web interface logout errors

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
brtk
Posts: 15
Joined: Fri Jul 12, 2019 12:45 pm
Location: Toronto
Contact:

web interface logout errors

Postby brtk » Fri Jul 12, 2019 12:54 pm

I am running aws setup with many zimbra servers. All mailbox and ldap server are on private subnet and proxy and mta on public subnet. Have a very wired issue and not sure how to troubleshoot. All works fine but when logging out of web interface we get ???remote.CONNECT_FAILURE??? Error. And also when logging out of admin web interface we get internal server error . anyone run into something like this ?


User avatar
L. Mark Stone
Elite member
Elite member
Posts: 2049
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.8.12 Network Edition
Contact:

Re: web interface logout errors

Postby L. Mark Stone » Fri Jul 12, 2019 2:56 pm

brtk wrote:I am running aws setup with many zimbra servers. All mailbox and ldap server are on private subnet and proxy and mta on public subnet. Have a very wired issue and not sure how to troubleshoot. All works fine but when logging out of web interface we get ???remote.CONNECT_FAILURE??? Error. And also when logging out of admin web interface we get internal server error . anyone run into something like this ?


I do a lot of Zimbra Hosting on AWS and just got back from the AWS Summit in NYC.

Please let me know what you are doing as regards your Security Groups and Network ACLs, and whether you configured a NAT Gateway for Private Subnet.

Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/
brtk
Posts: 15
Joined: Fri Jul 12, 2019 12:45 pm
Location: Toronto
Contact:

Re: web interface logout errors

Postby brtk » Mon Jul 15, 2019 1:13 pm

Hi Mark ! We do have NAT setup and private subnet systems can run updates. Access lists are open as per zimbra specifications. Not sure why we get this errors.
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 2049
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.8.12 Network Edition
Contact:

Re: web interface logout errors

Postby L. Mark Stone » Mon Jul 15, 2019 1:27 pm

brtk wrote:Hi Mark ! We do have NAT setup and private subnet systems can run updates. Access lists are open as per zimbra specifications. Not sure why we get this errors.


So you configured a NAT Gateway for the mailbox servers in the Private subnet?

What are you doing for private DNS resolution?

What inter-server rules do you have in your Security Group(s)?

Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/
brtk
Posts: 15
Joined: Fri Jul 12, 2019 12:45 pm
Location: Toronto
Contact:

Re: web interface logout errors

Postby brtk » Mon Jul 15, 2019 4:10 pm

L. Mark Stone wrote:
brtk wrote:Hi Mark ! We do have NAT setup and private subnet systems can run updates. Access lists are open as per zimbra specifications. Not sure why we get this errors.


So you configured a NAT Gateway for the mailbox servers in the Private subnet?

What are you doing for private DNS resolution?

What inter-server rules do you have in your Security Group(s)?

Mark


Yes , correct NAT configured for private subnets
For DNS we setup private zone in route 53
security between subnets wide open and local rules have ports specified by zimbra open
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 2049
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.8.12 Network Edition
Contact:

Re: web interface logout errors

Postby L. Mark Stone » Mon Jul 15, 2019 5:28 pm

What do you mean by "local rules have ports specified..."

What "local rules"?

Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/
brtk
Posts: 15
Joined: Fri Jul 12, 2019 12:45 pm
Location: Toronto
Contact:

Re: web interface logout errors

Postby brtk » Mon Jul 15, 2019 7:10 pm

access rules for each vm in AWS words security groups lol. what i am trying to say i don't think port filtering is a problem here. something else is at play here. The exact error message shows and pops up only during logout
???remote.CONNECT_FAILURE???
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 2049
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.8.12 Network Edition
Contact:

Re: web interface logout errors

Postby L. Mark Stone » Mon Jul 15, 2019 10:36 pm

brtk wrote:access rules for each vm in AWS words security groups lol. what i am trying to say i don't think port filtering is a problem here. something else is at play here. The exact error message shows and pops up only during logout
???remote.CONNECT_FAILURE???


This thread said the error was due to a listening error: viewtopic.php?t=3935

But, that's for a very old version of Zimbra, before proxy was around. Nonetheless, that same error would make me look at Public Service Hostnames, Ports and Protocols for all of your domains, and for all of your mailbox servers that zimbraMailMode is set to https (assuming you have the default secure interprocess communications configured...)

Basically, I'm guessing that the logout URL is trying port 80 but the config does not allow that. How that happened...

Hope that gives you a few leads to pursue.

All the best,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/
brtk
Posts: 15
Joined: Fri Jul 12, 2019 12:45 pm
Location: Toronto
Contact:

Re: web interface logout errors

Postby brtk » Tue Jul 16, 2019 5:20 pm

Thanks Mark this is great information, will try to research this.
User avatar
JDunphy
Outstanding Member
Outstanding Member
Posts: 482
Joined: Fri Sep 12, 2014 11:18 pm
Location: Victoria, BC
ZCS/ZD Version: 8.7.11_P14 RHEL6 Network Edition
Contact:

Re: web interface logout errors

Postby JDunphy » Tue Jul 16, 2019 6:56 pm

A few other ideas to help isolate this.

Use the debugger (developer mode) built into your browser and watch the network traffic. Choose network tab first and then logout... use the built-in explorer to observe and drill down on those errors.
You could also try enabling development mode by adding ?dev=1 after the URL and then logout. https://mail.example.com/zimbra?dev=1 to see if anything stands out in its logging console.

ref: https://wiki.zimbra.com/wiki/ZimletDevSetup

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 7 guests