Although Netmail Archive uses eDirectory to store the Netmail Archive configuration information, the administration of Netmail Archive is carried out through the dedicated Netmail Administration Console rather with Novell’s ConsoleOne utility for eDirectory management. There are, however, some cases where ConsoleOne can be used in Netmail Archive environments.
Troubleshooting a Trusted Application Key
The Trusted Application was introduced in GroupWise 6.5 as a way of providing trusted (third-party) applications with a method of logging into user mailboxes and allowing access to the account without requiring the user password. The Trusted Application key is generated through the ConsoleOne utility in conjunction with GroupWise snapins.
GroupWise Trusted Applications are also used to define the connection between GroupWise and the Netmail Archive system for stub resolution (when GroupWise stubbing is in use). Another use of GroupWise Trusted Applications is in relation to the GroupWise Retention Services. This allows archiving products like Netmail Archive to work in conjunction with Retention settings within the GroupWise Client Options to help ensure 100% retention.
Note: A single GroupWise Trusted Application entry can be used for Netmail Archive access, stubbing resolution configuration, and GroupWise Retention Services use. Multiple Trusted Application entries need to be created only if you want to use multiple Stubbing Agents.
Creating a Trusted Application
The Trusted App is created at the Domain database level. In order to create this key, you need three things: an application capable of creating the Trusted App key, administrator access to the GroupWise wpdomain.db database, and administrator privileges to the Domain object within eDirectory.
As with the majority of GroupWise administration, information is written to the Domain database, which is then propagated throughout the system, first being replicated to other domain databases, which in turn push that information to the Post Office database. It is therefore critical in any Trusted App creation that all domains are communicating and show OPEN status in the MTAs.
The larger the GroupWise system, the longer it may take for the Trusted App creation to propagate. Until the Trusted App is propagated to the post office database, you will not be able to log in using it.
Creating a Trusted Application With ConsoleOne
Start ConsoleOne on a workstation with ConsoleOne installed with the GroupWise snapins and on which you are logged in as a user with administrative rights to your GroupWise system.
Ensure your tree or GroupWise system is selected. Then, from the ConsoleOne menu, select Tools > GroupWise System Operations > Trusted Applications. The Configure Trusted Applications window is displayed, and a list of currently configured Trusted Applications is shown.
Click Create to begin the process of creating a new Trusted Application. The Edit Trusted Application window opens.
Enter the appropriate information:
- Name: Provide a suitable name to identify the Trusted Application, for example Archive.
- Description: Add a description of what this Trusted Application is being used for.
- Location for key file: The creation process will create a text file in the specified folder on the workstation running ConsoleOne containing the key part of the Trusted Application. It is this key that you must provide during the installation or configuration of Netmail Archive, together with the Trusted Application name, in order to allow Netmail Archive to use this Trusted Application. Enter a suitable path to a folder.
- Name of key file: Enter a name for the text file which ConsoleOne will create that will contain the key.
These are the only settings the main Trusted Application entry used by Netmail Archive needs to access GroupWise mailboxes. If you also intend to use GroupWise retention services in conjunction with the GroupWise retention timestamp, you should also select the Provides Message Retention Service checkbox to enable Message Retention services within the Client Options settings in GroupWise. Additionally, if you will be using GroupWise stubbing, you will also need to complete the Allow access to Archive Service settings which define how this Trusted Application entry will be used to access a Netmail Archive Stubbing Agent. Refer to the “Configuring Stubbing for GroupWise 8” section in the Netmail Archive Installation Guide for Novell GroupWise for more information.
If ConsoleOne is non-functional there are alternate ways to create a TAK. Please see Services.
Validating the Trusted Application
If Netmail Archive is having difficulty connecting to the GroupWise mailboxes or if you do not think your Trusted Application key was entered correctly during the installation of Netmail Archive, your first step is to look at the POA log files for the post office you are trying to access using the Trusted Application key. You will see a log entry for the login attempt which will state that this is a TRUSTED APP login attempt. If the login attempt fails using the Trusted App, then there may be issues in the creation of that key. Follow the steps below to troubleshoot.
1. Validate the Key: Netmail Archive stores the Trusted Application details which were specified during installation in eDirectory. There are two parts: a Trusted Application name (e.g., NMArchive) and the actual Trusted Application key, a 64-byte numeric string (B346A421039D0000803225001F008000B346A422039D0000803225001F008000). If the key does not look like this or contains strange characters, such as ¬, this is most probably due to problems during installation.
2. If the key structure is valid, it may be that the key credentials were not propagated to the Post Office databases. Perform a database rebuild on the post office and restart the POA agent.
3. If you are still having problems, delete the TRUSTED APP from ConsoleOne and create a new one.
4. Update the Netmail Archive Trusted Application details to match the new entry using the information below.
Scenarios may arise where you wish to validate what Trusted Application details are being used by Netmail Archive for GroupWise mailbox access. The Trusted Application in use can be found in the eDirectory Configuration Container you specified during the installation of Netmail Archive.
1. To find your Trusted Application Key, launch ConsoleOne, and then locate the Netmail Archive Node object. Right-click on the GWOpenServer object, and select Properties.
2. In the Properties dialog box, click the Other tab.
3. Under Attributes, expand the maTrustedKey and maTrustedName entries to view the key and name in use by Netmail Archive.
4. If you want Netmail Archive to use a newly created Trusted Application entry, you must update these attributes on this object. You will also need to change the same attributes on the GWOpenNode(<IP Address>) object, which you should also see in the same eDirectory container.
Granting User Rights through ConsoleOne
If you want to allow other eDirectory users to use the Netmail Administration Console to administer Netmail Archive, you will need to ensure that the user has the correct access rights to the location where the Netmail Archive objects are stored.
1. To add a user as a trustee of the Netmail Archive container, navigate to the container in the tree view of ConsoleOne.
2. Right-click on the container name, and in the dropdown menu that appears, click on Trustees of this Object.
3. In the dialog box that appears, click the Add Trustee button to choose the user that you would like to add as a trustee. Browse and choose your user, and then click OK.
4. In the Rights assigned to selected objects dialog box, select Supervisor rights for both Entry Rights and All Attributes Rights, and then click OK.