seconds - but when you do it dozens of time a day, that adds up.

7) Sending Appointments: When an Outlook appointment is sent, a copy of - not a link to - the appointment is sent. Therefore, when the organizer changes the appointment, an additional message is sent to the original recipient to alert them. If the recipient deletes that email notice, the calendar item is not updated (yes, it's true, folks!). Ditto when deleting an item: the recipient must click "Remove from Calendar" or the item will stay on there forever. Also, for any update, if the recipient acknowledged the update on the calendar, the matching email that arrived stays in the inbox until the user deletes it. If you do a lot of calendaring in GroupWise, the Outlook calendar is very painful. There are several more issues regarding calendaring in Outlook that I won't take space to go into here.

8) Recurring appointments: if you delete a recurring appointment in Outlook, it does not go to the Trash. It is not recoverable - and you are out of luck.

9) Tracking calendar items that were sent: There is no sent item when an appointment/task is sent. The organizer of the appointment automatically gets a copy of the appointment put on their own calendar. That *is* the tracking copy (it makes for a very busy calendar for a secretary who does a lot of scheduling, and she's probably not even attending any of the events herself!). If that tracking copy is deleted (also out of Deleted Items), there is no way to manage that item. If an appointment/task needs to be changed or removed, it must be done on each recipients account.

10) Recipients of meetings can move the item: It's hard to imagine that this is permitted, but it's because the structure of Outlook is that copies are sent to recipients, not links. You can understand why it is possible for a recipient of an appointment (group meeting) to be able to accidentally drag that appointment to a new place/time on their own calendar. Yep, just click and drag the appointment is all it takes. They get no warning they've done it. The organizer gets no warning they've done it. And in opening the item, there is no way to tell what the original date/time was. The only fix is for the organizer of that appointment to send an update (how would she know she should?).

11) Tasks: Unbelievably, Outlook tasks sent to multiple people cannot be managed by the person who sent them (called the Organizer). Remember, a copy of the task is sent to the recipient and changes to tasks require an update message to be sent. For tasks, apparently Outlook is unable to update tasks if sent to multiple people. Therefore, if you sent a task to 2+ folks and then you need to change the task or recall it, you cannot. That change (or removal) would have to be done individually for each recipient.

12) Viewing Tasks in the Calendar: If you want to see future tasks on your calendar in Outlook, you cannot. The task list that appears on the Day or the Week view is a static list of tasks as of today. Clicking on a day in the future changes only the appointments, not the tasks. Therefore, to see future tasks, you must look at the task list (where there is no calendar).

13) Losing attachments when changing type: Just like GroupWise, Outlook can change an email to an appointment by just dragging from the mailbox to the calendar. However, in Outlook when you do this, if the email had an attachment, that attachment is gone. Only the contents of the email stay intact. A difference from GroupWise is that Outlook keeps the email in the mailbox (GroupWise converts it, Outlook copies it).

14) Discussion threads: The relationships of posted items in a discussion thread are lost when converted to GroupWise and cannot be reestablished.

15) Dragging contacts to an email: In GroupWise (I think this began with 6.5), you can drag contacts from the Contacts folder and drop them on the mailbox to begin a new email message. This is very convenient when needing to select several people. In Outlook, you cannot.

16) Resources: What GroupWise considers resources, Outlook generally would set up as a public folder. But there are many resources that need an actual account for a variety of reasons. All accounts in Exchange require a license, even those tho are not real people. Thinking of all the fictious mailboxes you set up for groups or pseudnyms, those will cost $. Even conference rooms often need an account, having a public folder may not be sufficient.

And oh by the way ...

17) Document Management: GroupWise is the only DMS that allows you to send a document from the library in an email that is addressed to both internal and external folks - and each party gets what they need. Internal folks get a link to the document so any changes they might make are updated in the actual document. The external folks get a copy of the document as it existed at the time the email was sent. All other DMS' will do both things, but they must be done in separate emails. (I hear the groaning now). Yes, the workaround is for an internal person to receive a copy of the document - one email to internal and external with a copy of the document. Why is that so bad? This is why ... because one of the favorite features we hear about for Outlook is the ability to modify an attachment and the changes stick. Yes, they do ... to the file that is attached to that email. We all know the danger of modifing an attachment in an email. But in this scenario, the internal person thinks they are making changes to the document in DMS and they are not."

The whole document can be found here.

Tags: groupwise, Novell

Ok, so I'm a Novell supporter. I have been for a very long time.

Why? Well because their software works, is innovative, meets business needs, is easy to manage, doesn't include hidden costs, and can run extremely well on modest hardware, and they adopt open standards to ensure compatibility between whatever applications you choose to use.

But we all knew that already didn't we? Didn't we? Well we should because Novell is coming back with a vengeance. Novell acquired SuSe Linux a few years back and the rush of support has been impressive. Even the NetWare platform is showing a resurgence.

I know a number of Novell employees and quite a number of support forum moderators. All of them show a strong commitment to the company and what Novell is all about. It must be something about being a Novell system administrator, because they're some of the best and knowledgeable people I've met. Perhaps I've just been lucky?!

...enough of all that.

Here are some interesting sites:

The Novell Museum has some interesting items, some of which I have and some which predate even my affair with Novell.
http://www.novellmuseum.net/

and the aptly named..
http://www.iwantnetware.com/

Tags: Novell