Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Getting SOAP errors in log

  1. #1
    SkyHiRider is offline Active Member
    Join Date
    Sep 2011
    Posts
    27
    Rep Power
    3

    Default Getting SOAP errors in log

    Just set up Zimbra and it works fine so far, but inspecting mailbox.log shows that a few Java SOAP errors occurred. Sadly, I do not have the knowledge nor experience to understand what is wrong.

    Here is a part of my mailbox.log file:
    Code:
    2011-09-03 14:36:40,489 INFO  [btpool0-31://192.168.77.87:7071/service/admin/soap/BatchRequest] [name=admin@andreansky.eu;mid=1;ip=192.168.77.28;ua=ZimbraWebClient - SAF3 (Linux);] SoapEngine - handler exception
    com.zimbra.common.service.ServiceException: system failure: exception during auth {RemoteManager: ns.andreansky.eu->zimbra@ns.andreansky.eu:22}
    ExceptionId:btpool0-31://192.168.77.87:7071/service/admin/soap/BatchRequest:1315053400489:093f3f7492a042ac
    Code:service.FAILURE
    	at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:248)
    	at com.zimbra.cs.rmgmt.RemoteManager.getSession(RemoteManager.java:193)
    	at com.zimbra.cs.rmgmt.RemoteManager.execute(RemoteManager.java:127)
    	at com.zimbra.cs.service.admin.GetServerNIFs.handle(GetServerNIFs.java:65)
    	at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:412)
    	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:273)
    	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:158)
    	at com.zimbra.soap.SoapServlet.doWork(SoapServlet.java:294)
    	at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:215)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
    	at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:208)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:814)
    	at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
    	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
    	at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(SetHeaderFilter.java:79)
    	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    	at org.mortbay.servlet.UserAgentFilter.doFilter(UserAgentFilter.java:81)
    	at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter.java:132)
    	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    	at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
    	at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:218)
    	at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
    	at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
    	at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:422)
    	at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
    	at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
    	at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    	at org.mortbay.jetty.handler.rewrite.RewriteHandler.handle(RewriteHandler.java:230)
    	at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    	at org.mortbay.jetty.handler.DebugHandler.handle(DebugHandler.java:77)
    	at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    	at org.mortbay.jetty.Server.handle(Server.java:326)
    	at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:543)
    	at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:946)
    	at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756)
    	at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
    	at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:405)
    	at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
    	at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)
    Caused by: java.io.IOException: There was a problem while connecting to ns.andreansky.eu:22
    	at ch.ethz.ssh2.Connection.connect(Connection.java:699)
    	at ch.ethz.ssh2.Connection.connect(Connection.java:490)
    	at com.zimbra.cs.rmgmt.RemoteManager.getSession(RemoteManager.java:184)
    	... 37 more
    Caused by: java.net.ConnectException: Connection refused
    	at java.net.PlainSocketImpl.socketConnect(Native Method)
    	at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
    	at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
    	at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
    	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
    	at java.net.Socket.connect(Socket.java:529)
    	at ch.ethz.ssh2.transport.TransportManager.establishConnection(TransportManager.java:340)
    	at ch.ethz.ssh2.transport.TransportManager.initialize(TransportManager.java:448)
    	at ch.ethz.ssh2.Connection.connect(Connection.java:643)
    	... 39 more
    s

  2. #2
    soba@ukw.edu.pl is offline Special Member
    Join Date
    Jul 2011
    Posts
    146
    Rep Power
    3

    Default

    system failure: exception during auth ;-)

    Wrong auth source (problem with external ldap auth?) or bad password?

    Please check user without the domain line only just 'admin' not admin@domain


    Caused by: java.io.IOException: There was a problem while connecting to ns.andreansky.eu:22
    Caused by: java.net.ConnectException: Connection refused




    Please open ssh (22) port in your zimbra domain for zimbra software.
    # ZCS 7.1.3 SLES11 SP1

  3. #3
    SkyHiRider is offline Active Member
    Join Date
    Sep 2011
    Posts
    27
    Rep Power
    3

    Default

    Hmm, I've changed the default ssh port (for obvious reasons . I'll have a look into that, thanks Soba!

    Why does Zimbra need to ssh to the localhost?

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by SkyHiRider View Post
    Hmm, I've changed the default ssh port (for obvious reasons .
    Which 'obvious reasons'? You surely don't have port 22 visible to the internet, do you? You're behind a NAT router and that port is not accessible to anyone except users on the LAN, if you need access to the server from 'outside' then use a VPN.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    SkyHiRider is offline Active Member
    Join Date
    Sep 2011
    Posts
    27
    Rep Power
    3

    Default

    The port is visible from the outside as the server has a public ip address and changing the default port greatly reduces the log spam of many simple bots trying to ssh to my machine. I don't have remote root login enabled but it sill helps keeping the log files clean.

    But you're right with the VPN, may get to setting that up later.

  6. #6
    soba@ukw.edu.pl is offline Special Member
    Join Date
    Jul 2011
    Posts
    146
    Rep Power
    3

    Default

    Quote Originally Posted by SkyHiRider View Post
    The port is visible from the outside as the server has a public ip address and changing the default port greatly reduces the log spam of many simple bots trying to ssh to my machine. I don't have remote root login enabled but it sill helps keeping the log files clean.

    But you're right with the VPN, may get to setting that up later.
    Use your global or local firrewall for block all connection to tcp 22 port.

    you can use a VPN soolutions (openvpn, Juniper, Cisco) to menage your Zimbra server (SSH / WEB ADMIN GUI). - That is better way

    Redirect 22 port to other (like 2222 or 5533) open ssh port is also not a safe solution.
    # ZCS 7.1.3 SLES11 SP1

  7. #7
    soba@ukw.edu.pl is offline Special Member
    Join Date
    Jul 2011
    Posts
    146
    Rep Power
    3

    Default

    Not very secure solution:

    If you still have an open port of the sshd (eg 5534) you can do to try to redirect the local iptables with the 127.0.0.1:5534 127.0.0.1:22 and publicIP:22 to publicIP:5534.


    You can also configured your sshd for multpile address and ports (man sshd.config) and determine allow or deny hosts / port.
    # ZCS 7.1.3 SLES11 SP1

  8. #8
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by SkyHiRider View Post
    The port is visible from the outside as the server has a public ip address and changing the default port greatly reduces the log spam of many simple bots trying to ssh to my machine.
    I hate to contradict you but your mail server does not have a public IP address, your NAT router has a public IP address and you should forward only the ports that your Zimbra server requires and port 22 is not one of them. BTW, you can also use something like fail2ban to protect system.

    Quote Originally Posted by SkyHiRider View Post
    I don't have remote root login enabled but it sill helps keeping the log files clean.
    Your log files stay clean if you don't forward that port to your server.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  9. #9
    SkyHiRider is offline Active Member
    Join Date
    Sep 2011
    Posts
    27
    Rep Power
    3

    Default

    Thanks for contradicting me, you're right of course

    And you're right that I shouldn't forward the port, but the NAT router isn't mine so I can't change that configuration, and my ISP is sometimes hard to persuade.

  10. #10
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by SkyHiRider View Post
    And you're right that I shouldn't forward the port, but the NAT router isn't mine so I can't change that configuration, and my ISP is sometimes hard to persuade.
    Surely they'd be receptive to a security 'problem' that's open to your server? As I mentioned above, you might like to look at implementing fail2ban (I believe there's a couple of threads in the forums on the subject).
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. The installer was interrupted...
    By spiderbo in forum Zimbra Connector for Outlook
    Replies: 9
    Last Post: 05-23-2013, 06:33 AM
  2. zmzimletctl deploy zimbra_posixaccount.zip - ERROR -
    By todd_dsm in forum Administrators
    Replies: 0
    Last Post: 04-02-2009, 01:41 PM
  3. Replies: 7
    Last Post: 02-27-2008, 05:17 PM
  4. soap error log
    By geoffDeGeoffGeoff in forum Developers
    Replies: 0
    Last Post: 12-27-2007, 02:37 AM
  5. Error Installing Outlook Connector
    By DanO in forum Zimbra Connector for Outlook
    Replies: 17
    Last Post: 08-28-2007, 09:35 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •