Lesson 1: The Connector for Novell GroupWise | MCSE Training Kit Exam 70-224(c) Microsoft Exchange 2000 Server Implementation and Administration

Although you can install and run almost all GroupWise components and processes on a Microsoft Windows 2000 server, at least one Novell NetWare 4.1 (or higher) server is required to provide access to configuration and user information in NDS. The Connector for Novell GroupWise, on the other hand, must be installed on an Exchange 2000 server. Consequently, you need to integrate your Exchange 2000 server with NetWare via Gateway and Client Services for NetWare (GSNW) or Novell NetWare Client for Windows 2000. Detailed information regarding this is available in Chapter 10, "MAPI-Based Clients in a Novell NetWare Environment."

This lesson focuses on an integration of Exchange 2000 Server with GroupWise 5.5 in a Novell Netware 5 environment based on GSNW. The preparation of earlier versions of GroupWise differs slightly from GroupWise 5.5, but the connector configuration remains the same. The following explanations address important connector components and the configuration of messaging connectivity.

At the end of this lesson, you will be able to:

Identify the main components of the Connector for Novell GroupWise.
Prepare a Novell GroupWise 5.5 environment for connectivity to a foreign messaging system, such as Exchange 2000 Server.
Configure and use the Connector for Novell GroupWise.

Estimated time to complete this lesson: 75 minutes

Connector for Novell GroupWise Overview

You can deploy the Connector for Novell GroupWise on one or many Exchange 2000 servers to connect your organization to a GroupWise environment. A particular server can run exactly one connector instance to directly service one GroupWise domain. A GroupWise Message Transfer Agent (GroupWise MTA) is required in this domain to route messages to GroupWise post offices, other domains, or external foreign domains.

For best performance, it is a good idea to install the Connector for Novell GroupWise on a dedicated bridgehead server to support an entire organization (see Figure 29.1). Servers with user mailboxes remain unaffected by connector processing and the Connector in turn can enjoy the full availability of system resources on the bridgehead. However, you may find it more cost effective to purchase a single server with greater capacity to improve performance. Often, user services can take advantage of the additional hardware when the demand for client-server communication is high, while connector services may be scheduled to transfer messages during off-peak hours. The concept of bridgehead servers is discussed in Chapter 16, "Message Routing Administration."

click to view at full size

Figure 29.1 Deploying the Connector for Novell GroupWise

Connector Installation

The actual Connector installation is quickly accomplished using Exchange 2000 Server Setup. When you reach the Component Selection wizard screen, select Install under Action for the Microsoft Exchange Connector for Novell GroupWise. You should not forget to select Install (or Change) for Microsoft Exchange 2000 and Microsoft Exchange Messaging And Collaboration Services beforehand. If you want to add the Connector to an existing Exchange 2000 Server organization, permissions of an Exchange Administrator are required in the administrative group where the target routing group exists. You also need the permissions of a local Administrator on the computer where you want to run the Connector because several settings are written to the local Registry. If possible, log on with Enterprise Admin permissions. You can read more about the installation of Exchange 2000 Server in Chapter 5, "Installing Microsoft Exchange 2000 Server."

Connector Architecture and Application Programming Interfaces

The Connector for Novell GroupWise is a true messaging gateway that communicates with Exchange 2000 Server via Messaging Application Programming Interface (MAPI) to obtain and deliver Exchange messages. To retrieve and map address information, the Connector also must communicate with Active Directory through Active Directory Services Interface (ADSI). On the side of Novell GroupWise, the Connector interacts with Novell GroupWise API Gateway to receive and send messages and to work with recipient information. In short, the Connector is based on the Exchange Development Kit (EDK) on the Exchange side and the Novell Development Kit (NDK) on the side of GroupWise.

NOTE
To support distribution group expansion during message delivery to GroupWise, you must install the Novell GroupWise Patch 2 for API NetWare Loadable Module (NLM) on the Novell NetWare server that is running the Connector's API Gateway. This patch is available from Novell in form of a self-extracting file called GW41API2.EXE.

Novell GroupWise Dependencies

The GroupWise messaging architecture is based on post offices serviced by post office agents (POAs). In a TCP/IP-based client/server environment, POAs are the communication partners of GroupWise MTAs and clients that want to access post office resources. In a traditional, shared-file configuration, post offices are accessed directly. GroupWise MTAs in turn transfer messages between post offices in a domain and between domains (see Figure 29.2). Physically, domains and post offices are file structures on a NetWare or Microsoft Windows NT or Windows 2000 server. Logically, they are configuration objects in NDS.

click to view at full size

Figure 29.2 Clients, POAs, and MTAs in a client/server GroupWise domain

Novell GroupWise API Gateway

The GroupWise API Gateway is an extra component that must be added to the GroupWise domain to support the Connector for Novell GroupWise. Novell provides an API Gateway for DOS, OS/2, and NetWare. Use of the Novell NLM version is recommended.

The API Gateway is a universal GroupWise gateway that uses keyword-based text files to communicate with messaging systems that are foreign to GroupWise, such as Exchange 2000 Server. On the GroupWise side, the gateway works in conjunction with the GroupWise MTA (see Figure 29.3). For test purposes, you can use any text editor, such as Notepad, to read and write keyword-based text files in the API Gateway's directory structure, which is demonstrated later in this lesson.

The following API Gateway directories are most important:

API_IN. Receives incoming message header files from non-GroupWise systems
API_OUT. Holds outgoing message header files to non-GroupWise systems
ATT_IN. Receives incoming message bodies and attachments from non-GroupWise systems
ATT_OUT. Holds outgoing message bodies and attachments to non-GroupWise systems
WPCSIN. The GroupWise MTA inbound queue where incoming messages are placed after their processing through the API Gateway
WPCSOUT. The GroupWise MTA outbound queue where outgoing messages are located before they are converted into keyword-based text files and placed into API_OUT and ATT_OUT through the API Gateway

API Gateway and Connector Account

It is highly recommended to restrict access to the API Gateway directory because the gateway is able to perform management functions similar to a NetWare Administrator. To identify the Connector for Novell GroupWise and grant it permissions to read and write messages in the API input and output directories, a dedicated NetWare account is required. You need to create this account using Novell NetWare Administrator and then use Exchange System Manager to configure the Connector (in the General tab) to use this account for API Gateway access.

NOTE
The Connector's NetWare account must be a member of a special group called NTGATEWAY, which you need to create using NetWare Administrator. The Connector's NetWare account requires permissions to create, read, write, and delete files in the API Gateway directories.

Directory Synchronization

To perform directory lookups for address conversion and directory synchronization, the Connector for Novell GroupWise interacts with Active Directory based on ADSI. To access the GroupWise directory on the other side, the management functions of the API Gateway are employed. Messages with the keyword MSG-TYPE=Admin are placed in the API input queue to add, delete, modify, and rename references to Exchange users in the GroupWise directory. These types of messages are called administrator messages, which are also used to request user information from GroupWise domains. The process of directory synchronization with Novell GroupWise is explained in detail in Lesson 2.

NOTE
The API Gateway processes administrator messages and then, in conjunction with the GroupWise agents (POA and MTA), adds Exchange recipient information to GroupWise domains. GroupWise versions earlier than 5.5 use a dedicated administration agent (ADA) for this purpose. In GroupWise 5.5, the ADA is part of the POA.

Message Conversion

Novell GroupWise supports several specific types of messages, such as e-mail messages, appointments, notes, tasks, forms, presentations or documents, and so forth. MAPI-based message types are mapped to corresponding message types in GroupWise when possible. That is, e-mail messages appear as e-mail messages, meeting requests as appointments, and so on. Message types that are not supported in the other messaging system, such as GroupWise phone messages, will be converted to regular e-mail items. The Connector for Novell GroupWise is able to track delivery confirmation reports, read receipts, and nondelivery reports.

The following features are lost during message conversion:

Attachments of embedded messages. The Connector converts attachments of messages that are embedded in Exchange or GroupWise messages into attachments of the primary message.
All-day Exchange meeting request. The Connector converts all-day meeting requests from Exchange 2000 Server to Notes in GroupWise.
Meeting cancellations. Meeting cancellations can be exported from Exchange 2000 Server to Novell Groupwise, but not vice versa.
Meeting reminder times. The Connector discards this information.
Recurring meetings (Exchange). Not supported in GroupWise and therefore converted to one-day meetings with a description about meeting recurrences in the message text.
Reply-to. Exchange 2000 Server supports the Reply-To Address field, which allows a sender to specify a different address as the recipient for message replies. GroupWise does not support this feature; consequently, replies are delivered to the original sender.
Rich text format (RTF) information in Exchange messages. The Connector discards RTF information in the message body because the API Gateway supports plain text only.
Task request. The Connector converts task requests to e-mail messages.
Tentatively accepted meeting requests. Received as accepted meeting requests.

NOTE
If an Exchange user specifies a GroupWise user multiple times in an e-mail message (if recipient is listed more than once in the To, Cc, or Bcc line or is in more than one specified distribution group) the GroupWise user receives duplicate e-mail messages.

Components of the Connector for Novell GroupWise

The Connector for Novell GroupWise consists of several active components that are implemented as Windows 2000 services. They run on the Exchange 2000 server and use a temporary directory structure (the connector store) for their interprocess communication. All services are installed during Connector setup. Furthermore, a proxy address generator and address details templates are part of the Connector.

Active Connector Services

You can display the various services that form the Connector for Novell GroupWise in the Services snap-in from the Administrative Tools program group. These services are called Microsoft Exchange Connector for Novell GroupWise and Microsoft Exchange Router for Novell GroupWise. The Connector service works with message queues in the Information Store and the router service does the same with the API Gateway (see Figure 29.3). In addition, both services depend on the Microsoft Exchange Connectivity Controller service.

click to view at full size

Figure 29.3 Connector for Novell GroupWise architecture

Message Queues

The Connector for Novell GroupWise uses message queues in the Information Store, just as any EDK-based gateway connector does (see Figure 29.3). As usual, the main message queues are named MTS-OUT for outbound messages from and MTS-IN for inbound e-mail to Exchange. Further queues, called BADMAIL, READYIN, and READYOUT, will exist after you start a configured Connector for the first time. BADMAIL is the repository for corrupted messages that cannot be processed. READYIN and READYOUT are explained later.

TIP
The Connector services are set to manual startup by default. For configured Connectors, it is a good idea to change this to automatic using the Services snap-in.

Active Connector Processes

It might be surprising that the Connector for Novell GroupWise relies on the same main executable (.exe) file as the Connector for Lotus Notes. The main executable file is DISPATCH.EXE. This is possible because Dispatch does not perform the actual message processing. Instead, it dispatches the various tasks of message transfer and directory synchronization to other processes based on the settings from the EXCHCONN.INI file. Three of the active processes are the same as for the Connector for Lotus Notes. They are MEXIN, MEXOUT, and DXAMEX. They communicate with the Information Store and Active Directory for message transfer and directory synchronization. Novell GroupWise Connector-specific components are MEX2GW, GW2MEX, and DXAGWISE. The EXCHCONN.INI, .exe files, and .dll files of the worker processes are in the \Program Files\Exchsrvr\Bin directory.

The six active Connector processes and their relationships are as follows:

MEXOUT (LSMEXOUT.EXE) obtains outbound messages from the MTS-OUT queue, looks up Active Directory to replace target recipient information with corresponding GroupWise addresses, and places the messages into the READYOUT folder. From there, MEX2GW (MEX2GW.EXE) obtains the messages and converts them from Exchange to GroupWise format before it writes them as header and body files into the connector store on the Exchange 2000 server. Converted messages are picked up by the router service (GWROUTER.EXE) and transferred to the API Gateway for further delivery.
The router service obtains messages in the form of header and body files from the API Gateway and places them in the connector store, where GW2MEX (GW2MEX.EXE) picks them up. GW2MEX converts header and body files to messages in Exchange format and places them into the READYIN folder. MEXIN (LSMEXIN.EXE) obtains these converted messages from there, verifies the validity of the recipients, and places the messages into the MTS-IN queue in the Information Store.
DXAGWISE (DXAGWISE.DLL) is the agent that processes address updates received from GroupWise by means of router service and connector store. This component also converts Exchange address information into administration messages, which will be placed in the connector store for delivery to the API Gateway. DXAMEX (DXAMEX.DLL), on the other hand, is the process that performs the work on the Active Directory side. The general directory synchronization agent (LSDXA.EXE) controls both DXANOTES and DXAGWISE.

Intermediate Connector Repository

As shown in Figure 29.3, the connector store acts as the communication media between the Connector for Novell GroupWise and the Router for Novell GroupWise. The connector store is the \Program Files\Exchsrvr\Conndata directory with subdirectories, such as \Dxagwise and \Gwrouter. The \Gwrouter directory, for instance, has further subdirectories polled by the Router for Novell GroupWise. The \Dxagwise subdirectory, on the other hand, contains schema definition and attribute mapping files used during directory synchronization with GroupWise.

NOTE
If you have installed the Connector for Lotus Notes on the same server, you will find a \Dxamex subdirectory under \Conndata. This directory contains the schema definition files and mapping rule files for the directory synchronization with Lotus Domino/Notes. However, DXAMEX uses the files from the \Dxagwise for directory synchronization with Novell GroupWise.

The schema definition and mapping rule files in the \Dxagwise subdirectory have the following purposes:

GWAMAP.TBL. GroupWise schema attributes to be synchronized
MAPMEX.TBL. Determines the attribute mapping from Exchange 2000 Server to Novell GroupWise
MEXAMAP.TBL. Exchange schema attributes to be synchronized
MAPGWISE.TBL. Determines the attribute mapping from Novell GroupWise to Exchange 2000 Server

You can customize the control files in Notepad to change the attribute mapping. Stop the Connector services before editing these files to ensure that the directory synchronization is not active. In addition, there are control files that allow the Connector to check for address updates that require synchronization (EXTERNAL.TBL, GWPCTA.TBL, MEXPCTA.TBL). Do not edit these files manually. More information about directory attribute mappings is available in the Exchange 2000 Server product documentation.

Configuration Objects in Exchange System Manager

When you install the Connector for Novell GroupWise, a configuration object is created in the configuration naming partition of Active Directory. In Exchange System Manager you can find a corresponding connector object under <Organization Name>/Administrative Groups/<Administrative Group Name>/Routing Groups/<Routing Group Name>/Connectors. Underneath this connector object in turn is the Queues container, which provides access to BADMAIL, MTS-IN, MTS-OUT, READYIN, and READYOUT. You can check the BADMAIL queue, for instance, to see if there are any corrupted messages.

The MTA receives outbound messages destined for Novell GroupWise from the Simple Mail Transfer Protocol (SMTP) routing engine and transfers inbound messages to the routing engine for further delivery. Consequently, the MTA needs to maintain an internal message queue for the Connector for Novell GroupWise. You can view this queue in Exchange System Manager, provided that the Connector for Novell GroupWise service is started. Open the <Organization Name>/Administrative Groups/<Administrative Group Name>/Servers/<Server Name>/Protocols/X.400/Queues container, such as Blue Sky Airlines (Exchange)/Administrative Groups/First Administrative Group/Servers/BLUESKY-SRV1/Protocols/X.400/Queues, and verify that a queue for the Connector for Novell GroupWise exists. Message queues are covered in Chapter 20, "Microsoft Exchange 2000 Server Maintenance and Troubleshooting."

Exchange Connectivity Administrator

The Connector for Novell GroupWise comes with the Exchange Connectivity Administrator program (LSADMIN.EXE) that allows you to examine the state of individual connector processes (that is, GW2MEX, MEXOUT, and so forth). Exchange Connectivity Administrator provides valuable features for checking Connector activities. Make sure that the Microsoft Exchange Connectivity Controller and the other Connector services are started, and then launch this utility directly from the \Program Files\Exchsrvr\Bin directory. You can read more about Exchange Connectivity Administrator later in this lesson.

Configuring the GroupWise Domain and API Gateway

To support the Connector for Novell GroupWise, you need to make sure a dedicated API Gateway is available. This task is accomplished mainly in the NetWare Administrator program. You should work with NetWare Administrator on a workstation where the GroupWise administration files have been installed. The following explanations cover the preparation of a Novell GroupWise 5.5 domain.

Installing the GroupWise API Gateway on a Novell NetWare 5 Server

You should use the NLM version of the API Gateway with the Connector for Novell GroupWise. For installation, copy the corresponding gateway files to a floppy or a directory on your NetWare server. You may also install the API Gateway from CD-ROM or download it from Novell's Web site. Before you start the actual installation, it is a good idea to create a gateway directory in the \Wpgate subdirectory of your GroupWise domain (for example, \API41).

To install API Gateway and Patch 2 for the API NLM on a NetWare 5 Server called BLUESKY-NW1

NOTE
The installations of API Gateway and Patch 2 are demonstrated separately; it is assumed that you work with floppy disks.

In the System Console, type NWConfig, and then press Enter.
Select Product Options and press Enter, then select Install A Product Not Listed, and press Enter again.
Make sure the floppy containing the API Gateway files is inserted in drive A on the NetWare server, and then, in the NetWare Configuration program, press Enter.
The API Gateway Installation screen will be displayed (see Figure 29.4). Change the Domain Path and the Gateway Directory if required, and then select Install and press Enter to continue.
On the NetWare Configuration screen that appears after the installation is complete, press Esc twice, and then press Enter to exit the NetWare Configuration program.

Figure 29.4 Installing the API Gateway on a Novell NetWare 5 server
Insert the floppy with the files for Patch 2 for API NLM into drive A, and then, on the NetWare System Console, type load A:\PINSTALL.NLM and press Enter.
On the API Gateway Installation screen, make sure the settings Domain Path, Gateway Directory, Gateway NLMs, Shared NLMs, and Load Script match your API Gateway configuration (see Figure 29.4). Select Install and press Enter. You will be informed that NGWAPI.PRM already exists and will be moved to the \Save directory. Press Enter to continue and install the gateway files. The installation will complete automatically.
On the System Console, type Edit and press Enter, and then, in the NetWare Text Editor, specify the path and filename for the gateway's NGWAPI.PRM file (for example, SYS:\API41\NGWAPI.PRM), and then press Enter again.
Scroll down to the line beginning with /Home- and make sure it points to the gateway directory (for example, /Home-SYS:\Public\Grpwise\Domain\Wpgate\API41). In an installation without Patch 2 for API NLM, you need to correct the default /Home- line manually.
Find the line beginning with ;/Group and remove the semicolon in front of it to activate the inbound group expansion.
Press Esc. You will be prompted to save the changes. Make sure Yes is selected, and then press Enter.
Press Esc and Enter to exit the text editor.

Configuring the API Gateway for Exchange 2000 Server

After you have installed the GroupWise API Gateway files, you must start the NetWare Administrator program and create a gateway object in the Novell GroupWise domain.

It is assumed that both domain and post office reside in an organizational unit (OU) called GroupWise, that the domain is called GWDOMAIN, and that the post office is named GWPO.

To create a gateway object in the Novell GroupWise domain

In NetWare Administrator, select the GroupWise domain object where you want to install the gateway (for example, GWDOMAIN, as shown in Figure 29.5).
Right-click the domain object (for example, GWDOMAIN) and then select Create.
In the New Object dialog box, double-click GroupWise Gateway/Internet Agent.

Figure 29.5 Creating an API Gateway for Exchange 2000 Server in GroupWise

In the Create GroupWise Gateway/Internet Agent dialog box, specify the following information (leave all others at their defaults, as shown in Figure 29.5), and then click Create:

Gateway Name	A descriptive, unique name within the domain (for example, Exchange Gateway) that identifies the gateway. NetWare Administrator will prevent the creation of gateway objects with duplicate names.
Gateway Home Directory	Select the directory specified during the installation of the API Gateway (for example, API41).
Gateway Type	API
Version	4.x (It is noteworthy that an API Gateway for GroupWise 5.x does not exist.)
Platform	NLM (It is recommended that you use the NLM version of the API Gateway with the Connector for Novell GroupWise.)
Define Additional Properties	Select the corresponding check box to define further settings.

The GroupWise Gateway/Internet Agent:Exchange Gateway dialog box is displayed next. Click Optional Gateway Settings, and then, under Directory Sync/Exchange, select Exchange to enable directory synchronization with Exchange 2000 Server. The Connector for Novell GroupWise will control the synchronization process, as explained in Lesson 2.
To support delivery reports and other status messages, under Convert Status To Messages, select Yes.
From the Outbound Status Level list box, select Full, and then click Required Parameters to switch to the Required Parameters tab.
Correct the information displayed under Gateway File Paths to match your API Gateway installation. You need to specify absolute NetWare paths in the form of <Server Name>/<Volume>:\<Path> (for example, BLUESKY-NW1/SYS:\PUBLIC\GRPWISE\DOMAIN\WPGATE\API41).
From the Addressing Format list box, select Component, and then click OK to complete the configuration. The Exchange Gateway configuration object should now be listed in the NetWare Administrator View beneath the GroupWise domain object.

NOTE
Optionally, you may decrease the value for Idle Sleep Duration to 1 second (Gateway Time Settings) to avoid delays in manual directory synchronization. The API Gateway checks its API_IN directory for inbound messages in intervals according to the Idle Sleep Duration setting. The default value is 30 seconds.

Creating an External Foreign Domain for Exchange 2000 Server

Theoretically, you are now able to start the API Gateway. However, the configuration is not complete. You need to create an external foreign domain for your Exchange 2000 Server organization, and you need to configure the link table of the GroupWise domain to connect the external foreign domain to your GroupWise domain via the API Gateway. Otherwise, GroupWise cannot route messages to Exchange users.

To create an external domain and link it to the API Gateway using NetWare Administrator

In NetWare Administrator, open the Tools menu, and then select GroupWise View. Expand the GroupWise domain where the API Gateway for Exchange 2000 Server is installed.
Right-click the gateway object (for example, Exchange Gateway, as shown in Figure 29.6) and select Create. In the Create External Object dialog box,select External Domain.

Figure 29.6 External foreign domain for Exchange 2000 Server
Type Exchange under External Domain Name. This is the default domain name assigned to Exchange users. You need to change the proxy address generation rules if you choose a different name. Proxy address generation is explained later in this lesson.
Under Domain Type, select External Foreign.
Make sure the Version is set to 4.x (because the API Gateway is version 4.1), and set the Time Zone to the time zone of the Exchange 2000 server that hosts the Connector for Novell GroupWise. Under Link To Domain, the API Gateway's GroupWise domain should be listed (for example, GWDOMAIN).
Click Create and then verify that a foreign domain object is created in the GroupWise tree.
Right-click the API Gateway's GroupWise domain (for example, GWDOMAIN), and then select Link Configuration.
In the Link Configuration Tool, right-click the newly created external domain (for example, Exchange), and then select Edit.
From the Link Type list box, select Gateway.
In the Gateway Link list box, make sure the API Gateway is listed (for example, Exchange Gateway) that connects the GroupWise domain to Exchange 2000 Server, and then click OK.
Close the Link Configuration Tool. In the Links Have Changed dialog box, click Yes to save the link changes for the GroupWise domain.

Connector Permissions in Novell NetWare

As mentioned earlier in this lesson, you must create a Connector account and assign it permissions to the API Gateway's directories. This NetWare account must be a member of a special group called NTGATEWAY to allow the router service access to the API Gateway directory.

NOTE
Windows 2000 Server connects to NetWare servers on behalf of a NetWare account that must be a member of the NTGATEWAY group. Otherwise, the Router for Novell GroupWise service will report the following error in the application event log (Event ID 5017): "Error occurred when logging on NetWare server. The system error code is 1317. The specified user does not exist." You can read more about the integration of Exchange 2000 Server into NetWare-based networks in Chapter 10, "MAPI-Based Clients in a Novell NetWare Environment."

To create a Connector account and the NTGATEWAY group in NetWare Administrator

In the NetWare Administrator View, right-click the desired OU where you want to create the gateway account, and then select the Create command.
In the New Object dialog box, double-click User, and then in the Create User dialog box, type Exchange under Login Name, type Server under Last Name, and select the Define Additional Properties check box.
Click Create, and then in the User:Exchange dialog box, click Password Restrictions.
Clear the Allow User To Change Password check box, select Require A Password, verify that the displayed Minimum Password Length matches your company's security policies, and then click Change Password.
In the Change Password dialog box, under New Password and Retype New Password, type a password (for example, password), and then click OK.
Click Rights To Files And Directories, and then under Volumes, click Show. Select the NetWare volume where you have installed the API Gateway (for example, BLUESKY-NW1_SYS) in the Select Object dialog box—you might have to navigate through the NDS tree to find the server—and then click OK.
Under Files And Directories, click Add, and then navigate through the directories to select the API Gateway's root directory (for example, BLUESKY-NW1/SYS:\public\grpwise\domain\wpgate\API41). Grant the Exchange account all rights to this directory (except Supervisor and Access Control), and then click OK (see Figure 29.7).
To create the NTGATEWAY group, right-click the OU again, and select Create.
In the New Object dialog box, double-click Group, and then in the Create Group dialog box, type NTGATEWAY.
Select the Define Additional Properties check box, and then click Create.
Click Members, and then click Add to select the Connector account (for example, Exchange) in the Select Object dialog box, and then click OK.
Click OK to close the Group:NTGATEWAY dialog box.

Figure 29.7 Configuring Connector permissions in Novell NetWare

NOTE
It is a good idea to manually log on to NetWare using the connector's NetWare account to test access to the API Gateway directory. You need to be able to create, read, write, and delete files.

Starting and Testing the API Gateway

At this point, your NetWare and GroupWise environment is ready for Exchange 2000 Server. However, before configuring the Connector for Novell GroupWise, it is a good idea to start and test the API Gateway configuration. Type API in the System Console of your NetWare server and press Enter to launch the API Gateway's NLM (see Figure 29.8). You may use RCONSOLE.EXE to work remotely.

IMPORTANT
The API.NCF file is written during the installation of Patch 2 for API NLM. Without the patch, you cannot use the API command to launch the gateway. In this situation, use the following command: load <Volume:\Path>\NGWAPI.NLM (for example, load SYS:\API41\NGWAPI.NLM).

To test the GroupWise and API Gateway configuration by simulating the Connector for Novell GroupWise

On your workstation, launch the Novell GroupWise client. Compose a new message, address it to Exchange.First Administrative Group.Administrator, and then send it.
The API Gateway should place the message body in the form of a .bdy file in the ATT_OUT directory, while the message header should be in an .api file in its API_OUT directory.
Copy the .bdy file into the ATT_IN directory (it is important to copy the message body first).

Open the .api file in Notepad and change the mail header information, as shown in the following sample listing (your sender and recipient information may be different):

 WPC-API= 1.2; Header-Char= T50; Msg-Type= MAIL; From-Text= Exchange Test; From=     WPD= Exchange;     WPPO= First Administrative Group;     WPU= Administrator;     LN= admin;     S= admin; ; To=     WPD= GWDOMAIN;     WPPO= GWPO;     WPU= admin;     WPPONUM= 1;     WPUNUM= 1;     CDBA= 0001:0001; ; All-To=     WPD= GWDOMAIN;     WPPO= GWPO;     WPU= admin;     WPPONUM= 1;     WPUNUM= 1; ; Msg-Id= 39B424B2.CFE6.0001.000; To-Text= NGWAPI; Subject= API Gateway Test; <… further text …>

Save the .api file in API_IN using the original filename (actually, filename and extension do not need to be retained).
Switch to the Novell GroupWise client and verify that you have received the manipulated message (see Figure 29.8). For subsequent tests you need to copy the .bdy file again into the ATT_IN directory before saving the .api file in API_IN.

Figure 29.8 Testing the GroupWise API Gateway
When you have finished your tests, delete the .bdy and .api files from the API Gateway directory.

Configuring the Connector for Novell GroupWise

It is a complex task to prepare the Novell GroupWise environment, but careful configuration and testing in the first place makes the completion of the Connector configuration easy in Exchange System Manager. Right-click the Connector's configuration object under <Organization Name>/Administrative Groups/ <Administrative Group Name>/Routing Groups/<Routing Group Name>/Connectors (for example, under Blue Sky Airlines/Administrative Groups/First Administrative Group/Routing Groups/First Routing Group/Connectors), and then select Properties.

The Connector for Novell GroupWise tabs and their purposes are as follows:

Address Space. To define message routing information for this Connector and determine the Connector's scope (that is, Exchange Organization or Routing Group). You can read more about address spaces in Chapter 16, "Message Routing Administration."
Delivery Restrictions. To specify users and groups that are allowed or denied message transfer through this Connector to Novell GroupWise.
Details. To provide an Administrative Note for informational purposes.
Dirsync Schedule. To set the frequency of directory synchronization and to trigger manual address updates.
Export Containers. To specify the OUs as recipient containers that you want to export to the GroupWise users, and to determine whether to export contact objects and groups.
General. To specify the Universal Naming Convention (UNC) path to the root directory of the connector's API Gateway, identify the Connector account (member of NTGATEWAY), restrict message sizes, and set the deliver order (by Priority, FIFO, Size). FIFO is short for first in/first out.
Import Container. To specify an OU in Active Directory where recipient objects should be created for GroupWise users, to filter recipients that should be included or excluded, and to determine the type of recipient objects to create if GroupWise users do not have Windows 2000 accounts. You can read more about the configuration of export and import OUs in Lesson 2.
Security. To specify users and groups that are allowed or denied administrative control over this Connector to Novell GroupWise. (This property sheet is only available if you have set the ShowSecurityPage Registry key, as outlined in Exercise 2 of Chapter 5, "Installing Exchange 2000 Server.")

Minimal Connector Configuration

At minimum, you need only provide the path to the API Gateway's root directory in UNC in the API Gateway Path box in the Connector's General tab, such as \\BLUESKY-NW1\SYS\Public\Grpwise\Domain\Wpgate\API41 (see Figure 29.9). It is a good idea to start Windows Explorer to verify the UNC path. Only connections that support direct access to the API Gateway queues are supported.

click to view at full size

Figure 29.9 A minimal Connector for Novell GroupWise configuration

You also need to provide NetWare account information for the Connector. As mentioned, this account must be a member of the NTGATEWAY group. Use the Modify button to type the account name in the NetWare Account box (for example, Exchange). Under Password and Confirm Password, enter the corresponding password that was defined in NetWare Administrator. Then click on the Address Space tab to define a GWISE address space for message routing purposes. Click Add, double-click GWISE in the Add Address Space dialog box, then, under Address, type an asterisk (*), and then click OK. Verify that an address space in the form GWISE * is listed (see Figure 29.9). Click OK to close the Connector properties.

Do not forget to activate the GWISE proxy address generation in a recipient policy, such as the default policy object, to assign your Exchange users valid GroupWise addresses. Recipient policies are discussed in Chapter 13, "Creating and Managing Recipients."

Make sure that the API Gateway is running, start the Connector for Novell GroupWise service using the Services snap-in, and you are ready to exchange messages. The Microsoft Exchange Router for Novell GroupWise and the Microsoft Exchange Connectivity Controller services will be started automatically.

Examining Connector Processes

You can use the Exchange Connectivity Administrator to verify whether the Connector processes are operating properly when you double-click the Process Manager reference in the Overview window. All Connector processes should be listed in idle state.

For further details, check the application event log using Event Viewer. For example, if you have misspelled the password of the Connector's NetWare account, the router service will write an error to the application event log (Event ID 5017): "Error occurred when logging on NetWare server. The system error code is 86. The specified network password is not correct." Another useful utility to examine Connector processes is the Performance tool. Windows 2000 management utilities that are useful for Exchange 2000 Server administration are discussed in Chapter 12, "Management Tools for Microsoft Exchange 2000 Server."

Diagnostics Logging

In case of problems, it is a good idea to increase the level of event logging for the Connector for Novell GroupWise to obtain the most detailed information. In Exchange System Manager, display the properties of the Exchange 2000 Server object (such as BLUESKY-SRV1), click on the Diagnostics Logging tab, select the LME-GWISE entry, and then set the desired logging level for all categories (None, Minimum, Medium, or Maximum). When you are confident that your Connector operates correctly, decrease the level for all categories to None to avoid unnecessary entries in the event log. With a diagnostics logging level of None, only critical events are traced. Diagnostics logging is further discussed in Chapter 20, "Microsoft Exchange 2000 Server Maintenance and Troubleshooting."

Testing E-Mail Connectivity

Operational Connector processes displayed in Exchange Connectivity Administrator are a positive indicator that the Connector configuration is okay. To ensure that message routing works, send test messages from Novell GroupWise to Exchange 2000 Server and vice versa. Use your new GWISE proxy address to specify an Exchange recipient in GroupWise, for instance Exchange.First Administrative Group.Administrator. Once the message is received in Microsoft Outlook 2000, reply to it and verify that the reply is received in Novell GroupWise. Always test newly created messaging connectors in both directions.

Novell GroupWise Proxy Addresses

If you do not know your GWISE proxy address by heart, launch Active Directory Users and Computers and display the E-Mail Addresses tab for your account. If GWISE address information is missing, you should check the default policy and Recipient Update service configuration in Exchange System Manager.

NOTE
If you enable directory synchronization and then examine e-mail address information in Active Directory Users and Computers, you can find secondary proxy addresses assigned to GWISE recipient objects that refer to globally unique identifiers (GUIDs). These GUIDs are used to identify synchronized recipients. Do not delete them.

Novell GroupWise Proxy Address Generation Rules

By default, Novell GroupWise users see Exchange users as recipients in a huge external foreign domain called Exchange. The post office name corresponds to the administrative group name. As usual, the Recipient Update service generates the proxy addresses for each mailbox- and mail-enabled account automatically using a proxy address generator. The GroupWise proxy address generator is GWXPXGEN.DLL, which can be found in the Program Files\Exchsrvr\Address\ Gwise\i386 directory. The Recipient Update service is covered in detail in Chapter 13, "Creating and Managing Recipients."

It is possible to customize GWISE proxy address generation. In Exchange System Manager, open the Recipients container, select Recipients Policies, and then open the desired policy (such as Default Policy). Click on the E-Mail Addresses tab. Make sure that the GWISE check box is selected, and then double-click the address entry next to it to customize the address generation rule. For instance, you might want to shorten or change the reference to the post office name, which by default refers to the administrative group, but you cannot remove it. GroupWise addresses must conform to the GroupWise naming convention of domain.post office.user alias. Do not change the domain name portion until you have created a corresponding external foreign domain in GroupWise. To customize the GWISE address generation, you can use the same placeholders that were already explained for the Connector for Lotus Notes in Chapter 28, "Connecting to Lotus Notes."

Implementing Multiple Connector Instances

You can configure multiple recipient policies to generate GWISE addresses according to different formats. For example, you may assign Carl Titmouse the address E2KEastCoast.First Administrative Group.CarlTitmouse, while the Administrator may have the address E2KWestCoast.First Administrative Group.Administrator. This corresponds to an Exchange 2000 Server organization with two external foreign domains in GroupWise. Correspondingly, you need to create an external foreign domain in GroupWise for E2KEastCoast and one for E2KWestCoast using NetWare Administrator. Either you point both to the same API Gateway or to separate gateways, possibly in different GroupWise domains. In this way, multiple Connector instances can share the message traffic to Exchange 2000 Server.

NOTE
When implementing multiple Connector instances, carefully design the directory synchronization topology to avoid the creation of duplicate address information through multiple connectors.

Configuring Downstream Domains

One Connector for Novell GroupWise can service multiple GroupWise domains. An address space of GWISE *, for instance, causes Exchange 2000 Server to route messages to all GroupWise users through your Connector. You only need to make sure that the link table configuration of the Connector's GroupWise domain meets your GroupWise routing requirements. The GroupWise MTA must be able to route inbound messages received from the API Gateway to their destinations. To distribute outbound message traffic to GroupWise domains across multiple Connectors for Novell GroupWise, assign detailed GWISE address spaces to each Connector. The most detailed address space wins, as explained in Chapter 16, "Message Routing Administration."