Do not get to ActiveSync

sogo
mailserver
activesync
webtop5
v7

(Thorsten) #1

NethServer Version: 7,5
Module: Webtop / Sogo

Dear all
I do not get ActiveSync working. I tried several steps

I tried Webtop on mail.mydomain.tld -> no success for Iphone
I Installed SoGo for Trail purposes on mail2.mydomain.tld -> Imediate SUCCESS for Iphone
I removed mail2.mydomain.tld and put it to “finalname”.mydomain.tld -> I do not get ActiveSync anymore
I removed SoGo Module
I reinstalled SoGo Module -> no success

Of course Change ActiveSync from enabled to disabled and vice versa several times.

Does somebody has an strategy on how to solve this issue?

Thank you and best regards
Thorsten


(Mark Verlinde) #2

Hi Thorsten,

Others have to help you with webtop, I can try to help you with SOGo.

One thing is puzzling in your description:

What do you mean with this?.. another server or virtual host?


(Thorsten) #3

Dear Mark,

Yes, I tried severla configurations. I created virtual host, but aready deleted or disabled it.

At the moment sogo web interface is available from sogo.mydomain.tld. I tried to adjust via

config setprop sogod VirtualHosts sogo.mydomain.tld
signal-event nethserver-sogo-update

please find attached my eSmith DB:

config show sogod
sogod=service
ActiveSync=ensabled
AdminUsers=admin
BackupTime=30 0
Certificate=
CustomEmailField=userPrincipalName
Dav=enabled
DraftsFolder=Drafts
MailAuxiliaryUserAccountsEnabled=YES
Notifications=Appointment,EMail
SOGoInternalSyncInterval=30
SOGoMaximumPingInterval=3540
SOGoMaximumSyncInterval=3540
SOGoMaximumSyncResponseSize=2048
SOGoMaximumSyncWindowSize=100
SentFolder=Sent
SessionDuration=1440
SxVMemLimit=512
TrashFolder=Trash
VirtualHost=sogo.mydomain.tld
VirtualHosts=172.17.0.12,sogo.mydomain.tld,mail.mydomain.tld
WOWatchDogRequestTimeout=60
WOWorkersCount=10
status=enabled

Webtop ist currently uninstalled. By the way. what ist the different meaning of “VirtualHost” and “VirtualHosts”.

THX
Thorsten


(Mark Verlinde) #4

VirtualHosts is deprecated, it is not used anymore (You just installed SOGo, it is up to date)

looking at your eSmich DB you set the right DB prop with:

config setprop sogod VirtualHost sogo.mydomain.tld
signal-event nethserver-sogo-update

Tested this setup with windows 10 mail app, and mail worked:
settings I used:

mail address:user@mydomain.tld
password: <password>
user: user
server: sogo.mydomain.tld

are you sure the DNS name sogo.mydomain.tld can be resolved by your devices (ie Iphone)?
you could test this by going to sogo.mydomain.tld in a web-browser on your device, you sould land on the sogo web-app.

EDIT:

the update of the docs did not land in the manual, look here for most up to date documentation on SOGo


(Thorsten) #5

Hi Mark,

Yes, that is the way I am currently using SoGo - from the webbowser of my Iphone (not within my WLAN but via 4G.

Best regards
Thorsten


(Thorsten) #6

and we are still talking about Exchange setup on the IPhone:

Accounts & Passwords -> Creante Account -> Exchange

correct?


(Thorsten) #7

I tried it:

Error on IPhone:
Exchange: Account information can not be verified.


(Mark Verlinde) #8

do not know a thing about apple devices…:hushed:

is this a solution for you?


(Thorsten) #9

No, all I know is that it did work for my initial trail on a different xxx.mydomain.tld, but now it does not anymore for final.mydomain.tld.


(Mark Verlinde) #10

Do you have a valid trusted certificate for final.mydomain.tld;
can it be the iphone is picky on the certificate?


(Mark Verlinde) #11

here is why i am asking:
https://discussions.apple.com/thread/7684684


(Thorsten) #12

It is an lets encrypt certificate which is recognized as valid. Again here: it worked perfectly during a trail.


(Mark Verlinde) #13

Yes, but we do not know where the problem is do we ?

Can you try with an other active sync client, than we are sure where to locate your issue;

is it in NS of elsewhere?


(Thorsten) #14

Hi Mark,

my daughters Android Phone shows exactly the same problem… It seems to be an issue on Nethserver.

THX
Thorsten


(Mark Verlinde) #15

Oke,
I’m busy with some other stuff but will try to reproduce the coming days


(Mark Verlinde) #16

Sorry I can not reproduce;
Connection worked forme with windws 10 mail app, outlook, windows phone and 2 android devices.
NOTE: Did not test all functionality just if the inbox gets synced.

here is my anonymized output of: (note command is one line)

curl -v -k --user <user>:'<pass>' -X OPTIONS https://<FQDN_myhostname>/Microsoft-Server-ActiveSync

user= (short)username
pass= password
FQDN_myhostname= (virtual) hostname (with public dns record)
IPx.xxx.xxx.xxx= my external IP

* About to connect() to FQDN_myhostname port 443 (#0)
*   Trying IPx.xxx.xxx.xxx...
* Connected to FQDN_myhostname (IPx.xxx.xxx.xxx) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=FQDN_myhostname
*       start date: Jun 06 07:34:06 2018 GMT
*       expire date: Sep 04 07:34:06 2018 GMT
*       common name: FQDN_myhostname
*       issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
* Server auth using Basic with user 'user'
> OPTIONS /Microsoft-Server-ActiveSync HTTP/1.1
> Authorization: Basic ZXZlbjpLZWlucyMyMQ==
> User-Agent: curl/7.29.0
> Host: FQDN_myhostname
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Tue, 17 Jul 2018 07:04:16 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
< Content-Type: text/plain; charset=UTF-8    									   
< MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,Search,Settings,Ping,ItemOperations,ResolveRecipients,ValidateCert
< Public: OPTIONS, POST
< MS-ASProtocolVersions: 2.5,12.0,12.1,14.0,14.1
< MS-Server-ActiveSync: 14.1
< Content-Length: 0
< Cache-Control: private
< Allow: OPTIONS, POST
<
* Connection #0 to host FQDN_myhostname left intact

(Thorsten) #17

Hi Mark,

thanks for help. Here is my output on the same command is different…

Best regards
Thorsten

* About to connect() to sogo.mydomain.tld port 443 (#0)
*   Trying xxx.xxx.xxx.xxx...
* Connected to sogo.mydomain.tld (xxx.xxx.xxx.xxx) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=ebb-s01.domain.tld
*       start date: Jul 12 17:54:22 2018 GMT
*       expire date: Oct 10 17:54:22 2018 GMT
*       common name: ebb-s01.domain.tld
*       issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
* Server auth using Basic with user 'xxxx'
> OPTIONS /Microsoft-Server-ActiveSync HTTP/1.1
> Authorization: Basic dGhvcnN0ZW46SGlhMDQuMTIuMTk3MEc=
> User-Agent: curl/7.29.0
> Host: myFQDN
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Tue, 17 Jul 2018 07:59:17 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
< Allow: OPTIONS,GET,HEAD,POST,TRACE
< Content-Length: 0
<
* Connection #0 to host sogo.mydomain.tld left intact

(Mark Verlinde) #18

It is clear the active-sync bits are missing;

...
 < MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,Search,Settings,Ping,ItemOperations,ResolveRecipients,ValidateCert
 < Public: OPTIONS, POST
 < MS-ASProtocolVersions: 2.5,12.0,12.1,14.0,14.1
 < MS-Server-ActiveSync: 14.1
...

And that is the problem on your (test)setup :sob:
I am out of ideas so give my setup in key words and some test you could do:

My test setup

Local AD account provider
Email
Sogo
(not relevant but to be accurate)
File server
FTP server
MariaDB
Roundcube web mail
Statistics
Web server

rpm -q nethserver-sogo
nethserver-sogo-1.7.5-1.ns7.noarch

# virtual host setup (just this nothing else!)
config setprop sogod VirtualHost sogo.mydomain.tld
signal-event nethserver-sogo-update

config show sogod
sogod=service
    ActiveSync=enabled
    AdminUsers=admin
    BackupTime=30 0
    Certificate=
    CustomEmailField=userPrincipalName
    Dav=enabled
    DraftsFolder=Drafts
    MailAuxiliaryUserAccountsEnabled=YES
    Notifications=Appointment,EMail
    SOGoInternalSyncInterval=30
    SOGoMaximumPingInterval=3540
    SOGoMaximumSyncInterval=3540
    SOGoMaximumSyncResponseSize=2048
    SOGoMaximumSyncWindowSize=100
    SentFolder=Sent
    SessionDuration=1440
    SxVMemLimit=512
    TrashFolder=Trash
    VirtualHost=sogo.mydomain.tld
    WOWatchDogRequestTimeout=60
    WOWorkersCount=10
    status=enabled 

cat /etc/httpd/conf.d/zzz_SOGo.conf
# ================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
#

<VirtualHost *:80>
 ServerName sogo.mydomain.tld
 RedirectMatch 301 ^(?!/.well-known/acme-challenge/).* https://sogo.mydomain.tld
 RewriteEngine On
 RewriteCond %{HTTPS} !=on
 RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L]
</VirtualHost>


<VirtualHost *:443>
 ServerName sogo.mydomain.tld
 RedirectMatch ^/$ /SOGo
 SSLEngine on
 SSLCertificateFile "/etc/pki/tls/certs/localhost.crt"
 SSLCertificateKeyFile "/etc/pki/tls/private/localhost.key"


# SOGo dav auto-discovery support is enabled

RedirectMatch ^/(dav|cal|card)$ /SOGo/dav/
RedirectMatch ^/.well-known/(caldav|carddav)$ /SOGo/dav/


# Sogo ActiveSync is enabled

<Location /Microsoft-Server-ActiveSync>
ProxyPass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync retry=60 connectiontimeout=5 timeout=3600
</Location>


<Location /SOGo>
ProxyPass http://127.0.0.1:20000/SOGo retry=0
ProxyPassReverse http://127.0.0.1:20000/SOGo
SetEnv proxy-nokeepalive 1
</Location>

ProxyRequests Off
ProxyPreserveHost On

SetEnvIf Host (.*) REQUEST_HOST=$1
<Proxy http://127.0.0.1:20000/SOGo>
   RequestHeader set "x-webobjects-server-port" "443"
   RequestHeader set "x-webobjects-server-name" "%{REQUEST_HOST}e"
   RequestHeader set "x-webobjects-server-url" "https://%{REQUEST_HOST}e/SOGo"
   RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
   RequestHeader set "x-webobjects-remote-host" %{REMOTE_HOST}e env=REMOTE_HOST
   ## When using proxy-side autentication, you need to uncomment and
   ## adjust the following line:
   #  RequestHeader set "x-webobjects-remote-user" "%{REMOTE_USER}e"
   AddDefaultCharset UTF-8
   Require all granted
</Proxy>

Alias /SOGo.woa/WebServerResources/ /usr/lib64/GNUstep/SOGo/WebServerResources/
Alias /SOGo/WebServerResources/ /usr/lib64/GNUstep/SOGo/WebServerResources/

<Directory /usr/lib64/GNUstep/SOGo/>
AllowOverride None
Require all granted
<IfModule expires_module>
  ExpiresActive On
  ExpiresDefault "access plus 1 year"
</IfModule>
</Directory>

</VirtualHost>

something notable in the sogod logs?
(Administration) Log viewer > /var/sogo/sogo.log

Temporarily enable EAS debug logging by editing/etc/sogo.conf
(at the end) uncomment SOGoEASDebugEnabled

  /* 80 Debug */
  //SOGoDebugRequests = YES;
  //SoDebugBaseURL = YES;
  //ImapDebugEnabled = YES;
  //LDAPDebugEnabled = YES;
  //PGDebugEnabled = YES;
  //MySQL4DebugEnabled = YES;
  //SOGoUIxDebugEnabled = YES;
  //WODontZipResponse = YES;
  SOGoEASDebugEnabled = YES;
  //WOLogFile = "/var/log/sogo/sogo.log";

(note this will be overwritten at nethserver-sogo-update event)

systemctl restart sogod

check if sogod is running and lets restart it:
(in web-gui) (Status) Services>sogod Restart
command line:

systemctl status sogod 
systemctl restart sogod && systemctl status sogod

Lets test if (apache) redirects are causing troubles:
are the activ-sync bits still missing if you “override” the redirect from /Microsoft-Server-ActiveSync to /SOGo/Microsoft-Server-ActiveSync by putting SOGo in the url?

curl -v -k --user <user>:'<pass>' -X OPTIONS https://<FQDN_myhostname>/SOGo/Microsoft-Server-ActiveSync


(Thorsten) #19

the complete section

/# Sogo ActiveSync is enabled

is missing within /etc/httpd/conf.d/zzz_SOGo.conf
I do add manually, how to i restart apache within centos? How can I repair?


(Mark Verlinde) #20

phoe here we have it! :grinning: you misspelled enabled (ensabled)

config setprop sogod ActiveSync enabled
signal-event nethserver-sogo-update
cat /etc/httpd/conf.d/zzz_SOGo.conf