Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: cannot view mail queues Version 4.5.1_GA_660.SuSEES9 Feb 1, 2007

  1. #1
    tbovingdon is offline Special Member
    Join Date
    Oct 2006
    Posts
    150
    Rep Power
    8

    Default cannot view mail queues Version 4.5.1_GA_660.SuSEES9 Feb 1, 2007

    Ok first off i have read all other posts regarding this issue.



    DNS is working and resolving.
    i have regenerated the ssh keys.

    and i have no firewall enabled. I am behind a NAT router i don't need port 22 open do i?

    here is the error message when i click on mail queues. Server stats work fine.

    Code:
    Message:  system failure: exception during auth {RemoteManager: mail.tk.on.ca->zimbra@mail.tk.on.ca:22}
    com.zimbra.common.service.ServiceException: system failure: exception during auth {RemoteManager: mail.tk.on.ca->zimbra@mail.tk.on.ca:22}
    	at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:175)
    	at com.zimbra.cs.rmgmt.RemoteManager.getSession(RemoteManager.java:197)
    	at com.zimbra.cs.rmgmt.RemoteManager.execute(RemoteManager.java:134)
    	at com.zimbra.cs.service.admin.GetMailQueueInfo.handle(GetMailQueueInfo.java:56)
    	at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:262)
    	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:162)
    	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:84)
    	at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:223)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
    	at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:162)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
    	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
    	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
    	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
    	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
    	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
    	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541)
    	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
    	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
    	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:667)
    	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
    	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
    	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
    	at java.lang.Thread.run(Thread.java:595)
    Caused by: java.io.IOException: auth failed
    	at com.zimbra.cs.rmgmt.RemoteManager.getSession(RemoteManager.java:190)
    	... 24 more
    
    Error code:  service.FAILURE
    Method:  ZmCsfeCommand.prototype.invoke
    Details:soap:Receiver
    here is my sshd
    Code:
    #       $OpenBSD: sshd_config,v 1.70 2004/12/23 23:11:00 djm Exp $
    
    # This is the sshd server system-wide configuration file.  See
    # sshd_config(5) for more information.
    
    # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
    
    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented.  Uncommented options change a
    # default value.
    
    #Port 22
    #Protocol 2,1
    #AddressFamily any
    #ListenAddress 0.0.0.0
    #ListenAddress ::
    
    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    #HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key
    
    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 1h
    #ServerKeyBits 768
    
    # Logging
    #obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    #LogLevel INFO
    
    # Authentication:
    
    #LoginGraceTime 2m
    #PermitRootLogin yes
    #StrictModes yes
    #MaxAuthTries 6
    
    RSAAuthentication yes
    #PubkeyAuthentication yes
    AuthorizedKeysFile      %h.ssh/authorized_keys
    
    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes
    
    # To disable tunneled clear text passwords, change to no here!
    PasswordAuthentication no
    #PermitEmptyPasswords no
    
    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes
    
    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no
    
    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes
    
    # Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
    # mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
    # in this release. The use of 'gssapi' is deprecated due to the presence of
    # potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
    #GSSAPIEnableMITMAttack no
    
    
    # Set this to 'yes' to enable PAM authentication, account processing,
    # and session processing. If this is enabled, PAM authentication will
    # be allowed through the ChallengeResponseAuthentication mechanism.
    # Depending on your PAM configuration, this may bypass the setting of
    # PasswordAuthentication, PermitEmptyPasswords, and
    # "PermitRootLogin without-password". If you just want the PAM account and
    # session checks to run without PAM authentication, then enable this but set
    # ChallengeResponseAuthentication=no
    UsePAM yes
    
    #AllowTcpForwarding yes
    #GatewayPorts no
    X11Forwarding yes
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #TCPKeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #PermitUserEnvironment no
    #Compression yes
    #ClientAliveInterval 0
    #ClientAliveCountMax 3
    #UseDNS yes
    #PidFile /var/run/sshd.pid
    #MaxStartups 10
    
    # no default banner path
    #Banner /some/path
    
    # override default of no subsystems
    Subsystem       sftp    /usr/lib/ssh/sftp-server
    
    # This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
    AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
    AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
    AcceptEnv LC_IDENTIFICATION LC_ALL

  2. #2
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Have you changed any passwords?
    Code:
    Caused by: java.io.IOException: auth failed

  3. #3
    tbovingdon is offline Special Member
    Join Date
    Oct 2006
    Posts
    150
    Rep Power
    8

    Default

    No,

    I had setup sshd to work on a different port and disallow root logins. it was after that when this showed up. After reading the fourms i put my sshd_config back to what i posted above. I did change my default domain in zimbra though. would that cause it?

  4. #4
    azilber is offline Senior Member
    Join Date
    Feb 2007
    Posts
    52
    Rep Power
    8

    Default This might work..

    Quote Originally Posted by tbovingdon View Post
    No,

    I had setup sshd to work on a different port and disallow root logins. it was after that when this showed up. After reading the fourms i put my sshd_config back to what i posted above. I did change my default domain in zimbra though. would that cause it?
    I had the same problem after I installed a commercial cert and changes passwords.

    First, read this:

    http://wiki.zimbra.com/index.php?tit...eue_Monitoring

    Here is my sshd_config AND ssh_config:

    Code:
    cat /etc/ssh/sshd_config
    #       $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $
    
    # This is the sshd server system-wide configuration file.  See
    # sshd_config(5) for more information.
    
    # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
    
    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented.  Uncommented options change a
    # default value.
    
    #Port 22
    Protocol 2
    #ListenAddress 0.0.0.0
    #ListenAddress ::
    
    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key
    
    # Lifetime and size of ephemeral version 1 server key
    KeyRegenerationInterval 1h
    ServerKeyBits 1024
    
    # Logging
    #obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    SyslogFacility AUTHPRIV
    LogLevel INFO
    
    # Authentication:
    
    LoginGraceTime 1m
    PermitRootLogin no
    StrictModes yes
    MaxAuthTries 3
    
    #RSAAuthentication yes
    #PubkeyAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile      .ssh/authorized_keys
    
    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    IgnoreRhosts yes
    
    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    PermitEmptyPasswords no
    PasswordAuthentication yes
    
    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes
    ChallengeResponseAuthentication yes
    
    # Kerberos options
    #KerberosAuthentication no
    KerberosAuthentication yes
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no
    
    # GSSAPI options
    #GSSAPIAuthentication no
    GSSAPIAuthentication yes
    #GSSAPICleanupCredentials yes
    GSSAPICleanupCredentials yes
    
    # Set this to 'yes' to enable PAM authentication, account processing,
    # and session processing. If this is enabled, PAM authentication will
    # be allowed through the ChallengeResponseAuthentication mechanism.
    # Depending on your PAM configuration, this may bypass the setting of
    # PasswordAuthentication, PermitEmptyPasswords, and
    # "PermitRootLogin without-password". If you just want the PAM account and
    # session checks to run without PAM authentication, then enable this but set
    # ChallengeResponseAuthentication=no
    #UsePAM no
    UsePAM yes
    
    AllowTcpForwarding yes
    GatewayPorts yes
    X11Forwarding yes
    X11DisplayOffset 10
    X11UseLocalhost yes
    PrintMotd yes
    PrintLastLog yes
    TCPKeepAlive yes
    #UseLogin no
    UsePrivilegeSeparation yes
    #PermitUserEnvironment no
    Compression yes
    ClientAliveInterval 15
    ClientAliveCountMax 3
    #UseDNS yes
    PidFile /var/run/sshd.pid
    MaxStartups 10
    ShowPatchLevel no
    
    # no default banner path
    #Banner /some/path
    
    # override default of no subsystems
    Subsystem       sftp    /usr/libexec/openssh/sftp-server
    and

    Code:
    cat /etc/ssh/ssh_config
    #       $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $
    
    # This is the ssh client system-wide configuration file.  See
    # ssh_config(5) for more information.  This file provides defaults for
    # users, and the values can be changed in per-user configuration files
    # or on the command line.
    
    # Configuration data is parsed as follows:
    #  1. command line options
    #  2. user-specific file
    #  3. system-wide file
    # Any configuration value is only changed the first time it is set.
    # Thus, host-specific definitions should be at the beginning of the
    # configuration file, and defaults at the end.
    
    # Site-wide defaults for various options
    
    # Host *
    #   ForwardAgent no
    ForwardX11 no
    RhostsRSAAuthentication no
    RSAAuthentication yes
    PasswordAuthentication yes
    #   HostbasedAuthentication no
    #   BatchMode no
    #   CheckHostIP yes
    #   AddressFamily any
    #   ConnectTimeout 0
    #   StrictHostKeyChecking ask
    #   IdentityFile ~/.ssh/identity
    #   IdentityFile ~/.ssh/id_rsa
    #   IdentityFile ~/.ssh/id_dsa
    #   Port 22
    #   Protocol 2,1
    #   Cipher 3des
    #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
    #   EscapeChar ~
    Host *
            GSSAPIAuthentication yes
    # If this option is set to yes then the remote X11 clients will have full access
    # to the local X11 display. As virtually no X11 client supports the untrusted
    # mode correctly we set this to yes.
           ForwardX11Trusted yes
    You can omit all the X11 stuff if you want, that's for other stuff I do, but this config works. You'll also need to regenerate the passwords, and make sure your /etc/hosts file is good.

    -Alex

  5. #5
    tbovingdon is offline Special Member
    Join Date
    Oct 2006
    Posts
    150
    Rep Power
    8

    Default

    thanks for the post alex, I will give it a shot

    forgive my ignorance... what do you mean by "regenerate passwords"

  6. #6
    azilber is offline Senior Member
    Join Date
    Feb 2007
    Posts
    52
    Rep Power
    8

    Default It's in the wiki..

    Quote Originally Posted by tbovingdon View Post
    thanks for the post alex, I will give it a shot

    forgive my ignorance... what do you mean by "regenerate passwords"
    It shows you how to regenerate them.

  7. #7
    tbovingdon is offline Special Member
    Join Date
    Oct 2006
    Posts
    150
    Rep Power
    8

    Default

    I am assuming that you mean
    Code:
    zmsshkeygen
    
    zmupdateauthkeys
    i am still having no luck. even after copying your
    sshd_config

  8. #8
    azilber is offline Senior Member
    Join Date
    Feb 2007
    Posts
    52
    Rep Power
    8

    Default In that case..

    Quote Originally Posted by tbovingdon View Post
    I am assuming that you mean
    Code:
    zmsshkeygen
    
    zmupdateauthkeys
    i am still having no luck. even after copying your
    sshd_config
    You may need to regenerate the ldap password first, then sshd. Ldap stores the private cert from sshd in it's datastore.

    Does your zmprov command work? Try just running zmprov and if it gives you an authentication error run:

    zmldappasswd zimbra

    then run zmsshkeygen and .zmupdateauthkeys

    Make sure you run everything as the zimbra user.

  9. #9
    tbovingdon is offline Special Member
    Join Date
    Oct 2006
    Posts
    150
    Rep Power
    8

    Default

    Thanks for all your help. Much appreciated.

    zmprov command appears to work with not authentication error.

    i did run the other commands with no luck.

  10. #10
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    In both of your configs that you posted, Port 22 is commented out.
    Try to uncomment those.

    service sshd restart

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Problems with port 25
    By yogiman in forum Installation
    Replies: 57
    Last Post: 06-13-2011, 01:55 PM
  2. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  3. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 08:09 AM
  4. Replies: 1
    Last Post: 02-22-2006, 08:02 AM
  5. receiveing mail
    By maybethistime in forum Administrators
    Replies: 15
    Last Post: 12-09-2005, 04:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •