Manual creation of AD Service Connection Point (SCP) for a Linux POA for functionality similar to ngwnameserver

  • 7023422
  • 03-Oct-2018
  • 14-Sep-2019

Environment

GroupWise 2014 R2 Support Pack 2
GroupWise 18

Situation

How do you create a Microsoft Service Connection Point (SCP) for the benefit if GroupWise Single Sign-On authentication ?

Resolution

Run ADSI Edit (Active Directory Service Interface Editor) on the AD Domain Controller or other machine where you can connect ADSI edit to the Active Directory domain.

    ( For Windows Server 2008 R2 )

1.  Start, Administrative Tools, ADSI Edit.

1a  ( For Windows Server 2012 R2 )

      Click the Start icon on the lower left corner of the Desktop, Administrative Tools, ADSI Edit

1b.  If in ADSI Edit , you are already connected to your Windows Domain Controller ( You already see "Default naming context [<Windows Domain Controller FQDN>] , then bypass below Step # 2.

2.  Action, Connect To, OK.

3.  Highlight "Default naming context [<YourADControllerHostName>]" and Click the rightwards filled triangle on the left of this line to expand.

4.  Highlight DC=<Your AD Distinguished Name Address>

5.  Click the rightwards filled triangle on the left of this line to expand.

6.  Highlight CN=Computers

7.  Click the rightwards filled triangle on the left of this line to expand.

8.  Under CN=Computers, Highlight CN=<YourLinuxGroupWiseServerName>.  This Server Name shows
up as a result of joining your GroupWise Linux Server to your Active Directory Domain Controller.

9.  Right Click, New, Object, highlight "serviceConnectionPoint" and CLICK NEXT.

10.  For the Value field type PO1.Domain1 if your GroupWise Post Office is called "PO1" and
your GroupWise Domain is called "Domain1".  Click NEXT.

11.  Click the FINISH button.

12.  Right click your newly made SCP Object, in this example, CN=PO1.Domain1.  Select Properties.

13.  Find the "keywords" attribute and select Edit.

Add the following 4 keyword values (one at a time, exactly as typed), The
GroupWise client looks for these keywords to find an SCP :

Novell

GroupWise

7802DE87-9F23-4DAB-A31D-7991A4F11625

FB6F0931-1D3A-4C36-8F97-EC97636138DD

Now Click OK and Apply.s


14.  Set the "serviceBindingInformation" attribute and enter 1677 (or the client server port for this PostOffice's POA ).

15.  Set the "serviceClassName" attribute to "groupwise"  (no quotes).

16.  Set the "serviceDNSName" to the fully qualified hostname of the POA server.b

17.  Set the "serviceDNSNameType" to A  (assuming it is an A record in DNS).

18.  Click the Apply button and OK.  Exit ADSI Edit.

19.  Be aware of Step 20 and the Additional Information below, but go back to https://support.microfocus.com/kb/doc.php?id=7018598, and
pick up with Step # 12.

20.  Now when you go to your Windows workstation that is joined to your Active Directory
Domain Controller (with a valid AD user Logon, who has a GroupWise mailbox), and start the GroupWise Windows client
it will find your SCP that is linked to your GroupWise Post Office POA hostname and port.

The user(s) will not have to remember what hostname and port and username and password to enter when trying to
login to their GroupWise mailbox with the GroupWise windows client.


Additional Information
Note:
If you are using this listed procedure as a part of configuring AD Single Sign-On (SSO), if you
are still prompted for a password :

  a.  Make sure there are no GroupWise startup options on the "Target" line, under the properties of your GroupWise windows client icon, that is being selected to start the GroupWise client

  b.  Try restarting the Windows workstation that your GroupWise Windows client is installed on

  c.  Go to the CMD command prompt on the Windows workstation and enter this command and press ENTER :

         whoami

      It should show, if your Active Directory domain controller was called "LAB" and you were logged on
      as the Active Directory user called "aduser1", -->  "LAB\aduser1"