Monday, February 22, 2010

Patching causes NetStorage issues & a Support Rant

I recently patched all of our OES2 boxes with the latest Nov/Jan patches.  That's when the NetStorage issue started.  It seemed to be a simple issue of "reaccepting" the SSL cert.  Wrong again!  If you're a TTP member, check out the thread on NetStorage Voodoo...interesting list of things going wrong.

For some unknown reason, whoever made the patch package decided it would be perfectly OK to replace any existing SSL certs (ours are Thawt certs in this case) and overwrite some of the customizations made for our environment.  One thing they did right was to make a backup copy.  But, for shame Novell, the SSL certs should be left alone by default.

The patching process is getting smoother, and slowly converting over my Red Hat guy to being happy with YAST.  I really don't care about the mechanism (I don't mind learning new products and processes) I just want it to work and not make assumptions about things like SSL certs and passwords.

In case you haven't run into this particular "fluke", several of Novell's products are having issues with complex passwords - especially those with spaces in them.  If you run into an issue with authentication to the tree or a root account, change the password to the funky one they use in ATT classes and it will work beautifully.

Don't get me wrong, I'm not dissing Novell.  I still love their products, but lately quality has been lacking as more and more coding work gets shipped over to India.  How about bringing those jobs back to US/UK/EU Novell?  We miss good code.

And please bring back the infamous world-wide support.  I said back in the early 90's that Linux would be more readily accepted into the corporate IT systems infrastructures when there was world-wide, Cadillac-class support available, like Novell had.  Had being the key word here. It's not just he US complaining either.  It's not an issue of accent, it's an issue of cultural differences that are not going to change rapidly.  It used to be you got a person that was at least on the same continent so there were fewer cultural obstacles.

I've been in the industry longer than some of the techs that I get on the phone have been alive and I usually end up arguing with them for sometime - unless it's a woman, they're usually really good about going off script.  I don't need a script kid...I need at least a 3rd tier support person who will talk TO a woman instead of DOWN to a woman (the guys usually hang up on me with no resolution) to verify that I need backline engineering support.  I don't call for anything other than a bug anyway, so figure out a way to help those customers out that don't have the inside connections that I do.  I'm lucky, I have a support manager's cell phone number and the ear of the CxO's (for now anyway).  And still it's harder to get an SR opened with Novell than it is with Microsoft now.  It used to be the other way around.  I miss the "good old days" of Novell support.  Sigh...

Tuesday, February 16, 2010

NetStorage Security Alert

For those of you who may not have heard, there is a security vulnerability in NetStorare on NetWare 6.5 SP8 and OES2-Linux SP1.  It has been resolved in OES2-Linux SP2  and is available via the patch channel.

For NetWare 6.5 SP8, you'll find the fix at:
http://download.novell.com/Download?buildid=jVmjkdAzJXc~

This is known as NetStorage for NetWare 6.5 sp8 patch 27012010


From TID# 7005282:
There may be a potential security vulnerability with NetStorage that may allow remote attackers to execute arbitrary code on vulnerable installations of Novell NetStorage. Authentication is not required to exploit this vulnerability.
 
NetStorage on both NetWare and OES Linux is affected by this.

If you haven't patched you're servers yet, you might want to plan on it.  This doesn't seem to have a lot of urgency behind it, but it's better to be safe than sorry in this economy.

Monday, February 15, 2010

WebAccess 8.0.1 and IE pain

I was happily humming along thing WebAccess was all hunky-dory...until the Help Desk got a call that someone was unable to open attachments in WebAccess.  Works fine in the client, but not WebAccess.  I immediately try to duplicate it...works fine in FireFox, what's the issue.  Ah, turns out they were using IE...they don't what version.

Dutiful drudge that I am, I open up the dreaded, and justifibly hated, IE 8 and was able to replicate the issue.  Do a search, can't exactly find a TID that fit.  But I do run across a forum posting that leads me to TID # - dang I can't find the TID #...I'll come back and update that.

The error you'll see is  "Internet Explorer cannot download filename from webaccess.calvin.edu.  Internet Explorer was not able to find this internet site.  The requested site is either unavailable or cannot be found.  Please try again later."

End result is this:

IE does not like having things cached.  Any updates to WebAccess pose the potential to overwrite the working webacc.cfg.   In my case someone had done something to the WebAccess agent via C1 and did a save, which overwrote the file. When that happens you need to change the configuration file.
  1. Gain console access to the server hosting the WebAccess application and agent
  2. Change directories to /var/opt/novell/groupwise/webaccess
  3. Use vi to edit the file webacc.cfg and change all instances of "disableCache" settings to "false"
  4. Restart tomcat and WebAccess
I really wish I could get more time in the OS and not be dealing with little things like this, but at least all of our components are now on Linux.  Yay!

Tuesday, February 9, 2010

GroupWise 8 Client - Reply button "issue"

Okay, so we all know my users are stubbornly anti-change, most are computer illiterates, anything new throws them into a tizzy, and they all have their own "unique" way of doing things.

So, imagine my surprise when one of them complained because the Reply button now includes the message in the reply and doesn't give you an option to change that.  Using Actions | Reply from the menu will give you the option to include or not include the message, but that's not "good enough".   This particular user doesn't like to include the message and learning to do so differently (such as hit the Reply button then delete anything you don't want to include) is apparently too taxing.

I don't know about you, but I like to include the message in my reply.  It makes it a lot easier for cleanup...instead of having to keep every sent and received message, I can just keep the last one and still maintain the thread of information.

I happen to like the new Reply and Reply All buttons functionality just fine.  But maybe I'm just weird.

Thursday, February 4, 2010

Mac GroupWise 8 cilent oddities

Clarification:  I don't have a Mac and I'm not allowed to touch the Macs at work, so I can only relay this info 3rd hand.

First issue was when one of our TIS folks tried to use the GW 8.0.1 HP1 client on his home machine, using his DSL connection, which would cause the client to continually crash.  Barely open, then shut down.  No errors, no warnings.  He tried one of our "vanilla" Macbooks as well, same result.  But no one else was having this issue, and the ones who were successful and happy with the Mac client had a mix of cable and DSL connections.

Warp speed to a few weeks later.  TIS guy figures out something is hosed in his .novell folder (something he didn't have prior to GW 8).  Gets rid of that folder, reinstalls GW 8 client, and voila! it works fine.

So, if Mac client for GW 8 won't work for you, try whacking that .novell folder/file/whatever and reinstall GW8 from a good source.

Second Issue had to do with the installer we created.  Same TIS guy (he's kind of our go-to-guy for Macs) installs using our installer and can never get the client to open.  But this time we get an error about Java.  A really odd error that I'm trying to recover from my deleted messages to show you.

But in the meantime, while I search through my mailbox, the fix is this.  Un-install the client, and reinstall using the GW8 client install from Novell and it will work fine.  Then go back and fix your Mac installer..I wasn't privy to that exact information, but you get the drift.

Wednesday, February 3, 2010

Reseller Community - PartnerNet changes

So I just got off the phone with Novell PartnerNet.  New changes to the program got rid of the old Novell Reseller Community.  Now if you want to be a partner at a no-cost level, you can be a Silver partner at no cost.  At Silver there's no minimum revenue requirements or certification level requirements.  Wonder if the customers are going to catch on to that or not?

It really doesn't matter for those of us in West Michigan though, as we're down to 1 Platinum (if C/D/H keeps their status) and maybe 1 Gold (if Exceed continues with Novell).  I guess I'll sign up as a Silver, just for giggles.

I did get a laugh out of her though when I told her I was "unique".  That odd combination of 1 foot in the Partner Channel and 1 foot in the Customer space.  Oh, let's face it - I'm just pushy and mouthy and ignore most rules...but I generally get the job done.  :)

Anyway, thought the very few of you that may bother to stop by now and then might want to know.

Monday, February 1, 2010

SLED 11 on HP Mini is awesome! Thank you Novell!

After 2 months of my newly won HP Mini 2140 (courtesy of Novell) being in limbo, I got my hot-little-hands on it Friday.  It had been shipped to CPR (my employer 2 jobs ago) and the good folks there hung on to it for me.  (The same could not be said of my employer that came after them.)  Not only did I get to pick up my toy, I got to visit with some former colleagues that I genuinely enjoyed working with.

I got it back to work, powered it up, and was pleasantly surprised to see this happy green screen after boot up:



I'd been hoping for Moblin, but was overjoyed to see that SLED 11 had been pre-loaded with all sorts of cool toys.  Better yet, I LOVE!! the keyboard.  And I'm really picky about keyboards, being a touch typist.  Which is why my Toshiba laptop gets hauled to work every day so I can write on that instead of my Dell laptop provided by work.   But now I'm thinking, leave the laptop at home and bring the mini with me instead.  And since all of my writing is done in OpenOffice anyway, it will transfer between the HP and the Toshiba just fine.  And, since I have 2 other minis (a Dell that I mooched and is now a dual-boot Win7 SE and Ubuntu NetBook Remix) I can make my other HP a dual-boot with Moblin to see how it looks vs. SLED.

And the outside case has a nice polished nickel look to it.



There is a known bug with regard to the wireless NIC...you have to keep entering your password if you're using any kind of protected wireless connection.  It has to do with CASA, which isn't actually installed on my mini, but seems to have an effect anyway.  Just reenter your password once, then select Deny and it will connect fine.  Odd, but it works.  Kind of reminds me of an old System/36 updater error that you could either pay IBM lots of money to tell you, "pick abort or skip and it will work just fine" or you could have done it my way which was to do try that anyway and see if any files were missing.  I saved Security Pacific National Bank (formerly absorbed into Crocker Bank, which was swallowed up by either BofA or Wells Fargo) quite a bit chunk of money.

And today I've learned that our old HEAT system (which I'm not fond of) can't handle running on my laptop if either GroupWise OR the VMWare client is loaded at the same time.  Apparently it's only my laptop with issues, which just figures.  The heathen always gets the weird stuff.  :)