MDM Plugin not working


i am running out of ideas… Since quite a while the MDM Plugin is not working anymore. When activated and you go to settings in webapp, a pop with “Something went wrong” appears. I can´t figure out where or what is running wrong.
Hopefully someone here can help me :=)

Kopano Core
z-push 2.3.8.beta2
Debian 8

Thanks in advance

Best regards


Some logs would help. So the webserver logging of your z-push instance, webserver logging of your kopano webapp instance. some network details, etc.

Hi Felix,

What further information do you need? And how should i provide logs?
Some network details? It is just a vserver and on it the mysql, apache, postfix is running. No further server which is connected. A fail2ban is also running.
The z-push is working for iOS device and so on. Just the MDM plugin brings this error and i can´t figure it out,


@fbartels said in MDM Plugin not working:

webserver logging of your z-push instance, webserver logging of your kopano webapp instance

Additionally is SSL involved? What kind of certificate? Redirect to ssl?

Hi fbartels,

here are the requested logs, hopefully all you need for helping.

Thanks in advance

That link does not contain the archive. What about my other questions,

it contains the archive, nothing else! it is a rar archive and its working. what do you see when clicking the link?

The other questions: yes of course i use ssl with a certificate from lets encrypt. but mdm connects locally without ssl. i got a rdirect set for those who try reaching webapp by http.

Interesting now its downloading. like five minutes ago it still gave an “under construction” like webpage.

I checked the apache logfile and could fine two calls to the soap backend feeding data to the mdm plugin. what is interesting here is that your call looks like

:443 - - [10/Feb/2018:11:24:25 +0100] "POST /?Cmd=WebserviceInfo&DeviceId=webservice&DeviceType=webservice&User=gustav HTTP/1.1" 200 3907 "-" "PHP-SOAP/5.6.33-0+deb8u1"`

while on my testsystem it looks like this:

::1 - felix [11/Feb/2018:12:13:24 +0100] "POST /Microsoft-Server-ActiveSync?Cmd=WebserviceDevice&DeviceId=webservice&DeviceType=webservice&User=felix HTTP/1.1" 200 895 "-" "PHP-SOAP/5.6.30-0+deb8u1"

The missing Microsoft-Server-ActiveSync part would suggest that something is wrong with your apache configuration imho. Additionally you should check if your z-push is actually reachable by the data specified in /etc/kopano/webapp/config-mdm.php.

Hi Felix,
in the /etc/kopano/webapp/config-mdm.php nothing special is configured:

define('PLUGIN_MDM_SERVER', 'localhost');
define('PLUGIN_MDM_SERVER_SSL', false);

And in Apache it looks like this:

Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php 
<Directory /usr/share/z-push>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride all
    Order allow,deny
    Allow from all
    php_flag magic_quotes_gpc off
    php_flag register_globals off
    php_flag magic_quotes_runtime off
    php_flag short_open_tag on
    RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule (.*) [R]

<VirtualHost *:443>
SSLEngine On
SSLProtocol all -SSLv2
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/

So the funny thing is, that on another server it is configured nearly the same, and there is everything working fine…


I’d remove the RewriteRule (.*) [R] line and try again.

Hi Felix,

unfortunately no change. Still same prob. Also in the webapp there is shown at z-push: “version not available”


Hi @icey ,

then I’m unfortunately at the end of my direct ideas. If you have a subscription I would recommend to get in contact with our support so that someone can have a direct look at your system.

I suggest that you configure your vhost better.

define(‘PLUGIN_MDM_SERVER’, ‘localhost’);
change localhost to you webserver vhostname.
enable SSL because is set on ssl.

now, about the vhost config. < is NOT a hostname but a domainname, and should only be used as an alias for your top level site ( for example www. )
yes, it works, but is more confusing imo. i suggest, in your dns create, www and mail as hostnames.

Setup a dedicated hostname for the ssl vhost, configure it.

i’ll show my example for apache on debian stretch.

# Non SSL

	# Note autodiscover, works only if you use a wildcard, ! Lets Encrypt does not support wildards yet. 
        # you may put this (autodisover) also in www or toplevel vhost config. 
    ServerAlias mail autodiscover

    DocumentRoot /usr/share/kopano-webapp/
    ServerSignature Off
    <Directory "/usr/share/kopano-webapp">
        Require all denied
        AllowOverride All

    ErrorLog ${APACHE_LOG_DIR}/mail-error.log
    CustomLog ${APACHE_LOG_DIR}/mail-access.log combined

    ## kopano settings. 
	## by default a2enmod enables for all sites, i dont like that.
	## so i run a2disconf kopano-webapp and include the config.
    Include /etc/apache2/conf-available/kopano-webapp.conf

    # Make sure that your using ssl.
    RewriteEngine   On
    RewriteCond     %{HTTPS}        off
    RewriteRule     ^(.*)${REQUEST_URI} [L,R]

# SSL 

	# Note, this only works if you use a wildcard ssl.

    DocumentRoot /usr/share/kopano-webapp

    ErrorLog ${APACHE_LOG_DIR}/mail1-internal-ssl-error.log
    CustomLog ${APACHE_LOG_DIR}/mail1-internal-ssl-access.log combined
    ServerSignature Off

    <IfModule mod_ssl.c>
        SSLEngine on
		# Do change these to your own certs. 
        SSLCertificateFile      /etc/ssl/certs/cert4096.pem
        SSLCertificateKeyFile   /etc/ssl/private/key.pem
        SSLCACertificateFile    /etc/ssl/certs/ca.pem

        # Add the following to your Apache config.
		# ! Note Debian 8 may not like this. 
        #SSLOpenSSLConfCmd DHParameters "/etc/ssl/dh/dh4096.pem"

		# adviced to use only tls1.2
        # SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
		SSLProtocol TLSv1.2

        SSLHonorCipherOrder On

        Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
        Header always set X-Frame-Options DENY
        Header always set X-Content-Type-Options nosniff

        SSLHonorCipherOrder on
        SSLStrictSNIVHostCheck Off
        SSLCompression Off

    ## kopano settings.
	Include /etc/apache2/conf-available/kopano-webapp.conf

	Include /etc/apache2/conf-available/z-push.conf
	#    Include /etc/apache2/conf-available/z-push-autodiscover.conf


now use the z-push repo,

setup a “file” repo for you kopano files" or install manualy kopano-webapp-plugin-mdm and the needed other packages.

reboot, and connect your Phone. If that does not work, i’ll eat my shoe, then is a bug you did hit.
This works fine here on ubuntu 16.04, debian 8 and debian 9.

443 - - [10/Feb/2018:11:24:25 +0100] “POST /?Cmd=WebserviceInfo&DeviceId=webservice&DeviceType=webservice&User=gustav HTTP/1.1” 200 3907 “-” “PHP-SOAP/5.6.33-0+deb8u1”`

This is an incorrect redirect, to a wrong vhost/ip which is not configured,
This is, as far i can see, only configured in the “non-ssl” : RewriteRule (.*) [R]

so logical that its hard to see.

Hi thctlo,

thanks for your answer. I will give this a try and have a detailed look at my apache conf. I will come back with my results at the weekend. Before i don´t have time to work on that.

Hi @ all,

fixing the apache confs and renewing all certificates MDM Plugin now works fine.