MDM Plugin not working

  • Kopano

    Interesting now its downloading. like five minutes ago it still gave an “under construction” like webpage.

  • Kopano

    I checked the apache logfile and could fine two calls to the soap backend feeding data to the mdm plugin. what is interesting here is that your call looks like

    :443 - - [10/Feb/2018:11:24:25 +0100] "POST /?Cmd=WebserviceInfo&DeviceId=webservice&DeviceType=webservice&User=gustav HTTP/1.1" 200 3907 "-" "PHP-SOAP/5.6.33-0+deb8u1"`

    while on my testsystem it looks like this:

    ::1 - felix [11/Feb/2018:12:13:24 +0100] "POST /Microsoft-Server-ActiveSync?Cmd=WebserviceDevice&DeviceId=webservice&DeviceType=webservice&User=felix HTTP/1.1" 200 895 "-" "PHP-SOAP/5.6.30-0+deb8u1"

    The missing Microsoft-Server-ActiveSync part would suggest that something is wrong with your apache configuration imho. Additionally you should check if your z-push is actually reachable by the data specified in /etc/kopano/webapp/config-mdm.php.

  • Hi Felix,
    in the /etc/kopano/webapp/config-mdm.php nothing special is configured:

    define('PLUGIN_MDM_SERVER', 'localhost');
    define('PLUGIN_MDM_SERVER_SSL', false);

    And in Apache it looks like this:

    Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php 
    <Directory /usr/share/z-push>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride all
        Order allow,deny
        Allow from all
        php_flag magic_quotes_gpc off
        php_flag register_globals off
        php_flag magic_quotes_runtime off
        php_flag short_open_tag on
        RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule (.*) [R]
    <VirtualHost *:443>
    SSLEngine On
    SSLProtocol all -SSLv2
    SSLCertificateFile /etc/letsencrypt/live/
    SSLCertificateKeyFile /etc/letsencrypt/live/

    So the funny thing is, that on another server it is configured nearly the same, and there is everything working fine…


  • Kopano

    I’d remove the RewriteRule (.*) [R] line and try again.

  • Hi Felix,

    unfortunately no change. Still same prob. Also in the webapp there is shown at z-push: “version not available”


  • Kopano

    Hi @icey ,

    then I’m unfortunately at the end of my direct ideas. If you have a subscription I would recommend to get in contact with our support so that someone can have a direct look at your system.

  • I suggest that you configure your vhost better.

    define(‘PLUGIN_MDM_SERVER’, ‘localhost’);
    change localhost to you webserver vhostname.
    enable SSL because is set on ssl.

    now, about the vhost config. < is NOT a hostname but a domainname, and should only be used as an alias for your top level site ( for example www. )
    yes, it works, but is more confusing imo. i suggest, in your dns create, www and mail as hostnames.

    Setup a dedicated hostname for the ssl vhost, configure it.

    i’ll show my example for apache on debian stretch.

    # Non SSL
    	# Note autodiscover, works only if you use a wildcard, ! Lets Encrypt does not support wildards yet. 
            # you may put this (autodisover) also in www or toplevel vhost config. 
        ServerAlias mail autodiscover
        DocumentRoot /usr/share/kopano-webapp/
        ServerSignature Off
        <Directory "/usr/share/kopano-webapp">
            Require all denied
            AllowOverride All
        ErrorLog ${APACHE_LOG_DIR}/mail-error.log
        CustomLog ${APACHE_LOG_DIR}/mail-access.log combined
        ## kopano settings. 
    	## by default a2enmod enables for all sites, i dont like that.
    	## so i run a2disconf kopano-webapp and include the config.
        Include /etc/apache2/conf-available/kopano-webapp.conf
        # Make sure that your using ssl.
        RewriteEngine   On
        RewriteCond     %{HTTPS}        off
        RewriteRule     ^(.*)${REQUEST_URI} [L,R]
    # SSL 
    	# Note, this only works if you use a wildcard ssl.
        DocumentRoot /usr/share/kopano-webapp
        ErrorLog ${APACHE_LOG_DIR}/mail1-internal-ssl-error.log
        CustomLog ${APACHE_LOG_DIR}/mail1-internal-ssl-access.log combined
        ServerSignature Off
        <IfModule mod_ssl.c>
            SSLEngine on
    		# Do change these to your own certs. 
            SSLCertificateFile      /etc/ssl/certs/cert4096.pem
            SSLCertificateKeyFile   /etc/ssl/private/key.pem
            SSLCACertificateFile    /etc/ssl/certs/ca.pem
            # Add the following to your Apache config.
    		# ! Note Debian 8 may not like this. 
            #SSLOpenSSLConfCmd DHParameters "/etc/ssl/dh/dh4096.pem"
    		# adviced to use only tls1.2
            # SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    		SSLProtocol TLSv1.2
            SSLHonorCipherOrder On
            Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
            Header always set X-Frame-Options DENY
            Header always set X-Content-Type-Options nosniff
            SSLHonorCipherOrder on
            SSLStrictSNIVHostCheck Off
            SSLCompression Off
        ## kopano settings.
    	Include /etc/apache2/conf-available/kopano-webapp.conf
    	Include /etc/apache2/conf-available/z-push.conf
    	#    Include /etc/apache2/conf-available/z-push-autodiscover.conf

    now use the z-push repo,

    setup a “file” repo for you kopano files" or install manualy kopano-webapp-plugin-mdm and the needed other packages.

    reboot, and connect your Phone. If that does not work, i’ll eat my shoe, then is a bug you did hit.
    This works fine here on ubuntu 16.04, debian 8 and debian 9.

  • ps.
    443 - - [10/Feb/2018:11:24:25 +0100] “POST /?Cmd=WebserviceInfo&DeviceId=webservice&DeviceType=webservice&User=gustav HTTP/1.1” 200 3907 “-” “PHP-SOAP/5.6.33-0+deb8u1”`

    This is an incorrect redirect, to a wrong vhost/ip which is not configured,
    This is, as far i can see, only configured in the “non-ssl” : RewriteRule (.*) [R]

    so logical that its hard to see.

  • Hi thctlo,

    thanks for your answer. I will give this a try and have a detailed look at my apache conf. I will come back with my results at the weekend. Before i don´t have time to work on that.

  • Hi @ all,

    fixing the apache confs and renewing all certificates MDM Plugin now works fine.



Log in to reply