Our Datasync resides in our DMZ. We have port forwards from DMZ to LAN IPs to allow for connectivity to our LAN POs. The POAs' IP address redirection tables use the internal IPs for redirection and DMZ IPs for External IP address settings.

When I attempt to add a user to not on the PO configured in datasync to the GroupWise connector, the add user interface times out with "unknown error." The user is listed afterward, but attempting to edit the user settings eventually times out not returning any of the users configurable GroupWise settings. Additionally, I cannot remove the user unless the GroupWise connector is stopped.

I've found this in the default.pipeline1.groupwise-AppInterface.log
Code:
2010-10-05 10:21:27.417 INFO_VERBOSE [CP WSGIServer Thread-3] [AppInterface:1132] [userID:] [eventID:] [objectID:] [] Engine has notified that a target (GROUPWISEUSER) has been added to the user table.
2010-10-05 10:21:27.417 DEBUG_VERBOSE [CP WSGIServer Thread-3] [GenericApplicationInterface:887] [userID:] [eventID:] [objectID:] [] Attempting to acquire lock for engineConnections
2010-10-05 10:21:27.417 DEBUG_VERBOSE [CP WSGIServer Thread-3] [GenericApplicationInterface:889] [userID:] [eventID:] [objectID:] [] Acquired lock for engineConnections
2010-10-05 10:21:27.418 DEBUG_VERBOSE [CP WSGIServer Thread-3] [GenericApplicationInterface:906] [userID:] [eventID:] [objectID:] [] Releasing lock for engineConnections
2010-10-05 10:21:27.418 DEBUG_VERBOSE [CP WSGIServer Thread-3] [GenericApplicationInterface:908] [userID:] [eventID:] [objectID:] [] Released lock for engineConnections
2010-10-05 10:21:27.418 DEBUG_VERBOSE [CP WSGIServer Thread-3] [GenericApplicationInterface:909] [userID:] [eventID:] [objectID:] [] Using engine connection 118907896
2010-10-05 10:21:27.432 DEBUG_VERBOSE [CP WSGIServer Thread-3] [GenericApplicationInterface:928] [userID:] [eventID:] [objectID:] [] Releasing engine connection 118907896
2010-10-05 10:21:27.432 DEBUG_VERBOSE [CP WSGIServer Thread-3] [gwuser:317] [userID:] [eventID:] [objectID:] [] configureUser: Configuring User "GROUPWISEUSER"
2010-10-05 10:21:27.433 DEBUG_VERBOSE [CP WSGIServer Thread-3] [gwsoap:396] [userID:GROUPWISEUSER] [eventID:] [objectID:] [] About to use soap client 23322064 for method loginRequest
2010-10-05 10:21:27.475 DEBUG_VERBOSE [CP WSGIServer Thread-3] [gwsoap:459] [userID:GROUPWISEUSER] [eventID:] [objectID:] [] SOAP method loginRequest returned 59923
2010-10-05 10:21:27.475 DEBUG_VERBOSE [CP WSGIServer Thread-3] [gwsoap:508] [userID:] [eventID:] [objectID:] [] Done with soap client 23322064 for method loginRequest
2010-10-05 10:21:27.476 DEBUG_VERBOSE [CP WSGIServer Thread-3] [gwsoap:561] [userID:] [eventID:] [objectID:] [] loginRequest: Redirecting this user to POA at address: "https://10.10.x.x:7191/soap"
2010-10-05 10:21:28.814 DEBUG_VERBOSE [CP WSGIServer Thread-3] [gwsoap:396] [userID:GROUPWISEUSER] [eventID:] [objectID:] [] About to use soap client 83095120 for method loginRequest
Notice in the second to last line of the snippet dataysnc is redirected to the internal IP of the second PO. I've found no instance of the DMZ address I configured as the external IP address for the second POA
So, I checked the POA network address settings and noticed that by default 7191 is used for both internal and external SOAP connections.

I incremented the "external" SOAP port to 7192 on both the main POA and a secondary POA.
I changed the datasync GroupWise connector to use 7192, the "external" SOAP port; however, the GroupWise connector would not start. Tried various combinations of rcdatasync stop, start, restart, rcdatasync-connectors stop start, etc. and the GroupWise connector status remains "Stopped."

SOAP is enabled on all our POAs. I've verified in a web browser that Datasync can connect to the soap port via the address of the POAs when using the "internal" SOAP port e.g.
http://dmzaddress:7191/soap.

A similar http connection test using the "external" soap port 7192 fails

I reverted the GroupWise connector to using the internal SOAP port, 7191, and services resumed but I am still unable to add users on another PO.

It appears since datasync connects to the POA via the configured "internal" SOAP port the POA redirection table assumes that you are connecting internally and hands out the internal redirection address for the secondary PO.
Is there some other way datasync can be configured to ask for the external POA IPs to be able to add users on additional POs?
SSL is not enabled on the internal SOAP port. SSLizing the external SOAP port does not appear to be an option.

Ideas?

- Frank