[SOLVED] Can't access web interface after install - zclient.IO_ERROR in log

[JpMaxMan]

I am trying to install Zimbra on a Redhat 5 machine that is behind a firewall (I know that the recommendation is to not have it behind a firewall). I have the private IP setup 192.168.1.13 and have the public IP mapped. From my network I have full pass through (all ports) enabled.

Everything seems to install fine, no issues until the end when it says it cannot initialize the documents. Looking at the log I see this error:

Code:

 ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)

Now, from another post w/ similar issues I tried the command:

zmprov ga

which I get the same error:

Code:

ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)

I also cannot login to any of the web portals, admin or otherwise. I changed via the install the port for the zimbra web portion to run on port 8080 so it didn't conflict w/ an existing apache install. Port 80 was the only conflict listed in the conflict list.

Any help on next steps would be appreciated, I'm sort of at a loss. I've installed Zimbra 3 other times without too much trouble. Now I've finally licensed it to put into our production environment and am running into issues... (murpheys law!).

Thanks!

[phoenix]

You should also disable SElinux on the Zimbra server. If you are behind a firewall on a LAN IP then you'll need a Split DNS set-up and a correct /etc/hosts file. Run the following on the zimbra server:

Code:

host `hostname`  <-- use backticks not single quotes
dig yourdomain.com any
dig yourdomain.com mx

and post the output.

[JpMaxMan]

Ok, I already had selinux disabled. Here are the outputs you requested:

[edited]

ok, I see the issue, the hostname needs to resolve to the private IP or the public IP needs to loop back to the private. Let me make some adjustments and I'll let you know if it worked.

[JpMaxMan]

Ok, I am working with our network engineers on this. Would it be accurate to say that I need to be able to connect to SMTP using the public IP from the server itself? i.e. if I am at a terminal on the server:

telnet publicip 25

should solicit a connection? and that that would solve this?

[phoenix]

Quote:

Originally Posted by JpMaxMan

Ok, I am working with our network engineers on this. Would it be accurate to say that I need to be able to connect to SMTP using the public IP from the server itself? i.e. if I am at a terminal on the server:

That depends what you're trying to do and if you've got the split DNS set-up or if your firwall does loopback (it probably doesn't). In general if you're external to the LAN you use the public IP with the port forwarded through the firewall to the zimbra server. If you are on the LAN then you should use the LAN IP (if the firewall does loopback then you could use the public IP or the LAN IP).

[JpMaxMan]

I am trying to avoid setting up split dns. So, I am pursuing the loopback path. I am wondering if that will fix this issue?

I actually already have DJBDNS running on that server and don't want to create any conflicts.

[JpMaxMan]

I had "DNS Doctoring" enabled on the firewall, but it doesn't seem to be making a difference.

"We now have DNS Doctoring enabled on the firewall which will make the firewall return internal IP addresses for lookups which return the external IP address."

I guess what I'm looking to you for is specifically what needs to resolve to what and what I can to do to test that connectivity?

[phoenix]

It would be far simpler setting up a Split DNS, why don't you want to do that?

[JpMaxMan]

Quote:

Originally Posted by phoenix

It would be far simpler setting up a Split DNS, why don't you want to do that?

Because I'm using this machine as a secondary DNS server. While I could probably use BIND on one IP and TinyDNS on a second for the secondary DNS - I'd prefer to keep it simple.

[phoenix]

You don't need a second DNS server, just add the zone for your LAN to the current DNS server.