Although you can install and run almost all GroupWise components and processes on a Microsoft Windows 2000 server, at least one Novell NetWare 4.1 (or higher) server is required to provide access to configuration and user information in NDS. The Connector for Novell GroupWise, on the other hand, must be installed on an Exchange 2000 server. Consequently, you need to integrate your Exchange 2000 server with NetWare via Gateway and Client Services for NetWare (GSNW) or Novell NetWare Client for Windows 2000. Detailed information regarding this is available in Chapter 10, "MAPI-Based Clients in a Novell NetWare Environment."
This lesson focuses on an integration of Exchange 2000 Server with GroupWise 5.5 in a Novell Netware 5 environment based on GSNW. The preparation of earlier versions of GroupWise differs slightly from GroupWise 5.5, but the connector configuration remains the same. The following explanations address important connector components and the configuration of messaging connectivity.
At the end of this lesson, you will be able to:
Estimated time to complete this lesson: 75 minutes
You can deploy the Connector for Novell GroupWise on one or many Exchange 2000 servers to connect your organization to a GroupWise environment. A particular server can run exactly one connector instance to directly service one GroupWise domain. A GroupWise Message Transfer Agent (GroupWise MTA) is required in this domain to route messages to GroupWise post offices, other domains, or external foreign domains.
For best performance, it is a good idea to install the Connector for Novell GroupWise on a dedicated bridgehead server to support an entire organization (see Figure 29.1). Servers with user mailboxes remain unaffected by connector processing and the Connector in turn can enjoy the full availability of system resources on the bridgehead. However, you may find it more cost effective to purchase a single server with greater capacity to improve performance. Often, user services can take advantage of the additional hardware when the demand for client-server communication is high, while connector services may be scheduled to transfer messages during off-peak hours. The concept of bridgehead servers is discussed in Chapter 16, "Message Routing Administration."
Figure 29.1 Deploying the Connector for Novell GroupWise
The actual Connector installation is quickly accomplished using Exchange 2000 Server Setup. When you reach the Component Selection wizard screen, select Install under Action for the Microsoft Exchange Connector for Novell GroupWise. You should not forget to select Install (or Change) for Microsoft Exchange 2000 and Microsoft Exchange Messaging And Collaboration Services beforehand. If you want to add the Connector to an existing Exchange 2000 Server organization, permissions of an Exchange Administrator are required in the administrative group where the target routing group exists. You also need the permissions of a local Administrator on the computer where you want to run the Connector because several settings are written to the local Registry. If possible, log on with Enterprise Admin permissions. You can read more about the installation of Exchange 2000 Server in Chapter 5, "Installing Microsoft Exchange 2000 Server."
The Connector for Novell GroupWise is a true messaging gateway that communicates with Exchange 2000 Server via Messaging Application Programming Interface (MAPI) to obtain and deliver Exchange messages. To retrieve and map address information, the Connector also must communicate with Active Directory through Active Directory Services Interface (ADSI). On the side of Novell GroupWise, the Connector interacts with Novell GroupWise API Gateway to receive and send messages and to work with recipient information. In short, the Connector is based on the Exchange Development Kit (EDK) on the Exchange side and the Novell Development Kit (NDK) on the side of GroupWise.
NOTE
To support distribution group expansion during message delivery to GroupWise, you must install the Novell GroupWise Patch 2 for API NetWare Loadable Module (NLM) on the Novell NetWare server that is running the Connector's API Gateway. This patch is available from Novell in form of a self-extracting file called GW41API2.EXE.
The GroupWise messaging architecture is based on post offices serviced by post office agents (POAs). In a TCP/IP-based client/server environment, POAs are the communication partners of GroupWise MTAs and clients that want to access post office resources. In a traditional, shared-file configuration, post offices are accessed directly. GroupWise MTAs in turn transfer messages between post offices in a domain and between domains (see Figure 29.2). Physically, domains and post offices are file structures on a NetWare or Microsoft Windows NT or Windows 2000 server. Logically, they are configuration objects in NDS.
Figure 29.2 Clients, POAs, and MTAs in a client/server GroupWise domain
The GroupWise API Gateway is an extra component that must be added to the GroupWise domain to support the Connector for Novell GroupWise. Novell provides an API Gateway for DOS, OS/2, and NetWare. Use of the Novell NLM version is recommended.
The API Gateway is a universal GroupWise gateway that uses keyword-based text files to communicate with messaging systems that are foreign to GroupWise, such as Exchange 2000 Server. On the GroupWise side, the gateway works in conjunction with the GroupWise MTA (see Figure 29.3). For test purposes, you can use any text editor, such as Notepad, to read and write keyword-based text files in the API Gateway's directory structure, which is demonstrated later in this lesson.
The following API Gateway directories are most important:
It is highly recommended to restrict access to the API Gateway directory because the gateway is able to perform management functions similar to a NetWare Administrator. To identify the Connector for Novell GroupWise and grant it permissions to read and write messages in the API input and output directories, a dedicated NetWare account is required. You need to create this account using Novell NetWare Administrator and then use Exchange System Manager to configure the Connector (in the General tab) to use this account for API Gateway access.
NOTE
The Connector's NetWare account must be a member of a special group called NTGATEWAY, which you need to create using NetWare Administrator. The Connector's NetWare account requires permissions to create, read, write, and delete files in the API Gateway directories.
To perform directory lookups for address conversion and directory synchronization, the Connector for Novell GroupWise interacts with Active Directory based on ADSI. To access the GroupWise directory on the other side, the management functions of the API Gateway are employed. Messages with the keyword MSG-TYPE=Admin are placed in the API input queue to add, delete, modify, and rename references to Exchange users in the GroupWise directory. These types of messages are called administrator messages, which are also used to request user information from GroupWise domains. The process of directory synchronization with Novell GroupWise is explained in detail in Lesson 2.
NOTE
The API Gateway processes administrator messages and then, in conjunction with the GroupWise agents (POA and MTA), adds Exchange recipient information to GroupWise domains. GroupWise versions earlier than 5.5 use a dedicated administration agent (ADA) for this purpose. In GroupWise 5.5, the ADA is part of the POA.
Novell GroupWise supports several specific types of messages, such as e-mail messages, appointments, notes, tasks, forms, presentations or documents, and so forth. MAPI-based message types are mapped to corresponding message types in GroupWise when possible. That is, e-mail messages appear as e-mail messages, meeting requests as appointments, and so on. Message types that are not supported in the other messaging system, such as GroupWise phone messages, will be converted to regular e-mail items. The Connector for Novell GroupWise is able to track delivery confirmation reports, read receipts, and nondelivery reports.
The following features are lost during message conversion:
NOTE
If an Exchange user specifies a GroupWise user multiple times in an e-mail message (if recipient is listed more than once in the To, Cc, or Bcc line or is in more than one specified distribution group) the GroupWise user receives duplicate e-mail messages.
The Connector for Novell GroupWise consists of several active components that are implemented as Windows 2000 services. They run on the Exchange 2000 server and use a temporary directory structure (the connector store) for their interprocess communication. All services are installed during Connector setup. Furthermore, a proxy address generator and address details templates are part of the Connector.
You can display the various services that form the Connector for Novell GroupWise in the Services snap-in from the Administrative Tools program group. These services are called Microsoft Exchange Connector for Novell GroupWise and Microsoft Exchange Router for Novell GroupWise. The Connector service works with message queues in the Information Store and the router service does the same with the API Gateway (see Figure 29.3). In addition, both services depend on the Microsoft Exchange Connectivity Controller service.
Figure 29.3 Connector for Novell GroupWise architecture
The Connector for Novell GroupWise uses message queues in the Information Store, just as any EDK-based gateway connector does (see Figure 29.3). As usual, the main message queues are named MTS-OUT for outbound messages from and MTS-IN for inbound e-mail to Exchange. Further queues, called BADMAIL, READYIN, and READYOUT, will exist after you start a configured Connector for the first time. BADMAIL is the repository for corrupted messages that cannot be processed. READYIN and READYOUT are explained later.
TIP
The Connector services are set to manual startup by default. For configured Connectors, it is a good idea to change this to automatic using the Services snap-in.
It might be surprising that the Connector for Novell GroupWise relies on the same main executable (.exe) file as the Connector for Lotus Notes. The main executable file is DISPATCH.EXE. This is possible because Dispatch does not perform the actual message processing. Instead, it dispatches the various tasks of message transfer and directory synchronization to other processes based on the settings from the EXCHCONN.INI file. Three of the active processes are the same as for the Connector for Lotus Notes. They are MEXIN, MEXOUT, and DXAMEX. They communicate with the Information Store and Active Directory for message transfer and directory synchronization. Novell GroupWise Connector-specific components are MEX2GW, GW2MEX, and DXAGWISE. The EXCHCONN.INI, .exe files, and .dll files of the worker processes are in the \Program Files\Exchsrvr\Bin directory.
The six active Connector processes and their relationships are as follows:
As shown in Figure 29.3, the connector store acts as the communication media between the Connector for Novell GroupWise and the Router for Novell GroupWise. The connector store is the \Program Files\Exchsrvr\Conndata directory with subdirectories, such as \Dxagwise and \Gwrouter. The \Gwrouter directory, for instance, has further subdirectories polled by the Router for Novell GroupWise. The \Dxagwise subdirectory, on the other hand, contains schema definition and attribute mapping files used during directory synchronization with GroupWise.
NOTE
If you have installed the Connector for Lotus Notes on the same server, you will find a \Dxamex subdirectory under \Conndata. This directory contains the schema definition files and mapping rule files for the directory synchronization with Lotus Domino/Notes. However, DXAMEX uses the files from the \Dxagwise for directory synchronization with Novell GroupWise.
The schema definition and mapping rule files in the \Dxagwise subdirectory have the following purposes:
You can customize the control files in Notepad to change the attribute mapping. Stop the Connector services before editing these files to ensure that the directory synchronization is not active. In addition, there are control files that allow the Connector to check for address updates that require synchronization (EXTERNAL.TBL, GWPCTA.TBL, MEXPCTA.TBL). Do not edit these files manually. More information about directory attribute mappings is available in the Exchange 2000 Server product documentation.
When you install the Connector for Novell GroupWise, a configuration object is created in the configuration naming partition of Active Directory. In Exchange System Manager you can find a corresponding connector object under <Organization Name>/Administrative Groups/<Administrative Group Name>/Routing Groups/<Routing Group Name>/Connectors. Underneath this connector object in turn is the Queues container, which provides access to BADMAIL, MTS-IN, MTS-OUT, READYIN, and READYOUT. You can check the BADMAIL queue, for instance, to see if there are any corrupted messages.
The MTA receives outbound messages destined for Novell GroupWise from the Simple Mail Transfer Protocol (SMTP) routing engine and transfers inbound messages to the routing engine for further delivery. Consequently, the MTA needs to maintain an internal message queue for the Connector for Novell GroupWise. You can view this queue in Exchange System Manager, provided that the Connector for Novell GroupWise service is started. Open the <Organization Name>/Administrative Groups/<Administrative Group Name>/Servers/<Server Name>/Protocols/X.400/Queues container, such as Blue Sky Airlines (Exchange)/Administrative Groups/First Administrative Group/Servers/BLUESKY-SRV1/Protocols/X.400/Queues, and verify that a queue for the Connector for Novell GroupWise exists. Message queues are covered in Chapter 20, "Microsoft Exchange 2000 Server Maintenance and Troubleshooting."
The Connector for Novell GroupWise comes with the Exchange Connectivity Administrator program (LSADMIN.EXE) that allows you to examine the state of individual connector processes (that is, GW2MEX, MEXOUT, and so forth). Exchange Connectivity Administrator provides valuable features for checking Connector activities. Make sure that the Microsoft Exchange Connectivity Controller and the other Connector services are started, and then launch this utility directly from the \Program Files\Exchsrvr\Bin directory. You can read more about Exchange Connectivity Administrator later in this lesson.
To support the Connector for Novell GroupWise, you need to make sure a dedicated API Gateway is available. This task is accomplished mainly in the NetWare Administrator program. You should work with NetWare Administrator on a workstation where the GroupWise administration files have been installed. The following explanations cover the preparation of a Novell GroupWise 5.5 domain.
You should use the NLM version of the API Gateway with the Connector for Novell GroupWise. For installation, copy the corresponding gateway files to a floppy or a directory on your NetWare server. You may also install the API Gateway from CD-ROM or download it from Novell's Web site. Before you start the actual installation, it is a good idea to create a gateway directory in the \Wpgate subdirectory of your GroupWise domain (for example, \API41).
To install API Gateway and Patch 2 for the API NLM on a NetWare 5 Server called BLUESKY-NW1
NOTE
The installations of API Gateway and Patch 2 are demonstrated separately; it is assumed that you work with floppy disks.
Figure 29.4 Installing the API Gateway on a Novell NetWare 5 server
After you have installed the GroupWise API Gateway files, you must start the NetWare Administrator program and create a gateway object in the Novell GroupWise domain.
It is assumed that both domain and post office reside in an organizational unit (OU) called GroupWise, that the domain is called GWDOMAIN, and that the post office is named GWPO.
To create a gateway object in the Novell GroupWise domain
Figure 29.5 Creating an API Gateway for Exchange 2000 Server in GroupWise
Gateway Name | A descriptive, unique name within the domain (for example, Exchange Gateway) that identifies the gateway. NetWare Administrator will prevent the creation of gateway objects with duplicate names. |
Gateway Home Directory | Select the directory specified during the installation of the API Gateway (for example, API41). |
Gateway Type | API |
Version | 4.x (It is noteworthy that an API Gateway for GroupWise 5.x does not exist.) |
Platform | NLM (It is recommended that you use the NLM version of the API Gateway with the Connector for Novell GroupWise.) |
Define Additional Properties | Select the corresponding check box to define further settings. |
NOTE
Optionally, you may decrease the value for Idle Sleep Duration to 1 second (Gateway Time Settings) to avoid delays in manual directory synchronization. The API Gateway checks its API_IN directory for inbound messages in intervals according to the Idle Sleep Duration setting. The default value is 30 seconds.
Theoretically, you are now able to start the API Gateway. However, the configuration is not complete. You need to create an external foreign domain for your Exchange 2000 Server organization, and you need to configure the link table of the GroupWise domain to connect the external foreign domain to your GroupWise domain via the API Gateway. Otherwise, GroupWise cannot route messages to Exchange users.
To create an external domain and link it to the API Gateway using NetWare Administrator
Figure 29.6 External foreign domain for Exchange 2000 Server
As mentioned earlier in this lesson, you must create a Connector account and assign it permissions to the API Gateway's directories. This NetWare account must be a member of a special group called NTGATEWAY to allow the router service access to the API Gateway directory.
NOTE
Windows 2000 Server connects to NetWare servers on behalf of a NetWare account that must be a member of the NTGATEWAY group. Otherwise, the Router for Novell GroupWise service will report the following error in the application event log (Event ID 5017): "Error occurred when logging on NetWare server. The system error code is 1317. The specified user does not exist." You can read more about the integration of Exchange 2000 Server into NetWare-based networks in Chapter 10, "MAPI-Based Clients in a Novell NetWare Environment."
To create a Connector account and the NTGATEWAY group in NetWare Administrator
Figure 29.7 Configuring Connector permissions in Novell NetWare
NOTE
It is a good idea to manually log on to NetWare using the connector's NetWare account to test access to the API Gateway directory. You need to be able to create, read, write, and delete files.
At this point, your NetWare and GroupWise environment is ready for Exchange 2000 Server. However, before configuring the Connector for Novell GroupWise, it is a good idea to start and test the API Gateway configuration. Type API in the System Console of your NetWare server and press Enter to launch the API Gateway's NLM (see Figure 29.8). You may use RCONSOLE.EXE to work remotely.
IMPORTANT
The API.NCF file is written during the installation of Patch 2 for API NLM. Without the patch, you cannot use the API command to launch the gateway. In this situation, use the following command: load <Volume:\Path>\NGWAPI.NLM (for example, load SYS:\API41\NGWAPI.NLM).
To test the GroupWise and API Gateway configuration by simulating the Connector for Novell GroupWise
WPC-API= 1.2; Header-Char= T50; Msg-Type= MAIL; From-Text= Exchange Test; From= WPD= Exchange; WPPO= First Administrative Group; WPU= Administrator; LN= admin; S= admin; ; To= WPD= GWDOMAIN; WPPO= GWPO; WPU= admin; WPPONUM= 1; WPUNUM= 1; CDBA= 0001:0001; ; All-To= WPD= GWDOMAIN; WPPO= GWPO; WPU= admin; WPPONUM= 1; WPUNUM= 1; ; Msg-Id= 39B424B2.CFE6.0001.000; To-Text= NGWAPI; Subject= API Gateway Test; < further text >
Figure 29.8 Testing the GroupWise API Gateway
It is a complex task to prepare the Novell GroupWise environment, but careful configuration and testing in the first place makes the completion of the Connector configuration easy in Exchange System Manager. Right-click the Connector's configuration object under <Organization Name>/Administrative Groups/ <Administrative Group Name>/Routing Groups/<Routing Group Name>/Connectors (for example, under Blue Sky Airlines/Administrative Groups/First Administrative Group/Routing Groups/First Routing Group/Connectors), and then select Properties.
The Connector for Novell GroupWise tabs and their purposes are as follows:
At minimum, you need only provide the path to the API Gateway's root directory in UNC in the API Gateway Path box in the Connector's General tab, such as \\BLUESKY-NW1\SYS\Public\Grpwise\Domain\Wpgate\API41 (see Figure 29.9). It is a good idea to start Windows Explorer to verify the UNC path. Only connections that support direct access to the API Gateway queues are supported.
Figure 29.9 A minimal Connector for Novell GroupWise configuration
You also need to provide NetWare account information for the Connector. As mentioned, this account must be a member of the NTGATEWAY group. Use the Modify button to type the account name in the NetWare Account box (for example, Exchange). Under Password and Confirm Password, enter the corresponding password that was defined in NetWare Administrator. Then click on the Address Space tab to define a GWISE address space for message routing purposes. Click Add, double-click GWISE in the Add Address Space dialog box, then, under Address, type an asterisk (*), and then click OK. Verify that an address space in the form GWISE * is listed (see Figure 29.9). Click OK to close the Connector properties.
Do not forget to activate the GWISE proxy address generation in a recipient policy, such as the default policy object, to assign your Exchange users valid GroupWise addresses. Recipient policies are discussed in Chapter 13, "Creating and Managing Recipients."
Make sure that the API Gateway is running, start the Connector for Novell GroupWise service using the Services snap-in, and you are ready to exchange messages. The Microsoft Exchange Router for Novell GroupWise and the Microsoft Exchange Connectivity Controller services will be started automatically.
You can use the Exchange Connectivity Administrator to verify whether the Connector processes are operating properly when you double-click the Process Manager reference in the Overview window. All Connector processes should be listed in idle state.
For further details, check the application event log using Event Viewer. For example, if you have misspelled the password of the Connector's NetWare account, the router service will write an error to the application event log (Event ID 5017): "Error occurred when logging on NetWare server. The system error code is 86. The specified network password is not correct." Another useful utility to examine Connector processes is the Performance tool. Windows 2000 management utilities that are useful for Exchange 2000 Server administration are discussed in Chapter 12, "Management Tools for Microsoft Exchange 2000 Server."
In case of problems, it is a good idea to increase the level of event logging for the Connector for Novell GroupWise to obtain the most detailed information. In Exchange System Manager, display the properties of the Exchange 2000 Server object (such as BLUESKY-SRV1), click on the Diagnostics Logging tab, select the LME-GWISE entry, and then set the desired logging level for all categories (None, Minimum, Medium, or Maximum). When you are confident that your Connector operates correctly, decrease the level for all categories to None to avoid unnecessary entries in the event log. With a diagnostics logging level of None, only critical events are traced. Diagnostics logging is further discussed in Chapter 20, "Microsoft Exchange 2000 Server Maintenance and Troubleshooting."
Operational Connector processes displayed in Exchange Connectivity Administrator are a positive indicator that the Connector configuration is okay. To ensure that message routing works, send test messages from Novell GroupWise to Exchange 2000 Server and vice versa. Use your new GWISE proxy address to specify an Exchange recipient in GroupWise, for instance Exchange.First Administrative Group.Administrator. Once the message is received in Microsoft Outlook 2000, reply to it and verify that the reply is received in Novell GroupWise. Always test newly created messaging connectors in both directions.
If you do not know your GWISE proxy address by heart, launch Active Directory Users and Computers and display the E-Mail Addresses tab for your account. If GWISE address information is missing, you should check the default policy and Recipient Update service configuration in Exchange System Manager.
NOTE
If you enable directory synchronization and then examine e-mail address information in Active Directory Users and Computers, you can find secondary proxy addresses assigned to GWISE recipient objects that refer to globally unique identifiers (GUIDs). These GUIDs are used to identify synchronized recipients. Do not delete them.
By default, Novell GroupWise users see Exchange users as recipients in a huge external foreign domain called Exchange. The post office name corresponds to the administrative group name. As usual, the Recipient Update service generates the proxy addresses for each mailbox- and mail-enabled account automatically using a proxy address generator. The GroupWise proxy address generator is GWXPXGEN.DLL, which can be found in the Program Files\Exchsrvr\Address\ Gwise\i386 directory. The Recipient Update service is covered in detail in Chapter 13, "Creating and Managing Recipients."
It is possible to customize GWISE proxy address generation. In Exchange System Manager, open the Recipients container, select Recipients Policies, and then open the desired policy (such as Default Policy). Click on the E-Mail Addresses tab. Make sure that the GWISE check box is selected, and then double-click the address entry next to it to customize the address generation rule. For instance, you might want to shorten or change the reference to the post office name, which by default refers to the administrative group, but you cannot remove it. GroupWise addresses must conform to the GroupWise naming convention of domain.post office.user alias. Do not change the domain name portion until you have created a corresponding external foreign domain in GroupWise. To customize the GWISE address generation, you can use the same placeholders that were already explained for the Connector for Lotus Notes in Chapter 28, "Connecting to Lotus Notes."
You can configure multiple recipient policies to generate GWISE addresses according to different formats. For example, you may assign Carl Titmouse the address E2KEastCoast.First Administrative Group.CarlTitmouse, while the Administrator may have the address E2KWestCoast.First Administrative Group.Administrator. This corresponds to an Exchange 2000 Server organization with two external foreign domains in GroupWise. Correspondingly, you need to create an external foreign domain in GroupWise for E2KEastCoast and one for E2KWestCoast using NetWare Administrator. Either you point both to the same API Gateway or to separate gateways, possibly in different GroupWise domains. In this way, multiple Connector instances can share the message traffic to Exchange 2000 Server.
NOTE
When implementing multiple Connector instances, carefully design the directory synchronization topology to avoid the creation of duplicate address information through multiple connectors.
One Connector for Novell GroupWise can service multiple GroupWise domains. An address space of GWISE *, for instance, causes Exchange 2000 Server to route messages to all GroupWise users through your Connector. You only need to make sure that the link table configuration of the Connector's GroupWise domain meets your GroupWise routing requirements. The GroupWise MTA must be able to route inbound messages received from the API Gateway to their destinations. To distribute outbound message traffic to GroupWise domains across multiple Connectors for Novell GroupWise, assign detailed GWISE address spaces to each Connector. The most detailed address space wins, as explained in Chapter 16, "Message Routing Administration."