[SOLVED] After upgrade - no view email for admin.

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
Tadls
Posts: 5
Joined: Fri Mar 12, 2021 10:14 am

[SOLVED] After upgrade - no view email for admin.

Post by Tadls »

Hello everybody. I have two same servers (except users, domain etc.) Zimbra version 8.8.15_GA_4203.FOSS, Ubu 16.04.7. One I just updated to version 8.8.15_GA_4272.FOSS.
I can't use the "view email" as admin on the newer one now, there comes normal "login form".
If you follow the HTML stream with TCPDump/Wireshark, you can find some differences:

OLD (working):

Code: Select all

GET /service/preauth?authtoken=0_13c11dcfcf90aac69dd62e6fb4beb71ab7ad3787_69643d33363a35383932643766312d316636392d343266642d383165342d3834646663623061613530353b6578703d31333a313635323639313836333633343b6169643d33363a34613036333731342d353366332d346630612d623863382d3436396633383636363163323b76763d313a303b747970653d363a7a696d6272613b753d313a613b7469643d393a3932383731343533343b76657273696f6e3d31343a382e382e31355f47415f333836393b&isredirect=1&adminPreAuth=1 HTTP/1.1
Host: 192.168.23.3:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Date: Mon, 16 May 2022 08:04:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Set-Cookie: ZM_AUTH_TOKEN=0_0c70a3397b9e46aee7dbb2a381d21cd5c930cfdc_69643d33363a35383932643766312d316636392d343266642d383165342d3834646663623061613530353b6578703d31333a313635323639313836333633343b6169643d33363a34613036333731342d353366332d346630612d623863382d3436396633383636363163323b76763d313a303b747970653d363a7a696d6272613b753d313a613b7469643d31303a313834343230323435313b76657273696f6e3d31343a382e382e31355f47415f333836393b;Path=/;HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://192.168.23.3:8080/zimbra/mail?adminPreAuth=1
Content-Length: 0

GET /zimbra/mail?adminPreAuth=1 HTTP/1.1
Host: 192.168.23.3:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: ZM_AUTH_TOKEN=0_0c70a3397b9e46aee7dbb2a381d21cd5c930cfdc_69643d33363a35383932643766312d316636392d343266642d383165342d3834646663623061613530353b6578703d31333a313635323639313836333633343b6169643d33363a34613036333731342d353366332d346630612d623863382d3436396633383636363163323b76763d313a303b747970653d363a7a696d6272613b753d313a613b7469643d31303a313834343230323435313b76657273696f6e3d31343a382e382e31355f47415f333836393b
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2022 08:04:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Expires: Tue, 24 Jan 2000 17:46:50 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html;charset=utf-8
Content-Language: de
Set-Cookie: ZM_LOGIN_CSRF=;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0
Set-Cookie: JSESSIONID=node0ngbvggq0gs9k7kj1zvzurn3f743.node0;Path=/
X-UA-Compatible: IE=edge
Vary: Accept-Encoding, User-Agent
Content-Encoding: gzip
Transfer-Encoding: chunked

<!DOCTYPE html>
<!--
    For supporting web client offline mode in Firefox, Cache-control header has to be set for this page for offline usage. overrideCacheControl attribute is set in the session in offline.jsp
-->
<html class="user_font_size_normal" lang="de">
<head>
<!--
 launchZCS.jsp
 * ***** BEGIN LICENSE BLOCK *****
 <CUT>
 

NEW (doesn't work):

Code: Select all

GET /service/preauth?authtoken=0_1594f561e6b1c9405a25ee815867f8a048eb9d3c_69643d33363a61306265643161632d343364332d343339642d613131622d3564393737613963333735633b6578703d31333a313635323639323031343738353b6169643d33363a61393139383131642d656562312d346137362d616435662d6531333465363263303536643b747970653d363a7a696d6272613b753d313a613b7469643d31303a313537343839323436323b76657273696f6e3d31343a382e382e31355f47415f333836393b&isredirect=1&adminPreAuth=1 HTTP/1.1
Host: 192.168.43.8:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Date: Mon, 16 May 2022 08:06:55 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Set-Cookie: ZM_AUTH_TOKEN=0_98c2d8d09a1c27902266759ce771d849772b3e76_69643d33363a61306265643161632d343364332d343339642d613131622d3564393737613963333735633b6578703d31333a313635323639323031343738353b6169643d33363a61393139383131642d656562312d346137362d616435662d6531333465363263303536643b747970653d363a7a696d6272613b753d313a613b7469643d31303a313434393634323334323b76657273696f6e3d31343a382e382e31355f47415f333836393b;Path=/;SameSite=Strict;;Secure;HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://192.168.43.8:8080/zimbra/mail?adminPreAuth=1
Content-Length: 0

GET /zimbra/mail?adminPreAuth=1 HTTP/1.1
Host: 192.168.43.8:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2022 08:06:55 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Expires: -1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html;charset=utf-8
Content-Language: de
Set-Cookie: ZM_TEST=true
Set-Cookie: ZM_LOGIN_CSRF=acd3e859-07da-429c-aab7-071ce932de71;HttpOnly
Vary: User-Agent
X-UA-Compatible: IE=edge
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked

<!DOCTYPE html>
<!-- set this class so CSS definitions that now use REM size, would work relative to this.
	Since now almost everything is relative to one of the 2 absolute font size classese -->
<html class="user_font_size_normal" lang="de">
<head>
<!--
 login.jsp
 * ***** BEGIN LICENSE BLOCK *****
 <CUT>
 
I tried to remove the new parameters in ZM_AUTH_TOKEN (SameSite=Strict;Secure), but only managed "SameSite=None". Without change. How can I remove both of them completely?

The time is synchronized to the second on both servers and the whole network(s)

Other browsers - same behavior (so it's not Firefox).

I would like to know what happened there, why and how to get it running again.

Thanks in advance.
Greets.
Tadeusz
Last edited by Tadls on Mon May 16, 2022 11:51 am, edited 1 time in total.
Klug
Ambassador
Ambassador
Posts: 2747
Joined: Mon Dec 16, 2013 11:35 am
Location: France - Drôme
ZCS/ZD Version: All of them
Contact:

Re: After upgrade - no view email for admin.

Post by Klug »

Check this thread: viewtopic.php?f=15&t=70591
Tadls
Posts: 5
Joined: Fri Mar 12, 2021 10:14 am

Re: After upgrade - no view email for admin.

Post by Tadls »

Thank you well.
The correct procedure in four steps:

Code: Select all

zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect
zmproxyctl restart
zmlocalconfig -e zimbra_same_site_cookie=""
zmmailboxdctl restart
Thanks again.
dhcmega
Posts: 1
Joined: Mon Aug 26, 2019 2:21 pm

Re: [SOLVED] After upgrade - no view email for admin.

Post by dhcmega »

hi!
Do I have to run this as root or zimbra?

Code: Select all

zimbra@zmail:~$ zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect
ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)
thanks
User avatar
ronstra
Zimbra Employee
Zimbra Employee
Posts: 11
Joined: Wed Dec 01, 2021 5:28 pm
Location: Buffalo, NY
ZCS/ZD Version: ZoK

Re: [SOLVED] After upgrade - no view email for admin.

Post by ronstra »

dhcmega wrote: Mon Mar 20, 2023 7:06 pm Do I have to run this as root or zimbra?

Code: Select all

zimbra@zmail:~$ zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect
ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)
You run it as the zimbra user, but your Zimbra isn't running. Try a `zmcontrol restart`.
--
Ron Straight
Sr Software Engineer / Zimbra / Synacor
Post Reply