Every "first" webUI login fails

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
m.stg
Posts: 3
Joined: Mon Nov 05, 2018 9:27 am

Every "first" webUI login fails

Post by m.stg »

Hello,

I have Zimbra 8.8.8_GA_3025.NETWORK running on a CentOS 7 server. The only problem I am aware of is that every first login fails no matter what browser is used. When trying to login a message appears above the text fields with an error symbol. It says (I translated it for now) "An unknown error occurred". But only on the first try in a clean browser session. If I try to login just after the error occurred it works.

Example timeline:
1. open browser
2. call <url>
3. try login -> fails
4. try login -> success
--- some time later
5. logout
6. try login -> success
--- some time later
7. logout
8. close tab
9. open tab, call <url>
10. try login -> success
--- some time later
11. close tab
12. close browser
13. open browser
14. call <url>
15. try login -> fails
16. try login -> success

So when one login was successful every other login now works as long as I do not close the browser. If I close it the login will fail again. Or in other words I can loop through point 11 - 16 and it will always be the same. The logs on the server do not say much but maybe I am missing something here.

# tail -n 0 -f /opt/zimbra/log/*.log

Code: Select all

==> activity.log <==

==> audit.log <==

==> clamd.log <==

==> ews.log <==

==> freshclam.log <==

==> gc.log <==

==> mailbox.log <==

==> myslow.log <==

==> mysql_error.log <==

==> nginx.access.log <==

==> nginx.log <==

==> searchstat.log <==

==> spamtrain.log <==

==> sqlMigration.log <==

==> sync.log <==

==> syncstate.log <==

==> synctrace.log <==

==> wbxml.log <==

==> zmconfigd-audit.log <==

==> zmconfigd-log4j.log <==

==> zmsetup.20180203-231948.log <==

==> zmsetup.20180204-001307.log <==

==> zmsetup.20180516-121000.log <==

==> mailbox.log <==
2018-11-05 10:45:02,953 INFO  [qtp1286783232-116985:https:https://localhost:7071/service/admin/soap/GetDomainInfoRequest] [ua=ZCS/8.8.8_GA_3025;soapId=2279232e;] soap - GetDomainInfoRequest elapsed=0

==> nginx.access.log <==
87.191.160.95:54706 - - [05/Nov/2018:10:45:02 +0100]  "POST https://<url>/zimbra/ HTTP/1.1" 200 5569 "<url>/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "<public_ip>:8443" "<public_ip>:443"
These are the only new entries after I clicked the login button. It's pretty strange and every user on the system are having these issues. Any ideas how to debug this?
User avatar
pup_seba
Outstanding Member
Outstanding Member
Posts: 687
Joined: Sat Sep 13, 2014 2:43 am
Location: Tarragona - Spain
Contact:

Re: Every "first" webUI login fails

Post by pup_seba »

Sounds like a DNS problem to me, right? Does the error also happens if you try to connect directly to the ip instead of the fqdn of the server?

What's the output of `zmprov gas`. From that server list, what role each server has enabled? (store, ldap, proxy, mta, etc...)
m.stg
Posts: 3
Joined: Mon Nov 05, 2018 9:27 am

Re: Every "first" webUI login fails

Post by m.stg »

pup_seba wrote:Sounds like a DNS problem to me, right? Does the error also happens if you try to connect directly to the ip instead of the fqdn of the server?
Seems you are right. When I use the IP directly I can login just fine.
pup_seba wrote:What's the output of `zmprov gas`. From that server list, what role each server has enabled? (store, ldap, proxy, mta, etc...)
`zmprov gas` just lists the normal server URL and nothing else. It's also a single server installation. The adminUI shows that everything is enabled for that server. At least everything has a green checkmark in front of it.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Every "first" webUI login fails

Post by phoenix »

I'd suggest you go to the Split DNS wiki article and run all the commands in the 'Verify....' section of that article and post the output here, please do it even if you're not behind a NAT router or firewall (which is when a Split DNS is needed).
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
User avatar
pup_seba
Outstanding Member
Outstanding Member
Posts: 687
Joined: Sat Sep 13, 2014 2:43 am
Location: Tarragona - Spain
Contact:

Re: Every "first" webUI login fails

Post by pup_seba »

So now we need to understand why with IP works and with FQDN it will fail half of the times. If I had to guess, I would say that you either have a duplicate IP in your network, a duplicated entry in your DNS or a Round Robin configured for that FQDN.

Can you "ping" that FQDN several times to see what IP addresses respond to it? Also, make sure you "flush" your computer dns cache to make the tests. Final test would be to turn off your zimbra (or cut its network access) and ping its FQDN to see if it responds...this would be to find duplicated IPs.

Maybe the error is in the zimbra server resolution itself...but I guess that first things to try are the ones I'm telling you here.

Let us know how it goes.
m.stg
Posts: 3
Joined: Mon Nov 05, 2018 9:27 am

Re: Every "first" webUI login fails

Post by m.stg »

OK, now I am confused. It was working yesterday with just the IP multiple times but today I also get the error using the IP.

It's also a dedicated server running in a data center so I can't pull any plugs. :D The overall DNS is handled via the data center. There is no round-robin or something like that that I am aware of. There should also no duplicate IP. I could try shutting it down but that could take some time (weekend or so) since the system is in use most of the time.

But even if it happens with the IP now I will still post the results (exchanged the domain name and ip but they are the correct ones):

$ dig mydomain.com mx

Code: Select all

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> mydomain.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63424
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mydomain.com.			IN	MX

;; ANSWER SECTION:
mydomain.com.		86400	IN	MX	10 mail.mydomain.com.

;; AUTHORITY SECTION:
mydomain.com.		38259	IN	NS	robotns3.second-ns.com.
mydomain.com.		38259	IN	NS	ns1.first-ns.de.
mydomain.com.		38259	IN	NS	robotns2.second-ns.de.

;; ADDITIONAL SECTION:
mail.mydomain.com.		549	IN	A	11.22.33.44

;; Query time: 12 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mi Nov 07 09:49:18 CET 2018
;; MSG SIZE  rcvd: 169
$ dig mydomain.com any

Code: Select all

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> mydomain.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25632
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mydomain.com.			IN	ANY

;; ANSWER SECTION:
mydomain.com.		38221	IN	A	11.22.33.44
mydomain.com.		86362	IN	MX	10 mail.mydomain.com.
mydomain.com.		38221	IN	NS	ns1.first-ns.de.
mydomain.com.		38221	IN	NS	robotns2.second-ns.de.
mydomain.com.		38221	IN	NS	robotns3.second-ns.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mi Nov 07 09:49:56 CET 2018
;; MSG SIZE  rcvd: 169
$ host $(hostname)

Code: Select all

mail.mydomain.com has address 11.22.33.44
$ cat /etc/resolv.conf

Code: Select all

nameserver 127.0.0.1
# Generated by NetworkManager
search mydomain.com
nameserver 213.133.99.99
$ cat /etc/hosts

Code: Select all

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
11.22.33.44 mail.mydomain.com mail
It would be all easier if it would not just be "an unknown error".
Lindworm
Posts: 5
Joined: Thu Jun 12, 2014 4:07 am

Re: Every "first" webUI login fails

Post by Lindworm »

I found this because I made the same translation (from german) of the error message.

But the English error message is "An unknown error has occurred". With this message you will find a solution. I answer for others who might find this thread with a wrong translation.

viewtopic.php?t=68182

The failed login happens on "/". After that it redirects you to "/zimbra" and the login will work.

Code: Select all

zmprov gs `zmhostname` zimbraMailURL

Code: Select all

zmprov ms `zmhostname` zimbraMailURL /
zmmailboxdctl restart
Post Reply