Page 1 of 1

How to access CardDAV in Zimbra version 8.5 & above ?

Posted: Fri Dec 19, 2014 4:19 pm
by RogerTennet
( p.s. I selected 'text' as my editor format. No idea why this forum software refuses to respect that. So what follows looks terrible, sorry. )

We just upgraded our main Zimbra server from 8.0.7 -> 8.6.0.

Before the upgrade, all our CardDAV clients were able to connect, no problem.

After the upgrade, none of them do.

The Zimbra logs show for example

---
==> nginx.log nginx.access.log


Error 502 Connection to Upstream is Refused


HTTP ERROR 502
Problem accessing ZCS upstream server.
Cannot connect to the ZCS upstream server. Connection is refused.

Possible reasons:

upstream server is unreachable
upstream server is currently being upgraded
upstream server is down

Please contact your ZCS administrator to fix the problem.


Powered by Nginx-Zimbra://

---

I guess we need to change something in configuration somewhere. What to do here?

How to access CardDAV in Zimbra version 8.5 & above ?

Posted: Wed Dec 24, 2014 1:15 pm
by RogerTennet
We tried now with both CardDAV and ZImbra-native clients. All fail in all cases for Zimbra v8.6.0. All work fine for Zimbra

How to access CardDAV in Zimbra version 8.5 & above ?

Posted: Wed Dec 24, 2014 2:02 pm
by RogerTennet
Looking at the Zimbra nginx logs



==> nginx.log <==

2014/12/24 11:51:53 [error] 31951#0: *191 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.115:58130, server: mail.DOMAIN.com.default, request: "POST /service/soap/AuthRequest HTTP/1.1", upstream: "http://192.168.1.64:8080/service/soap/AuthRequest", host: "mail.DOMAIN.com"



==> nginx.access.log <==

192.168.1.115:58130 - - [24/Dec/2014:11:51:53 -0800] "POST /service/soap/AuthRequest HTTP/1.1" 502 1310 "-" "ZCard/Android-v1.0" "192.168.1.64:8080"



I notice the upstream refuses at the URL "http://..."



I thought everything is supposed to be communicating over https://, not http://.



Where can I check that URL and set it to https:// ?

How to access CardDAV in Zimbra version 8.5 & above ?

Posted: Wed Dec 24, 2014 2:30 pm
by RogerTennet
My server is set up with



./libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x https -H `zmhostname`



If I change the mode



https -> http



By doing



./libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x http -H `zmhostname`

zmproxyctl restart



Then all the CardDAV clients start working again in ZImbra 8.6. But then I can't save mail messages to folders mail clients anymore. I get some kind of server error.



So back to



./libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x https -H `zmhostname`



to stay up and running.



But obviously this is involved with the CardDAV clients not working.

How to access CardDAV in Zimbra version 8.5 & above ?

Posted: Sun Dec 28, 2014 12:24 pm
by RogerTennet

I did these tests for 2 client types -- native (ZCard) and CardDAV

ZCard does better than CardDAV "versus" mailmode but neither one works with mailmode=https

client Zimbra v8.0.7 Zimbra v8.0.7 Zimbra v8.0.7 Zimbra v8.6.0 Zimbra v8.6.0 Zimbra v8.6.0
app mode=http mode=redirect mode=https mode=http mode=redirect mode=https
________ _____________ _____________ _____________ _____________ _____________ _____________
ZCard OK OK OK OK OK FAIL
CardDAV OK OK OK FAIL FAIL FAIL

I'm over my head with what's going on here. I'm trying to get to https-only-everywhere in Zimbra.
Not sure what the issue is here with these clients. But I can reproduce it.

I also found out that using the calendar connector in Thuderbird/Lightning the secure link to an ICS calendar will not connect

https://my.MX-DOMAIN.com:8443/home/ME@m ... m/Calendar

in any Zimbra mailmode, 'both', 'redirect' or 'https'.

in 'both' or 'redirect', and 'http', only this link works OK

http://my.MX-DOMAIN.com:8080/home/ME@my ... m/Calendar


How to access CardDAV in Zimbra version 8.5 & above ?

Posted: Sun Dec 28, 2014 3:21 pm
by RogerTennet
I guess I should file this as a bug



https://bugzilla.zimbra.com/show_bug.cgi?id=97106