web interface logout errors
web interface logout errors
I am running aws setup with many zimbra servers. All mailbox and ldap server are on private subnet and proxy and mta on public subnet. Have a very wired issue and not sure how to troubleshoot. All works fine but when logging out of web interface we get ???remote.CONNECT_FAILURE??? Error. And also when logging out of admin web interface we get internal server error . anyone run into something like this ?
- L. Mark Stone
- Ambassador
- Posts: 2802
- Joined: Wed Oct 09, 2013 11:35 am
- Location: Portland, Maine, US
- ZCS/ZD Version: 10.0.7 Network Edition
- Contact:
Re: web interface logout errors
I do a lot of Zimbra Hosting on AWS and just got back from the AWS Summit in NYC.brtk wrote:I am running aws setup with many zimbra servers. All mailbox and ldap server are on private subnet and proxy and mta on public subnet. Have a very wired issue and not sure how to troubleshoot. All works fine but when logging out of web interface we get ???remote.CONNECT_FAILURE??? Error. And also when logging out of admin web interface we get internal server error . anyone run into something like this ?
Please let me know what you are doing as regards your Security Groups and Network ACLs, and whether you configured a NAT Gateway for Private Subnet.
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
Re: web interface logout errors
Hi Mark ! We do have NAT setup and private subnet systems can run updates. Access lists are open as per zimbra specifications. Not sure why we get this errors.
- L. Mark Stone
- Ambassador
- Posts: 2802
- Joined: Wed Oct 09, 2013 11:35 am
- Location: Portland, Maine, US
- ZCS/ZD Version: 10.0.7 Network Edition
- Contact:
Re: web interface logout errors
So you configured a NAT Gateway for the mailbox servers in the Private subnet?brtk wrote:Hi Mark ! We do have NAT setup and private subnet systems can run updates. Access lists are open as per zimbra specifications. Not sure why we get this errors.
What are you doing for private DNS resolution?
What inter-server rules do you have in your Security Group(s)?
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
Re: web interface logout errors
Yes , correct NAT configured for private subnetsL. Mark Stone wrote:So you configured a NAT Gateway for the mailbox servers in the Private subnet?brtk wrote:Hi Mark ! We do have NAT setup and private subnet systems can run updates. Access lists are open as per zimbra specifications. Not sure why we get this errors.
What are you doing for private DNS resolution?
What inter-server rules do you have in your Security Group(s)?
Mark
For DNS we setup private zone in route 53
security between subnets wide open and local rules have ports specified by zimbra open
- L. Mark Stone
- Ambassador
- Posts: 2802
- Joined: Wed Oct 09, 2013 11:35 am
- Location: Portland, Maine, US
- ZCS/ZD Version: 10.0.7 Network Edition
- Contact:
Re: web interface logout errors
What do you mean by "local rules have ports specified..."
What "local rules"?
Mark
What "local rules"?
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
Re: web interface logout errors
access rules for each vm in AWS words security groups lol. what i am trying to say i don't think port filtering is a problem here. something else is at play here. The exact error message shows and pops up only during logout
???remote.CONNECT_FAILURE???
???remote.CONNECT_FAILURE???
- L. Mark Stone
- Ambassador
- Posts: 2802
- Joined: Wed Oct 09, 2013 11:35 am
- Location: Portland, Maine, US
- ZCS/ZD Version: 10.0.7 Network Edition
- Contact:
Re: web interface logout errors
This thread said the error was due to a listening error: viewtopic.php?t=3935brtk wrote:access rules for each vm in AWS words security groups lol. what i am trying to say i don't think port filtering is a problem here. something else is at play here. The exact error message shows and pops up only during logout
???remote.CONNECT_FAILURE???
But, that's for a very old version of Zimbra, before proxy was around. Nonetheless, that same error would make me look at Public Service Hostnames, Ports and Protocols for all of your domains, and for all of your mailbox servers that zimbraMailMode is set to https (assuming you have the default secure interprocess communications configured...)
Basically, I'm guessing that the logout URL is trying port 80 but the config does not allow that. How that happened...
Hope that gives you a few leads to pursue.
All the best,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
Re: web interface logout errors
Thanks Mark this is great information, will try to research this.
- JDunphy
- Outstanding Member
- Posts: 899
- Joined: Fri Sep 12, 2014 11:18 pm
- Location: Victoria, BC
- ZCS/ZD Version: 9.0.0_P39 NETWORK Edition
Re: web interface logout errors
A few other ideas to help isolate this.
Use the debugger (developer mode) built into your browser and watch the network traffic. Choose network tab first and then logout... use the built-in explorer to observe and drill down on those errors.
You could also try enabling development mode by adding ?dev=1 after the URL and then logout. https://mail.example.com/zimbra?dev=1 to see if anything stands out in its logging console.
ref: https://wiki.zimbra.com/wiki/ZimletDevSetup
Use the debugger (developer mode) built into your browser and watch the network traffic. Choose network tab first and then logout... use the built-in explorer to observe and drill down on those errors.
You could also try enabling development mode by adding ?dev=1 after the URL and then logout. https://mail.example.com/zimbra?dev=1 to see if anything stands out in its logging console.
ref: https://wiki.zimbra.com/wiki/ZimletDevSetup