MDM Plugin not working



  • Hi,

    i am running out of ideas… Since quite a while the MDM Plugin is not working anymore. When activated and you go to settings in webapp, a pop with “Something went wrong” appears. I can´t figure out where or what is running wrong.
    Hopefully someone here can help me :=)

    Kopano Core 8.5.81.197
    Webapp 3.4.6.1210
    MDM 2.1.0.28
    z-push 2.3.8.beta2
    Debian 8

    Thanks in advance

    Best regards

    Markus


  • Kopano

    Some logs would help. So the webserver logging of your z-push instance, webserver logging of your kopano webapp instance. some network details, etc.



  • Hi Felix,

    What further information do you need? And how should i provide logs?
    Some network details? It is just a vserver and on it the mysql, apache, postfix is running. No further server which is connected. A fail2ban is also running.
    The z-push is working for iOS device and so on. Just the MDM plugin brings this error and i can´t figure it out,

    Thanks
    Markus


  • Kopano

    @fbartels said in MDM Plugin not working:

    webserver logging of your z-push instance, webserver logging of your kopano webapp instance

    Additionally is SSL involved? What kind of certificate? Redirect to ssl?



  • Hi fbartels,

    here are the requested logs, hopefully all you need for helping.
    sapper-plus.de/kopano.rar

    Thanks in advance
    Markus


  • Kopano

    That link does not contain the archive. What about my other questions,



  • it contains the archive, nothing else! it is a rar archive and its working. what do you see when clicking the link?

    The other questions: yes of course i use ssl with a certificate from lets encrypt. but mdm connects locally without ssl. i got a rdirect set for those who try reaching webapp by http.


  • Kopano

    Interesting now its downloading. like five minutes ago it still gave an “under construction” like webpage.


  • Kopano

    I checked the apache logfile and could fine two calls to the soap backend feeding data to the mdm plugin. what is interesting here is that your call looks like

    :443 195.225.105.159 - - [10/Feb/2018:11:24:25 +0100] "POST /?Cmd=WebserviceInfo&DeviceId=webservice&DeviceType=webservice&User=gustav HTTP/1.1" 200 3907 "-" "PHP-SOAP/5.6.33-0+deb8u1"`
    

    while on my testsystem it looks like this:

    ::1 - felix [11/Feb/2018:12:13:24 +0100] "POST /Microsoft-Server-ActiveSync?Cmd=WebserviceDevice&DeviceId=webservice&DeviceType=webservice&User=felix HTTP/1.1" 200 895 "-" "PHP-SOAP/5.6.30-0+deb8u1"
    

    The missing Microsoft-Server-ActiveSync part would suggest that something is wrong with your apache configuration imho. Additionally you should check if your z-push is actually reachable by the data specified in /etc/kopano/webapp/config-mdm.php.



  • Hi Felix,
    in the /etc/kopano/webapp/config-mdm.php nothing special is configured:

    <?php
    define('PLUGIN_MDM_USER_DEFAULT_ENABLE_MDM', false);
    define('PLUGIN_MDM_SERVER', 'localhost');
    define('PLUGIN_MDM_SERVER_SSL', false);
    ?>
    

    And in Apache it looks like this:

    Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php 
    <Directory /usr/share/z-push>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride all
        Order allow,deny
        Allow from all
        php_flag magic_quotes_gpc off
        php_flag register_globals off
        php_flag magic_quotes_runtime off
        php_flag short_open_tag on
        
        RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule (.*) https://sapper-plus.de/Microsoft-Server-ActiveSync/ [R]
    </Directory>
    
    
    <VirtualHost *:443>
    SSLEngine On
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
    SSLCertificateFile /etc/letsencrypt/live/sapper-plus.de/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/sapper-plus.de/privkey.pem
    #ServerName sapper-plus.de
    </VirtualHost>
    

    So the funny thing is, that on another server it is configured nearly the same, and there is everything working fine…

    Greetz
    Markus


  • Kopano

    I’d remove the RewriteRule (.*) https://sapper-plus.de/Microsoft-Server-ActiveSync/ [R] line and try again.



  • Hi Felix,

    unfortunately no change. Still same prob. Also in the webapp there is shown at z-push: “version not available”

    Greetz
    Markus


  • Kopano

    Hi @icey ,

    then I’m unfortunately at the end of my direct ideas. If you have a subscription I would recommend to get in contact with our support so that someone can have a direct look at your system.



  • I suggest that you configure your vhost better.

    define(‘PLUGIN_MDM_SERVER’, ‘localhost’);
    change localhost to you webserver vhostname.
    enable SSL because https://sapper-plus.de is set on ssl.

    now, about the vhost config.
    sapper-plus.de < is NOT a hostname but a domainname, and should only be used as an alias for your top level site ( for example www. )
    yes, it works, but is more confusing imo. i suggest, in your dns create, www and mail as hostnames.

    Setup a dedicated hostname for the ssl vhost, configure it.

    i’ll show my example for apache on debian stretch.

    # Non SSL
    <VirtualHost mail.example.com:80>
    
        ServerAdmin webmaster@example.com
        ServerName mail.example.com
    	# Note autodiscover, works only if you use a wildcard, ! Lets Encrypt does not support wildards yet. 
            # you may put this (autodisover) also in www or toplevel vhost config. 
        ServerAlias autodiscover.example.com mail autodiscover
    
        DocumentRoot /usr/share/kopano-webapp/
        ServerSignature Off
        <Directory "/usr/share/kopano-webapp">
            Require all denied
            AllowOverride All
        </Directory>
    
        ErrorLog ${APACHE_LOG_DIR}/mail-error.log
        CustomLog ${APACHE_LOG_DIR}/mail-access.log combined
    
        ## kopano settings. 
    	## by default a2enmod enables for all sites, i dont like that.
    	## so i run a2disconf kopano-webapp and include the config.
        Include /etc/apache2/conf-available/kopano-webapp.conf
    
        # Make sure that your using ssl.
        RewriteEngine   On
        RewriteCond     %{HTTPS}        off
        RewriteRule     ^(.*)$          https://mail.example.com/%{REQUEST_URI} [L,R]
    
    </VirtualHost>
    # SSL 
    <VirtualHost mail.example.com:443>
    
        ServerAdmin webmaster@example.com
        ServerName mail.example.com
    	# Note, this only works if you use a wildcard ssl.
        ServerAlias autodiscover.example.com
    
        DocumentRoot /usr/share/kopano-webapp
    
        ErrorLog ${APACHE_LOG_DIR}/mail1-internal-ssl-error.log
        CustomLog ${APACHE_LOG_DIR}/mail1-internal-ssl-access.log combined
        ServerSignature Off
    
        <IfModule mod_ssl.c>
            SSLEngine on
    		# Do change these to your own certs. 
            SSLCertificateFile      /etc/ssl/certs/cert4096.pem
            SSLCertificateKeyFile   /etc/ssl/private/key.pem
            SSLCACertificateFile    /etc/ssl/certs/ca.pem
    
            # Add the following to your Apache config.
    		# ! Note Debian 8 may not like this. 
            #SSLOpenSSLConfCmd DHParameters "/etc/ssl/dh/dh4096.pem"
    
    		# adviced to use only tls1.2
            # SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    		SSLProtocol TLSv1.2
            SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
    
            SSLHonorCipherOrder On
    
            Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
            Header always set X-Frame-Options DENY
            Header always set X-Content-Type-Options nosniff
    
            SSLHonorCipherOrder on
            SSLStrictSNIVHostCheck Off
            SSLCompression Off
          
    	</IfModule>
    
        ## kopano settings.
    	Include /etc/apache2/conf-available/kopano-webapp.conf
    
    	Include /etc/apache2/conf-available/z-push.conf
    	#    Include /etc/apache2/conf-available/z-push-autodiscover.conf
    
    </VirtualHost>
    
    

    now use the z-push repo,
    https://wiki.z-hub.io/display/ZP/Installation#Installation-DebianundUbuntubasedsystems

    setup a “file” repo for you kopano files" or install manualy kopano-webapp-plugin-mdm and the needed other packages.

    reboot, and connect your Phone. If that does not work, i’ll eat my shoe, then is a bug you did hit.
    This works fine here on ubuntu 16.04, debian 8 and debian 9.



  • ps.
    443 195.225.105.159 - - [10/Feb/2018:11:24:25 +0100] “POST /?Cmd=WebserviceInfo&DeviceId=webservice&DeviceType=webservice&User=gustav HTTP/1.1” 200 3907 “-” “PHP-SOAP/5.6.33-0+deb8u1”`

    This is an incorrect redirect, to a wrong vhost/ip which is not configured,
    This is, as far i can see, only configured in the “non-ssl” : RewriteRule (.*) https://sapper-plus.de/Microsoft-Server-ActiveSync/ [R]

    so logical that its hard to see.



  • Hi thctlo,

    thanks for your answer. I will give this a try and have a detailed look at my apache conf. I will come back with my results at the weekend. Before i don´t have time to work on that.
    Thanks
    Markus



  • Hi @ all,

    fixing the apache confs and renewing all certificates MDM Plugin now works fine.

    THANKS FOR HELP!!!

    Greetz
    Markus


Log in to reply