This week I had 3 people form the municipality Peel en Maas for a VMware ESX 3 training. The just introducted VMware.
Unfortunally I had to leave the last day at noon but it where 3 nice day’s and we laught a lot.
So Ben, Marion and Gerrian until next time!

February 26th, 2010 | Category: Training | Comments (1)

The time is finally there! Now we can register for the early bird of Novell Brainshare Amsterdam. The early bird price is EUR 695,- and end at 16 april 2010. After the early bird the price will be EUR 800,-.

As I posted in a previous post, Brainshare Amsterdam will be in the Passenger Terminal in Amsterdam.

So if you want to register? Click this link and maybe will will see each othter on 18 until 21 may in Amsterdam!

February 8th, 2010 | Category: Novell | Leave a comment

By default your connection with your Groupwise Post Office (POA) isn’t secure. With the ‘normal’ Groupwise protocol who connects at TCP 1677 this isn’t a really big problem because normally this protocol is only used on your internal LAN. But what if you want to sync your mobile device with for example IMAP or POP. These protocols aren’t by default secure. This can be a problem when you connect over the internet.

So how can we secure our POA using SSL? For this we have 2 options. We can use a so called self-signed certificate or we can use a certificate signed why a external Certificate Authority.

In this example we’re going to use a self-singed certificate. The disadvantage of this is that you have to except the certificate every time the certificate is used. Most system have a option to import the certificate ones, so you don’t get that question any more.

1. Go into Yast | Security and Uses | CA Management
2. Select the default CA you create during installation and click on Enter CA
3. You are asked for the CA password. This is the root password used during installation.
4. Click on the certificates tab and select the server certificate for this server
5. Click on Export | Export to file
6. Select Certificate and the Key Encrypted in PEM Format
7. Provide the password and path where you want to save the .pem file and click on Ok.
8. Close Yast and go to the directory where you save the .pem file
9. Open the file with a text editor like gedit
10. Select the part that starts with —–BEGIN CERTIFICATE—– and ends with —–END CERTIFICATE—–
11. Open a new text file and copy the content you selected in step 10.
12. Save the file as a .crt file
13. Go back to the .pem file and select the part that starts with —–BEGIN RSA PRIVATE KEY—– and ends with —–END RSA PRIVATE KEY—–
14. Save this part in a .key file

Ok so now we have a self-singed certificate file. The next step is to use this file in our Groupwise Postoffice.

1. In ConsoleOne open the POA object
2. In the Groupwise tab goto SSL setting
3. Here you have to provide the .crt and .key file
4. Click on Set Password to provide the password you use for the export
5. Click on Ok and make sure your POA restarts

After this your POA can use SSL. Now we have to enable for example IMAP to use SSL.

1. In ConsoleOne open the POA object
2. On the Groupwise tab goto Network Address and select under SSL behind IMAP required. This make sure you only can use IMAP with SSL.
3. Goto to Agent Setting and enable IMAP.
4. Restart your POA

Now we can use IMAP with SSL.

February 5th, 2010 | Category: Groupwise | Leave a comment

Most of you people probably run a webserver for example a webaccess server. Apache default uses a self-singed SSL certificate who is created during installation of Apache.
Disadvantage is that when people access you secure website they get a error that the certificate cannot be validated because of a untrusted Certificate Authority (CA). This does not mean the site isn’t secure, you know that, I know that, but for normal users it looks that you company doesn’t have a secure site.
In Internet Explorer 8 there is a new security feature who is enabled by default that for every new windows what is opened the user has to accept the certificate. This is really annoying with for example a webaccess where you open a Email in a new Window. By the way with Firefox you don’t have this problem after you ones accepted the certificate during a session.

So how can we solve this? Simple by getting a valid SSL certificate. So I looked how to implement a certificate provided from Godaddy.com.
I chose a so called “Standard (Turbo) SSL for 1 Year who costs around 27 dollars a year.

In this post I assumed you all ready have a working Apache with a self-signed SSL certificate who we are going to replace.

Step 1 is to create a certificate request from the webserver. Log in a root and give the command:

openssl genrsa -des3 -out server.key 2048

You are asked for a pass phrase. This is to encrypted this private certificate.

Step 2 is to create a request file who you are going to use to get a valid certificate. Give the command:

openssl req -new -key server.key -out server.csr

You are asked a couple of questions, make sure that where Common Name is asked you provide the FDN for your website.

#openssl req -new -key blog.wilmsenit.nl -out blog.wilmsenit.nl.csr
Enter pass phrase for blog.wilmsenit.nl:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:NL
State or Province Name (full name) [Some-State]:NB
Locality Name (eg, city) []:Eindhoven
Organization Name (eg, company) [Internet Widgits Pty Ltd]:WilmsenIT
Organizational Unit Name (eg, section) []:IT Department
Common Name (eg, YOUR name) []:blog.wilmsenit.nl
Email Address []:info@wilmsenit.nl

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:password
An optional company name []:WilmsenIT

Now you have a so called .csr file who we are going to use for the request of our certificate.

Go to the Godaddy website a buy the certificate. When you have bought the certificate you can go to the SSL page and click on the certificate. Now you are asked for the the content of the csr file we created. Just do a cat of the file and copy paste the content into the screen. After this follow the instructions on the screen.

Now your request is pending. After a while (this can take 2 until 24 hours) a email will be sent to the administrator of the domain where we requested the SSL certificate for. You can check this on every WHOIS database. In this Email a validation link is provided. If you click on that link you accepted the request for the certificate.
After validation you can download the certificate file. When doing so, you are asked where you want to use this certificate. In our case Apache.
In the zip file we have downloaded are to files:

• server.crt
• gd_bundle.crt

Copy these files to /etc/apache2/ssl.crt
We also have to copy the server.key file we created earlier to /etc/apache2/ssl.key
Now we have to adjust the vhost-ssl.conf file in /etc/apache2/vhost.d for using these files.
Make sure the following lines look like:

• SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
• SSLCertificateChainFile /etc/apach2/ssl.crt/gd_bundle.crt
• SSLCertificateFile /etc/apache2/ssl.crt/server.crt

Save the file and restart your apache by /etc/init.d/apache2 restart

You are asked for the pass phrase we entered earlier in this section. This is because of security reasons. If you don’t want to provide this pass phrase do the following:

1. Go to /etc/apache2/ssl.key directory
2. save the original file: cp server.key server.key.org
3. Give the command: openssl rsa -in server.key.org -out server.key
4. restart your apache

Now you don’t have to provided the pass phrase any more.

January 28th, 2010 | Category: Novell, SLES, linux | Leave a comment

If you use the Novell on a Widows Virtual Machine that’s going to be used for VMware View, you don’t want your user to login twice.
First for VMware View and after that for the Novell Client. If you only use a Windows Client this is done by VMware View. For Novell we have to make some registry changes.

This is taken from the Novell Client  Documentation pages:

1. Click the Start button, then type regedit.exe in the Start Search field.
2. Press Enter to open the Registry Editor.

3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login, then add the following:

• Value Type=REG_SZ, Name=TSClientAutoAdminLogon, Data=1
• Value Type=REG_SZ, Name=DefaultLoginProfile, Data=name of profile to use Typically, the profile policy name is Default.

4. Close the Registry Editor.

In Novell menu:

Advanced Login:
Computer Only Logon Default: Never
Login Windows password synchronisation: Off
Login with Non-Novell Credential Provier: On
Novell Logon: On
Prompt for Novell login during Windows AutoAdminLogon

LDAP Contextless Login:
Enable LDAP Contextless Login: On
Trees: [TREE NAME]
Servers: [SERVER NAME]

January 25th, 2010 | Category: Novell, Open Enterprise Server, Vmware, Vmware View | Leave a comment

Just a quick post:

Novell Release HP1 for Groupwise 8.0 SP1.

You can download the files at http://download.novell.com

Here are changes:

Admin

510213 – DBCopy -i switch is not working properly.
553048 – Properties of distribution lists are not visible using German 8.01 snap-ins
555339 – Admin API Issue – New return values added for get_AddressFormat and get_AllowedAddressFormat.
559998 – ConsoleOne crashes on SLES 11 when the GWIA and WebAccess gateways object properties are selected.
560338 – Users created by IDM Driver do not replicate to primary domain

Calendar Publisher

554220 – Calendar Publishing will not install if the ip address of the server is a 10.x.x.x address
552375 – Published calendar shows appointments both 1 hour and 2 hours ahead
554311 – Published calendar does not show Notes

Linux Client

552364 – Having multiple subscribed Ical Calendars will not load all. Only 1 or 2 will load.
552392 – Subscribed Calendars are not working in Linux & Mac
554231 – GWCheck script is still looking for GW client JRE in the old “client/jre” to “client/java” dir

Mac Client

554672 – GWCheck will not run on Mac 10.6 (Snow Leopard)
562263 – Java for Mac OS X 10.5 Update 6 breaks + click functionality in GW 8.0.1

Windows Client

540061 – Client crashes intermittently in gwxplt1.dll
550436 – WIP folder shows that there are messages in there when the folder is empty
550445 – WIP count erroneously increment or reduce the count until the poll comes through and fixes it.
552198 – Crash in the client engine
552358 – Not all of the users mail is downloading to caching.
552360 – Password change not saving with Notify running with LDAP Authentication.
552367 – Dialog box focus problem when opening Excel or Word documents.
552372 – GetIntegrationState error with GW8 SP1
552373 – In the calendar view, the option for MORE on categories is missing
553038 – Refresh problem when resolving a stub
553044 – Client crashes while searching Calender items
554206 – Sequence number is incorrect on rule delegation of appointments
554221 – Can not save documents in any library other then user’s default library
554224 – Compose control uses ATL interface that has security vulnerability
554229 – 9202 Bad Parameter errors when opening HTML messages or attachments
554346 – Plain text view moves carriage returns around in signatures
554351 – Send to | Mail Recipient deletes the origional file from the hard drive
554353 – Crash using ItemSaveInfo token
554356 – Ical VEVENT ending with a SEQUENCE property will not import properly
554602 – Using non-english spell check causes client to crash
554639 – Creating a new group in Online mode from Contacts folder and selecting users from SAB will save an empty group
555103 – Forwarding on an embedded item and then changing the “Send User” to a Proxy user will crash the client
555105 – HTML email print as text when using File | Print if the email has an attachment
555494 – The Hours strip in the Appointment area of Calendar doesn’t include the am/pm by the hour
556342 – Crash cutting and pasting from the header control
556345 – Spell checker doesn’t recognize quote message
556350 – Crash occurs when printing multiple attachments while proxied.
556362 – Close item event is not generated
556365 – “Error occurs when signing message.” while trying to sign and encrypt the mail
556376 – Problem resolving the stubs when the account name contains German characters
556381 – Create registry key to use older version of RTF editor
557356 – Reply problem when client sends out user addresses with U.P.D format when cutting and pasting names
557478 – Client crashes with Entrust certificates
557487 – Modifying information in busy search not working
558099 – LDAP password change generates D019, but still changes the password
558217 – Speller is crashing in Chinese T and S , Japanese, Hebrew
559761 – Buffer overrun in autosave
559762 – Custom fields will not import properly from a 7.0x export
559763 – Random Crashes on a Windows XP SP3
559939 – Opening the properties of a user of a distribution list in the addressbook results in an error
559945 – Unable to add a user in a group within PAB if addressing is set to F.L or L.F.
561017 – A number of Find results windows are diplayed when do a Find by “In all folder” option
561720 – Crash trying to create a group
566828 – Reply tokens fail
568910 – Choosing to “Add to Frequent Contacts ” address book from new email with user in System Address Book but not in Frequent Contact will crash

Document Viewer Agent (DVA)

552203 – Webconsole will not enable for document viewer agent
552384 – GWDVA taking 100% CPU Utilization

Engine

552388 – Problem with syncing caching mailbox
554217 – Failed LDAP password change can set connection into a bad state
556357 – CPU hog abend in Server.nlm

GroupWise High Availability Agent (GWHA)

552357 – GWHA starts multiple instances of MTA/POA when healthy agents are already running

GroupWise Internet Agent (GWIA)

551173 – IMAP: attachment name changed if contains Polish characters
551179 – Message file will not get processed through gwia
552363 – POP threads hanging
554214 – GWIA abend running process RecvConvert Process
554216 – ICal files show in client as mail message
554225 – IMAP high CPU when downloading mail that includes invalid recipients
556379 – Crash on corrupt message
559297 – Core during IMAP write buffer cleanup
560546 – Users in DL not showing up in TO: field, only one user does

GWCheck

554249 – GWCheck gives error 0xDF0A on analyze/fix specific library

GWTSA

552394 – GWTSAFS.NLM abends the server, when running the Backupexec Agent

Install

555962 – Installation fails when eDir Admin users context contain Country & Location
561581 – Installation fails when admin user does not exist in same container as the domain object

Message Transfer Agent (MTA)

552370 – Abend on certain messages
553432 – MTA not doing a DNS refresh when a link is down
554627 – MTA not doing a DNS refresh when a link is down (additional code needed)
555112 – MTA fails to start http port if it is marked bind exclusive

Post Office Agent (POA)

538703 – POA running on Windows crash
542866 – POA running IMAP on Windows crash
551232 – SOAP thread gets blocked when trying to sync an addressbook entry
551454 – Crash on Windows 2003 Server
552374 – 820A error on POA
552380 – SOAP Abend
552381 – POA performance issues
552382 – GWDCA on Linux crash
552390 – Current Physical Connections exceed the Maximum Physical connections
552393 – CloseScreen called with a screen that is still being used – Cluster timing issue
553033 – SOAP callback restarts protected memory
554748 – A601 error when opening cocuments – Not a valid error
555086 – POA Physical Connections is exceeding maximum allowed
557873 – POA Crash When Users Proxy Using Evolution Client
558169 – SOAP core in NgwItem::gwtAttachment
558174 – POA crashes if started up before the MTA
559948 – GWPOA abend on GWSOAP process
564470 – High utilization/Server abends on SOAP threads
567556 – POA crash

Protocol

507827 – Evolution: Reports that a getQuickMessage id is incorrectly formatted
550592 – Add logic to get an embedded item as a mime
551182 – A space in a domain name causes EA01 error streaming attachments during GMS sync
552371 – Memory leak in converting to unicode strings
552386 – Passing an empty view in getItemRequest will not return the default view
552387 – A recurrent request via WS using an rrule w/o an until date will fail
552577 – Can’t send large emails from a device
552585 – Performance problem getting items
554207 – IMAP rfc822.size command performance enhancement for emails with an existing mime.822 attachment
554211 – IMAP folder \NoSelect flag missing
554213 – Incomplete IMAP SEARCH response on empty folders
554227 – IMAP APPEND command is not indexing the x-fields
554349 – SOAP doesn’t return the folder tree
555108 – XML parsing exception in getting distribution list members
555153 – GetFolderList returns back the Display Settings
556487 – getItemsRequest on a recurrent item will fail if an “until” date is present
556682 – SOAP Thread in POA abended the server
559672 – Subject searches should be substring searches, not word match searches
559734 – Can’t create a folder under the mailbox

SDK

556352 – Lose message body using AddExistingItem
556609 – Name completion ActiveX truncating characters
559209 – Crash when updating contact fields
559797 – Attachment.add fails on GW8

WebAccess

552362 – Core in gwinter
552376 – Replies to some messages using Safari browser sends blank message body
553028 – Abend in GWINTER
554421 – Abend in Gwinter -2
555116 – Cores in gwinter
557079 – Webaccess Agent Core -2
557352 – Work In Progress always prompts with “you have unsaved messages”
559682 – Double clicking to view mail in webaccess opens two windows instead of one

January 14th, 2010 | Category: Groupwise, Novell | Comments (2)

A couple of months ago I blogged that Brainshare was comming to Amsterdam.

Now, Novell has launched the Novell Brainshare Amsterdam website where you can find a lot (and in the future more) information about this event.
The date for Brainshare is from 18-21 may 2010 and the location is the Passenger Terminal Amsterdam.
The early birth price is at EUR 695,- and will soon be availible (a little birth told me at the end of January). Early birth will end at 16 april 2010.

Last monday I was at Novell in Utrecht for Novellcongres.nl and I spoke to a Novell employee about Brainshare.
She told me that Novell expects around 750 people and that Amsterdam has been chosen as a location because of Schiphol Airport and that Novell expect the most visitors from the UK, Denmark, Germany and of course Holland!

Rumor is also that at Brainshare Salt Lake ZENworks Configuration Management 11 beta 1 will be launched and at Brainshare Amsterdam beta 2! I’m curious to see that the improvements will be.

January 13th, 2010 | Category: Novell | Comments (1)

Before we start installing SMT we have to have to following:

• A SLES 11 server
• The media for SMT SLE11 (downloaded here). This is a ISO file, in this document we assume we have this ISO in /tmp

Step 1 Installing SMT

1. In Yast goto Software | Add-On Products
2. Click on Add and choose the media where you want to install form. In our case this is a ISO file in /tmp
3. Accept the License Agreement and proceed with the installation

Step 2 Configuration Wizard
In this section where going to configure the settings for SMT. Make sure you now the following :

• NCC Mirroring Credentials (you can find these on the Customer Portal from Novell)
• NCC email address (this one you must know )

So now the configuration.

1. Select Enable Subscription Management Tool Service (SMT)
2. Select Open Port in Firewall (if you use the firewall on your SLES 11 host)
3. Provide the NCC Mirroring Credentials (you can test them by clicking on the Test button (Duh!))
4. Provide the NCC E-mail Used for Registration
5. If you want you can give another (generic) URL for your SMT server. This URL is used by all your other servers. In my case this is instsrv01.wilmsen.lan
6. Click on Next
7. Provide a Database Password for the SMT user
8. Click on Add to provide a E-mail address where the reports are send to
9. Click on Next
10. If you haven’t registered this server in NCC, you can this now by selecting Register in Novell Customer Center and click on Next. If you have done this before the installation of SMT you can skip this step.
11. After this the setting are written to the configuration and you can continue to select for witch products you want to download updates.

Step 3 Select product to download updates for

1. Start Yast2 and select SMT Server Management
2. Select the products where you want to download updates for and click on Toggle Mirroring
3. Select OK
4. To kick of a manual mirror open a terminal and give the command smt-mirror. The patches will be downloaded in /srv/www/htdocs/

Step 4 Enabling SSL for Apache
We want to download patches to a secure channel. Therefor we have to enable SSL for our webserver (Apache).

1. In Yast2 select HTTP Server
2. If this is the first time, go through the wizard and click Finish. After this select HTTP server again
3. Go to the Server Modules tab and find under the section Name SSL
4. Click on Toggle Status and click Finish

Step 5 Registering Server to SMT
In this step we are going to register (other) server to our SMT server.

1. You can register a client by using the clientSetup4SMT.sh script. You can download this script from your SMT server.
   You can use wget to download the script: wget http://servername/repo/tools/clientSetup4SMT.sh
2. Make the script executable: chmod +x clientSetup4SMT.sh
3. Start the script: ./clientSetup4SMT.sh
4. You’re asked to accept the SSL certificate. Give a Y to accept
5. Press Y to register this server to your SMT server

Now your server is registered on you SMT server. Is you look in Yast in your software repositories you will see there is a extra channel.

Step 6 Preform a onetime manual download of patches

By default a cron job is added in /etc/cron.d so patches are download daily. If you don’t want this remove the job. You can wait a day before the patches are downloaded or you can give the command smt-mirror to do a manual download.

That’s all!

December 29th, 2009 | Category: SLES | Leave a comment

As some of you probably know, I’m very interested in the combination of OES2 on VMware ESX or vSphere.Last may I did 2 session at the novellcongres.nl about creating a SLES10 template for VMware ESX and the performance of NSS on VMFS.
Especially the last session was well visited.

Next year, and that is in a couple of weeks from now, there in another novellconges.nl and of course Brainshare EMEA in Amsterdam.

I diffidently will do a session a novellcongres.nl but I’m thinking about doing that same session (of maybe a little bit  adjusted) on Brainshare EMEA. The subject will be OES2 on VMware vSphere best implementation.

Thinking about this idea, I’m wondering how you guy’s thinks about this subject? If you would go to one of these events, would you go this session?
I’m very interested in your opinion, so let me know! leave a replay!

December 27th, 2009 | Category: Novell | Leave a comment