4.0 Known Issues in GroupWise

The following known issues have been identified. Where applicable, versions they were found in and workarounds are also provided.

4.1 Documentation is only available in English in 24.4

The documentation for the 24.4 release is currently only available in English.

4.2 Chinese Simplified client welcome page incorrect in 24.4

The Chinese Simplified welcome page in the client has Czech text instead of Chinese Simplified text in GroupWise 24.4. Please contact support if you need a copy of the client with the Chinese Simplified welcome page.

4.3 Mail received through SMTP to a nested group is not delivered

If mail is received through SMTP to a nested group, it may not be delivered. This is because nested groups more than 5 levels deep are blocked when sending email. This is working as designed.

Workaround: Make sure all of your nested groups are 5 or less levels deep.

4.4 Secure Message Gateway policy errors not appearing in GW Web

If you have a Secure Messageing Gateway (SMG) policy that has quotes in the event name, error notifications from the SMG scan in GroupWise Web do not appear.

Workaround: Make sure all of your SMG policies do not have quotes in the event name.

4.5 Warning message during installation of GroupWise server on SLES 15

During the installation of the GroupWise server on SLES 15 or OES 24.x, the warning message gwha unknown can appear on the terminal screen. It flashes by quickly in a different color than regular text and This message does not affect the installation or operation of the GroupWise server and can be safely ignored.

4.6 Client Search tool returning zero data after upgrade to 23.4 or later versions

After a new installation of, or upgrade to, the GroupWise 23.4 or later version client, searching the Mailbox in the GroupWise Client only works on the first search. Subsequent searches return zero data. This issue is caused when the Home folder is automatically deselected in the Find tool when the second search is initiated.

Workaround: When the Find tool opens upon initiating the second search, click the folder icon for Selected folders in the Look in field and select the Home folder check box. This will fix the issue for all future searches.

4.7 Potential issue with OpenSSL encryption keys after upgrading to GroupWise 18.5

GroupWise agents now use OpenSSL version 3.0.8, which is an upgrade from OpenSSL 1.1.1 that was used in 18.4.2 and earlier versions of GroupWise. This new version of OpenSSL does not support encrypted keys that used the DES-CBC algorithm (des); keys encrypted this way need to be re-encrypted using a later algorithm, such as DES-EDE3-CBC (des3).

Older keys encrypted in the PKCS#5 format will have the following at the top of the file:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-CBC,6555BB78F9C56E96

Notice the old, unsupported algorithm DES-CBC in the DEK-Info line for PKCS#5. Unfortunately, keys encrypted in the PKCS#8 format will only show the following line, which does not show if the problem exists:

-----BEGIN ENCRYPTED PRIVATE KEY-----

GroupWise 18.5 agents will not run and will give SSL misconfiguration errors if their keys were encrypted using the old algorithm. GroupWise Administration, WebAccessNG, and MARS are not affected by this issue.

Resolution: The following procedure can be used to convert a key encrypted with des to des3. This requires access to the openssl command-line utility. Before you begin, you need to identify if you have a problem and which key(s) needs to be re-encrypted by using the information provided above. The paths to the certificate folders where the key files are maintained on the GroupWise Server for Linux and Windows are shown below:

  • Linux: /opt/novell/groupwise/certificates

  • Windows: \ProgramData\Novell\GroupWise\gwadmin\certificates

File name substitutions for command strings:

  • withpassword.key - Substitute key file name that needs to be re-encrypted.

  • nopassword.key - Substitute key file name that represents the temporary file.

  • withdes3pw.key - Substitute key file name that represents the correctly encrypted key file.

Procedure:

  1. Run this command to convert the password-encrypted key file to a key file without a password:

    openssl rsa -in withpassword.key -out nopassword.key

    NOTE:If the original key file was created without a password and that is available, you can skip this step and start with Step 2.

  2. With the no password key, run this command to add a password using des3:

    openssl rsa -in nopassword.key -des3 -out withdes3pw.key

  3. Backup the original key file and then replace it with the newly generated key file, using the same name as the original.

  4. Relaunch the agents.

4.8 Post Office audit report produces an error (18.5)

When running an audit report for a post office from the Administration Console, a 0xDF28 error is produced.

Workaround: Run the report from the GWCheck standalone utility instead of the Administration Console.

4.9 Potential issues with GroupWise LDAP server if SSL uses a certificate chain (18.5)

When configuring SSL for the GroupWise LDAP server, if the SSL Certificate contains a certificate chain, the certificate should be named with a "PEM" extension. Also, a valid Key File password should always be specified.