web interface logout errors

[brtk]

I am running aws setup with many zimbra servers. All mailbox and ldap server are on private subnet and proxy and mta on public subnet. Have a very wired issue and not sure how to troubleshoot. All works fine but when logging out of web interface we get ???remote.CONNECT_FAILURE??? Error. And also when logging out of admin web interface we get internal server error . anyone run into something like this ?

[L. Mark Stone]

I am running aws setup with many zimbra servers. All mailbox and ldap server are on private subnet and proxy and mta on public subnet. Have a very wired issue and not sure how to troubleshoot. All works fine but when logging out of web interface we get ???remote.CONNECT_FAILURE??? Error. And also when logging out of admin web interface we get internal server error . anyone run into something like this ?

I do a lot of Zimbra Hosting on AWS and just got back from the AWS Summit in NYC.

Please let me know what you are doing as regards your Security Groups and Network ACLs, and whether you configured a NAT Gateway for Private Subnet.

Mark

[brtk]

Hi Mark ! We do have NAT setup and private subnet systems can run updates. Access lists are open as per zimbra specifications. Not sure why we get this errors.

[L. Mark Stone]

Hi Mark ! We do have NAT setup and private subnet systems can run updates. Access lists are open as per zimbra specifications. Not sure why we get this errors.

So you configured a NAT Gateway for the mailbox servers in the Private subnet?

What are you doing for private DNS resolution?

What inter-server rules do you have in your Security Group(s)?

Mark

[brtk]

Hi Mark ! We do have NAT setup and private subnet systems can run updates. Access lists are open as per zimbra specifications. Not sure why we get this errors.

So you configured a NAT Gateway for the mailbox servers in the Private subnet?

What are you doing for private DNS resolution?

What inter-server rules do you have in your Security Group(s)?

Mark

Yes , correct NAT configured for private subnets
For DNS we setup private zone in route 53
security between subnets wide open and local rules have ports specified by zimbra open

[L. Mark Stone]

What do you mean by "local rules have ports specified..."

What "local rules"?

Mark

[brtk]

access rules for each vm in AWS words security groups lol. what i am trying to say i don't think port filtering is a problem here. something else is at play here. The exact error message shows and pops up only during logout
???remote.CONNECT_FAILURE???

[L. Mark Stone]

access rules for each vm in AWS words security groups lol. what i am trying to say i don't think port filtering is a problem here. something else is at play here. The exact error message shows and pops up only during logout
???remote.CONNECT_FAILURE???

This thread said the error was due to a listening error: viewtopic.php?t=3935

But, that's for a very old version of Zimbra, before proxy was around. Nonetheless, that same error would make me look at Public Service Hostnames, Ports and Protocols for all of your domains, and for all of your mailbox servers that zimbraMailMode is set to https (assuming you have the default secure interprocess communications configured...)

Basically, I'm guessing that the logout URL is trying port 80 but the config does not allow that. How that happened...

Hope that gives you a few leads to pursue.

All the best,
Mark

[brtk]

Thanks Mark this is great information, will try to research this.

[JDunphy]

A few other ideas to help isolate this.

Use the debugger (developer mode) built into your browser and watch the network traffic. Choose network tab first and then logout... use the built-in explorer to observe and drill down on those errors.
You could also try enabling development mode by adding ?dev=1 after the URL and then logout. https://mail.example.com/zimbra?dev=1 to see if anything stands out in its logging console.

ref: https://wiki.zimbra.com/wiki/ZimletDevSetup