MDM Plugin not working
-
Some logs would help. So the webserver logging of your z-push instance, webserver logging of your kopano webapp instance. some network details, etc.
-
Hi Felix,
What further information do you need? And how should i provide logs?
Some network details? It is just a vserver and on it the mysql, apache, postfix is running. No further server which is connected. A fail2ban is also running.
The z-push is working for iOS device and so on. Just the MDM plugin brings this error and i can´t figure it out,Thanks
Markus -
@fbartels said in MDM Plugin not working:
webserver logging of your z-push instance, webserver logging of your kopano webapp instance
Additionally is SSL involved? What kind of certificate? Redirect to ssl?
-
Hi fbartels,
here are the requested logs, hopefully all you need for helping.
sapper-plus.de/kopano.rarThanks in advance
Markus -
That link does not contain the archive. What about my other questions,
-
it contains the archive, nothing else! it is a rar archive and its working. what do you see when clicking the link?
The other questions: yes of course i use ssl with a certificate from lets encrypt. but mdm connects locally without ssl. i got a rdirect set for those who try reaching webapp by http.
-
Interesting now its downloading. like five minutes ago it still gave an “under construction” like webpage.
-
I checked the apache logfile and could fine two calls to the soap backend feeding data to the mdm plugin. what is interesting here is that your call looks like
:443 195.225.105.159 - - [10/Feb/2018:11:24:25 +0100] "POST /?Cmd=WebserviceInfo&DeviceId=webservice&DeviceType=webservice&User=gustav HTTP/1.1" 200 3907 "-" "PHP-SOAP/5.6.33-0+deb8u1"`
while on my testsystem it looks like this:
::1 - felix [11/Feb/2018:12:13:24 +0100] "POST /Microsoft-Server-ActiveSync?Cmd=WebserviceDevice&DeviceId=webservice&DeviceType=webservice&User=felix HTTP/1.1" 200 895 "-" "PHP-SOAP/5.6.30-0+deb8u1"
The missing Microsoft-Server-ActiveSync part would suggest that something is wrong with your apache configuration imho. Additionally you should check if your z-push is actually reachable by the data specified in
/etc/kopano/webapp/config-mdm.php
. -
Hi Felix,
in the /etc/kopano/webapp/config-mdm.php nothing special is configured:<?php define('PLUGIN_MDM_USER_DEFAULT_ENABLE_MDM', false); define('PLUGIN_MDM_SERVER', 'localhost'); define('PLUGIN_MDM_SERVER_SSL', false); ?>
And in Apache it looks like this:
Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php <Directory /usr/share/z-push> Options Indexes FollowSymLinks MultiViews AllowOverride all Order allow,deny Allow from all php_flag magic_quotes_gpc off php_flag register_globals off php_flag magic_quotes_runtime off php_flag short_open_tag on RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule (.*) https://sapper-plus.de/Microsoft-Server-ActiveSync/ [R] </Directory> <VirtualHost *:443> SSLEngine On SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /etc/letsencrypt/live/sapper-plus.de/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/sapper-plus.de/privkey.pem #ServerName sapper-plus.de </VirtualHost>
So the funny thing is, that on another server it is configured nearly the same, and there is everything working fine…
Greetz
Markus -
I’d remove the
RewriteRule (.*) https://sapper-plus.de/Microsoft-Server-ActiveSync/ [R]
line and try again. -
Hi Felix,
unfortunately no change. Still same prob. Also in the webapp there is shown at z-push: “version not available”
Greetz
Markus -
Hi @icey ,
then I’m unfortunately at the end of my direct ideas. If you have a subscription I would recommend to get in contact with our support so that someone can have a direct look at your system.
-
I suggest that you configure your vhost better.
define(‘PLUGIN_MDM_SERVER’, ‘localhost’);
change localhost to you webserver vhostname.
enable SSL because https://sapper-plus.de is set on ssl.now, about the vhost config.
sapper-plus.de < is NOT a hostname but a domainname, and should only be used as an alias for your top level site ( for example www. )
yes, it works, but is more confusing imo. i suggest, in your dns create, www and mail as hostnames.Setup a dedicated hostname for the ssl vhost, configure it.
i’ll show my example for apache on debian stretch.
# Non SSL <VirtualHost mail.example.com:80> ServerAdmin webmaster@example.com ServerName mail.example.com # Note autodiscover, works only if you use a wildcard, ! Lets Encrypt does not support wildards yet. # you may put this (autodisover) also in www or toplevel vhost config. ServerAlias autodiscover.example.com mail autodiscover DocumentRoot /usr/share/kopano-webapp/ ServerSignature Off <Directory "/usr/share/kopano-webapp"> Require all denied AllowOverride All </Directory> ErrorLog ${APACHE_LOG_DIR}/mail-error.log CustomLog ${APACHE_LOG_DIR}/mail-access.log combined ## kopano settings. ## by default a2enmod enables for all sites, i dont like that. ## so i run a2disconf kopano-webapp and include the config. Include /etc/apache2/conf-available/kopano-webapp.conf # Make sure that your using ssl. RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://mail.example.com/%{REQUEST_URI} [L,R] </VirtualHost> # SSL <VirtualHost mail.example.com:443> ServerAdmin webmaster@example.com ServerName mail.example.com # Note, this only works if you use a wildcard ssl. ServerAlias autodiscover.example.com DocumentRoot /usr/share/kopano-webapp ErrorLog ${APACHE_LOG_DIR}/mail1-internal-ssl-error.log CustomLog ${APACHE_LOG_DIR}/mail1-internal-ssl-access.log combined ServerSignature Off <IfModule mod_ssl.c> SSLEngine on # Do change these to your own certs. SSLCertificateFile /etc/ssl/certs/cert4096.pem SSLCertificateKeyFile /etc/ssl/private/key.pem SSLCACertificateFile /etc/ssl/certs/ca.pem # Add the following to your Apache config. # ! Note Debian 8 may not like this. #SSLOpenSSLConfCmd DHParameters "/etc/ssl/dh/dh4096.pem" # adviced to use only tls1.2 # SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLProtocol TLSv1.2 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK SSLHonorCipherOrder On Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" Header always set X-Frame-Options DENY Header always set X-Content-Type-Options nosniff SSLHonorCipherOrder on SSLStrictSNIVHostCheck Off SSLCompression Off </IfModule> ## kopano settings. Include /etc/apache2/conf-available/kopano-webapp.conf Include /etc/apache2/conf-available/z-push.conf # Include /etc/apache2/conf-available/z-push-autodiscover.conf </VirtualHost>
now use the z-push repo,
https://wiki.z-hub.io/display/ZP/Installation#Installation-DebianundUbuntubasedsystemssetup a “file” repo for you kopano files" or install manualy kopano-webapp-plugin-mdm and the needed other packages.
reboot, and connect your Phone. If that does not work, i’ll eat my shoe, then is a bug you did hit.
This works fine here on ubuntu 16.04, debian 8 and debian 9. -
ps.
443 195.225.105.159 - - [10/Feb/2018:11:24:25 +0100] “POST /?Cmd=WebserviceInfo&DeviceId=webservice&DeviceType=webservice&User=gustav HTTP/1.1” 200 3907 “-” “PHP-SOAP/5.6.33-0+deb8u1”`This is an incorrect redirect, to a wrong vhost/ip which is not configured,
This is, as far i can see, only configured in the “non-ssl” : RewriteRule (.*) https://sapper-plus.de/Microsoft-Server-ActiveSync/ [R]so logical that its hard to see.
-
Hi thctlo,
thanks for your answer. I will give this a try and have a detailed look at my apache conf. I will come back with my results at the weekend. Before i don´t have time to work on that.
Thanks
Markus -
Hi @ all,
fixing the apache confs and renewing all certificates MDM Plugin now works fine.
THANKS FOR HELP!!!
Greetz
Markus