20.6 Testing the GroupWise Calendar Server

20.6.1 Calendar Server Service Name

The GroupWise Calendar Server is listed under the following service name:

gwcalsvr

20.6.2 Testing Calendar Server on a Workstation

To test Calendar Server, follow the steps found in the GroupWise Mac User Quick Start to configure your workstation.

20.6.3 Troubleshooting Calendar Server Configuration Errors

Use the table below to help you resolve errors in the SOAP connectivity test.

Error

Description

Resolution

SUCCESS

TLS connection was established and SOAP is responding properly.

No action required.

TLS_DISABLED

SOAP is responding properly, but the connection was not over TLS.

Enable TLS for SOAP on the POA.

SOAP_DISABLED

SOAP is not enabled for the post office. No connection was attempted.

Enable SOAP on the POA.

UNREACHABLE

Failed to connect to the POA due to a connection failure or socket timeout.

Ensure the POA service is running on the server.

Ensure that the POA network is accessible from the Calendar Server.

UNTRUSTED_CA

The certificate chain did not contain a trusted root certificate.

See Resolving an Untrusted CA.

UNTRUSTED_CERT

The endpoint certificate presented during the TLS handshake is invalid. This can be for multiple reasons including expiration or invalid usage of the cert.

Issue a new TLS certificate to the POA.

Trust the endpoint certificate. If the certificate is trusted, then the trust does not expire when the certificate expires. This also does not prevent man-in-the-middle attacks.

HOSTNAME_MISMATCH

A valid TLS certificate is presented by a server that does not match either the CN of the certificate or any of the subject alternative names.

Issue a new certificate that matches the hostname or IP address of the server.

Correct the address of the POA so it matches the certificate.

Trust the endpoint certificate. If the certificate is trusted, then the trust does not expire when the certificate expires. This also does not prevent man-in-the-middle attacks.

UNKNOWN

Most likely caused by network instability, but includes any error not shows above.

Manually check connectivity by running a curl command. See the format below:

curl -X options https://POA_server:SOAP_port/soap

20.6.4 Resolving an Untrusted CA

The following are possible resolutions for fixing an UNTRUSTED_CA error during the connectivity test:

  • Configure the POA with a certificate that is issued from a publicly trusted root certificate authority.

  • Configure the POA with a certificate that is issued by the GroupWise CA.

  • Manually override the trust:

    • If the TLS handshake contained the CA certificate from the server, you can trust the CA in the pop up that appears when you click Trust.

    • If the TLS handshake did not contain the CA certificate from the server, you can manually upload the CA certificate into the Trust dialog.

    • You can choose to trust the endpoint certificate. While this is a haTLSe free way of overriding certificate validation issues during the TLS process, it does not prevent man-in-the-middle attacks. Also, the trust does not expire even if the certificate has expired.