Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: ZCB Authentication Problem

  1. #1
    md_detroit is offline Trained Alumni
    Join Date
    Oct 2009
    Posts
    6
    Rep Power
    5

    Default ZCB Authentication Problem

    Using the latest version of ZCB and BES 4.1, we seem to be having something simple as an authentication problem between BES and ZCS.

    We have established a Global Administrator account for the BES in Zimbra. It seems to have full admin capabilities on the admin web interface (i.e., logging in with this account we can create other accounts, as well as view other account's email, etc). However, when we use the BES command line tool on the BES server to test the activation of any other user account (other than that of the BES admin account in Zimbra) it fails the test of trying to create the IMAP folder for that user account. It will create the test IMAP folder and delete it for itself just fine, so we know it is resolving the Zimbra mail server and able to access it's own account on it.

    Is there something we need to do in the COS (we're using the default) in order for the BES admin account to be able to access the normal user email accounts in Zimbra so it can read the mail sent by RIM and do its process to sync the Blackberry? Or perhaps something we need to implement server-side on the Zimbra server to allow the BES admin account to manipulate other users accounts?

    The process should work like this:

    1. User goes to authorize Blackberry by configuring email and BES password we set for it.
    2. RIM sends email to user account.
    3. BES Admin account constantly monitors user's Zimbra email account for the RIM email w/ attachment, finds it, does its routine to start the sync and delete the email.

    We're stuck on #3. Like I said, it will access the BES Admin Zimbra account just fine, but cannot manipulate anyone else's email, as it should be able to with the Global Administrator access.

    Any suggestions?

    Thanx!

  2. #2
    md_detroit is offline Trained Alumni
    Join Date
    Oct 2009
    Posts
    6
    Rep Power
    5

    Default

    Just to give you an idea of what I mean. This is the test of the server where it is successful (using the BES Admin account we created on the zimbra server):
    Code:
    C:\Program Files\Research In Motion\BlackBerry Enterprise Server\Utility>iemstes
    t.exe
    BlackBerry Enterprise Server Utility - IEMSTest.exe (IExchangeManageStore), Vers
    ion 1.0
    Copyright (c) Research In Motion, Ltd. 1999. All rights reserved.
    Opening Default Message Store Zimbra - Blackberry Administrator.
    Opening message store for Blackberry Administrator using besadmin@pilot.testemail.org
     /o=pilot.testemail.org/ou=First Administrative Group/cn=Configuration/cn=Serv
    ers/cn=pilot.testemail.org/cn=Microsoft Private MDB.
    Blackberry Administrator's Mailbox opened successfully.
    Root Folder opened successfully.
    Folder created successfully.
    Test folder deleted successfully.
    Test completed successfully for Blackberry Administrator.
    and this is what happens when we try the test with a user's account:

    Code:
    C:\Program Files\Research In Motion\BlackBerry Enterprise Server\Utility>iemstes
    t.exe
    BlackBerry Enterprise Server Utility - IEMSTest.exe (IExchangeManageStore), Vers
    ion 1.0
    Copyright (c) Research In Motion, Ltd. 1999. All rights reserved.
    Opening Default Message Store Zimbra - Blackberry Administrator.
    Opening message store for Mark D using markd@pilot.testemail.org 
    /o=pilot.testemail.org/ou=First Administrative
    Group/cn=Configuration/cn=Servers/cn=pilot.testemail.org
    /cn=Microsoft Private MDB.
    CreateStoreEntryID failed (80004005).
    So, it can access it's own account, but cannot access anyone else's account, though it has Global Administrator access on the Zimbra server.

    Is there something we missed on the Zimbra server side?

  3. #3
    md_detroit is offline Trained Alumni
    Join Date
    Oct 2009
    Posts
    6
    Rep Power
    5

    Default

    From the Zimbra logs, it is sitting at this when trying to sync another account other than itself:

    Code:
    2009-10-08 12:53:09,287 INFO  [btpool0-84] [name=besadmin@pilot.testemail.org;mid=54;ip=172.16.216.169;ua=ZimbraConnectorForBES/5.0.2711.18;] soap - AdminWaitSetRequest

    when it's successful (when attempting on it's own account), the log says this:

    Code:
    2009-10-08 12:54:39,732 INFO  [btpool0-84] [name=besadmin@pilot.testemail.org;mid=54;ip=172.16.216.169;ua=ZimbraConnectorForBES/5.0.2711.18;] soap - AdminWaitSetRequest
    2009-10-08 12:54:47,346 INFO  [btpool0-66] [name=besadmin@pilot.testemail.org;mid=54;ip=172.16.216.169;ua=ZimbraConnectorForBES/5.0.2711.18;] soap - CheckLicenseRequest
    2009-10-08 12:54:47,356 INFO  [btpool0-66] [name=besadmin@pilot.testemail.org;mid=54;ip=172.16.216.169;ua=ZimbraConnectorForBES/5.0.2711.18;] soap - GetInfoRequest
    2009-10-08 12:54:47,372 INFO  [btpool0-66] [name=besadmin@pilot.testemail.org;mid=54;ip=172.16.216.169;ua=ZimbraConnectorForBES/5.0.2711.18;] soap - GetAccountInfoRequest
    2009-10-08 12:54:47,379 INFO  [btpool0-66] [name=besadmin@pilot.testemail.org;mid=54;ip=172.16.216.169;ua=ZimbraConnectorForBES/5.0.2711.18;] soap - AdminCreateWaitSetRequest
    2009-10-08 12:54:47,393 INFO  [btpool0-66] [name=besadmin@pilot.testemail.org;mid=54;ip=172.16.216.169;ua=ZimbraConnectorForBES/5.0.2711.18;] soap - AdminWaitSetRequest
    2009-10-08 12:54:47,420 INFO  [btpool0-84] [name=besadmin@pilot.testemail.org;mid=54;ip=172.16.216.169;ua=ZimbraConnectorForBES/5.0.2711.18;] soap - SyncGalRequest
    2009-10-08 12:54:48,244 INFO  [btpool0-84] [name=besadmin@pilot.testemail.org;mid=54;ip=172.16.216.169;ua=ZimbraConnectorForBES/5.0.2711.18;] soap - AdminWaitSetRequest
    2009-10-08 12:54:48,461 INFO  [btpool0-66] [name=besadmin@pilot.testemail.org;mid=54;ip=172.16.216.169;ua=ZimbraConnectorForBES/5.0.2711.18;] soap - SyncRequest
    2009-10-08 12:54:48,574 INFO  [btpool0-66] [name=besadmin@pilot.testemail.org;mid=54;ip=172.16.216.169;ua=ZimbraConnectorForBES/5.0.2711.18;] soap - AdminWaitSetRequest
    2009-10-08 12:54:51,468 INFO  [btpool0-84] [name=besadmin@pilot.testemail.org;mid=54;ip=172.16.216.169;ua=ZimbraConnectorForBES/5.0.2711.18;] soap - SyncRequest
    2009-10-08 12:54:58,545 INFO  [btpool0-66] [name=besadmin@pilot.testemail.org;mid=54;ip=172.16.216.169;ua=ZimbraConnectorForBES/5.0.2711.18;] soap - AdminDestroyWaitSetRequest
    2009-10-08 12:54:58,549 INFO  [btpool0-84] [name=besadmin@pilot.testemail.org;mid=54;ip=172.16.216.169;ua=ZimbraConnectorForBES/5.0.2711.18;] soap - AdminWaitSetRequest

  4. #4
    eugener is offline Zimbra Employee
    Join Date
    Dec 2008
    Posts
    187
    Rep Power
    6

    Default

    Please try the following:

    - enable zcb logging
    - execute IEMSTest.exe for offending user
    - find corresponding zcb log file that has 'IEMSTest.exe' component in the name
    - look for CreateStoreEntryId
    - post portion of the log covering execution of the function mentioned in the previous step

  5. #5
    md_detroit is offline Trained Alumni
    Join Date
    Oct 2009
    Posts
    6
    Rep Power
    5

    Default

    ahh.. errors about not being able to get eid of the user, and then some 500 internal server errors:

    Code:
    08-10-2009 16:06:07.257 [5804]: In Zimbra::Store::CZimbraExchangeManageStore::CreateStoreEntryID. Msg Store DN /o=pilot.testemail.org/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=pilot.testemail.org/cn=Microsoft Private MDB, Mailbox DN markd@pilot.testemail.org, Flags 0x9
    08-10-2009 16:06:07.257 [5804]: Zimbra::Store::CZimbraExchangeManageStore::CreateStoreEntryID. trying to get the sync lock...
    08-10-2009 16:06:07.257 [5804]: Zimbra::Util::GlobalSyncLock::GetSyncLock. got the sync lock, we can sync
    08-10-2009 16:06:07.257 [5804]: Zimbra::Store::CZimbraExchangeManageStore::CreateStoreEntryID. got the sync lock...
    08-10-2009 16:06:07.257 [5804]: Zimbra::Store::CZimbraExchangeManageStore::CreateStoreEntryID. Waiting for GAL sync to complete
    08-10-2009 16:06:07.257 [5804]: Zimbra::Store::CZimbraExchangeManageStore::CreateStoreEntryID. Dispatching message 0xc11a. HWND 0x80226
    08-10-2009 16:06:07.257 [5804]: Zimbra::Store::CZimbraExchangeManageStore::CreateStoreEntryID. Dispatching message 0xc11a. HWND 0x80226
    08-10-2009 16:06:07.272 [5804]: Zimbra::Store::CZimbraExchangeManageStore::CreateStoreEntryID. Dispatching message 0xc11a. HWND 0x80226
    08-10-2009 16:06:07.272 [5804]: Zimbra::Store::CZimbraExchangeManageStore::CreateStoreEntryID. Dispatching message 0xc11a. HWND 0x80226
    08-10-2009 16:06:07.272 [5804]: Zimbra::Store::CZimbraExchangeManageStore::CreateStoreEntryID. GAL sync is complete
    08-10-2009 16:06:07.272 [5804]: Zimbra::Store::CZimbraExchangeManageStore::CreateStoreEntryID. trying to get eid for user: fisher@dwsd.org
    08-10-2009 16:06:07.272 [5804]: In Zimbra::Store::StoreContextManager::GetMailboxEidForUser
    08-10-2009 16:06:07.272 [5804]: Zimbra::Store::StoreContextManager::GetMailboxEidForUser. could not find the entry id in the map, looking in the profile for: markd@pilot.testemail.org
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Rpc::UserSession::GetSupportObject - m_pMapiSup = 0x00f22c28
    08-10-2009 16:06:07.272 [5804]: Zimbra::Mapi::GetProfileParamProps. trying to get PR_SERVICE_UID, PR_ZIMBRA_USER_ID from the profile section (1)
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps - # of properties retrieved from profile: 19
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #0 property tag: 0x6640001f
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #1 property tag: 0x66430003
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #2 property tag: 0x6641001f
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #3 property tag: 0x66420102
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #4 property tag: 0x6644000b
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #5 property tag: 0x66550003
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #5 property value:      0x1
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #6 property tag: 0x6656000a
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #7 property tag: 0x6657000a
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #8 property tag: 0x6645001f
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #9 property tag: 0x6646001f
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #10 property tag: 0x66470102
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #11 property tag: 0x6648000b
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #12 property tag: 0x6649000a
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #13 property tag: 0x6650000a
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #14 property tag: 0x6652000a
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #15 property tag: 0x6651000a
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #16 property tag: 0x3d0c000a
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #17 property tag: 0x3d12001f
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Mapi::GetProfileParamProps #18 property tag: 0x66580003
    08-10-2009 16:06:07.272 [5804]: Zimbra::Store::StoreContextManager::GetMailboxEidForUserFromProfile. services table has 0 entries
    08-10-2009 16:06:07.272 [5804]: Zimbra::Store::StoreContextManager::GetMailboxEidForUserFromProfile. no entries in the service table after the restriction
    08-10-2009 16:06:07.272 [5804]: Zimbra::Store::StoreContextManager::GetMailboxEidForUser. +++++++++++++++++++++++++++++++++++++
    08-10-2009 16:06:07.272 [5804]: Zimbra::Store::StoreContextManager::GetMailboxEidForUser. could not find the mailbox EID for markd@pilot.testemail.org...even in the profile!!!
    08-10-2009 16:06:07.272 [5804]: Zimbra::Store::StoreContextManager::GetMailboxEidForUser. +++++++++++++++++++++++++++++++++++++
    08-10-2009 16:06:07.272 [5804]: Zimbra::Store::CZimbraExchangeManageStore::CreateStoreEntryID. couldn't find the EID for the user [markd@pilot.testemail.org] in an existing store...
    08-10-2009 16:06:07.272 [5804]: DEBUG: Zimbra::Rpc::UserSession::GetSupportObject - m_pMapiSup = 0x00f22c28
    08-10-2009 16:06:07.616 [5804]: Zimbra::Store::CZimbraExchangeManageStore::CreateStoreEntryID. found the user in the GAL.
    08-10-2009 16:06:07.616 [5804]: TRACING => Zimbra::Rpc::UserSession::GetInstance
    08-10-2009 16:06:07.616 [5804]: DEBUG: Zimbra::Rpc::UserSession::GetInstance - get a user session (0x2437808)
    08-10-2009 16:06:07.616 [5804]: Zimbra::Store::CZimbraExchangeManageStore::CreateStoreEntryID. getting the user's zimbra ID from the session.
    08-10-2009 16:06:07.616 [5804]: *9* Enter Zimbra::Rpc::Connection::SendRequest ...
    08-10-2009 16:06:07.616 [5804]: DEBUG: Zimbra::Rpc::Connection::Connect - thread 5804
    08-10-2009 16:06:07.616 [5804]: *9* <<<<-------- HTTP stream Start (Request) ----------------------------------------------->>>>
    08-10-2009 16:06:07.678 [5804]: *9* HTTP Headers:
    08-10-2009 16:06:07.678 [5804]: POST /service/admin/soap/ HTTP/1.1
    Content-Type: application/soap+xml; charset=utf-8
    User-Agent: Zimbra-ZCB/5.0.2711.18 (5.2.3790 Service Pack 2; en-US)
    Host: pilot.testemail.org:7071
    Content-Length: 631
    Connection: Keep-Alive
    Cache-Control: no-cache
    Pragma: no-cache
    08-10-2009 16:06:07.678 [5804]: *9* HTTP body:
    <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"><userAgent name="ZimbraConnectorForBES" version="5.0.2711.18"/><nonotify/><noqualify/><authToken>0_0d379862ffa6a883255625b08b3f956e83d2ad95_69643d33363a66343661366435352d626132652d343538392d393766352d3432356563333539666266613b6578703d31333a313235353037353933313331393b61646d696e3d313a313b747970653d363a7a696d6272613b</authToken><nosession/></context></soap:Header><soap:Body><GetAccountInfoRequest xmlns="urn:zimbraAccount"><account by="name">markd@pilot.testemail.org</account></GetAccountInfoRequest></soap:Body></soap:Envelope>
    08-10-2009 16:06:07.678 [5804]: *9* <<<<-------- HTTP stream End (Request) ----------------------------------------------->>>>
    08-10-2009 16:06:07.678 [5804]: *9* <<<<-------- HTTP stream Start (Response) ----------------------------------------------->>>>
    08-10-2009 16:06:07.678 [5804]: *9* DEBUG: in Zimbra::Rpc::Connection::ReadResponseFully - content-length in http response header: 518
    08-10-2009 16:06:07.678 [5804]: *9* HTTP Headers:
    08-10-2009 16:06:07.678 [5804]: HTTP/1.1 500 Internal Server Error
    The 500 internal server errors continue in the log.

    Not sure what might be causing those. Like I said, what's really strange is when attempting to do the IEMSTest on the Besadmin account itself, it works just fine. Just doesn't work when trying to do another user.

  6. #6
    eugener is offline Zimbra Employee
    Join Date
    Dec 2008
    Posts
    187
    Rep Power
    6

    Default

    The offending line is:

    "HTTP/1.1 500 Internal Server Error" that was returned in response to GetAccountInfoRequest. I would look in zimbra server log(mailbox.log) to get more info on the error. Please post portion of server log covering 08-10-2009 16:06:07.678

  7. #7
    md_detroit is offline Trained Alumni
    Join Date
    Oct 2009
    Posts
    6
    Rep Power
    5

    Default

    again, in the mailbox log, this is what we get (as posted above)

    Code:
    2009-10-08 16:06:27,642 INFO  [btpool0-12] [name=besadmin@pilot.testemail.org;mid=54;ip=172.16.216.169;ua=ZimbraConnectorForBES/5.0.2711.18;] soap - AdminWaitSetRequest
    2009-10-08 16:06:28,651 INFO  [btpool0-10] [name=besadmin@pilot.testemail.org;mid=54;ip=172.16.216.169;ua=ZimbraConnectorForBES/5.0.2711.18;] soap - AdminWaitSetRequest
    nothing else. it's just sitting at adminwaitsetrequest.

  8. #8
    eugener is offline Zimbra Employee
    Join Date
    Dec 2008
    Posts
    187
    Rep Power
    6

    Default

    Please open up support case and include the reference to this post. Support team will need to investigate what happened on the server during execution of GetAccountInfoRequest.

  9. #9
    peters is offline Junior Member
    Join Date
    Mar 2007
    Posts
    5
    Rep Power
    8

    Default How did you solve this

    Could you please tell me how this is solved

  10. #10
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    Please update your forum profile with the output of the following command (do not post the output in this thread):
    Code:
    zmcontrol -v
    Quote Originally Posted by peters View Post
    Could you please tell me how this is solved
    Who said it was fixed? You should follow the instructions in the post above yours and open a support case and reference this thread. It needs to be investigated by support staff.
    Last edited by phoenix; 10-19-2010 at 12:57 PM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Chaining authentication modules
    By glalejos in forum Developers
    Replies: 1
    Last Post: 09-11-2009, 04:09 AM
  2. [SOLVED] Zimbra logwatch.
    By nishith in forum Administrators
    Replies: 5
    Last Post: 06-10-2009, 04:42 PM
  3. saslauthd fails authentication.
    By SageMajor in forum Administrators
    Replies: 0
    Last Post: 05-09-2009, 06:51 AM
  4. About external LDAP problem, urgent!
    By bylong in forum Administrators
    Replies: 5
    Last Post: 08-24-2007, 07:10 PM
  5. Authentication to external ldap stop working.
    By jahaj in forum Installation
    Replies: 3
    Last Post: 12-05-2006, 03:17 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •