Environment
GroupWise 18
Situation
You had working SSO against AD on Windows based system running GW2014 R2. After upgrading to GW18, a GroupWise client prompts for passwords. You can see D091 error in POA log file during a logging activity.
Resolution
You will need to check and change few settings:
1. On a AD domain controller run a DNS configuration tool and add an "A" record for your PO, example the DNS shall be able to resolve po1.company.com, where "po1" is a PO in your system and "company.com" is the AD domain name.
2. On a AD domain controller run an ADSI Edit tool. In AD tree hierarchy find the server running your PO. Check properties of that Windows server -> Attribute Edit tab find in a list a property "servicePrincipalName".
3. Edit this attribute and it shall list entry like "groupwise/po1.company.com". If it is not there, simply add it via Add button.
4. In a gwadmin console edit a POA object of the PO and instead of IP address, use a DNS name, i.e. po1.company.com. Save changes and restart POA. The Windows server must be able to resolve this DNS name.
5. In a Windows workstation which is a part of AD domain and you logged on as AD user (which has a GW account), start a GW client and use again a DNS name of POA instead of IP address, i.e. po1.company.com. The workstation must be able to resolve this DNS name.
After those changes your GroupWise client shall be able to login without a password prompt again.
1. On a AD domain controller run a DNS configuration tool and add an "A" record for your PO, example the DNS shall be able to resolve po1.company.com, where "po1" is a PO in your system and "company.com" is the AD domain name.
2. On a AD domain controller run an ADSI Edit tool. In AD tree hierarchy find the server running your PO. Check properties of that Windows server -> Attribute Edit tab find in a list a property "servicePrincipalName".
3. Edit this attribute and it shall list entry like "groupwise/po1.company.com". If it is not there, simply add it via Add button.
4. In a gwadmin console edit a POA object of the PO and instead of IP address, use a DNS name, i.e. po1.company.com. Save changes and restart POA. The Windows server must be able to resolve this DNS name.
5. In a Windows workstation which is a part of AD domain and you logged on as AD user (which has a GW account), start a GW client and use again a DNS name of POA instead of IP address, i.e. po1.company.com. The workstation must be able to resolve this DNS name.
After those changes your GroupWise client shall be able to login without a password prompt again.