Best Practices for Administering Novell GroupWise 8

Best Practices for Administering
Novell GroupWise 8 ® ®

Robin Redgrave Tim Heywood
Workgroup Technical Specialist CTO, NDS8
rredgrave@novell.com tim.heywood@nds8.co.uk

Agenda

• System Administration

• Using GWCheck

• Moving users

• Monitoring the system

2 © Novell, Inc. All rights reserved.

New in Novell GroupWise 8 ® ®

• Some defaults changed
– More appropriate settings

• Maximum mailbox size
– Currently 4 GB

– Will rise to 4 TB

• Training and Tutorials URL
– Can be customised to point at an internal resource

• First appearance of admin SOAP interface


System Operations

• Only make system changes from the primary domain
• Regularly check on pending operations
– From each administration domain

• Lock out older administration snapins
– Can cause problems

• Restrict system operations to the primary domain


Why Restrict System Operations

• Local administrators can not make system changes
– GWCheck scheduled events

– User LDAP authentication Override

– Internet addressing

– Trusted applications


System Operations

• Enable Novell eDirectory synchronisation
®
™

– Chose LDAP server and credentials carefully

– Look at the active log for users

– Check rights and the post office membership

• Enable auto create Nickname on a user move
– Avoid D101 errors

– Expire after a few days (28)


System Operations

• Lightweight Directory Access Protocol (LDAP)
Authentication
– Uses Novell eDirectory password to access
®
™

Novell GroupWise ®

– Always use SSL over the wire

• Set access rights automatically
– Needed to find the post office

– Does not assign file access rights


Domain

• Ensure adequate disk space
– Novell eDirectory and Novell GroupWise will get corrupted if
®
™
®

you run out of space
• Ensure an administrator is defined for each domain
– No error messages delivered
– No Novell GroupWise Check logs delivered
• Define alternate Internet Agent
– Will automatically route messages to the alternate if the primary
is unavailable
– Needs Message Transfer Protocol (MTP) to the Novell
GroupWise Internet Agent (GWIA)


Message Transfer Agent

• Reduce attach retry
– The new default is 60 seconds which is good

– Older Domains will have a setting of 600

• Enable Priority Scanners
– Additional threads for queues 0/1 and 2/3 (Now default)

• Have settings in ConsoleOne if possible
®

– Not in the startup file – can cause confusion



• Enable Hypertext Transfer Protocol (HTTP) monitoring
– Ensure that there are authentication details set
– Make sure that Secure Sockets Layer (SSL) is enabled
• Logging
– Have logging set at normal
> Don't keep log files too long
> 7 days at most
– Use verbose logging
> When trouble shooting
> If needed by third party monitoring software



• Message logging
– Useful for tracking messages through the system
> Available from MTA HTTP Monitor
> Available from Novell GroupWise Monitor
® ®

– Required by some third party monitoring tools
> Do not keep logs forever
» Delete after 14 days or so

– Turn off if not being used
– Clear out MSLOCALMSGLOG directory
> Check even if not enabled


Post Office

• Ensure adequate disk space
– Novell eDirectory and Novell GroupWise will get
®
™
®

corrupted if you run out of space – Disk check event

• Access mode
– Use “Client/server only” not “Direct” or “C/S and Direct”

• Enable intruder detection
– Someone can try a brute force attack


Post Office

• Security
– Should be set to high (Now default)

– With low intruders may get access to a mailbox
without the need for a password

• Check membership
– Needed for Novell eDirectory synchronisation
®
™

– Use a spreadsheet to compare numbers


Post Office Agent

• Logging
– Have logging set at normal
> Don't keep log files too long, 7 days is fine
– Use verbose logging
> When trouble shooting
> If needed by third party monitoring software
– Have a common directory to place all logs in
• Set up proxy server address
– Used for external access to the system
– Optionally add SSL for external access


Post Office Agent

• QuickFinder indexing ™

– Once a day is enough, unless using
document management
– Don't turn off
– Check for issues
> Look in the logs

> Check the directory for temporary files

> Enable quarantine

– Recreate occasionally


Link Configuration

• Use Message Transport Protocol (IP) links everywhere
– Domain to domain
– Domain to post office
> Even when on the same server

– Domain to Novell GroupWise Internet Agent
® ®

– Use a meshed, routed, or mixed infrastructure
> Balancing act
> Always use direct links to and from the primary to all secondary domains

• Can set maximum size limit for slow links
– Can set a delay size limit


Client Options

• Some can be set through ConsoleOne ®

– Use client options

• Some can be set through the registry
– HKEY_CURRENT_USERSoftwareNovellGroupWise
– HKEY_LOCAL_MACHINESoftwareNovellGroupWise

• Some settings cannot be set by the administrator at all
– Need to be set through the client
– Need to be authenticated as the user


Gateways:
Novell GroupWise Internet Agent
® ®

• Disable features that are not used
– Post Office Protocol (POP)
– Internet Message Access Protocol (IMAP)
– LDAP
– iCalendar (iCal)
• Monitor accounting file
– Can give useful information
• Use MTP
– Enables alternate Internet agent


Gateways:
Novell GroupWise Internet Agent
® ®

• Avoid Gateway aliases
– Use the Internet Addressing override instead

> Updates the Novell GroupWise address book

> Updates Novell eDirectory ™

– Gateway Alias Migration utility
> Will migrate aliases to Internet Addressing override

> Available on the Novell GroupWise Utilities menu in ConsoleOne
®


Email Address Publishing

• Email Addresses

– By default, only a user's preferred e-mail address is published
to Novell eDirectory
®
™

• In Novell GroupWise 8 ®

– Can now select which Internet addressing formats to publish

– Can publish Nickname Internet addresses

– Can publish aliases (but you wont)


New in Novell GroupWise 8 SP2 ® ®

• Restrict the number of recipients
– No more unauthorised mail messages sent to all

• Limit the attachment types of mail messages
– No more exe or mp3 files

• Access control to specified distribution lists
– No unauthorised sending

• Teaming + Conferencing options
– Scheduling and saving


Gateways: WebAccess

• Disable features that are not needed
– Document management
– LDAP address book
• Secure your web server
– Use HyperText Transport Protocol Secure (HTTPS)
– Use a valid certificate
– Can mint your own
• Customise with your corporate branding
– Adjust date format if required


Tuning the Server

• Optimise the server settings where required

• Choose the best file system

• Ensure sufficient disk I/O

• Be careful with virtualisation


File System

• Turn Compression off
– Novell GroupWise compresses all files itself
® ®

• Purge immediate on
– WPCSIN, WPCSOUT and MSLOCAL and other queues

• Disable atime and diratime
• Turn off file-based virus checking of
Novell GroupWise
– There is no point as files are encrypted


Good House Keeping

• Domain and post office directories
– Tidy up / Delete stuck messages from queues

• Remove users that have left
– Security issues

• Clear out old records
– Can see on the 'Record Enumerations' screen
> X.400 records / Administrators

• Remove unused objects from the system
– Domains, post offices, gateways

System Synchronisation

• Regularly check the system synchronisation

– Connect to each domain and check system information

• If out of synchronization try manually synchronizing
the missing object

• If the problem persists initiate a top down rebuild
– Remember to synchronize primary with secondary for all
domains first


Novell eDirectory ®
™

• Ensure that Novell GroupWise and Novell eDirectory
®

are synchronised
– Novell GroupWise to Novell eDirectory object

– Novell eDirectory to Novell GroupWise object

– Post office member list

– Check invalid users in ConsoleOne ®

• If in doubt graft the objects

• Avoid having Novell eDirectory replicas on GW servers


Standardise

• Standardise as much as possible

– Directory paths

– Domain, post office, MTA & POA configuration

– Start up files

– Server settings

• Have full documentation on configuration with screen
shots to help with the configuration of new objects


Local Administration

• Try to keep central control of the system components
– Keep central control of
> Post offices/POA
> Domains/MTA
> Gateways

• Local administrators should only have rights to
administer users, resources & distribution lists
– See TID 2928483
• Can cause political problems


How to Set QuickFinder Indexing ™

• POA Startup file
– QFLevel
> 0 – Index a maximum of 1000 at a time
> 1 – Index 500 items at a time on a low priority thread (default)
> 2 – Index 1000 items at a time on a medium priority thread
> 3 – Index 2000 items at a time on a high priority thread
> 999 – index constantly until all databases indexed

– QFNoPreProc
> Suppress creation of word list, use if there are no libraries

– QFDeleteOld
> Delete old versions to keep disk space usage down


Novell GroupWise Check ® ®

Scheduled events
– Default Daily Maintenance Event
> Structural check
– Default Weekly Maintenance Event
> Contents check (attclip option is available)
> Audit
» Reports inactive mailboxes
» The client versions and platforms are reported

– Weekly Reduce
– Default Disk Check Event, ensure thresholds are reasonable
> Threshold for actions
> Threshold to stop message processing


Novell GroupWise Check ® ®

• Optional checks
– Library
– Expire/reduce
• Check the log files
– Resolve any issues encountered
• GWCheck options file
– Now uses the same XML format across NetWare , Linux,
®

and Windows
– Can write option files for batch processing


Moving Users

• Run a GWCheck first
– Attclip
– DelDupFolders
– Clear all issues
• Ensure that you are using the live move functionality
• If moving many users or large mailboxes
– Increase threads and percentage for priming and moves
• Monitor with move user status and POA log
– Can now get an inventory of messages not moved


Monitor Your Environment

• Use Novell GroupWise Monitor ® ®

– Comes free with GroupWise

– Ensure all agents monitored

– Set up thresholds – See the best practices guide

• Needed for Novell GroupWise High Availability
(GWHA)


Monitor Your Environment

• Use third party monitoring software

IntelliReach Control
http://www.intellireach.com/products/control.asp

GWAVA Redline
http://www.gwava.com/products/redline_overview.html


Best Practices for Administering Novell GroupWise 8

Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc.
Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope
of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified,
translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents
of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. The development, release, and timing of features or functionality described for Novell products
remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or
changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc.
in the United States and other countries. All third-party trademarks are the property of their respective owners.

GroupWise Check Support Options ®

• AttClip
– Removes references of lost attachment files

• DelDupFolders
– Deletes .dup folders

• SubjectPurge - (alias ItemPurge)
– Purge items if subject matches

• AttachPurge (alias AttFindPurge)
– Deletes attachments that match the specified file name


Support Options 1

• AttClip
– Removes references of lost attachment files

• StoreDrop (alias CleanSC)
– Force stores to be dropped

• DelDupFolders
– Deletes .dup folders

• ProxyMinReset
– Removes all minimum user access records


Support Options 2

• SubjectPurge (alias ItemPurge)
– Purge items if subject matches

• AttachPurge (alias AttFindPurge)
– Deletes attachments that match the specified file name

• FolderReset (alias ResFldr)
– System folder reset mode

• ResetMaintFlag
– Removes the maintenance flag (ie file lock) for a database


Support Options 3

• CheckJobList
– Checks the jobs in the ngwcheck.db

• MAPICleanup
– MAPI cleanup

• TestMode (alias WPTest)
– Halt states and other debug flags


Support Options 4

• PabSkip (alias SkipPab)
– Skip personal address book check

• NoSubjectPurge
– Purges LIN_RECORD if it doesn't have a SUBJECT_TEXT

• PabGroupFix
– Changes group if another non-case-sensitive group exists

• PabOnly
– Stop check after personal address book verification


Support Options 5

• ResetMove
– Check the user store for move in progress flag in
VERIFICATION_RECORD and clip.

• SubjectList
– List all subjects in message databases, creates
file SUBDUMP

• NoMsgDB (alias NoMDB)
– Don't validate pointers to message databases


Support Options 6

• ResequenceFolders (Alias Resequence)
– Re-sequence all folders (at all levels)

• SystemCategoryReset (Alias Ressyscat)
– Reset (clear) all system category names

• PabPurge
– Delete specified PAB entries

• PabFix
– Fix bad addresses


Support Options 7

• PabDelDupRec
– Cleans up duplicate personal groups in a personal
address group

• VerifyMode (Alias vrfixup)
– Verification mode (force repairing verification record)

• CleanUpGWEventsKey
– Delete/remove all event and event-definition records containing
the specified key string


Support Options 8

• Bypass_DigestRetention
– Allows items to be expired (removed) even when the digest
retention setting is in effect

• Bypass_Retention (Alias ByPassRetention)
– Allows items to be expired even when retention is active

• ByPass_SmartPurge (Alias ByPassSmartPurge)
– Allows items to be expired even when smart purge is active


Support Options 9

• ClearTZ
– Delete the WebAccess timezone information from the
user settings

• ForceClean
– Forces deletion based on expire/reduce options

• DelAllSubscribeRecords
– Deletes all of the users SUBCRIBE_TO_RECORD and
SUBSCRIBER_RECORD


Support Options 10

• ResetMaintFlag
– Removes the maintenance flag (ie file lock) for a database
• StoreLowerCase
– Convert the file names and directory names stored inside
GroupWise databases in the post office to lower case
®

– Useful when migrating to a Linux environment
• DelSubscribeRecords
– Deletes the users SUBCRIBE_TO_RECORD and
SUBSCRIBER_RECORD
• resetfutureapptcreatedates resetcreatedates

Support Options 11

• ResetDocAuthor
– Reset the document author and creator to the values found in
the activity log

• UnHideFolders
– Unhide all hidden folder records

• ClearMoveInventoryList
– Clear any remaining inventory list items from moving this user


Support Options 12

• ProxyFix
– Removes all duplicate user from proxy access lists created by
5.2 to 5.5 upgrade

• SetupMode (alias SetOnly)
– Setup mode


Best Practices for Administering Novell GroupWise 8

More Related Content

What's hot (20)

Viewers also liked (7)

Similar to Best Practices for Administering Novell GroupWise 8 (20)

More from Novell (20)

Recently uploaded (20)

Best Practices for Administering Novell GroupWise 8