Zimbra Admin Interface issue

[Jack_Redington]

Hi Friends/Admins


I am new to zimbra , have a query here it goes.

#I installed zimbra version
(Release 7.1.0_GA_3140.RHEL5_64_20110329150833 CentOS5_64 FOSS edition)

on machine
2.6.18-128.1.10.el5.xs5.5.0.51xen x86_64 GNU/Linux


Installation went superfine
even i can send mails out

# zmcontrol status
Host bizom
antispam Running
antivirus Running
ldap Running
logger Running
mailbox Running
mta Running
snmp Running
spell Running
stats Running
zmconfigd Running


#the normal user interface is working fine on
HTTP://XX.XX.XX.XX

#Issue is
the admin interface is NOT working on
HTTPS://XX.XX.XX.XX:7071

#nmap localhost gives output like
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
143/tcp open imap
465/tcp open smtps
587/tcp open submission
631/tcp open ipp
838/tcp open unknown
993/tcp open imaps
995/tcp open pop3s

****Missing is 443 HTTPS*****

#My machine haves a inet6 interface with a ipv4 configured
and i have google it and found that ZIMBRA does not suppot ipv6?
Please correct me If i am wrong, SHow some light on this
Here is Bug Report on the same-->
Reffer
Bug 13161 – IPv6 support

############################
Services Listening on IPV4
##############################

portmap 1479 rpc 3u IPv4 3213 UDP *:sunrpc
portmap 1479 rpc 4u IPv4 3214 TCP *:sunrpc

(LISTEN)
rpc.statd 1504 root 3u IPv4 3317 UDP *:835
rpc.statd 1504 root 6u IPv4 3303 UDP *:832
rpc.statd 1504 root 7u IPv4 3335 TCP *:838

(LISTEN)
hpiod 1852 root 0u IPv4 3902 TCP

localhost.localdomain:2208 (LISTEN)
python 1857 root 4u IPv4 3920 TCP

localhost.localdomain:2207 (LISTEN)
cupsd 1916 root 4u IPv4 4043 TCP

localhost.localdomain:ipp (LISTEN)
cupsd 1916 root 6u IPv4 4046 UDP *:ipp
avahi-dae 2058 avahi 13u IPv4 4308 UDP *:mdns
avahi-dae 2058 avahi 15u IPv4 4310 UDP *:33520
slapd 2222 zimbra 7u IPv4 5035 TCP

bizcom:ldap (LISTEN)
zmlogger 3307 zimbra 3u IPv4 6108 TCP

localhost.localdomain:10663 (LISTEN)
mysqld 3362 zimbra 12u IPv4 6155 TCP

localhost.localdomain:7306 (LISTEN)
mysqld 3362 zimbra 30u IPv4 6388 TCP

localhost.localdomain:7306->localhost.localdomain:55382 (ESTABLISHED)
mysqld 3362 zimbra 52u IPv4 20583 TCP

localhost.localdomain:7306->localhost.localdomain:55702 (ESTABLISHED)
amavisd 3528 zimbra 5u IPv4 6329 TCP

localhost.localdomain:10024 (LISTEN)
amavisd 3633 zimbra 5u IPv4 6329 TCP

localhost.localdomain:10024 (LISTEN)
amavisd 3634 zimbra 5u IPv4 6329 TCP

localhost.localdomain:10024 (LISTEN)
amavisd 3635 zimbra 5u IPv4 6329 TCP

localhost.localdomain:10024 (LISTEN)
amavisd 3636 zimbra 5u IPv4 6329 TCP

localhost.localdomain:10024 (LISTEN)
amavisd 3637 zimbra 5u IPv4 6329 TCP

localhost.localdomain:10024 (LISTEN)
amavisd 3638 zimbra 5u IPv4 6329 TCP

localhost.localdomain:10024 (LISTEN)
amavisd 3639 zimbra 5u IPv4 6329 TCP

localhost.localdomain:10024 (LISTEN)
amavisd 3640 zimbra 5u IPv4 6329 TCP

localhost.localdomain:10024 (LISTEN)
amavisd 3641 zimbra 5u IPv4 6329 TCP

localhost.localdomain:10024 (LISTEN)
amavisd 3642 zimbra 5u IPv4 6329 TCP

localhost.localdomain:10024 (LISTEN)
clamd 3687 zimbra 5u IPv4 6477 TCP

localhost.localdomain:dyna-access (LISTEN)
master 3905 root 12u IPv4 6823 TCP *:smtp

(LISTEN)
master 3905 root 16u IPv4 6827 TCP *:smtps

(LISTEN)
master 3905 root 19u IPv4 6830 TCP

*:submission (LISTEN)
master 3905 root 109u IPv4 6948 TCP

localhost.localdomain:10025 (LISTEN)



###########################
Services listening on IPV6
###########################
sshd 1903 root 3u IPv6 3987 TCP *:ssh

(LISTEN)
avahi-dae 2058 avahi 14u IPv6 4309 UDP *:mdns
avahi-dae 2058 avahi 16u IPv6 4311 UDP *:56438
java 2401 zimbra 72u IPv6 5190 UDP *:50951
java 2401 zimbra 73u IPv6 5830 TCP

localhost.localdomain:7171 (LISTEN)
java 3416 zimbra 57u IPv6 6313 TCP *op3

(LISTEN)
java 3416 zimbra 64u IPv6 6317 TCP *op3s

(LISTEN)
java 3416 zimbra 65u IPv6 6318 TCP *:imap

(LISTEN)
java 3416 zimbra 66u IPv6 6319 TCP *:imaps

(LISTEN)
java 3416 zimbra 67u IPv6 6320 TCP *:vmsvc-2

(LISTEN)
java 3416 zimbra 69u IPv6 6321 TCP *:http

(LISTEN)
java 3416 zimbra 70u IPv6 6322 TCP *:7071

(LISTEN)
java 3416 zimbra 71u IPv6 6323 TCP *:7072

(LISTEN)
java 3416 zimbra 93u IPv6 6461 UDP *:53444
java 3416 zimbra 97u IPv6 6387 TCP

localhost.localdomain:55382->localhost.localdomain:7306 (ESTABLISHED)
java 3416 zimbra 108u IPv6 6438 TCP *:5223

(LISTEN)
java 3416 zimbra 109u IPv6 6434 TCP *:7335

(LISTEN)
java 3416 zimbra 110u IPv6 6435 TCP *:cbt

(LISTEN)
java 3416 zimbra 121u IPv6 6453 TCP

*:xmpp-server (LISTEN)
java 3416 zimbra 122u IPv6 6454 TCP *:10015

(LISTEN)
java 3416 zimbra 123u IPv6 6455 TCP

*:xmpp-client (LISTEN)
java 3416 zimbra 153u IPv6 20582 TCP

localhost.localdomain:55702->localhost.localdomain:7306 (ESTABLISHED)
httpd 3710 zimbra 3u IPv6 6511 TCP *:7780

(LISTEN)
httpd 3747 zimbra 3u IPv6 6511 TCP *:7780

(LISTEN)
httpd 3749 zimbra 3u IPv6 6511 TCP *:7780

(LISTEN)
httpd 3751 zimbra 3u IPv6 6511 TCP *:7780

(LISTEN)
httpd 3752 zimbra 3u IPv6 6511 TCP *:7780

(LISTEN)
httpd 3754 zimbra 3u IPv6 6511 TCP *:7780

(LISTEN)
sshd 5409 root 3u IPv6 8575 TCP

brgerg.com:ssh->202.71.129.69:36532 (ESTABLISHED)


NUTSHELL
################################################## ################
Zimbra Apache is not listening on IPv4 , user interface is working
Admin interface HTTPS:7071 is not working
Nmap localhost missing https 443

What if i configure my machine with an ipv6 address
will zimbra admin panel work for me >



Awaiting a prompt reply

Regards
Jack



################################################## ###################

[Labsy]

By quickly reading your post I noticed that port 7071 is missing, not just 443. Correct me if I am wrong, but when connecting to https://x.x.x.x:7071 connection is made from random client port to port 7071 on destination side, and NOT to port 443! Port 443 is just default SSL port if it is not specified in URL address, just like port 80 is default for HTTP if not specified in URL, but Zimbra Admin uses SSL (which is requested by URL type https://) via port 7071 (which is specified in URL after:7071), so port 7071 must be opened and NAT-ed properly. You do not need port 443 for standard Zimbra setup!

Question:
where are you trying to connect to https://x.x.x.x:7071 FROM? Is it from local Zimbra machine, or from inside your LAN, or from outside WAN? Things to check are not the same for all connections:

- connect from inside Zimbra: Check, if connectiong to local IP or FQDN makes any difference. Zimbra web server might not be configured to answer on local domain name, OR the problem might be with DNS resolution, if you try to connect from inside server. You must setup Split DNS, so local DNS resolution will be different to public DNS resolution for the same domain name.

- connection from LAN: Check same as above. Ping and dig and nslookup your Zimbra server's name from another computer. If your LAN computer client is set to use PUBLIC DNS, it will never get the proper LAN IP!

- connect from outside WAN: check firewall, router, NAT translation - open ports. Port 7071 should be DNAT to your Zimbra server's LAN IP.

[Jack_Redington]

Hi Labsy
Please bear with me being n00b in networks issues
Firstly
Port 7071 is not missing

(LISTEN)
java 3416 zimbra 70u IPv6 6322 TCP *:7071

Secondarily
when i do a nmap localhost 443 https service is not running.
It should if admin interface use https ,showing http 80 but not https 443correct me if i am wrong.
>/etc/hosts file contains proper enteries for the hostname and the localhost
>The host name of the zimbra server is not dns resolveable yet.
But i think if you are directly using the ip address

and
I am able browsing the normal zimbra user interface from wan without any hitch from link http://XX.XX.XX.XX
question is then why not i am able to browse https://XX.XX.XX.XX:7071

I have opened all the necessary ports on firewall for zimbra server

is there any network connectivity issue i am missing on somewhere >

[Jack_Redington]

@ Labsy

I have an inet6 interface with IPV4 configured
lsof shows httpd listening for IPV6
a friend topped that httpd not listening for IPV4 is an issue not letting you browse admin interface over https

Is this an real issue ?
if yes
then how come i am able to browse user interface when httpd is listening over IPV6

Show some light on this friends

[LMStone]

So there are two problems here if I understand this correctly:

First, you can't get to the Admin Console.

Second, you can't use Zimbra as a regular user over https.

If so, as regards the Admin Console, please run as root on the Zimbra server "telnet localhost 7071" and let us know if you get a response back.

If you get a response, then the Admin Console is available. If you don't get a response, the Admin Console may still be available but iptables, SELinux, AppArmor or some such could be getting in the way.

As regards Zimbra over https, you may need only to run the zmtlsctl command (as the zimbra user) and restart zimbra to "fix" this "problem". We like to set up systems to use the "redirect" option, but that's up to you. The Administrator's manual has a good explanation of what the various options do.

Hope that helps,
Mark

[Jack_Redington]

HI
The solution to the problem was residing in the firewall
Ports blocked for wan but accessible on lan was the issue.
Thanks

Labsy ,L. Mark Stone for providing a direction.
Have a fully functional zimbra now.

Regards
Jack

[Labsy]

I am glad that the last sentence of my first answer was the resolution, despite you missed it when reading

[Jack_Redington]

Thanks Labsy