ZCS Administrator's Guide 8.0.4
ZCS Administrator's Guide 8.0.4
Network Edition


Appendix B Configuring SPNEGO Single Sign-On > Troubleshooting setup

Troubleshooting setup
Make sure the following are true.
*
Check your browser settings, and make sure it is one of the supported browsers/platforms
*
If you are redirected to the error URL specified in zimbraSpnegoAuthErrorURL, that means The SPNEGO authentication sequence does not work.
Take a network trace, make sure the browser sends Authorization header in response to the 401. Make sure the Negotiate is using GSS-API/SPNEGO, not NTLM (use a network packet decoder like Wireshark) .
After verifying that the browser is sending the correct Negotiate, if it still does not work, turn on the following debug and check Zimbra logs:
Then restart the mailbox server.
Browse to the debug snoop page: http://{server}:{port}/spnego/snoop.jsp. See if you can access the snoop.jsp
Check zmmailboxd.out and mailox.log for debug output.
* One of the errors at this stage could be because of clock skew on the jetty server. If this is the case, it should be shown in zmmailboxd.out. Fix the clock skew and try again.
Copyright © 2013 VMware Inc.