Page 1 of 1

New Install: Problem accessing ZCS upstream server.

Posted: Sat Oct 10, 2015 5:50 am
by FredKarno

Hi folks,


I've just started migrating from Exchange 2007 to Zimbra 8.6 on CentOS 7.5 and I've run into this issue. All services are running, I can get to the admin page of the Web GUI just fine. I was working through the installation tasks and set up a test account then tried to access the webmail. The login screen appears just fine, but after logging in I get a long wait followed by the time out message below. I've tried the test account and my admin account - same result. I've disabled SELinux on the server and I'm stumped! This didn't happen when I installed a test server with an evaluation license last year (Sadly, I've deleted that VM now).


Could anyone shed some light?


BTW, this is the licensed version.


thanks.


HTTP ERROR 504


Problem accessing ZCS upstream server. Reason: Cannot connect to the ZCS upstream server. Connection timeout.
Possible reasons:



  • upstream server is blocked by a firewall

  • upstream server is failing to send back the response in time

  • upstream server is down


Please contact your ZCS administrator to fix the problem.
Powered by Nginx-Zimbra://


New Install: Problem accessing ZCS upstream server.

Posted: Sat Oct 10, 2015 6:01 am
by jorgedlcruz

Hi Fred,


Did you manage to read the next article?



Did you install all services, proxy and memcached? Do you have all the DNS properly configured?



Best regards


New Install: Problem accessing ZCS upstream server.

Posted: Sat Oct 10, 2015 6:23 am
by FredKarno
OK, thanks for the replies :)

I'm behind a firewall, but it shouldn't be getting between me and the Zimbra server - we're both on the same subnet.

DNS is being handled by a W2008 server which is running AD. I've set up a hairpin DNS on the firewall and local entries on the 08 server so mail.mydomain resolves fine.

I'm working through the article above, my hosts file looks off (I've already modified it to remove IPv6 because that caused another error) so I'll check it out. I'm confused that the admin pages work but the webmail ones don't, I had assumed (!) that they work on the same routes.

I'll be back!

thanks again.

Fred

New Install: Problem accessing ZCS upstream server.

Posted: Sat Oct 10, 2015 6:44 am
by FredKarno
Here's the Dig any for MyDomain. I'm not sure why Phat is advertising iSCSI connections, but hey.

There are two MX because I've still got the exchange server running. Is that likely to be a problem? I'm only using a single server install.



; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.5 <<>> MyDomain.co.uk any

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63440

;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 8



;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;MyDomain.co.uk. IN ANY



;; ANSWER SECTION:

MyDomain.co.uk. 3600 IN NS phat.MyDomain.local.

MyDomain.co.uk. 3600 IN NS colossal1.MyDomain.local.

MyDomain.co.uk. 3600 IN SOA phat.MyDomain.local. hostmaster.MyDomain.local. 11 900 600 86400 3600

MyDomain.co.uk. 3600 IN MX 50 mail.MyDomain.co.uk.

MyDomain.co.uk. 3600 IN MX 10 colossal1.MyDomain.local.



;; ADDITIONAL SECTION:

phat.MyDomain.local. 3600 IN A 10.0.0.4

phat.MyDomain.local. 3600 IN A 10.1.0.16

phat.MyDomain.local. 3600 IN A 10.1.0.15

phat.MyDomain.local. 3600 IN A 10.3.0.5

colossal1.MyDomain.local. 3600 IN A 10.0.0.3

colossal1.MyDomain.local. 3600 IN A 10.0.0.3

mail.MyDomain.co.uk. 3408 IN A 10.0.0.85



;; Query time: 1 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Sat Oct 10 12:37:35 BST 2015

;; MSG SIZE rcvd: 304



[root@mail ~]#

and Here's the dig mx



root@mail ~]# dig MyDomain.co.uk mx



; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.5 <<>> MyDomain.co.uk mx

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25496

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3



;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;MyDomain.co.uk. IN MX



;; ANSWER SECTION:

MyDomain.co.uk. 3351 IN MX 50 mail.MyDomain.co.uk.

MyDomain.co.uk. 3351 IN MX 10 colossal1.MyDomain.local.



;; ADDITIONAL SECTION:

colossal1.MyDomain.local. 2851 IN A 10.0.0.3

mail.MyDomain.co.uk. 3159 IN A 10.0.0.85



;; Query time: 0 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Sat Oct 10 12:41:44 BST 2015

;; MSG SIZE rcvd: 144



[root@mail ~]#



mail. is the Zimbra server.

I have a niggling doubt in my mind. I configured the service port for the Zimbra domain to be 443 and https. Is that correct (I'd rather use ssl if possible). I've installed an ssl cert.



Thanks again.

Fred

New Install: Problem accessing ZCS upstream server.

Posted: Sat Oct 10, 2015 7:27 am
by FredKarno
No, I haven't configured a split domain. I'm not looking to run both servers in parallel, but to migrate everyone from Exchange to Zimbra and then remove Exchange from the mx records and our mail routing (mail is routed via a spam scanning proxy anyway).

I haven't migrated any accounts yet, I was just trying out the webmail interface before going any further.



I seem to have confused myself!



To answer two of your earlier questions:

Did I install the proxy service? I'm not sure. If it is installed as part of the install script then yes and there's a service called proxy that is running on the server. If is is an extra module that needs separate attention, then no.

Did I install memcached ? same answer, I guess.



Here's the status at the moment.





[zimbra@mail ~]$ zmcontrol status

Host mail.MyDomain.co.uk

amavis Running

antispam Running

antivirus Running

convertd Running

dnscache Running

ldap Running

logger Running

mailbox Running

memcached Running

mta Running

opendkim Running

proxy Running

service webapp Running

snmp Running

spell Running

stats Running

zimbra webapp Running

zimbraAdmin webapp Running

zimlet webapp Running

zmconfigd Running

[zimbra@mail ~]$

New Install: Problem accessing ZCS upstream server.

Posted: Sat Oct 10, 2015 12:28 pm
by FredKarno
I think this has to do with authentication.

I've reverted to a snapshot of a plain, unconfigured Zimbra and the webmail client worked perfectly (tested with the default admin account). So I'm confident that DNS etc is set up properly.



I worked my way through the tasks again, and checked the webclient at each stage. The webmail worked perfectly until I logged out and tried to log in again. If you log in with a shortcut direct to your inbox, fine. If you logout and return to the login screen, you can't log in again. (same error as before).



Painful.



At least I managed to migrate a user account from Exchange, that worked OK - if slowly. Shame I can't see what the data looks like in Zimbra! :)

Stuck now, I need to find out how authentication is breaking or it will just do it again. I've got External AD configured and that tests OK. I notice that the migration wizard didn't associate the account I migrated with its AD account for authentication. I've put the user name in the External Authentication/External LDAP account for Authentication: box - no joy atm.



Any replies appreciated! (Including, how do I activate my Premium Support at the weekend? the phones were dead all day).

New Install: Problem accessing ZCS upstream server.

Posted: Sat Oct 10, 2015 12:57 pm
by jorgedlcruz
Hi Fred,

You must have a username/password for https://support.zimbra.com, if not please send an email to support@zimbra.com with your Business Details requesting a username for the Support Portal, depending of your Support Level you will have response 24x7 or just from Monday to Friday.



So, one question, are you using then an external AD to authenticate?



Best regards

New Install: Problem accessing ZCS upstream server.

Posted: Sat Oct 10, 2015 1:01 pm
by FredKarno
Hi Jorge,

yes, I'm trying to use AD to authenticate. I've found that if I revert to internal authentication for the domain (and set a password for the user) - it works.

So, at least I'm happy with the migration that I tried :) and now I can concentrate on setting up the External AD auth correctly.



I'll register with support now, thank you very much indeed.

Fred

New Install: Problem accessing ZCS upstream server.

Posted: Mon Oct 12, 2015 9:12 am
by FredKarno
The fix was simple!



I had two auth servers configured.



Server1 and Server2

When Server 2 was in the list, auth suceeded but was slow. With just Server1 in the list, auth was nice and fast and everything worked.

With Server2 only in the list - auth test failed.



Zimbra doesn't seem to like it when two servers are configured for auth and only one is working.