Hi folks,
I've just started migrating from Exchange 2007 to Zimbra 8.6 on CentOS 7.5 and I've run into this issue. All services are running, I can get to the admin page of the Web GUI just fine. I was working through the installation tasks and set up a test account then tried to access the webmail. The login screen appears just fine, but after logging in I get a long wait followed by the time out message below. I've tried the test account and my admin account - same result. I've disabled SELinux on the server and I'm stumped! This didn't happen when I installed a test server with an evaluation license last year (Sadly, I've deleted that VM now).
Could anyone shed some light?
BTW, this is the licensed version.
thanks.
HTTP ERROR 504
Problem accessing ZCS upstream server. Reason: Cannot connect to the ZCS upstream server. Connection timeout.
Possible reasons:
upstream server is blocked by a firewall
upstream server is failing to send back the response in time
upstream server is down
Please contact your ZCS administrator to fix the problem.
Powered by Nginx-Zimbra://
New Install: Problem accessing ZCS upstream server.
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
New Install: Problem accessing ZCS upstream server.
Hi Fred,
Did you manage to read the next article?
https://wiki.zimbra.com/wiki/Zimbra_Pro ... 5xx_Errors
Did you install all services, proxy and memcached? Do you have all the DNS properly configured?
Best regards
Did you manage to read the next article?
https://wiki.zimbra.com/wiki/Zimbra_Pro ... 5xx_Errors
Did you install all services, proxy and memcached? Do you have all the DNS properly configured?
Best regards
New Install: Problem accessing ZCS upstream server.
OK, thanks for the replies
I'm behind a firewall, but it shouldn't be getting between me and the Zimbra server - we're both on the same subnet.
DNS is being handled by a W2008 server which is running AD. I've set up a hairpin DNS on the firewall and local entries on the 08 server so mail.mydomain resolves fine.
I'm working through the article above, my hosts file looks off (I've already modified it to remove IPv6 because that caused another error) so I'll check it out. I'm confused that the admin pages work but the webmail ones don't, I had assumed (!) that they work on the same routes.
I'll be back!
thanks again.
Fred
I'm behind a firewall, but it shouldn't be getting between me and the Zimbra server - we're both on the same subnet.
DNS is being handled by a W2008 server which is running AD. I've set up a hairpin DNS on the firewall and local entries on the 08 server so mail.mydomain resolves fine.
I'm working through the article above, my hosts file looks off (I've already modified it to remove IPv6 because that caused another error) so I'll check it out. I'm confused that the admin pages work but the webmail ones don't, I had assumed (!) that they work on the same routes.
I'll be back!
thanks again.
Fred
New Install: Problem accessing ZCS upstream server.
Here's the Dig any for MyDomain. I'm not sure why Phat is advertising iSCSI connections, but hey.
There are two MX because I've still got the exchange server running. Is that likely to be a problem? I'm only using a single server install.
; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.5 <<>> MyDomain.co.uk any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63440
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 8
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;MyDomain.co.uk. IN ANY
;; ANSWER SECTION:
MyDomain.co.uk. 3600 IN NS phat.MyDomain.local.
MyDomain.co.uk. 3600 IN NS colossal1.MyDomain.local.
MyDomain.co.uk. 3600 IN SOA phat.MyDomain.local. hostmaster.MyDomain.local. 11 900 600 86400 3600
MyDomain.co.uk. 3600 IN MX 50 mail.MyDomain.co.uk.
MyDomain.co.uk. 3600 IN MX 10 colossal1.MyDomain.local.
;; ADDITIONAL SECTION:
phat.MyDomain.local. 3600 IN A 10.0.0.4
phat.MyDomain.local. 3600 IN A 10.1.0.16
phat.MyDomain.local. 3600 IN A 10.1.0.15
phat.MyDomain.local. 3600 IN A 10.3.0.5
colossal1.MyDomain.local. 3600 IN A 10.0.0.3
colossal1.MyDomain.local. 3600 IN A 10.0.0.3
mail.MyDomain.co.uk. 3408 IN A 10.0.0.85
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Oct 10 12:37:35 BST 2015
;; MSG SIZE rcvd: 304
[root@mail ~]#
and Here's the dig mx
root@mail ~]# dig MyDomain.co.uk mx
; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.5 <<>> MyDomain.co.uk mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25496
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;MyDomain.co.uk. IN MX
;; ANSWER SECTION:
MyDomain.co.uk. 3351 IN MX 50 mail.MyDomain.co.uk.
MyDomain.co.uk. 3351 IN MX 10 colossal1.MyDomain.local.
;; ADDITIONAL SECTION:
colossal1.MyDomain.local. 2851 IN A 10.0.0.3
mail.MyDomain.co.uk. 3159 IN A 10.0.0.85
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Oct 10 12:41:44 BST 2015
;; MSG SIZE rcvd: 144
[root@mail ~]#
mail. is the Zimbra server.
I have a niggling doubt in my mind. I configured the service port for the Zimbra domain to be 443 and https. Is that correct (I'd rather use ssl if possible). I've installed an ssl cert.
Thanks again.
Fred
There are two MX because I've still got the exchange server running. Is that likely to be a problem? I'm only using a single server install.
; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.5 <<>> MyDomain.co.uk any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63440
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 8
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;MyDomain.co.uk. IN ANY
;; ANSWER SECTION:
MyDomain.co.uk. 3600 IN NS phat.MyDomain.local.
MyDomain.co.uk. 3600 IN NS colossal1.MyDomain.local.
MyDomain.co.uk. 3600 IN SOA phat.MyDomain.local. hostmaster.MyDomain.local. 11 900 600 86400 3600
MyDomain.co.uk. 3600 IN MX 50 mail.MyDomain.co.uk.
MyDomain.co.uk. 3600 IN MX 10 colossal1.MyDomain.local.
;; ADDITIONAL SECTION:
phat.MyDomain.local. 3600 IN A 10.0.0.4
phat.MyDomain.local. 3600 IN A 10.1.0.16
phat.MyDomain.local. 3600 IN A 10.1.0.15
phat.MyDomain.local. 3600 IN A 10.3.0.5
colossal1.MyDomain.local. 3600 IN A 10.0.0.3
colossal1.MyDomain.local. 3600 IN A 10.0.0.3
mail.MyDomain.co.uk. 3408 IN A 10.0.0.85
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Oct 10 12:37:35 BST 2015
;; MSG SIZE rcvd: 304
[root@mail ~]#
and Here's the dig mx
root@mail ~]# dig MyDomain.co.uk mx
; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.5 <<>> MyDomain.co.uk mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25496
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;MyDomain.co.uk. IN MX
;; ANSWER SECTION:
MyDomain.co.uk. 3351 IN MX 50 mail.MyDomain.co.uk.
MyDomain.co.uk. 3351 IN MX 10 colossal1.MyDomain.local.
;; ADDITIONAL SECTION:
colossal1.MyDomain.local. 2851 IN A 10.0.0.3
mail.MyDomain.co.uk. 3159 IN A 10.0.0.85
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Oct 10 12:41:44 BST 2015
;; MSG SIZE rcvd: 144
[root@mail ~]#
mail. is the Zimbra server.
I have a niggling doubt in my mind. I configured the service port for the Zimbra domain to be 443 and https. Is that correct (I'd rather use ssl if possible). I've installed an ssl cert.
Thanks again.
Fred
New Install: Problem accessing ZCS upstream server.
No, I haven't configured a split domain. I'm not looking to run both servers in parallel, but to migrate everyone from Exchange to Zimbra and then remove Exchange from the mx records and our mail routing (mail is routed via a spam scanning proxy anyway).
I haven't migrated any accounts yet, I was just trying out the webmail interface before going any further.
I seem to have confused myself!
To answer two of your earlier questions:
Did I install the proxy service? I'm not sure. If it is installed as part of the install script then yes and there's a service called proxy that is running on the server. If is is an extra module that needs separate attention, then no.
Did I install memcached ? same answer, I guess.
Here's the status at the moment.
[zimbra@mail ~]$ zmcontrol status
Host mail.MyDomain.co.uk
amavis Running
antispam Running
antivirus Running
convertd Running
dnscache Running
ldap Running
logger Running
mailbox Running
memcached Running
mta Running
opendkim Running
proxy Running
service webapp Running
snmp Running
spell Running
stats Running
zimbra webapp Running
zimbraAdmin webapp Running
zimlet webapp Running
zmconfigd Running
[zimbra@mail ~]$
I haven't migrated any accounts yet, I was just trying out the webmail interface before going any further.
I seem to have confused myself!
To answer two of your earlier questions:
Did I install the proxy service? I'm not sure. If it is installed as part of the install script then yes and there's a service called proxy that is running on the server. If is is an extra module that needs separate attention, then no.
Did I install memcached ? same answer, I guess.
Here's the status at the moment.
[zimbra@mail ~]$ zmcontrol status
Host mail.MyDomain.co.uk
amavis Running
antispam Running
antivirus Running
convertd Running
dnscache Running
ldap Running
logger Running
mailbox Running
memcached Running
mta Running
opendkim Running
proxy Running
service webapp Running
snmp Running
spell Running
stats Running
zimbra webapp Running
zimbraAdmin webapp Running
zimlet webapp Running
zmconfigd Running
[zimbra@mail ~]$
New Install: Problem accessing ZCS upstream server.
I think this has to do with authentication.
I've reverted to a snapshot of a plain, unconfigured Zimbra and the webmail client worked perfectly (tested with the default admin account). So I'm confident that DNS etc is set up properly.
I worked my way through the tasks again, and checked the webclient at each stage. The webmail worked perfectly until I logged out and tried to log in again. If you log in with a shortcut direct to your inbox, fine. If you logout and return to the login screen, you can't log in again. (same error as before).
Painful.
At least I managed to migrate a user account from Exchange, that worked OK - if slowly. Shame I can't see what the data looks like in Zimbra!
Stuck now, I need to find out how authentication is breaking or it will just do it again. I've got External AD configured and that tests OK. I notice that the migration wizard didn't associate the account I migrated with its AD account for authentication. I've put the user name in the External Authentication/External LDAP account for Authentication: box - no joy atm.
Any replies appreciated! (Including, how do I activate my Premium Support at the weekend? the phones were dead all day).
I've reverted to a snapshot of a plain, unconfigured Zimbra and the webmail client worked perfectly (tested with the default admin account). So I'm confident that DNS etc is set up properly.
I worked my way through the tasks again, and checked the webclient at each stage. The webmail worked perfectly until I logged out and tried to log in again. If you log in with a shortcut direct to your inbox, fine. If you logout and return to the login screen, you can't log in again. (same error as before).
Painful.
At least I managed to migrate a user account from Exchange, that worked OK - if slowly. Shame I can't see what the data looks like in Zimbra!
Stuck now, I need to find out how authentication is breaking or it will just do it again. I've got External AD configured and that tests OK. I notice that the migration wizard didn't associate the account I migrated with its AD account for authentication. I've put the user name in the External Authentication/External LDAP account for Authentication: box - no joy atm.
Any replies appreciated! (Including, how do I activate my Premium Support at the weekend? the phones were dead all day).
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
New Install: Problem accessing ZCS upstream server.
Hi Fred,
You must have a username/password for https://support.zimbra.com, if not please send an email to support@zimbra.com with your Business Details requesting a username for the Support Portal, depending of your Support Level you will have response 24x7 or just from Monday to Friday.
So, one question, are you using then an external AD to authenticate?
Best regards
You must have a username/password for https://support.zimbra.com, if not please send an email to support@zimbra.com with your Business Details requesting a username for the Support Portal, depending of your Support Level you will have response 24x7 or just from Monday to Friday.
So, one question, are you using then an external AD to authenticate?
Best regards
New Install: Problem accessing ZCS upstream server.
Hi Jorge,
yes, I'm trying to use AD to authenticate. I've found that if I revert to internal authentication for the domain (and set a password for the user) - it works.
So, at least I'm happy with the migration that I tried and now I can concentrate on setting up the External AD auth correctly.
I'll register with support now, thank you very much indeed.
Fred
yes, I'm trying to use AD to authenticate. I've found that if I revert to internal authentication for the domain (and set a password for the user) - it works.
So, at least I'm happy with the migration that I tried and now I can concentrate on setting up the External AD auth correctly.
I'll register with support now, thank you very much indeed.
Fred
New Install: Problem accessing ZCS upstream server.
The fix was simple!
I had two auth servers configured.
Server1 and Server2
When Server 2 was in the list, auth suceeded but was slow. With just Server1 in the list, auth was nice and fast and everything worked.
With Server2 only in the list - auth test failed.
Zimbra doesn't seem to like it when two servers are configured for auth and only one is working.
I had two auth servers configured.
Server1 and Server2
When Server 2 was in the list, auth suceeded but was slow. With just Server1 in the list, auth was nice and fast and everything worked.
With Server2 only in the list - auth test failed.
Zimbra doesn't seem to like it when two servers are configured for auth and only one is working.