MDM Plugin not working

Interesting now its downloading. like five minutes ago it still gave an “under construction” like webpage.

I checked the apache logfile and could fine two calls to the soap backend feeding data to the mdm plugin. what is interesting here is that your call looks like

:443 - - [10/Feb/2018:11:24:25 +0100] "POST /?Cmd=WebserviceInfo&DeviceId=webservice&DeviceType=webservice&User=gustav HTTP/1.1" 200 3907 "-" "PHP-SOAP/5.6.33-0+deb8u1"`

while on my testsystem it looks like this:

::1 - felix [11/Feb/2018:12:13:24 +0100] "POST /Microsoft-Server-ActiveSync?Cmd=WebserviceDevice&DeviceId=webservice&DeviceType=webservice&User=felix HTTP/1.1" 200 895 "-" "PHP-SOAP/5.6.30-0+deb8u1"

The missing Microsoft-Server-ActiveSync part would suggest that something is wrong with your apache configuration imho. Additionally you should check if your z-push is actually reachable by the data specified in /etc/kopano/webapp/config-mdm.php.

Hi Felix,
in the /etc/kopano/webapp/config-mdm.php nothing special is configured:

define('PLUGIN_MDM_SERVER', 'localhost');
define('PLUGIN_MDM_SERVER_SSL', false);

And in Apache it looks like this:

Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php 
<Directory /usr/share/z-push>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride all
    Order allow,deny
    Allow from all
    php_flag magic_quotes_gpc off
    php_flag register_globals off
    php_flag magic_quotes_runtime off
    php_flag short_open_tag on
    RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule (.*) [R]

<VirtualHost *:443>
SSLEngine On
SSLProtocol all -SSLv2
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/

So the funny thing is, that on another server it is configured nearly the same, and there is everything working fine…


I’d remove the RewriteRule (.*) [R] line and try again.

Hi Felix,

unfortunately no change. Still same prob. Also in the webapp there is shown at z-push: “version not available”


Hi @icey ,

then I’m unfortunately at the end of my direct ideas. If you have a subscription I would recommend to get in contact with our support so that someone can have a direct look at your system.

I suggest that you configure your vhost better.

define(‘PLUGIN_MDM_SERVER’, ‘localhost’);
change localhost to you webserver vhostname.
enable SSL because is set on ssl.

now, about the vhost config. < is NOT a hostname but a domainname, and should only be used as an alias for your top level site ( for example www. )
yes, it works, but is more confusing imo. i suggest, in your dns create, www and mail as hostnames.

Setup a dedicated hostname for the ssl vhost, configure it.

i’ll show my example for apache on debian stretch.

# Non SSL

	# Note autodiscover, works only if you use a wildcard, ! Lets Encrypt does not support wildards yet. 
        # you may put this (autodisover) also in www or toplevel vhost config. 
    ServerAlias mail autodiscover

    DocumentRoot /usr/share/kopano-webapp/
    ServerSignature Off
    <Directory "/usr/share/kopano-webapp">
        Require all denied
        AllowOverride All

    ErrorLog ${APACHE_LOG_DIR}/mail-error.log
    CustomLog ${APACHE_LOG_DIR}/mail-access.log combined

    ## kopano settings. 
	## by default a2enmod enables for all sites, i dont like that.
	## so i run a2disconf kopano-webapp and include the config.
    Include /etc/apache2/conf-available/kopano-webapp.conf

    # Make sure that your using ssl.
    RewriteEngine   On
    RewriteCond     %{HTTPS}        off
    RewriteRule     ^(.*)${REQUEST_URI} [L,R]

# SSL 

	# Note, this only works if you use a wildcard ssl.

    DocumentRoot /usr/share/kopano-webapp

    ErrorLog ${APACHE_LOG_DIR}/mail1-internal-ssl-error.log
    CustomLog ${APACHE_LOG_DIR}/mail1-internal-ssl-access.log combined
    ServerSignature Off

    <IfModule mod_ssl.c>
        SSLEngine on
		# Do change these to your own certs. 
        SSLCertificateFile      /etc/ssl/certs/cert4096.pem
        SSLCertificateKeyFile   /etc/ssl/private/key.pem
        SSLCACertificateFile    /etc/ssl/certs/ca.pem

        # Add the following to your Apache config.
		# ! Note Debian 8 may not like this. 
        #SSLOpenSSLConfCmd DHParameters "/etc/ssl/dh/dh4096.pem"

		# adviced to use only tls1.2
        # SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
		SSLProtocol TLSv1.2

        SSLHonorCipherOrder On

        Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
        Header always set X-Frame-Options DENY
        Header always set X-Content-Type-Options nosniff

        SSLHonorCipherOrder on
        SSLStrictSNIVHostCheck Off
        SSLCompression Off

    ## kopano settings.
	Include /etc/apache2/conf-available/kopano-webapp.conf

	Include /etc/apache2/conf-available/z-push.conf
	#    Include /etc/apache2/conf-available/z-push-autodiscover.conf


now use the z-push repo,

setup a “file” repo for you kopano files" or install manualy kopano-webapp-plugin-mdm and the needed other packages.

reboot, and connect your Phone. If that does not work, i’ll eat my shoe, then is a bug you did hit.
This works fine here on ubuntu 16.04, debian 8 and debian 9.

443 - - [10/Feb/2018:11:24:25 +0100] “POST /?Cmd=WebserviceInfo&DeviceId=webservice&DeviceType=webservice&User=gustav HTTP/1.1” 200 3907 “-” “PHP-SOAP/5.6.33-0+deb8u1”`

This is an incorrect redirect, to a wrong vhost/ip which is not configured,
This is, as far i can see, only configured in the “non-ssl” : RewriteRule (.*) [R]

so logical that its hard to see.

Hi thctlo,

thanks for your answer. I will give this a try and have a detailed look at my apache conf. I will come back with my results at the weekend. Before i don´t have time to work on that.

Hi @ all,

fixing the apache confs and renewing all certificates MDM Plugin now works fine.