MDM Plugin not working

Interesting now its downloading. like five minutes ago it still gave an “under construction” like webpage.

I checked the apache logfile and could fine two calls to the soap backend feeding data to the mdm plugin. what is interesting here is that your call looks like

:443 195.225.105.159 - - [10/Feb/2018:11:24:25 +0100] "POST /?Cmd=WebserviceInfo&DeviceId=webservice&DeviceType=webservice&User=gustav HTTP/1.1" 200 3907 "-" "PHP-SOAP/5.6.33-0+deb8u1"`

while on my testsystem it looks like this:

::1 - felix [11/Feb/2018:12:13:24 +0100] "POST /Microsoft-Server-ActiveSync?Cmd=WebserviceDevice&DeviceId=webservice&DeviceType=webservice&User=felix HTTP/1.1" 200 895 "-" "PHP-SOAP/5.6.30-0+deb8u1"

The missing Microsoft-Server-ActiveSync part would suggest that something is wrong with your apache configuration imho. Additionally you should check if your z-push is actually reachable by the data specified in /etc/kopano/webapp/config-mdm.php.

Hi Felix,
in the /etc/kopano/webapp/config-mdm.php nothing special is configured:

<?php
define('PLUGIN_MDM_USER_DEFAULT_ENABLE_MDM', false);
define('PLUGIN_MDM_SERVER', 'localhost');
define('PLUGIN_MDM_SERVER_SSL', false);
?>

And in Apache it looks like this:

Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php 
<Directory /usr/share/z-push>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride all
    Order allow,deny
    Allow from all
    php_flag magic_quotes_gpc off
    php_flag register_globals off
    php_flag magic_quotes_runtime off
    php_flag short_open_tag on
    
    RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://sapper-plus.de/Microsoft-Server-ActiveSync/ [R]
</Directory>


<VirtualHost *:443>
SSLEngine On
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /etc/letsencrypt/live/sapper-plus.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sapper-plus.de/privkey.pem
#ServerName sapper-plus.de
</VirtualHost>

So the funny thing is, that on another server it is configured nearly the same, and there is everything working fine…

Greetz
Markus

I’d remove the RewriteRule (.*) https://sapper-plus.de/Microsoft-Server-ActiveSync/ [R] line and try again.

Hi Felix,

unfortunately no change. Still same prob. Also in the webapp there is shown at z-push: “version not available”

Greetz
Markus

Hi @icey ,

then I’m unfortunately at the end of my direct ideas. If you have a subscription I would recommend to get in contact with our support so that someone can have a direct look at your system.

I suggest that you configure your vhost better.

define(‘PLUGIN_MDM_SERVER’, ‘localhost’);
change localhost to you webserver vhostname.
enable SSL because https://sapper-plus.de is set on ssl.

now, about the vhost config.
sapper-plus.de < is NOT a hostname but a domainname, and should only be used as an alias for your top level site ( for example www. )
yes, it works, but is more confusing imo. i suggest, in your dns create, www and mail as hostnames.

Setup a dedicated hostname for the ssl vhost, configure it.

i’ll show my example for apache on debian stretch.

# Non SSL
<VirtualHost mail.example.com:80>

    ServerAdmin webmaster@example.com
    ServerName mail.example.com
	# Note autodiscover, works only if you use a wildcard, ! Lets Encrypt does not support wildards yet. 
        # you may put this (autodisover) also in www or toplevel vhost config. 
    ServerAlias autodiscover.example.com mail autodiscover

    DocumentRoot /usr/share/kopano-webapp/
    ServerSignature Off
    <Directory "/usr/share/kopano-webapp">
        Require all denied
        AllowOverride All
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/mail-error.log
    CustomLog ${APACHE_LOG_DIR}/mail-access.log combined

    ## kopano settings. 
	## by default a2enmod enables for all sites, i dont like that.
	## so i run a2disconf kopano-webapp and include the config.
    Include /etc/apache2/conf-available/kopano-webapp.conf

    # Make sure that your using ssl.
    RewriteEngine   On
    RewriteCond     %{HTTPS}        off
    RewriteRule     ^(.*)$          https://mail.example.com/%{REQUEST_URI} [L,R]

</VirtualHost>
# SSL 
<VirtualHost mail.example.com:443>

    ServerAdmin webmaster@example.com
    ServerName mail.example.com
	# Note, this only works if you use a wildcard ssl.
    ServerAlias autodiscover.example.com

    DocumentRoot /usr/share/kopano-webapp

    ErrorLog ${APACHE_LOG_DIR}/mail1-internal-ssl-error.log
    CustomLog ${APACHE_LOG_DIR}/mail1-internal-ssl-access.log combined
    ServerSignature Off

    <IfModule mod_ssl.c>
        SSLEngine on
		# Do change these to your own certs. 
        SSLCertificateFile      /etc/ssl/certs/cert4096.pem
        SSLCertificateKeyFile   /etc/ssl/private/key.pem
        SSLCACertificateFile    /etc/ssl/certs/ca.pem

        # Add the following to your Apache config.
		# ! Note Debian 8 may not like this. 
        #SSLOpenSSLConfCmd DHParameters "/etc/ssl/dh/dh4096.pem"

		# adviced to use only tls1.2
        # SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
		SSLProtocol TLSv1.2
        SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK

        SSLHonorCipherOrder On

        Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
        Header always set X-Frame-Options DENY
        Header always set X-Content-Type-Options nosniff

        SSLHonorCipherOrder on
        SSLStrictSNIVHostCheck Off
        SSLCompression Off
      
	</IfModule>

    ## kopano settings.
	Include /etc/apache2/conf-available/kopano-webapp.conf

	Include /etc/apache2/conf-available/z-push.conf
	#    Include /etc/apache2/conf-available/z-push-autodiscover.conf

</VirtualHost>

now use the z-push repo,
https://wiki.z-hub.io/display/ZP/Installation#Installation-DebianundUbuntubasedsystems

setup a “file” repo for you kopano files" or install manualy kopano-webapp-plugin-mdm and the needed other packages.

reboot, and connect your Phone. If that does not work, i’ll eat my shoe, then is a bug you did hit.
This works fine here on ubuntu 16.04, debian 8 and debian 9.

ps.
443 195.225.105.159 - - [10/Feb/2018:11:24:25 +0100] “POST /?Cmd=WebserviceInfo&DeviceId=webservice&DeviceType=webservice&User=gustav HTTP/1.1” 200 3907 “-” “PHP-SOAP/5.6.33-0+deb8u1”`

This is an incorrect redirect, to a wrong vhost/ip which is not configured,
This is, as far i can see, only configured in the “non-ssl” : RewriteRule (.*) https://sapper-plus.de/Microsoft-Server-ActiveSync/ [R]

so logical that its hard to see.

Hi thctlo,

thanks for your answer. I will give this a try and have a detailed look at my apache conf. I will come back with my results at the weekend. Before i don´t have time to work on that.
Thanks
Markus

Hi @ all,

fixing the apache confs and renewing all certificates MDM Plugin now works fine.

THANKS FOR HELP!!!

Greetz
Markus