Alex Rhys-Hurn's picture
Alex Rhys-Hurn - Wed, 2009/11/04 - 22:32

EDIT: This topic is being moved here from an email dialogue:

 I have a problem that when I execute the following in the zimbra appliance as root:
 
 /usrlocal/bin/zimbra-conf zimbra.itworx.co.ke Passw0rd
 
 That the script runs but terminates with the following output (last few
 lines for brevity):
 
 * Changed mysql root user password root@localhost
 * Changed zimbra mysql user password
 /opt/zimbra/bin/logmysqladmin -u root
 --password=o9rS2clYUs8Eapx.vvYTCI1J5szs5Ab password
 dd6b7d2901076f517b6db679d3d13c2f
 * Changed mysql root user password
 * Changed mysql root user password root@localhost
 * Changed zimbra mysql user password
 ERROR: account.AUTH_FAILED (authentication failed for zimbra)
 root@zimbra:/usr/local/bin#
 
 I have opened the script with nano, but cannot see any place that may be
 causing this AUTH_FAILED error.
 
 After this the entire Zimbra install is broken and I must re-install
 from scratch.
 
 I hope you may be able to assist me to resolve this.
 
 All the best,
 
 Alex

Alon Has responded as follows:

I have not come across the issue you describe in my testing, so I have a
couple of questions:

    - is the issue reproducible?
    - was zimbra-conf the first thing you did after installing?
        - did you stop/start any other services?
    - did zimbra successfully start before running zimbra-conf?
    - are you using the VM, ISO or EC2 instance?
    - did you setup the DNS records?
    - is networking configured correctly?

I am not sure about this, but it might be caused by the providing the
FQDN zimbra.itworx.co.ke instead of itworx.co.ke, as the script assumes
the FQDN will become mail.DOMAIN_YOU_PROVIDE.

We will probably change this in future, as we should not assume
anything. Anyway, you can change this in the script if you require
zimbra.itworx instead of mail.itworx, but lets first get everything
working.

It would be great if you could try the following:

    - fresh install                 # or live while testing
    - /etc/init.d/zimbra stop       # should not be required though
    - zimbra-conf itworx.co.ke Passw0rd

If you are still having problems, I'll try reproduce the issue myself
and get to the bottom of it.

Forum: 
Support
Alex Rhys-Hurn's picture

Alex Rhys-Hurn - Wed, 2009/11/04 - 22:58

Thank you for the response Alon,

The details I have in response to your questions are as follows:

1: Yes, I can reproduce this every time.
2: I am setting this up as a demo on a subdomain, so zimbra.itworx.co.ke is the correct mail domain. The Hostname is groupware.zimbra.itworx.co.ke and it is pingable and resolvable to 41.215.5.23
3: I am already running a mail server for itworx.co.ke its my main one, and should this trial go ok, Zimbra might move there.
4: I am running the turnkey appliance as a virtual machine on Vmare ESXi. I have taken a snapshot of the machine immediately after the install, when only the IP address has been set statically. I revert to this as a clean install.
5: I am using the iso 2009.10 instance.
6: I have tried to zimbra-conf both before even logging in to zimbra as well as after checking to see that I could log in to the admin area with the default turnkey credentials and also checked the user end too. All webmin and other services are running fine.
7: I agree that you should not assume the mail.FQDN, some people like the choice.
8: I have stopped the Zimbra service as you suggest and then run zimbra-conf itworx.co.ke Passw0rd and I get the same error. Note that I did this both with the zimbra.itworx.co.ke and itworx.co.ke domains. Same problem.

This is a bit of a challenge as the domain resolution will always fail for mail.example.com and so prevent zimbra from processing mail well unless we change this.

I hope you can help me find an answer.

Thanks folks,

Alex

 

Alon Swartz's picture

Alon Swartz - Wed, 2009/11/04 - 23:17
I will have to test this locally and try reproduce it.
BTW, with regards to to DNS resolution, zimbra-conf updates /etc/hosts to work around that, so it shouldn't be a problem.
Alex Rhys-Hurn's picture

Alex Rhys-Hurn - Thu, 2009/11/05 - 08:21

Has anyone else out there been able to reproduce this or had any experience that can help Alon?

Its beyond my skills now.

Cheers!

Alex

Alon Swartz's picture

Alon Swartz - Thu, 2009/11/05 - 15:31

Firstly Alex, thanks for reporting this issue. I am still not sure how it got passed our Q&A, as everything worked as expected during testing.

I successfully confirmed the above described problem. To workaround this issue please add the following lines (bold) before # initialize documents (notebook wiki):

# restart zimbra services for changes to take effect
$ZM_SUDO "$ZM_BIN/zmcontrol stop"
$ZM_SUDO "$ZM_BIN/zmcontrol start"

# initialize documents (notebook wiki)
WIKIUSER=wiki@${DOMAIN}

With regards to using a subdomain different to the default mail, the following change should work:

FQDN=mail.${DOMAIN}         # before
FQDN=groupware.${DOMAIN}    # after

Please report back whether the above helps.

Liraz Siri's picture

Liraz Siri - Fri, 2009/12/04 - 02:59
As we just found out with Ken it's too easy to misapply this workaround. To very frustrating effect. Let's remember Murphy's law - anything that can go wrong will go wrong. We can try to minimize the possibility for human error by providing cut and paste instructions.

For example, instead of telling them to update a particular file at so and so position, it would have been better to create a cut and paste command: 

sed -i '/^# initialize documents/ a\
# restart zimbra services for changes to take effect\
$ZM_SUDO "$ZM_BIN/zmcontrol stop"\
$ZM_SUDO "$ZM_BIN/zmcontrol start"\n' /usr/local/bin/zimbra-conf
All the user needs to do is paste that into the command line. Granted creating a sed command like that might be a bit cumbersome. Maybe it's best to create a patch.

Alex Rhys-Hurn's picture

Alex Rhys-Hurn - Thu, 2009/11/05 - 18:26

Hi Alon,

Thank you for a quick response and solution.

Both parts of your workaround worked exactly as intended. I am now very happy with my appliance and have mails flowing there already.

Can I suggest adding the hint about how to set the hostname for the domain to the main turkey appliance page? Or maybe as a switch to the zimbra-conf command?

All the best and thanks for your help,

Alex

Alon Swartz's picture

Alon Swartz - Thu, 2009/11/05 - 18:50
Glad to hear everything is working. I have updated the appliance page to refer to this thread. When we release a new version it will include this fix, as well as an option to specify a hostname.

If you have any other issues or ideas on how to improve the appliance, drop us a line.
Alon Swartz's picture

Alon Swartz - Fri, 2009/11/13 - 08:51
As mentioned on the appliance page, the login name should include the domain name. So, in your case it would be admin@certified.local
Bob Radvanovsky's picture

Bob Radvanovsky - Thu, 2010/01/07 - 04:48

I went ahead and changed the "/etc/hosts" file to reflect the correct hostname, etc.

(1)  Changed the entry within the "/etc/hostname" from "zimbra" to "xmail".

(2)  Modified the "/etc/hosts" file:

root@xmail:/etc# more hosts
127.0.0.1       localhost xmail.domain.net
127.0.1.1       zimbra
10.32.214.xxx   srvrxxx        srvrxxx.dmz.domain.net
aaa.bbb.ccc.xxx  xmail           xmail.domain.net

Rebooted several times, and finally got it to take the effects.  Now, I've got an increasing number of "Deferred" emails.  Again, I CAN send email OK, just not receive it.

Also, an annoying little @&*$^@ involving the "/etc/resolv.conf" file.  Need to add additional nameservers.  Current nameserver is nameserver for "dmz.domain.net".  Need to add the 3 nameservers for "domain.net".  Any suggestions?

Last, if I have the Zimbra admin port (7071) NAt'd to something else, say "666" (meaning, external port is "666", internal port within DMZ is "7071"), it doesn't seem to work; however, if I keep the ports the same on both external AND internal, it works fine.  Just to be safe, I am adding IP address and MAC restriction ACLs.  This is a POWERFUL utility.

Any help would be mucho appreciato...

 

-rad
 

Bob Radvanovsky's picture

Bob Radvanovsky - Thu, 2010/01/07 - 05:50

After reviewing what happened, I can't figure out which step I messed up on.

OK...here's 'da deal...I've got everything firewalled to a DMZ.  The DMZ has its own DNS (and yes, I checked the entry for the local DMZ IP address).  DMZ does a passthru on DNS as part of the aliasing and port forwarding...

 

-rad

Liraz Siri's picture

Liraz Siri - Thu, 2010/01/07 - 10:56
A few questions: Can the clients who are sending you mail resolve the MX record to your domain? And does it resolve to Zimbra appliance's address? And did you verify that they can connect to that address and you don't have any routing/firewalling issues?
Bob Radvanovsky's picture

Bob Radvanovsky - Thu, 2010/01/07 - 14:56

OK, here's 'da deal with the setup.  I will try and provide a configuration of my network:

Internet                                                            DMZ

ext IP 122.45.167.222           int IP 10.32.214.222

ext NM 255.255.255.240       int NM 255.255.255.0

ext GW 122.45.167.193        int GW 10.32.214.1
             (router)                         (firewall, which is 122.45.167.207)

ext DNS 122.45.167.201       int DNS 10.32.214.2
             122.45.167.202
             122.45.167.203

Current MX records on external DNS is:

MX 0 mail1.domain.net
MX 1 mail2.domain.net

new address will be "mail1a.domain.net", replacing "mail1.domain.net" -- eventually; "mail2.domain.net" is secondary mail server, and will remain a secondary mail server, and will not be replaced.

Typically, servers utilize the internal DMZ DNS.  So for this server, it is "mail1a.dmz.domain.net", external DNS entry was "mail1a.domain.net".  The internal DMZ DNS server is another server (not Zimbra server).

Resolving externally?  Yes.  I was able to access a SSH account from an offsight lcoation, and it corresponded to "mail1a.domain.net".

I don't know what else to say, except that I am familiar with the SuSE/CentOS/Red Hat environment.  This configuration has me all confused.

=============

Second question, what do I do about the "/etc/network/interfaces", the "/etc/resolv.conf", and the "/etc/motd" files reverting back to whatever the server *thinks* it should be (this implies that there is a configuration somewhere else that is overriding the current configuration files).  This is all well and good, but makes for some interesting times, adding to the confusion.  Any ideas as to how to fix this?

Third, when I took a look at the "/etc/hosts" file after the initial build, it read something to the effect of:

127.0.0.1     localhost
127.0.0.1     zimbra

Typically, I would place a few entries within the "/etc/hosts" file to show this.  On the current "mail1a.domain.net" server, my "/etc/hosts" file is reflected this way:

127.0.0.1     localhost
10.32.214.200     mail1a         mail1a.domain.net
122.45.167.200   mail1a         mail1a.domain.net

The "mail1.domain.net" server is runing "sendmail", and is on the lateest and greater version.  This might be that "split DNS" configuration that Zimbra was discussing on their troubleshooting page. 

========================

I think the combination of not knowing how the Zimbra configuration interacts with everyone else, along with a Debian-like environment (as compared to a Red Hat-ish like environment) has caused some confusion.  I've had to revert back to my previous DNS settings (removing "mail1a.domain.net" as the primary MX/MTA, and replacing it back with "mail1.domain.net"), and will try again reloading the turnkey solution and redoing the whole thing from scratch, but this time, testing it out first with "mail1a.domain.net" as the terrtiary mail server, and going from there.

Did any of this help?

Thanks for all your help.

-rad

P.S. The firewall is IPCOP.

Bob Radvanovsky's picture

Bob Radvanovsky - Thu, 2010/01/07 - 17:45

Remember that annoying little feature that I said about the "/etc/resolv.conf", "/etc/network/interfaces" and "/etc/motd" files reverting back to a preconfigured version?  Well..I found out what's causing this...

I am an *OLD* UNIX dude (been working with UNIX since 1978 -- BEFORE the Internet, kiddies...  ;)

I am used to doing things manually and via CLI (called "command-line interface"; non-graphical method, using a serial connection and keyboard, no mouse...ugh).  This is what us "old farts" used back in the days of modems...  ;P

Anywho...the product is called "NetworkManager".  It is an annoyance.  I have sent some seething emails to the Ubuntu development team about this (ahem) "feature".  Nonetheless, here's the scoop on this package:

https://help.ubuntu.com/community/NetworkManager

To turn it OFF, simply type:  /etc/init.d/NetworkManager stop

I'd find methods of ensuring that this forkin' thing doesn't startup, and there are plenty 'o methods from preventing it from starting up...  ;P

Neil Aggarwal's picture

Neil Aggarwal - Thu, 2010/01/07 - 18:29

Does the Zimbra appliance have chkconfig?  That is how I usually tell services not to start.

I guess if it does not, you can remove the startup files for it.  They should be like /etc/rc3.d/S08NetworkManager, etc.

Bob Radvanovsky's picture

Bob Radvanovsky - Fri, 2010/01/15 - 14:26
I have to make due with what I can find, and most applications seem to want to use Java. The problem (IMHO) with Java is that, with a 3 MB application file, you get a 1 GB library suite, requiring a tremendous amount of overhead. Obviously, the trick here is to provide "convenience" over "efficiency", and I suspect that many of these folks have never heard of COBOL or assembler, except us "old farts" (like me).

After trying to dink around with Zimbra, I came the conclusion that there was something better, and that even though it was free...(1) having to wait to sign in for ONE user for up to 10 seconds just to see the login screen, (2) pre-built configurations that I knew nothing about (Ubuntu-isms?), and (3) inconsistent issues with either sending or receiving (and in some weird cases, both sending and receiving) emails, I came to the conclusion what so many have stated in the past: give up.

For those who are looking for a cost-effective way to put together a small SOHO email server, that will RUN on 512 MB of RAM on a 700-800 MHz single-core processor, and require only 10 GB of disk, there ARE "alternatives" to Zimbra.
Neil Aggarwal's picture

Neil Aggarwal - Fri, 2010/01/15 - 17:23 
512 MB of RAM on a 700-800 MHz single-core processor, and require only 10 GB of disk, there ARE "alternatives" to Zimbra

Yes.  I use sendmail.  It is not sexy, but works perfectly.

Alexey's picture

Alexey - Mon, 2010/03/29 - 23:48

Hello.

I'm trying to change zimbra server name from mail.example.com to mail.myserver.com :

zmsetservername -d -o mail.example.com -n mail.myserver.com

bash window returning : 

zimbra@zimbra:/root$ zmsetservername -d -o mail.example.com -n mail.myserver.com                                                                                       
bash: zmsetservername: command not found

thank you in advance.

Alexey's picture

Alexey - Tue, 2010/03/30 - 01:14

I found  that domain name can be changed for zim5 :

zmprov -l rd testold.com testnew.com

but how's to rename server from mail.example.com to  mail.myserver.com ? 

Alexey's picture

Alexey - Mon, 2010/03/29 - 23:49

?

Jeremy Davis's picture

Jeremy Davis - Tue, 2011/08/30 - 10:28

Have you tried researching your problem? This is where I'd start: http://www.google.com/search?q=zimbra+data+is+stale

Failing that, I'd suggest you post on the Zimbra forums!? Also you will probably be more successful if you explain a little more about what is actually happening, rather than just posting a screenshot.

If you have no luck with either of those and need assistance really badly perhaps consider purchasing support (either direct from Zimbra - or from somewhere else).

Add new comment