Ajcody-Notes
This page holds a Table of Contents of all my pages but each main Subject is an actual link to another page.
I'm hoping this gives the best of both worlds. One long page with all topics as well as pages that contain details to a specific subject.
Done by way of putting something like this on this page:
{{:Ajcody-Apple-Mac-Issues}}
And on the target page:
===Actual Apple/Mac Issues Homepage=== Please see [[Ajcody-Apple-Mac-Issues]]
Enjoy, Adam
General Notes
Actual General Notes Homepage
Please see Ajcody-General-Notes
Zimbra Variables
Ways to check on different zimbra variables.
su - zimbra zmlocalconfig -i zmlocalconfig -d cd /opt/zimbra/conf/attrs more zimbra-attrs.xml cd /opt/zimbra/openldap/etc/openldap/schema/ more zimbra.schema
Made the following concerning zmlocalconfig's behavior:
- "RFE: zmlocalconfig sanity check and clean up of -i output"
Also, with newer versions of ZCS, you can get it via zmprov - for example:
#zmprov desc -a zimbraFreeBusyExchangeAuthScheme zimbraFreebusyExchangeAuthScheme auth scheme to use type : enum value : basic,form callback : immutable : false cardinality : single requiredIn : optionalIn : cos,domain,globalConfig,account flags : accountInherited,domainInherited defaults : min : max : id : 611 requiresRestart : since : 5.0.3 deprecatedSince :
Addition note, example, for those checking source : src/6.0.7/com/zimbra/cs/account/ProvUtil.java.html
Zimbra Contact Fields For CSV Import Mapping
Please see /opt/zimbra/conf/zimbra-contact-fields.xml
This will show you what "fields" Zimbra is looking for and mapping to in regards to importing from another applications contact csv files.
One easy way to do this is the following:
- From zimbra ajax client as a test user (or any old user) do an export Addressbook.
- This is under the preference tab > Address Book > Import / Export > Export - select Addressbook and click Export button
- Then open file file something like Excel or a Text Editor
- Your only interested in the Top line - that gives the default fields for a Zimbra Addressbook.
- You'll get something like this:
"company","companyPhone","email2","fileAs","firstName","homepageURL","imAddress3","lastName","otherIMLabel","workCity","workCountry","workEmail2","workEmail3","workEmail4","workEmail5","workPostalCode","workState","workStreet"
- Note, ordering [left to right] isn't important. What is important, is the data lines up under the right column header.
- With your other Mail system, export the addressbook to a csv file.
- Open this file in another Excel window.
- Copy the column data from the one Excel sheet and paste it into the appropriate column within the Zimbra Excel sheet.
- Move as much as you can and then save.
- For example:
"company","companyPhone","email2","fileAs","firstName","homepageURL","imAddress3","lastName","otherIMLabel","workCity","workCountry","workEmail2","workEmail3","workEmail4","workEmail5","workPostalCode","workState","workStreet" "Apple Computer Inc.","1-800-MY-APPLE","","3","","http://www.apple.com","","","","Cupertino","United States","","","","","95014","CA","1 Infinite Loop"
- Now you can try importing this csv file back into Zimbra.
- Either with the webclient or you can use some on the CLI commands
- See User_Migration for variations of CLI commands that could be used.
- Here's the documented example:
curl -u schemers:password --data-binary @/tmp/new.csv http://server/service/home/schemers/contacts?fmt=csv
Example Header For Horde Contacts
I have not used this myself, I found it on the forums.
"assistantPhone","birthday","callbackPhone","carPhone","company","companyPhone","email","email2","email3","firstName","fullName","homeCity","homeCountry","homeFax","homePhone","homePhone2","homePostalCode","homeState","homeStreet","homeURL","imAddress1","imAddress2","imAddress3","jobTitle","lastName","middleName","mobilePhone","notes","otherCity","otherCountry","otherFax","otherPhone","otherPostalCode","otherState","otherStreet","otherURL","pager","workCity","work"
I'm hoping the forum user simply renamed the top header column to match description fields that Zimbra knows and that it's in order of the data (left to right) that Horde normally exports in. You'll need to review it and make sure it fits with your exported data columns from Horde.
Admin With Curl And Wget
You will most likely need to include :7071 in the url string to get around the pop-up issue that you would get if you used the same string in a web browser, without :7071 you'll see a permission error when trying to see/get data from a users account via the admin account.
curl -u admin:pass https://hostname:7071/home/user/Contacts wget https://admin:pass@hostname:7071/home/user/Contacts
What's My Server Like
To dump out your server details, these commands are useful. Login to your zimbra server and as the zimbra user do:
zmprov gs `zmhostname` zmprov gacf zmlocalconfig zmdumpenv
Another good document to review for "odd performance" issues is the large server wiki.
http://wiki.zimbra.com/index.php?title=Performance_Tuning_Guidelines_for_Large_Deployments
Restarting Jetty - ZCS 5+
As zimbra
zmmailboxdctl restart
How Do I Find Out What Version Of Zimbra I'm Using
See:
Get Version From Ajax Client
In newer versions of ZWC, the Help > About will also state the ZCS server version being used.
For older version, put the below in the search field of the Ajax client and hit enter:
$set:get version
Also:
https://SERVERNAME/js/zimbraMail/share/model/ZmSettings.js
Search for the CLIENT_VERSION line.
Other Ways To Get Version Of Server
See this forum post:
What's Compiled With Postfix
Moved to What's_Complies_With_Zimbra's_Postfix
REST Information
Resources to review
- Rest Overview
- For queries:
- Working Examples
Format to get around permission denied on multi-domain hosting servers
If you getting permission denied rather than resource not found...try this format example:
http://MAILSTOREofUSER.DOMAIN.com/zimbra/user/FIRST.LAST@USERS_DOMAIN.com/inbox.zip
or
http://MAILSTOREofUSER.DOMAIN.com/zimbra/user/USERNAME@USERS_DOMAIN.com/inbox.zip
I but both in case one issue is where the username has special characters, like the period.
Server Source Doc's
Please see:
http://svn.sourceforge.net/viewvc/zimbra/trunk/ZimbraServer/docs/
Logging
Actual Logging Homepage
Please see Ajcody-Logging
Server
RFE's Related To Better Logging And Historical Data Of Systems
See : Ajcody-Testing-Debugging#RFE.27s_Related_To_Better_Logging_And_Historical_Data_Of_Systems
Debugging
See : Ajcody-Testing-Debugging for more complete debugging information.
When Was A ZCS Service Enabled Or Disabled
See : Ajcody-Notes-Archive-Discovery#When_Was_A_ZCS_Service_Enabled_Or_Disabled
Syslog Items
Single Server Setup
/etc/syslog.conf should have lines similiar to:
[towards bottom of conf file] local0.* -/var/log/zimbra.log auth.* -/var/log/zimbra.log mail.* -/var/log/zimbra.log
Make sure syslog allows messages from log4j to be written, log4j doesn't do unix pipes. Specifically, it uses internet domain sockets (514/upd) instead of unix domain sockets (/dev/log). On a single server setup, this means log4j talking to localhost via 514/udp. Again, /dev/log is never used by log4j (AFAIK, this could change in the future). Adding the "-r" applies for the centralized syslog server as usual, but it also applies for the case where you want log4j data to be logged via syslog locally [single server setup]:
[root@zimbra sysconfig]# diff -u /etc/sysconfig/syslog.ORIG /etc/sysconfig/syslog --- /etc/sysconfig/syslog.ORIG 2008-03-25 09:14:28.000000000 -0400 +++ /etc/sysconfig/syslog 2009-06-09 16:01:13.000000000 -0400 @@ -3,7 +3,7 @@ # -r enables logging from remote machines # -x disables DNS lookups on messages recieved with -r # See syslogd(8) for more details -SYSLOGD_OPTIONS="-m 0" +SYSLOGD_OPTIONS="-r -m 0" # Options to klogd # -2 prints all kernel oops messages twice; once for klogd to decode, and # once for processing with 'ksymoops'
Restart syslog:
/etc/init.d/syslog restart
Setup ZCS to be aware of syslog [we'll restart Zimbra later once all the changes are done]:
zmprov mcf zimbraLogToSyslog TRUE
This will set the appropriate ldap values (after a zimbra restart) to make log4j.properties be written correctly:
/opt/zimbra/conf/log4j.properties will now show some modifications, for example:
[snips - DON'T cut cut/paste this info below for your server] #log4j.rootLogger=INFO,LOGFILE log4j.rootLogger=INFO,LOGFILE,SYSLOG ... # Syslog appender log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender log4j.appender.SYSLOG.SyslogHost=localhost log4j.appender.SYSLOG.Facility=LOCAL0 log4j.appender.SYSLOG.layout=com.zimbra.common.util.ZimbraPatternLayout log4j.appender.SYSLOG.layout.ConversionPattern=mailboxd: %-5p [%t] [%z] %c{1} - %m
This will actually cause very little to goto syslog though, it's a very minimalist setup. Now adjust /opt/zimbra/conf/log4j.properties.in to log more items to syslog.
Note: You may or may not want all these things going to syslog and you may be able to send more/other things to syslog as well. I've not spend lots of time with log4j and I'm not familiar enough with all the code to know which pieces are using which logger/settings.
WARNING: the AUDIT logs may have sensitive data so be careful to protect the logs so that sensitive data is not leaked accidentally.
[zimbra@zimbra conf]$ diff -u log4j.properties.in.ORIG log4j.properties.in --- log4j.properties.in.ORIG 2009-06-05 15:31:20.000000000 -0400 +++ log4j.properties.in 2009-06-09 15:54:07.000000000 -0400 @@ -35,7 +35,7 @@ # Save zimbra.security to AUDIT appender log4j.additivity.zimbra.security=false -log4j.logger.zimbra.security=INFO,AUDIT +log4j.logger.zimbra.security=INFO,AUDIT,SYSLOG # Syslog appender log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender @@ -88,7 +88,7 @@ log4j.additivity.zimbra.wbxml=false log4j.logger.zimbra.wbxml=DEBUG,WBXML -log4j.logger.zimbra=INFO +log4j.logger.zimbra=INFO,SYSLOG log4j.logger.zimbra.op=WARN -log4j.logger.com.zimbra=INFO +log4j.logger.com.zimbra=INFO,SYSLOG
At this point, you can restart zimbra for all the changes to be in effect:
zmcontrol stop ; zmcontrol start
Centralized Syslog Server
Please see:
This will show you how to setup a syslog server and then to configure the "clients" to log to the local filesystem as well as the syslog server.
You'll need to then take into account the information in Ajcody-Logging#Single_Server_Setup to handle the "Zimbra" part as well as dealing with log4j.
Centralized Log Server Project Ideas
Problems:
- Logs are to large to manage on each server.
- Want to build a central logging server for all logging events.
- The syslog events are very minimal with Zimbra (/var/log/zimbra.log). Most of the logging is control by Log4j (tomcat/jetty). Output from log4j generally goes into the /opt/zimbra/log/ directory. There's some conf files in /opt/zimbra/conf/log4j.properties* for log4j. You can adjust this file to also output into the syslog environment but syslog has very limited choices for "facility". See Ajcody-Logging#Single_Server_Setup and Log4j & Syslog facility for details. You'll end up getting huge files and god knows how many log events per second if you adjusted log4j to dump all zimbra logging into syslog control.
General Thought On This:
Use syslog-ng with mysql for the central log server. Add on php-syslog-ng for comfort.
Leave the log4j stuff alone and configure syslog-ng to monitor the actual log files as they are generated by log4j in /opt/zimbra/log/* .
Then decrease the log sizes and archiving done on the local servers, i.e. zimbraLogRawLifetime & zimbraLogSummaryLifetime .
References:
- Syslog-ng Homepage
- "O'Reilly - Building Secure Servers With Linux - Chapter On Syslog-ng"
- http://eduunix.ccut.edu.cn/index2/html/linux/O'Reilly%20-%20Building.Secure%20Servers%20with%20Linux/bssrvrlnx-CHP-10-SECT-2.html
- Most notably, the section on "sources"
- Php-syslog-ng
- http://code.google.com/p/php-syslog-ng/
- How-To Setup and Install Syslog-ng, mysql, and php-syslog-ng
Log Rotation and Removal
Logs In /opt/zimbra/log Directory
Please look at the output of your crontab - AS ZIMBRA, look for the "Log pruning" line.
crontab -l
And also the config files for logrotate:
/etc/logrotate.conf
/etc/logrotate.d/zimbra
Example From 5.0.11 - Complete ZCS Install Single Server
crontab for zimbra:
# Log pruning # 30 2 * * * find /opt/zimbra/log/ -type f -name \*.log\* -mtime +8 -exec rm {} \; > /dev/null 2>&1 35 2 * * * find /opt/zimbra/log/ -type f -name \*.out.???????????? -mtime +8 -exec rm {} \; > /dev/null 2>&1 # Log pruning # 30 2 * * * find /opt/zimbra/mailboxd/logs/ -type f -name \*log\* -mtime +8 -exec rm {} \; > /dev/null 2>&1
And the logrotate files:
$ cat /etc/logrotate.conf # see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed #compress # RPM packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp -- we'll rotate them here /var/log/wtmp { monthly minsize 1M create 0664 root utmp rotate 1 } # system-specific logs may be also be configured here.
And also:
$ cat /etc/logrotate.d/zimbra /var/log/zimbra.log { daily missingok notifempty create 0644 zimbra zimbra postrotate killall -HUP syslogd 2> /dev/null || true kill -HUP `cat /opt/zimbra/log/swatch.pid 2> /dev/null` 2> /dev/null || true kill -HUP `cat /opt/zimbra/log/logswatch.pid 2> /dev/null` 2> /dev/null || true endscript compress } /opt/zimbra/log/myslow.log { daily missingok copytruncate rotate 30 notifempty create 0644 zimbra zimbra compress } /opt/zimbra/log/logger_myslow.log { daily missingok copytruncate notifempty create 0660 zimbra zimbra compress size 5000k rotate 7 } /opt/zimbra/log/clamd.log { daily missingok copytruncate notifempty create 0660 zimbra zimbra postrotate kill -HUP `cat /opt/zimbra/log/clamd.pid 2> /dev/null` 2> /dev/null || true endscript compress size 5000k rotate 7 } /opt/zimbra/log/zmlogswatch.out { daily missingok copytruncate notifempty create 0740 zimbra zimbra postrotate su - zimbra -c "/opt/zimbra/bin/zmlogswatchctl stop" su - zimbra -c "/opt/zimbra/bin/zmlogswatchctl start" endscript rotate 5 compress } /opt/zimbra/log/zmswatch.out { daily missingok copytruncate notifempty create 0740 zimbra zimbra postrotate su - zimbra -c "/opt/zimbra/bin/zmswatchctl stop" su - zimbra -c "/opt/zimbra/bin/zmswatchctl start" endscript rotate 5 compress } /opt/zimbra/log/zmmtaconfig.log { daily missingok copytruncate notifempty create 0740 zimbra zimbra postrotate su - zimbra -c "/opt/zimbra/bin/zmmtaconfigctl restart" endscript rotate 5 compress } /opt/zimbra/log/nginx.log { daily missingok notifempty create 0644 zimbra zimbra postrotate kill -USR1 `cat /opt/zimbra/log/nginx.pid 2> /dev/null` 2> /dev/null || true endscript rotate 7 compress } /opt/zimbra/log/zmconvertd.log { daily missingok copytruncate notifempty create 0644 zimbra zimbra rotate 7 } /opt/zimbra/zmstat/zmstat.out { daily missingok copytruncate rotate 7 notifempty compress }
Openldap Logs - In /opt/zimbra/openldap-data/
Ldap logs files in /opt/zimbra/openldap-data/ and in /opt/zimbra/data/ldap/* subdirectories [ZCS 6+] that are like log.0000000001 , log.0000000002 , etc.
This logpurge is controlled by:
$ cd /opt/zimbra/openldap/etc/openldap/ [zimbra@mail3 openldap]$ grep logpurge * master-accesslog-overlay.conf:logpurge 07+00:00 01+00:00
Logpurge Directive Description
From Accesslog Chapter
logpurge Directive
logpurge age interval
Defines both the maximum age for log entries to be retained in the database and how often to scan the database for old entries. Bothage and interval are specified as a time span in days, hours, minutes, and seconds. The time format is [ddd+]hh:mm[:ss], for example, the days and seconds components are optional but hours and minutes are required. Except for days, which can be up to 5 digits, each numeric field must be exactly two digits. Example:
- the log database will be scanned every day
- entries older than two days will be deleted.
logpurge 2+00:00 1+00:00
When using a log database that supports ordered indexing on generalizedTime attributes, specifying an eq index on the reqStart attribute will increase the performance of purge operations.
What's up with all the logs?
Other Logging Page Resources
http://www.zimbra.com/docs/ne/latest/administration_guide/9_Monitoring.14.1.html
http://wiki.zimbra.com/index.php?title=Server_Monitoring
http://wiki.zimbra.com/index.php?title=Log_Files
http://wiki.zimbra.com/index.php?title=Unresponsive_Server_Troubleshooting
The Bread And Butter Logs
/opt/zimbra/log/mailbox.log - where most of your mailbox store activity is logged
- This log is the mailboxd log4j server log containing the logs from the mailbox server. This includes activity from the mailbox store, LMTP server, IMAP and POP servers, and Index server.
- Location: /opt/zimbra/log/mailbox.log
- This log is the mailboxd log4j server log containing the logs from the mailbox server. This includes activity from the mailbox store, LMTP server, IMAP and POP servers, and Index server.
/opt/zimbra/log/zmmailboxd.out - mailboxd/jvm output log
- Mailstore not coming up and nothing is being logged in mailbox.log, check here for errors.
- Location: /opt/zimbra/log/zmmailboxd.out
- Mailstore not coming up and nothing is being logged in mailbox.log, check here for errors.
/opt/zimbra/log/stacktrace.<pid> - stacktrace logs
- stacktraces related to mailboxd
- Location: /opt/zimbra/log/stacktrace.<pid>
- stacktraces related to mailboxd
/opt/zimbra/db/data/YOURHOSTNAME.err - errors for MySQL - ZCS 4.x & ZCS 5.x
- This is the message store database error log.
- Location: /opt/zimbra/db/data/YOURHOSTNAME.err
- This is the message store database error log.
/var/log/zimbra.log - mta and system status log, postfix, amavisd
- The Zimbra syslog details the activities of the Zimbra MTA (Postfix, amavisd, antispam, antivirus), Logger, Authentication (cyrus-sasl), and Directory (OpenLDAP). By default LDAP activity is logged to Zimbra.log.
- Location: /var/log/zimbra.log
- The Zimbra syslog details the activities of the Zimbra MTA (Postfix, amavisd, antispam, antivirus), Logger, Authentication (cyrus-sasl), and Directory (OpenLDAP). By default LDAP activity is logged to Zimbra.log.
- Probably has mta logging events [which also show in /var/log/zimbra.log] and also log events related to your OS
- Location: /var/log/messages
- Probably has mta logging events [which also show in /var/log/zimbra.log] and also log events related to your OS
/opt/zimbra/log/mysql_error.log - problems with MySQL
- If there is data corruption or another problem causing direct mysql errors, events will be logged here.
- /opt/zimbra/log/mysql_error.log
- If there is data corruption or another problem causing direct mysql errors, events will be logged here.
/opt/zimbra/log/myslow.log - slow db/MySQL queries
- If certain search requests are taking longer to complete than others, they will be logged here.
- /opt/zimbra/log/myslow.log
- If certain search requests are taking longer to complete than others, they will be logged here.
Other Logs
/opt/zimbra/log/audit.log - authentication events
- A log of all admin actions taken as well as logins to the server.
- /opt/zimbra/log/audit.log
- A log of all admin actions taken as well as logins to the server.
- Want to see all uses of the "View Mail" button from the admin console? Will have the IP address, User Agent of the browser, user that the admin is logged in as, and the account that they are viewing.
grep DelegateAuth /opt/zimbra/log/audit.log
/opt/zimbra/log/clamd.log - antivrius db
- Status and checks for clamav
- /opt/zimbra/log/clamd.log
- Status and checks for clamav
- If your clamav db is out of date, you'll see a log event here like this:
- LibClamAV Warning: **************************************************
- LibClamAV Warning: *** The virus database is older than 7 days! ***
- LibClamAV Warning: *** Please update it as soon as possible. ***
- LibClamAV Warning: **************************************************
/opt/zimbra/log/convertd.log - attachment conversion
- If your having problems with your attachments and the ability to view them in ZWC, check here for errors.
- /opt/zimbra/log/convertd.log
- If your having problems with your attachments and the ability to view them in ZWC, check here for errors.
/opt/zimbra/log/freshclam.log - clam antivirus updates
- Shows the actual attempt to update the clamav updates.
- /opt/zimbra/log/freshclam.log
- Shows the actual attempt to update the clamav updates.
/opt/zimbra/log/spamtrain.log - spam/ham training details
- Spam/Ham training details are logged here. Errors are also logged here related to this service.
- From a default single ZCS configurations crontab [zimbra]:
- # Spam training
- #:
- 0 :23 * * * /opt/zimbra/bin/zmtrainsa >> /opt/zimbra/log/spamtrain.log 2>&1
- #
- # Spam training cleanup
- #
- 45 23 * * * /opt/zimbra/bin/zmtrainsa --cleanup >> /opt/zimbra/log/spamtrain.log 2>&1
/opt/zimbra/log/sync.log - zimbra mobile and activesync
- Your mobile devices will basically log here.
- /opt/zimbra/log/sync.log
- Your mobile devices will basically log here.
/opt/zimbra/log/synctrace.log - zimbra mobile and activesync
- Still looking for description that describes difference with sync.log
- /opt/zimbra/log/synctrace.log
- Still looking for description that describes difference with sync.log
/opt/zimbra/log/syncstate.log - no description found
- No description found.
- /opt/zimbra/log/syncstate.log
- No description found.
/opt/zimbra/log/wbxml.log - no description found
- No description found.
- /opt/zimbra/log/wbxml.log
- No description found.
/opt/zimbra/log/zmlogswatch.out -
/opt/zimbra/log/zmmtaconfig.log -
/opt/zimbra/log/zmmyinit.log -
/opt/zimbra/log/zmsetup.`date`-'pid'.log -
/tmp/install.log -
After install, gets moved to : /opt/zimbra/.install/
/tmp/zmsetup.log -
After install, gets moved to : /opt/zimbra/log/zmsetup.log.[some numbers]
/opt/zimbra/httpd_access.log -
/opt/zimbra/httpd_error.log -
New Data Directory In ZCS6+
In ZCS 6+ , there's a directory to organize 'data' from our various components.
[root@mail3 data]# pwd /opt/zimbra/data [root@mail3 data]# ls -F altermime/ amavisd/ clamav/ dspam/ ldap/ postfix/ tmp/
This information could prove useful as well with trouble-shooting and debugging problems.
Increase Logging
Increase Logging Per User
Depending on the ZCS version the below will clear all the per account loggers on zimbra reboot. IMAP is used for these examples.
- addAccoutLogger
zmprov aal user@domain.com zimbra.imap debug
- removeAccountLogger
zmprov ral user@domain.com zimbra.imap
Example usuage:
zmprov aal user@domain.com zimbra.soap debug
And tail the log file, while attempting to login to the AJAX client.:
tail -f /opt/zimbra/log/mailbox.log
See Ajcody-Logging#Log4J_Variables for variables that can be used.
To See What Accounts Have Extended Logging Enabled
There's the gaal option for zmprov . It list the accounts on a per mailstore basis :
getAllAccountLoggers(gaal) [-s/--server hostname]
[zimbra@zcs806 ~]$ zmprov gaal `zmhostname` # name test01@zcs806.domain.com zimbra.imap=debug
Bugs And RFE's
I filed the following RFE:
- "Allow "secondary" logging file for zmprov addAccountLogger"
Increase Logging Per Server
If you want to do it globally edit this file:
vi /opt/zimbra/conf/log4j.properties
Add a line at the end that's similar to something like this: log4j.logger.zimbra.imap=DEBUG.
No restart of any service is needed, BUT if something happens that causes a regeneration of the log4j.properties file then your changes will be overwritten. A regeneration of this file takes the contents of /opt/zimbra/conf/log4.properties.in .
To permanently make a change, modify the /opt/zimbra/conf/log4.properties.in file, then a restart would be necessary.
$ zmcontrol stop $ zmcontrol start
or you could run this on the server:
$ zmmtaconfig mailboxd
Wait for a minute for the server to pick up your change.
See Ajcody-Logging#Log4J_Variables for variables that can be used.
Log4J Variables
An Official page has been made for this topic now per my RFE request, bug 41894
Please see:
OpenLDAP Logging Levels
Please see King0770-Notes-Change-LDAP-Log-Levels
Want To See What's In Redolog Files
If you suspect there's too much redolog activity during a time window or have another need to inspect the contents of the redolog, dump it and examine it:
$ zmjava com.zimbra.cs.redolog.util.RedoLogVerify /opt/zimbra/redolog/redo.log > out.file
Pick the right redolog file, either redo.log or one of the files under archive/, based on timestamp.
See Ajcody-Backup-Restore-Issues#Redolog_Files for more details.
Internal Zimbra Charting - zmstat-chart
RFE/Bugs You Might Be Interested In
- "support for real time counters (snmp, jmx, etc)"
- "zmstat - expand documentation"
- "zmstat-chart - graphing besides just one day"
- "zmstat - integrate webpage setup and allow configuration of chart run"
- "zmstat - should have some trending data on ALL client connections (web/soap)"
zmstat IS NOT Logger (graphs in admin console)
Please note, zmstat is different than the processes and graphs involved with Logger. Logger is behind the graphs that show up in the admin web console.
Please see Logger for details and trouble-shooting steps with Logger.
Rick has some other steps for King0770-Notes#Reinitialize_the_Logger_DB
Main References For zmstat-chart Command
Please see the following:
zmstat-chart CLI Administration Guide
zmstat-chart-config CLI Administration Guide
zmstatctl CLI Administration Guide
Monitoring Administration Guide
JFreeChart is the project/binary behind the charting tool. You'll find the jar files here [ZCS 5.0.9 example]:
- /opt/zimbra/lib/jars/jfreechart-1.0.1.jar
- /opt/zimbra/jetty-6.1.5/common/lib/jfreechart-1.0.1.jar
Issues Being Investigated With zmstat And Other "Charting" Items
I currently have an internal thread going with the dev's about some issues with zmstat and also with attempts of getting the active sessions data from the admin web console to be seen in trends.
I'll just be dumping my notes here and then cleaning them up once I'm done with the internal conversation.
- Question: (mailboxd: active connections by client protocol) What exactly is this tracking? I'm on a test box with no connections and it has the different threads in the 100's/1000's. Customer was hoping (as was I) that this would be giving data much like is shown in the admin console about user connections. Also, there doesn't seem to be a comparable "active connections" for the web client (soap)?
- Answer: For the connections issue, it's the number of clients that are currently connected. There's no analog for SOAP because SOAP doesn't have persistent connections. We may be able to log stats for number of SOAP sessions, but that would include noise for cases where the user closes the browser window and the session hasn't timed out yet. If you think this is useful, please file an RFE.
- Question: (graph time plot) If I run zmstat-chart with the --aggregate-start-at option with something like "08/07/2008 01:00:00" I notice that the graphs don't actually reference "days" at the bottom but still use what looks to be "hours". Is this a bug where the bottom reference of the graph doesn't get adjusted or is the syntax to run zmstat-chart to do this more tricky that I think.
- Answer: zmstat-chart doesn't support multi-day ranges, it really only supports a single directory with a single day of charts, the aggregate options are for specifying ranges at which to calculate the max(col)/min(col)/avg(col) values. Our usual practice is to generate one set of charts for each day we want to look at; I think it gives us a better look at when peaks occur and how they compare day-to-day (it's much easier to look at them in an overlay fashion).
- Answer: Seems like a reasonable request to be able to generate charts for multiple days. Please file an RFE if you think this would be useful.
- Question: How reliable are these numbers are in admin console....
- Answer: I imagine they should be quite reliable; but HTTP (Web) is stateless, so you can't really determine whether a session is really active or not. I believe multiple sessions appearing for a single user would be the result of reloading or closing and then reopening the browser to log in again.
- Perhaps it is best to ask the users in question what their usage is like? Is there any concern over the high number of sessions? I don't think it should affect server performance.
- Answer: I imagine they should be quite reliable; but HTTP (Web) is stateless, so you can't really determine whether a session is really active or not. I believe multiple sessions appearing for a single user would be the result of reloading or closing and then reopening the browser to log in again.
- Question: Could you please explain the following:
- Mailboxd Mailbox Add Rate (Delivery Rate)
- Answer: The rate at which messages are being added to the mailbox server, e.g. 1 message being delivered per second is... 1 m/s
- Mailboxd Mailbox Add Latency (Delivery Speed)
- Answer: How long it takes on average to add a message to a mailbox (averaged over the period of a minute)
- Mailboxd Active Connections by Client Protocol- This one does NOT give us counts for web client. Host zcs2.mail.XXXX.xxx: Mailboxd: Active Connections by Client Protocol avg(IMAP) = 169.86 avg(IMAP SSL) = 0.00 avg(POP) = 0.21 avg(POP SSL) = 0.00
- Answer: It doesn't give counts for web client because the web client does not have persistent connections (being HTTP-based). SOAP requests (used by the Web client) use transient connections that often close after they are used; i.e. if you took the number of "SOAP" connections and compared it to the number of "active" sessions, it'd likely be something like 0-1% of the latter figure.
- Mailboxd Mailbox Get Count
- Answer: The number of mailboxes that got opened in the last minute (I don't recall if this counting cache hits or not?)
- Mailboxd Mailbox Get Latency
- Answer: How long it takes to open a mailbox, on average (over a minute)
- Also, we don't get stats for any of the soap parameters:
- SOAP Invocation Count Summary (Top 10 max)
- SOAP Average Call Duration AuthRequest
- Answer: I don't know why this could be; perhaps zmstat-chart-config.xml needs to be regenerated, is /opt/zimbra/zmstat/soap.csv available and does it contain data?
- Mailboxd Mailbox Add Rate (Delivery Rate)
Running zmstat-chart
Confirm it's running:
zmprov gs [mailserver hostname] | grep -i stats zimbraServiceEnabled: stats zimbraServiceinstalled: stats
Default location of stat files is:
/opt/zimbra/zmstat/
Example command to run:
mkdir /tmp/stats zmstat-chart -s /opt/zimbra/zmstat -d /tmp/stats/
Like To Have zmstat-chart Data Integrated With Zimbra
I've made an RFE for this integration:
- "zmstat - integrate webpage setup and allow configuration of chart run"
With Zimbra Jetty
- Note:
- The default Jetty behavior will NOT display directory listing. You'll need a valid html type file in the directory target.
- I would recommend the apache solution over this one as you can avoid hitting performance issues this might cause.
Dump some graphing directories in there:
zmstat-chart -s /opt/zimbra/zmstat -d /opt/zimbra/jetty/webapps/zimbra/downloads/zmstat-chart/`date +%F-%H-%M`
You'll see there's the directory and when you go into it - there's your charts.
You can now place this command in your crontab to run on a schedule basis.
Things you'll want to check before deploying:
- Place charting directory in a location where space is available and will not create a risk to the mail services if it's full.
- Look at the zmstat-chart options to see what other parameters you want to use - especially if it's going in your crontab.
- Make sure your following and security guidelines for your environment.
You'll be able to view the data with the following url:
http://hostname/zimbra/downloads/zmstat-chart/
With Zimbra Apache Or Non-Zimbra Server With Apache
Before You Proceed
Things to check or confirm first before deploying:
- Place your directory root [/opt/zimbra/support in this example] in a location where space is available and will not create a risk to the mail services if it's full.
- If you'll be using NFS to have a centralized storage point:
- Your NFS mount point on the Zimbra servers would be /opt/zimbra/support in this example.
- You'll be exporting /opt/zimbra/support in this example from the NFS server.
- If this is a non-zimbra server, copy the zimbra entry from a zimbra server's /etc/passwd and /etc/group into the non-zimbra servers passwd and group file. This way, if NFS is also used the UID/GID matches.
- Apache Directory variable will be /opt/zimbra/support/data in this example.
- Apache .htpasswd location will be /opt/zimbra/support/.htpasswd in this example, putting it above of the apache Directory variable.
- Make sure your following the security guidelines for your environment.
- Look at the zmstat-chart options to see what other parameters you want to use - especially if it's going in your crontab.
Directory Layout
As root:
mdir -p /opt/zimbra/support/data cd /opt/zimbra/support/data for i in `/opt/zimbra/bin/zmprov gas` do mkdir $i done
If your not on a ZCS server, you'll be manually creating directories named after the output of zmhostname from each of your ZCS servers.
Now, create subdirectory paths under each zmhsotname directory.
cd /opt/zimbra/support/data/ for i in `ls` do mkdir $i/debug $i/logs $i/zmstat $i/tops done
Set permissions on the directories we made:
chown -R zimbra:zimbra /opt/zimbra/support chmod -R 755 /opt/zimbra/support
With this structure and with NFS setup, you'll have a common repository that will have a standard path to use on a per server basis. Example :
script-command -PathOption /opt/zimbra/support/data/`zmhostname`/TYPE_OF_DATA/`date +%F-%H-%M`
Apache Configuration
Let's configure apache to show this directory.
- For ZCS Apache Setup:
vi /opt/zimbra/conf/httpd.conf ** Towards the end, add the following** # Include zmstat-chart directory Include /opt/zimbra/httpd/conf/extra/zimbra-support.conf
- Non-ZCS Server With Apache. Check that there's an existing Include directive that will see our zimbra-support.conf:
vi /etc/httpd/conf/httpd.conf ** Look for something that will allow the following** ** /etc/httpd/conf.d/zimbra-support.conf to be used** ** Your distro might differ on apache paths as well** ** as Include statement for other conf files** Include conf.d/*.conf
Let's now make the apache conf file for zimbra-support.conf
- For ZCS Apache Setup:
vi /opt/zimbra/httpd/conf/extra/zimbra-support.conf Alias /support "/opt/zimbra/support/data" <Directory "/opt/zimbra/support/data"> AuthName "Secure Area For Zimbra Support" AuthType Basic AuthUserFile /opt/zimbra/support/.htpasswd require valid-user Options Indexes IndexOptions FancyIndexing VersionSort AllowOverride None Order allow,deny Allow from all </Directory>
- Non-ZCS Server With Apache:
vi /etc/httpd/conf.d/zimbra-support.conf Alias /support "/opt/zimbra/support/data" <Directory "/opt/zimbra/support/data"> AuthName "Secure Area For Zimbra Support" AuthType Basic AuthUserFile /opt/zimbra/support/.htpasswd require valid-user Options Indexes IndexOptions FancyIndexing VersionSort AllowOverride None Order allow,deny Allow from all </Directory>
Make sure permissions are set correctly on zimbra-support.conf so apache will use it.
Now let's setup a username and password to use with the .htpasswd file.
cd /opt/zimbra/support/ htpasswd -c .htpasswd zimbrasupport chmod 644 .htpasswd
Restart apache so the changes take effect:
- For ZCS Apache Setup:
zmapachectl stop zmapachectl start
- Non-ZCS Server With Apache:
httpd restart
Now, let's dump some graphing directories in there:
zmstat-chart -s /opt/zimbra/zmstat -d /opt/zimbra/support/data/`zmhostname`/zmstat/`date +%F-%H-%M`
To now view the charts. Adjust, SERVERHOSTNAME, for your servername.
- For ZCS Apache Setup:
http://servername:7780/support/data/SERVERHOSTNAME/zmstat
- Non-ZCS Server With Apache:
http://servername/support/data/SERVERHOSTNAME/zmstat
You'll see there's the directory and when you go into it - there's your charts.
You can now place this command in your crontab to run on a schedule basis.
Tweaking zmstat-chart
zmstat-chart also has the option to use a configuration file. The default configuration file is:
/opt/zimbra/conf/zmstat-chart.xml
Copy this to another location and edit away. Then add the -c /location/to/config/file to use your new configuration.
Default Items Charted
Here's a list of the default items that will be charted with zmstat-chart:
- Postfix Queue Size
- convertd CPU time used
- convertd Resident Memory
- convertd Processes and Threads
- Total CPU
- Process CPU
- Process Total Memory
- Process Resident Memory
- Virtual Memory
- Context Switches
- Run/Blocked Process Queue Size
- Disk Partition Throughput
- Disk Utilization
- Disk Throughput
- Disk IOPs
- Swap Activity
- Total file descriptors open
- SOAP Invocation Count Summary (Top 10 max)
- SOAP Average Call Duration Summary (Top 10 avg)
- SOAP Invocation Count GetServerRequest
- SOAP Invocation Count BackupRequest
- SOAP Invocation Count GetAllConfigRequest
- SOAP Invocation Count GetDomainRequest
- SOAP Invocation Count GetAllDomainsRequest
- SOAP Invocation Count AuthRequest
- SOAP Average Call Duration GetServerRequest
- SOAP Average Call Duration BackupRequest
- SOAP Average Call Duration GetAllConfigRequest
- SOAP Average Call Duration GetDomainRequest
- SOAP Average Call Duration GetAllDomainsRequest
- SOAP Average Call Duration AuthRequest
- MySQL Database Connections
- MySQL InnoDB Buffer Pool Pages
- MySQL InnoDB Buffer Pool Hit Rate
- MySQL Tables Open/Opened
- MySQL Total Slow Queries Count
- Mailboxd Connection Pool Get Latency
- Mailboxd Dirty Lucene Index Writers
- Mailboxd Lucene IndexWriterCache Hitrate
- Mailboxd Lucene IO
- Mailboxd LMTP Delivery Throughput
- Mailboxd LMTP Delivery Rate
- Mailboxd Mailbox Add Rate (Delivery Rate)
- Mailboxd Mailbox Add Latency (Delivery Speed)
- Mailboxd Request Rate by Client Protocol
- Mailboxd Response Time by Client Protocol
- Mailboxd Active Connections by Client Protocol
- Mailboxd Mailbox Get Count
- Mailboxd Mailbox Get Latency
- Mailboxd Mailbox Cache Hit Rate
- Mailboxd Mailbox Item/Blob Cache Hit Rate
- Mailboxd Garbage Collection Time
- Mailboxd Garbage Collection Count
- Mailboxd JVM Heap Used
- Mailboxd JVM Heap Free
- Mailboxd JVM Permanent Generation and Code Cache
Moved to Getting_All_Users_Quota_Data
Moved to Getting_All_Users_Quota_Data
Third Party Tools (Monitoring & Logging)
FYI - Support For Real Time Counters (snmp,etc.)
This is for those that need to go beyond what zmstat-chart is doing or need to intergrate within a third party monitoring systems.
Please see RFE:
- "Support for real time counters (snmp, jmx, etc)"
Currently, this RFE has only resolved support for JMX, not SNMP. Customers who need SNMP can use a product like jManage to do the translation from JMX to SNMP.
SNMP And Zimbra
SNMP Related Bugs And RFEs
Please read the following below as they'll have little bits of information that you might need for your customizations / external setup for snmp use against Zimbra. :
- "support for real time counters (snmp, jmx, etc)"
- "zimbra snmp is broken"
- "snmp disk checks report incorrect usage."
- "replace zmdisklog / zimbra-snmp integration"
SNMP Setup On Zimbra To Notify A Remote Host
Our SNMP support is pretty basic; currently, we only send traps when a service (mta, mailbox, ldap) changes state (stop/start).
First, you'll need net-snmp package install on the zimbra host for the notifications to be sent to a remote host.
- When you install the net-snmp package, it creates /etc/snmp/snmpd.conf. This file needs to be edited with the correct community string to allow for snmp mibs to be read from remote machines The default value is "public" with the net-snmp package.
- /opt/zimbra/conf/swatchrc.in is set to use [ perlcode 0 my $snmpargs="-v 2c -c zimbra localhost "; ] for the community string. Adjust this if needed for your corporate snmp environment.
- Your security policy for your company might require you to review the other options there as well - i.e. limit to read-only.
- Also, if there is a firewall between the zimbra server and the snmp server host you'll need to open up port 161/UDP.
- When you install the net-snmp package, it creates /etc/snmp/snmpd.conf. This file needs to be edited with the correct community string to allow for snmp mibs to be read from remote machines The default value is "public" with the net-snmp package.
Then your zimbra host with the zimbra snmp service installed, do the following for a basic default setup:
zmlocalconfig -e snmp_notify=1 zmlocalconfig -e snmp_trap_host=your.host.name
/opt/zimbra/libexec/zmsnmpinit
zmswatchctl stop zmswatchctl start
We watch for something matching /err: Service status change/ and send the trap with:
/opt/zimbra/snmp/bin/snmptrap
See other topics below for customizations that might be needed for your snmp environment.
Other reference for Zimbra and SNMP:
Files To Review For SNMP
Look at the contents of the following files:
- /opt/zimbra/libexec/zmsnmpinit
- /opt/zimbra/conf/swatchrc.in
- zmsnmpinit reads swatchrc.in and writes out the file swatchrc for the running configuration
- /opt/zimbra/conf/swatchrc
- /opt/zimbra/snmp/share/snmp/snmpd.conf.in which is the SOURCE file to
- /opt/zimbra/conf/snmpd.conf [see /opt/zimbra/libexec/zmsnmpinit ]
- The two above are used by zmsnmpinit to generate the /opt/zimbra/conf/swatchrc
- /opt/zimbra/conf/snmpd.conf [see /opt/zimbra/libexec/zmsnmpinit ]
- /opt/zimbra/conf/swatchrc.in
- /opt/zimbra/net-snmp/share/snmp/mibs/zimbra.mib
- /opt/zimbra/net-snmp/share/snmp/mibs/zimbra_traps.mib
- /opt/zimbra/log/zmswatch.out
- Monitor this to see the services when they go up and down successfully send out the email notification for your snmp configuration
Zimbra MIBS
You'll find zimbra.mib and zimbra_traps.mib in the following directory. This listing is mine under 5.0.19 :
[root@mail3 ~]# cd /opt/zimbra/net-snmp/share/snmp/mibs/ [root@mail3 mibs]# ls AGENTX-MIB.txt IPV6-TC.txt SNMP-USER-BASED-SM-MIB.txt DISMAN-EVENT-MIB.txt IPV6-UDP-MIB.txt SNMP-USM-AES-MIB.txt DISMAN-SCHEDULE-MIB.txt NET-SNMP-AGENT-MIB.txt SNMP-USM-DH-OBJECTS-MIB.txt DISMAN-SCRIPT-MIB.txt NET-SNMP-EXAMPLES-MIB.txt SNMPv2-CONF.txt EtherLike-MIB.txt NET-SNMP-EXTEND-MIB.txt SNMPv2-MIB.txt HCNUM-TC.txt NET-SNMP-MIB.txt SNMPv2-SMI.txt HOST-RESOURCES-MIB.txt NET-SNMP-TC.txt SNMPv2-TC.txt HOST-RESOURCES-TYPES.txt NET-SNMP-VACM-MIB.txt SNMPv2-TM.txt IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt NOTIFICATION-LOG-MIB.txt SNMP-VIEW-BASED-ACM-MIB.txt IANAifType-MIB.txt RFC1155-SMI.txt TCP-MIB.txt IANA-LANGUAGE-MIB.txt RFC1213-MIB.txt TRANSPORT-ADDRESS-MIB.txt IANA-RTPROTO-MIB.txt RFC-1215.txt UCD-DEMO-MIB.txt IF-INVERTED-STACK-MIB.txt RMON-MIB.txt UCD-DISKIO-MIB.txt IF-MIB.txt SMUX-MIB.txt UCD-DLMOD-MIB.txt INET-ADDRESS-MIB.txt SNMP-COMMUNITY-MIB.txt UCD-IPFWACC-MIB.txt IP-FORWARD-MIB.txt SNMP-FRAMEWORK-MIB.txt UCD-SNMP-MIB.txt IP-MIB.txt SNMP-MPD-MIB.txt UDP-MIB.txt IPV6-ICMP-MIB.txt SNMP-NOTIFICATION-MIB.txt zimbra.mib IPV6-MIB.txt SNMP-PROXY-MIB.txt zimbra_traps.mib IPV6-TCP-MIB.txt SNMP-TARGET-MIB.txt
What Is Looked For
Take a look at your /opt/zimbra/conf/swatchrc - this is mine under 5.0.19
perlcode 0 my %notifications=(); perlcode 0 $notifications{smtp}="yes"; perlcode 0 $notifications{snmp}="yes"; perlcode 0 my $fr='admin@mail3.zimbra.REMOVED.com'; perlcode 0 my $pwc='admin@mail3.zimbra.REMOVED.com'; perlcode 0 my $snmpargs="-v 2c -c zimbra localhost ''"; perlcode 0 my $snmptrap="/opt/zimbra/snmp/bin/snmptrap $snmpargs"; perlcode 0 my $snmpsvctrap="ZIMBRA-TRAP-MIB::zmServiceStatusTrap"; perlcode 0 my $snmpsvcname="ZIMBRA-MIB::zmServiceName"; perlcode 0 my $snmpsvcstatus="ZIMBRA-MIB::zmServiceStatus"; perlcode 0 my %statuses=('started'=>1,'stopped'=>0); perlcode 0 my $hostname="mail3.zimbra.homeunix.com"; perlcode 0 sub donotify { my %args = (@_); if ($args{HOST} eq "localhost") {$args{HOST}=$hostname;}; if ($notifications{smtp}) { dosmtp(%args) if $args{SERVICE}; dodisksmtp(%args) if $args{DISK};}; if ($notifications{snmp}) {dosnmp(%args);}; } perlcode 0 sub dosmtp { my %args = (@_); print "SMTP notification: $args{MESSAGE}\n"; open (FOO, "|/opt/zimbra/postfix/sbin/sendmail -Am -t"); print FOO "To: $pwc\nFrom: $fr\nSubject: Service $args{SERVICE} $args{STATUS} on $args{HOST}\n\n$args{MESSAGE}\n"; close FOO; } perlcode 0 sub dodisksmtp { my %args = (@_); print "SMTP notification: $args{MESSAGE}\n"; open (FOO, "|/opt/zimbra/postfix/sbin/sendmail -Am -t"); print FOO "To: $pwc\nFrom: $fr\nSubject: Disk $args{DISK} at $args{UTIL}\% on $args{HOST}\n\n$args{MESSAGE}\n"; close FOO; } perlcode 0 sub dosnmp { my %args = (@_); print "SNMP notification: $args{MESSAGE}\n"; `$snmptrap $snmpsvctrap $snmpsvcname s $args{SERVICE} $snmpsvcstatus i $statuses{$args{STATUS}}`; } ignore /DEBUG/ watchfor /err: Service status change: (\S+) (.*) changed from stopped to running/ donotify SERVICE=$2,STATUS=started,HOST=$1 watchfor /err: Service status change: (\S+) (.*) changed from running to stopped/ donotify SERVICE=$2,STATUS=stopped,HOST=$1 watchfor /err: Disk warning: (\S+) (\S+) at (\d+)/ donotify DISK=$2,UTIL=$3,HOST=$1 watchfor /crit: Disk warning: (\S+) (\S+) at (\d+)/ donotify DISK=$2,UTIL=$3,HOST=$1
Enhanced MIB Files For HP OpenView
I've created an RFE for this:
- "enchanced MIB and OID information to work with HP Openview"
Zimbra does not provide "enhanced" mib files" at this time. Thresholds can be set by the customer within their individual monitoring system. Zimbra is alerting on is service up or service down, see the other information above in Ajcody-Logging#SNMP_And_Zimbra .
Some Choices
Charting & Graphing The Data
Montoring Software
- Nagios
- Centreon - based upon Nagios
- Splunk
- You could also look at using Splunk and Nagios together.
- BigSister - take off of BigBrother
- Zenoss
- Cacti
- OpenNMS
- Munin
Nagios On Zimbra
This is a really rough draft for ideas I have in background. Shouldn't be used by anyone.
Configure Nagios to run on single server Zimbra box - Centos 5.x
Configure yum with repo and install nagios
vi /etc/yum.repos.d/Dag.repo yum update yum install nagios nagios-plugins nagios-devel nagios-plugins-nrpe
Move nagios.conf http file into main zimbra directory.
cp /etc/httpd/conf.d/nagios.conf /opt/zimbra/httpd/conf/extra/
Setup nagios to run as zimbra
vi /etc/nagios/nagios.cfg **Change nagios user to zimbra** nagios_user=zimbra nagios_group=zimbra
Change ownership of directories from nagios to zimbra.
chown -R 500:500 /var/log/nagios/ chown -R 500:500 /etc/nagios/ chown -R 500:500 /usr/share/nagios/
Configure authentication within Nagios
vi /etc/nagios/nagios.cfg # AUTHENTICATION USAGE use_authentication=1 # SYSTEM/PROCESS INFORMATION ACCESS authorized_for_system_information=nagiosadmin # CONFIGURATION INFORMATION ACCESS authorized_for_configuration_information=nagiosadmin # SYSTEM/PROCESS COMMAND ACCESS authorized_for_system_commands=nagiosadmin # GLOBAL HOST/SERVICE VIEW ACCESS authorized_for_all_services=nagiosadmin authorized_for_all_hosts=nagiosadmin # GLOBAL HOST/SERVICE COMMAND ACCESS authorized_for_all_service_commands=nagiosadmin authorized_for_all_host_commands=nagiosadmin
Set up httpasswd's for the accounts for Nagios
htpasswd -c /etc/nagios/htpasswd.users nagiosadmin htpasswd /etc/nagios/htpasswd.users guest
Configure Zimbra's http/apache to use nagios http config file
vi /opt/zimbra/conf/httpd.conf **Add the following towards bottom** # Include Nagios Include /opt/zimbra/httpd/conf/extra/nagios.conf
Starting nagios is done as root
/etc/init.d/nagios start
Restarting apache for nagios issues would be done with (as zimbra)
zmapachectl stop zmapachectl start
The webpage address to view Nagios will be like this:
http://IP_OF_SERVER:7780/nagios/
Use the rest of this how-to to configure it now: http://wiki.centos.org/HowTos/Nagios
MRTG - SNMP On Zimbra
This is a really rough draft for ideas I have in background. Shouldn't be used by anyone.
Configure yum with repo and install mrtg, net-snmp, net-snmp-utils
vi /etc/yum.repos.d/Dag.repo yum update yum instal mrtg net-snmp net-snmp-utils
Follow some how-to on setting up the basics.
Create a http config:
vi /opt/zimbra/httpd/conf/extra/mrtg.conf Alias /mrtg "/opt/zimbra/mrtg" <Directory "/opt/zimbra/mrtg"> # SSLRequireSSL Options None AllowOverride None Order allow,deny Allow from all # Order deny,allow # Deny from all # Allow from 127.0.0.1 </Directory>
Add mrtg to http configuration within zimbra:
vi /opt/zimbra/conf/httpd.conf # Include Mrtg Include /opt/zimbra/httpd/conf/extra/mrtg.conf
Restart apache:
zmapachectl stop zmapachectl start
Create directory to hold mrtg data:
mkdir /opt/zimbra/mrtg
Address will be something like:
http://IP_OF_SERVER:7780/mrtg/index.html
Mailq Pointing To Right Binary
# ls -la /usr/bin/mailq lrwxrwxrwx 1 root root 27 Sep 3 17:00 /usr/bin/mailq -> /etc/alternatives/mta-mailq # ls -la /etc/alternatives/mta-mailq lrwxrwxrwx 1 root root 23 Apr 1 10:17 /etc/alternatives/mta-mailq -> /usr/bin/mailq.sendmail # rm /usr/bin/mailq # ln -s /opt/zimbra/postfix/sbin/mailq /usr/bin/mailq # mailq Mail queue is empty
Web Client Logging
Active Sessions
Please see Zmsoap#Active_Server_Sessions_With_DumpSessionsRequest
Debug (SOAP) via Browser
See http://wiki.zimbra.com/index.php?title=Web_Client_URL_Tricks&redirect=no
Admins To View Client Issues
Within the admin console, you can view users mail.
- Goto accounts and highlight the user having the problem.
- Click on the View Mail button above that frame.
- Then goto the url field of that new window and modify it to look like this [replace mailserver with yours]:
- Hit your return key to cause the browser to reload.
- If you get warning about pop-up, accept it.
- If the debug window doesn't show, just mouse in the url field and hit the return key again. It should now pop up.
User Management Topics
User , Mailbox ID's, And Who Is What
ZimbraID [UserID] is system wide.
MailboxID is per server store.
To get the ZimbraID:
$ zmprov ga user@domain.com | grep -i zimbraid zimbraId: aeca260b-6faf-4cfe-b407-7673748aabf4 zimbraIdentityMaxNumEntries: 20
To get the MailboxID, get on the appropriate mailserver and:
zmprov gmi user@domain.com mailboxId: 3 quotaUsed: 251512
or globally:
/opt/zimbra/bin/mysql -e "use zimbra; select id from mailbox where account_id = 'UserID HERE including the leading 0'"
Other details can be found here:
http://wiki.zimbra.com/index.php?title=Account_mailbox_database_structure
Account & Domain Summary
Run zmaccts
Here's what it would return:
su - zimbra [zimbra@mail3 ~]$ zmaccts account status created last logon ------------------------------------ ----------- --------------- --------------- admin@mail3.internal.homeunix.com active 05/06/08 18:46 07/08/08 09:56 ajcody@mail3.internal.homeunix.com active 05/06/08 20:43 06/23/08 15:48 ajcody2@mail3.internal.homeunix.com active 05/28/08 11:48 06/30/08 17:44 forward@mail3.internal.homeunix.com active 05/06/08 21:06 05/29/08 17:24 ham.bidiob2mm@mail3.internal.homeuni active 05/06/08 18:47 never spam.rormmtcyy@mail3.internal.homeun active 05/06/08 18:47 never wiki@mail3.internal.homeunix.com active 05/06/08 18:46 never account status created last logon ------------------------------------ ----------- --------------- --------------- secondary@secondary.internal.homeuni active 06/23/08 15:26 06/23/08 15:27 wiki@secondary.internal.homeunix.com active 06/23/08 15:25 never - domain summary - domain active closed locked maintenance total ----------------------- -------- -------- -------- ------------- -------- mail3.internal.homeunix 7 0 0 0 7 secondary.internal.home 2 0 0 0 2
Zmmailbox Stuff
Here's a script I wrote. Remove the echo statements to actually run the commands.
#!/bin/bash USER="ajcody@mail3.internal.homeunix.com" SHARE="/Shared" GETPERM="zmmailbox -z -m $USER gfg $SHARE" MODPERM="zmmailbox -z -m $USER mfg $SHARE" DUMBPASS="34lkoso" NEWPERM=none $GETPERM | egrep -i 'all|guest|public|accoun|domain|group' | gawk '{print $2 " " $3}' | while read SHAREPERM do TYPE=`echo $SHAREPERM|awk '{print $1}'` DISPLAY=`echo $SHAREPERM|awk '{print $2}'` case $TYPE in accoun) echo $MODPERM account $DISPLAY $NEWPERM ;; guest) echo $MODPERM $TYPE $DISPLAY $DUMBPASS $NEWPERM ;; all) echo $MODPERM $TYPE $NEWPERM ;; *) echo $MODPERM $SHAREPERM $NEWPERM ;; esac done
Ouput of an example:
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.homeunix.com gfg /Shared Permissions Type Display ----------- ------ ------- r all r guest ajcody@digitalhandshakes.com r accoun admin@mail3.internal.homeunix.com r group mydl@mail3.internal.homeunix.com r domain mail3.internal.homeunix.com [zimbra@mail3 ~]$ /tmp/remove-share.sh zmmailbox -z -m ajcody@mail3.internal.homeunix.com mfg /Shared all none zmmailbox -z -m ajcody@mail3.internal.homeunix.com mfg /Shared guest ajcody@digitalhandshakes.com 34lkoso none zmmailbox -z -m ajcody@mail3.internal.homeunix.com mfg /Shared account admin@mail3.internal.homeunix.com none zmmailbox -z -m ajcody@mail3.internal.homeunix.com mfg /Shared group mydl@mail3.internal.homeunix.com none zmmailbox -z -m ajcody@mail3.internal.homeunix.com mfg /Shared domain mail3.internal.homeunix.com none
I then removed the echo statements:
[zimbra@mail3 ~]$ vi /tmp/remove-share.sh [zimbra@mail3 ~]$ /tmp/remove-share.sh [zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.homeunix.com gfg /Shared Permissions Type Display ----------- ------ ------- [zimbra@mail3 ~]$
Server Topics
Server Move
Please see:
http://wiki.zimbra.com/index.php?title=Ajcody-Notes-ServerMove
Backup Plans And Cheap HA/DR Secondary Server
Please see:
http://wiki.zimbra.com/index.php?title=Ajcody-Notes-BackupPlans
Hostname resolution issues and testing commands
Allot of failed installs are because administrators are skipping the steps to make sure resolution is working.
Check your /etc/hosts file. You should have the localhost similar to the one below. Your ZCS server name should be replaced with the zimbra.test.com and zimbra fields. The IP address should be the IP address bound to the network interface [ip addr or ifconfig -a to confirm].
127.0.0.1 localhost.localdomain localhost 192.168.0.1 zimbra.test.com zimbra
If your ZCS server is behind a firewall or is being NAT'd. Make sure that resolution for the hostname on the ZCS server returns the internal IP information rather than the external IP. To test:
hostname -f zimbra.test.com
or
domainname -f zimbra.test.com
As long as one of the above returns the full hostname, use the command for the following. The MX lookups depend on how you are doing your mail domain and server hostname.
host `hostname -f` zimbra.test.com has address 192.168.0.1 host -t MX `domainname -f` zimbra.test.com mail is handled by 10 zimbra.test.com. host -t MX `domainname -d` test.com mail is handled by 10 zimbra.test.com.
You should also have reverse records (PTR) as well. Replace 192.168.0.1 using your internal ip address, it should return something like:
host 192.168.0.1 1.0.168.192.in-addr.arpa domain name pointer zimbra.test.com
Please review wiki page on split-DNS :
http://wiki.zimbra.com/index.php?title=Split_DNS
and also the variable use of lmtp_host_lookup .
http://bugzilla.zimbra.com/show_bug.cgi?id=27988
What's my time and timezone?
I wrote up the steps to make sure the ZCS server is using the correct time and timezone here:
http://wiki.zimbra.com/index.php?title=Time_Zones_in_ZCS#The_server_OS
Disable LDAP Replica
This is a work in progress, please don't use for production servers at this time.
References:
http://wiki.zimbra.com/index.php?title=Promoting_Replica_to_LDAP_Master
http://www.zimbra.com/docs/os/latest/multi_server_install/LDAP%20Replication.6.1.html
For each server that you want to change:
Stop the Zimbra services on the server, zmcontrol stop.
Check the existing ldap_url value.
zmlocalconfig | grep ldap_url
Update the ldap_url value. Remove the replica LDAP server URL, below assumes you only had one replica.
zmlocalconfig -e ldap_url=”ldap:// ”
If other replica's exist, then the list typed is like:
zmlocalconfig -e ldap_url=”ldap:// ldap:// ldap:// ”
The hosts are tried in the order listed. The master URL must always be included and is listed last.
Additional Steps for MTA hosts.
After updating the ldap_url, rerun /opt/zimbra/libexe/zmmtainit. This rewrites the Postfix configuration with the updated ldap_url.
To stop the ldap service running on the ldap replica server.
su - zimbra ldap stop
To now disable ldap from running on the old ldap replica. The - in front of zimbraServiceEnabled is [off], rather than a + for [on].
zmprov ms -- -zimbraServiceEnabled ldap
Public Service Hostname
variable is zimbraPublicServiceHostname , as referenced in /opt/zimbra/openldap/etc/openldap/schema/zimbra.schema
Bugs about the url's for shares that use spaces (%20), the redirection drops the %20
http://bugzilla.zimbra.com/show_bug.cgi?id=27788
http://bugzilla.zimbra.com/show_bug.cgi?id=27477
Domain Rename Issues
We have a command to rename a "domain" and the resources within it - unfortunately it doesn't handle ALL of the different components for various reasons. Specifically Documents and Calendars [more down below].
Review this RFE that was done when they implemented the renameDomain command.
http://bugzilla.zimbra.com/show_bug.cgi?id=7655
Note comment 21 & 22 (confirming what QA'd). The syntax is
zmprov -l rd testold.com testnew.com
Problems that arise with Documents are explained here, comment #1 has workaround.
http://bugzilla.zimbra.com/show_bug.cgi?id=25873
Now, the very unfortunate part about calendars with a domainname change/move.
"Ability to change a username globally on all appointments"
http://bugzilla.zimbra.com/show_bug.cgi?id=26736
"Cant edit calendar entries after renameDomain"
http://bugzilla.zimbra.com/show_bug.cgi?id=27707
The root issue here's seems to be more about the calendar standards and practices with the use of the "Organizer" field and notifications. You'll see 3 "work arounds" in comment 2 of bug 26736.
Export/Importing of the calendar data is shown here:
http://wiki.zimbra.com/index.php?title=User_Migration
This part specifically :
http://wiki.zimbra.com/index.php?title=User_Migration#Copy_Calendar_From_One_Zimbra_User_to_Another
My Gal & LDAP Settings For A Domain
To see your setting, do the following - replacing with domainname with the domain in question.
zmprov gd domainname | egrep -i 'ldap|gal'
Zimlets
Location Of Zimlets
Zimlets should be already located on the zimbra server in one of these directories:
/opt/zimbra/zimlets/ /opt/zimbra/zimlets-admin-extra/ /opt/zimbra/zimlets-extra/ /opt/zimbra/zimlets-experimental/ /opt/zimbra/zimlets-network/
How To Deploy Zimlets
To deploy a zimlet, simply cd to the directory where the zimlet is located and issue this command:
/opt/zimbra/bin/zmzimletctl deploy <zimlet_name>
Archive & Discovery
References for A&D
The two main A&D references are :
http://wiki.zimbra.com/index.php?title=ZAD
http://www.zimbra.com/pdf/Zimbra%20Archiving%20and%20Discovery%20Release%20Notes.pdf
Multi-Server & New Mailstore A&D setup
See below for a very rough draft document I made for multi-server / new mailstore A&D setups.
http://wiki.zimbra.com/index.php?title=Ajcody-Notes-AD-mailstore
I also created a RFE for documentation on this.
http://bugzilla.zimbra.com/show_bug.cgi?id=25135
Finding The NO_SUCH_BLOB Errors
It would be good to review this wiki page before you start any "changes":
http://wiki.zimbra.com/index.php?title=Account_mailbox_database_structure
And great forum posting:
http://www.zimbra.com/forums/administrators/19811-solved-missing-blob-errors-zimbra-4-5-10-a.html
If you recently did a server move or similar type of operation, make sure zimbra:zimbra permissions are applied correctly to store directory. You could run the following to double check permissions (as root):
/opt/zimbra/libexec/zmfixperms --verbose --extended
And down and dirty way to see what mailboxes have this error:
grep -B2 NO_SUCH_BLOB /opt/zimbra/log/mailbox.lo* |grep mailbox= |sed -r 's/.*mailbox=([0-9]*).*$/\1/' |sort -u
On 5.0.6+ there's a script in /opt/zimbra/bin called zmblobchk . This will list out information about the NO_SUCH_BLOB errors.
On pre-5.0.6 systems, ask support for zmblobchk.jar file. To run it:
su - zimbra ls /opt/zimbra/zmblobchk.jar zmblobchk.jar java -jar zmblobchk.jar Retrieving volume information Retrieving mboxgroup list Spooling item list to /tmp/mailitems53650.lst Retrieving items from mboxgroup1 Retrieving items from mboxgroup2 Retrieving items from mboxgroup3 Retrieving items from mboxgroup4 Retrieving items from mboxgroup5 Retrieving items from mboxgroup6 Retrieving items from mboxgroup7 Retrieving items from mboxgroup8 Retrieving items from mboxgroup9 Retrieving items from mboxgroup10 / Processing BLOB store - /tmp/mailitems53650.lst: size 28141 Processed 329 items in 1223ms No inconsistencies found
If the "Processing BLOB store" part errors out with Java out of memory, you could try adjusting the variable for it. The default is set to 30%. This would require a mailstore/jetty restart though [zmmailboxdctl restart]. If the mailstore doesn't come back up, check /opt/zimbra/log/zmmailbox.log - you most likely exceeded the threshold for your box. Remember, this is a percentage and a 32bit machine with more than 4GB can cause issues with this setting since it could try to allocate more than it actually can to the thread.
# ZCS 5.0 and later $ zmlocalconfig -e mailboxd_java_heap_memory_percent=40
And zmmailboxdctl restart when it's appropriate.
BLOB Issue Script
I've commented out the two delete lines and also the "$msghash &= $fmask;" one.
If you're using HSM, this script isn't smart enough to detect it. It will flag and remove entries that are in the HSM store becuase it doesn't see them in the primary store.
Comment from other support staff member on a case that used this.
Once you've gotten a list of the 'NOT OK' files generated by this tool, you'll want to check the store directories to see if the message blobs exist with an incorrect change number. That's the second number in the filename. If the first number matches the ID it's looking for but the second does not, you can rename the file to the new change number and get the message blob back without losing data. If not, then the blob is completely missing. If that's the case, we should try to figure out what happened to it by going through the mailbox.log files. You should be able to grep for the missing message ID and the user's account ID to find a log entry showing something happening to it. It's possible it was deleted and the deletion was never written to mysql for some reason.
#!/usr/bin/perl # This script compatible with Zimbra version 4.5.x only. Do not use with any other version. # OK, there's 2 MAILBOX_*_BITS values in the VOLUME table. # Take the mailbox ID, right-shift it by MAILBOX_BITS, and take the lowest MAILBOX_GROUP_BITS of the result. # That's your mailbox hash. # Take the message ID, right-shift it by FILE_BITS, and take the lowest FILE_GROUP_BITS of the result. That's your msgid hash. # I think. # <mbx-hash>/<mbx-id>/msg/<msgid-hash>/<msgid>-<mod_content>.msg my ($fbits, $fgbits, $mbits, $mgbits, $basepath) = split (' ',`echo "select file_bits,file_group_bits,mailbox_bits,mailbox_group_bits,path from volume where type='1'" | mysql -N zimbra`); my $ARGV = shift @ARGV; chomp $basepath; my $mbmask = sprintf "1" x $mgbits; my $fmask = sprintf "1" x $fgbits; foreach (`echo "select id, group_id, account_id, comment from mailbox where comment = '$ARGV'" | mysql -N zimbra`) { chomp; my $path = "$basepath/"; my ($id, $grid, $aid, $nm) = (split); my $mbhash = $id >> $mbits; $mbhash &= $mbmask; $path .= $mbhash."/".$id."/msg/"; foreach my $msgstuff (`echo "select id, mod_content, type from mail_item where blob_digest is not null and mailbox_id=${id};" | mysql -N mboxgroup${grid}`) { chomp $msgstuff; if ($msgstuff eq "") {next;} my ($msgid, $modContent, $type) = split (' ',$msgstuff); my $msghash = $msgid >> $fbits; # $msghash &= $fmask; my $nm = $msgid; if ($modContent) {$nm .= "-$modContent";} my $npath = $path.$msghash."/".$nm.".msg"; if (-e $npath) {print $npath."\t\tOK\n";} else { print $npath."\t\tNOT OK\n"; # not ok, remove the entry from the database so it is not a nuisance print "Delete from mail_item where MSGID is ${msgid} and MAILBOXID is ${id} \n"; print "Uncomment line below me in script to have me delete. \n"; # `echo "delete from mail_item where id=${msgid} and mailbox_id=${id}" | mysql -N mboxgroup${grid}`; if ($type eq "11") { print "Delete from appointment where MSGID is ${msgid} and MAILBOX_ID is ${id} \n"; print "Uncomment line below me in script to have me delete. \n"; # `echo "delete from appointment where item_id=${msgid} and mailbox_id=${id}" | mysql -N mboxgroup${grid}`; } } # print $npath."\n"; } }
If this doesn't run, make sure perl is installed and in the correct path.
You run this as the zimbra user.
What I did was the following.
Copied the script to /opt/zimbra/bin/ as root and called it blob-check.pl . chmod +x /opt/zimbra/bin/blob-check.pl
su - zimbra mkdir /tmp/BLOB-CHECKS for i in `zmprov gaa`; do blob-check.pl $i | grep "NOT OK" >> /tmp/BLOB-CHECKS/$i.txt; done ls -la /tmp/BLOB-CHECKS
The ls will help identify the more troubled accounts. You'll end up with something like this:
[zimbra@mail3 ~]$ ls -la /tmp/BLOB-CHECKS/ total 16 drwxr-x--- 2 zimbra zimbra 4096 Jul 10 23:40 . drwxrwxrwt 8 root root 4096 Jul 10 23:46 .. -rw-r----- 1 zimbra zimbra 0 Jul 10 23:40 admin@mail3.internal.homeunix.com.txt -rw-r----- 1 zimbra zimbra 0 Jul 10 23:40 ajcody2@mail3.internal.homeunix.com.txt -rw-r----- 1 zimbra zimbra 49 Jul 10 23:40 ajcody@mail3.internal.homeunix.com.txt -rw-r----- 1 zimbra zimbra 0 Jul 10 23:40 forward@mail3.internal.homeunix.com.txt -rw-r----- 1 zimbra zimbra 0 Jul 10 23:40 ham.bidiob2mm@mail3.internal.homeunix.com.txt -rw-r----- 1 zimbra zimbra 0 Jul 10 23:40 secondary@secondary.internal.homeunix.com.txt -rw-r----- 1 zimbra zimbra 0 Jul 10 23:40 spam.rormmtcyy@mail3.internal.homeunix.com.txt -rw-r----- 1 zimbra zimbra 0 Jul 10 23:40 wiki@mail3.internal.homeunix.com.txt -rw-r----- 1 zimbra zimbra 0 Jul 10 23:40 wiki@secondary.internal.homeunix.com.txt
And the output of one that shows some size:
$ cat /tmp/BLOB-CHECKS/ajcody@mail3.internal.homeunix.com.txt /opt/zimbra/store/0/3/msg/0/360-6070.msg NOT OK
Remember this from above, "you'll want to check the store directories to see if the message blobs exist with an incorrect change number. That's the second number in the filename. If the first number matches the ID it's looking for but the second does not, you can rename the file to the new change number and get the message blob back without losing data."
One can uncomment the 2 lines in the script with delete and run the script again. This will remove the reference to the blob.
To re-index the users mailbox [this can take start, cancel, status]:
zmprov rim user@domainname start
Running the script again shouldn't show "NOT OK" lines.
FYI - I still need to gather more information about this situation and how to guide one to make a decision to delete, re-index, and so forth.
BLOB Script To Copy From Restore
You might need to use these variables with the restore command. I need to find a way for someone to figure out what restore to goto for a particular blob:
-restoreToTime <arg> - Replay the redo logs until the time specified.
-restoreToIncreLabel <arg> - Replay redo logs up to and including this incremental backup.
-restoreToRedoSeq <arg> - Replay up to and including this redo log sequence
-br - Replays the redo logs in backup only, which excludes archived and current redo logs of the system.
-rf - Restores to the full backup only, does not include any incremental backups since that backup
This is a walk through to test the proceedure.
$ zmrestore -ca -a ajcody@mail3.internal.homeunix.com -pre restored- $ zmprov gmi restored-ajcody@mail3.internal.homeunix.com mailboxId: 12 quotaUsed: 251513 $ zmprov gmi ajcody@mail3.internal.homeunix.com mailboxId: 3 quotaUsed: 251512 $ diff /opt/zimbra/store/0/12/msg/0/257-25.msg /opt/zimbra/store/0/3/msg/0/257-25.msg $ rm /opt/zimbra/store/0/3/msg/0/257-25.msg rm: remove regular file `/opt/zimbra/store/0/3/msg/0/257-25.msg'? y $ cp /opt/zimbra/store/0/12/msg/0/257-25.msg /opt/zimbra/store/0/3/msg/0/257-25.msg $ grep Subject /opt/zimbra/store/0/3/msg/0/257-25.msg Log into main account and confirm I can see/use that mail.
The script to look at the blob-check.pl output and do the copies after a redirected restore is here:
#!/bin/bash #START OF VARIABLES# #CHANGEME to existing user account USER=ajcody@mail3.internal.homeunix.com #CHANGEME to the restored account name # zmrestore -ca -a ajcody@mail3.internal.homeunix.com -pre restored- RESTOREDUSER=restored-ajcody@mail3.internal.homeunix.com # To get FILE, blob-check.pl ajcody@mail3.internal.homeunix.com > /tmp/BLOB-CHECKS/ajcody.txt # blob-check.pl located at http://wiki.zimbra.com/index.php?title=Ajcody-Notes#BLOB_Issue_Script FILE=/tmp/BLOB-CHECKS/ajcody.txt #CHANGEME #CHANGEME, if needed, to the mailstore. /opt/zimbra/store is default STOREDIR=/opt/zimbra/store #END VARIABLES# USERUID=`zmprov gmi $USER | grep mailboxId | cut -f2 -d: | cut -c 2-10` USERGID=`perl -e 'print $USERUID >> 12 ; print "\n"'` USERPATH=`echo $USERGID/\$USERUID` RESTOREDUID=`zmprov gmi $RESTOREDUSER | grep mailboxId | cut -f2 -d: | cut -c 2-10` RESTOREDGID=`perl -e 'print $RESTOREDUID >> 12 ; print "\n"'` RESTOREDPATH=`echo $RESTOREDGID/\$RESTOREDUID` echo USERUID $USERUID echo USERGID $USERGID echo USERPATH $USERPATH echo RESTOREDUID $RESTOREDUID echo RESTOREDGID $RESTOREDGID echo RESTOREDPATH $RESTOREDPATH cd $STOREDIR echo "Run ECHO first to confirm copies look right and then uncomment COPY in script" for ROOTBLOBPATH in `cat $FILE | grep "NOT OK" | cut -f7-9 -d/ | cut -f1` do # Comment out echo and uncomment copy after dry run echo $RESTOREDPATH/$ROOTBLOBPATH $USERPATH/$ROOTBLOBPATH #cp -uv $RESTOREDPATH/$ROOTBLOBPATH $USERPATH/$ROOTBLOBPATH done
Migration Issues
IMAPSYNC with admin login
Reference - http://wiki.zimbra.com/index.php?title=User_Migration
imapsync --buffersize 8192000 --nosyncacls --subscribe --syncinternaldates \ --host1 server.gtds.lan --user1 yourAccount --password1 yourPassword \ --user2 yourZimbraAccount --authuser2 admin --password2 adminZimbraPassword --authmech2 LOGIN
I found this description in one of the imapsync files:
"You may authenticate as one user (typically an admin user), but be authorized as someone else, which means you don't need to know every user's personal password. Specify --authuser1 "adminuser" to enable this on host1. In this case, --authmech1 PLAIN will be used, but otherwise, --authmech1 CRAM-MD5 is the default. Same behavior with the --authuser2 option."
Mailing Lists And Mailman
If you are planning to use a distro list of over 60K members, you may be inclined to use a dedicated machine for this purpose. According to bug 19153, you have 2 options: "set up mailing list manager or change the value of virtual_alias_expansion_limit as a customization. We have never tested with > 1000 so this should be done carefully, and will pound LDAP for any messages with lots of recipients." Mailman integration is an option. There is a forum thread on how to integrate zcs and mailman. This would be the preferred fix to your issue, also noted in the bug report. We probably won't see Mailman integration in ZCS at least for another year or so, not until 6.0
Restricting Who Can Send To Mailing List
http://wiki.zimbra.com/index.php?title=RestrictPostfixRecipients
Problems Resolving Virtual Aliases For Members Of Large Distribution Lists
http://bugzilla.zimbra.com/show_bug.cgi?id=19153
Mailman Configuration
http://wiki.zimbra.com/index.php?title=ZCS_Mailman_Integration
http://bugzilla.zimbra.com/show_bug.cgi?id=8968
http://www.zimbra.com/forums/administrators/1380-solved-zimbra-mailman-howto.html
Client Topics
General CALDAV Issues
Lightning & Thunderbird
Lightning does not support Caldav + Free/Busy
Free/Busy support is only available for the Sun Cal Server.
Maybe we could "fake" this out within our Ldap configuration. Like RFE for Apple OD:
http://bugzilla.zimbra.com/show_bug.cgi?id=26619
Address/username lookup doesn't occur within a new appointment
Unfortunately, I've not figured a way around this at this time.
Zimbra CalDav doesn't allow user to dismiss alarms from lightning
Please see bug from Mozilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=432540
Ajcody Apple Mac Issues
Actual Apple/Mac Issues Homepage
Please see Ajcody-Apple-Mac-Issues
App To Help Enable Debugging Options
You might want to check out this app:
Outlook 2011 For Mac And EWS Setup
Follow these steps to set up Outlook to sync using Exchange Web Services:
- Open Outlook.
- Open the Outlook menu and select Preferences.
- Click the Accounts icon under the Person Settings section.
- Click the Exchange icon which will open a new window.
- Enter your email address in the E-mail address field.
- Set the Method to "User Name and Password."
- Enter your full email address (e.g. user@example.com) as the username.
- Enter your password in the password field.
- Uncheck the "Configure automatically" check-box.
- In the Server field, enter Zimbra Collaboration Server's hostname - (e.g. mail.example.com)
- Click Add Account.
Note, if you end up customizing the other elements be aware of the following:
- ZimbraEWS uses BASIC Auth for validating the user request.
With Screenshots
Please see Ajcody-Outlook_2011_For_Mac_And_EWS_Setup#Outlook_2011_For_Mac_And_EWS_Setup_With_Screenshots
Contact Related Items
EWS Configuration And ZCS 8.5+
Example is from OS X 10.9.5 . The ZCS server must be licensed for EWS and your account needs to have the EWS feature enabled. This can be enabled in the admin console either checking the box for EWS under Features in the COS that is set for the account or under the individuals user configuration for Features. It can also be set on the CLI - zimbraFeatureEwsEnabled TRUE [COS or user].
Note - ZCS 8.5 targeted EWS support ONLY with Outlook for Mac's. There was no testing or expectation that the native mac apps would work with the EWS configuration type.
- Launch Contacts.app
- Click on "Contacts" from the menu screen at the top of your screen.
- Select "Add Account.."
- Select "Exchange" and then "Continue"
- Name : your full name
- Email Address : user@domain
- Password : your password
- Once filled out, click "Continue" . You'll need move onto another configuration screen.
- Description : I would recommend filling this out to avoid any confusion from other accounts you might setup.
- Server Address : the FQDN/hostname of your ZCS server. You can also use an ip address here.
- Once filled out, click "Continue" .
- You should now see a summary of your configuration, click "Continue".
- You'll now be asked to select what apps to use, your choices will be:
- Contacts
- Calendar
- Notes
- Reminders
- Once you've checked the ones you want, click "Done".
This will create two resources within Contacts.app. You'll see a header called "Exchange" with your account contact folders under it [ZCS defaults will be - Contacts, Emailed Contacts] and also a line that says "All Exchange". There will also be a section now called "Directories", listed under it will be "All Directories" and "Exchange Global Address List".
Verify Certificate Prompts
If the ZCS server isn't using commericial certificates, you'll end up getting a pop up window on your Mac called "Verify Certificate". To get rid of this pop up window, you'll want to do the following.
Click on the "Show Certificate" button. You'll then have an option to check a box for "Always trust ....". Then click on the "Continue" button.
Log Event Showing EWS
Possible log files to check for in /opt/zimbra/log/ are below with some examples from my logging into Contacts.App and creating a new contact. You can increase the logging details if needed , please see Using_log4j_to_Configure_mailboxd_Logging#Predefined_log4j_Categories_in_ZCS :
- access_log.[date]
192.168.1.73 - - [10/Oct/2014:16:01:30 +0000] "POST /EWS/Exchange.asmx HTTP/1.1" 200 907 "-" "Mac OS X/10.9.5 (13F34); ExchangeWebServices/4.0 (193); Contacts/8.0 (1371.2)" 16 192.168.1.73 - - [10/Oct/2014:16:05:55 +0000] "GET /home/user1@mail2.zimbra.DOMAIN.com/Contacts?fmt=cf&t=2&all=all HTTP/1.1" 200 - "https://192.168.1.172/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36" 42 192.168.1.73 - - [10/Oct/2014:16:28:11 +0000] "POST /EWS/Exchange.asmx HTTP/1.1" 401 0 "-" "Mac OS X/10.9.5 (13F34); ExchangeWebServices/4.0 (193); Contacts/8.0 (1371.2)" 7
- audit.log
2014-10-10 12:01:28,976 INFO [qtp509886383-107:https://192.168.1.172:443/EWS/Exchange.asmx] [] security - cmd=Auth; account=user1@mail2.zimbra.DOMAIN.com; protocol=zsync; 2014-10-10 12:05:50,227 INFO [qtp509886383-113:http://127.0.0.1:80/service/soap/AuthRequest] [name=user1@mail2.zimbra.DOMAIN.com;oip=192.168.1.73;ua=zclient/8.5.0_GA_3042;] security - cmd=Auth; account=user1@mail2.zimbra.DOMAIN.com; protocol=soap;
- ews.log
2014-10-10 12:28:11,361 INFO [qtp509886383-117:https://192.168.1.172:443/EWS/Exchange.asmx] [] ews - Start syncFolderHierarchy 2014-10-10 12:28:11,371 INFO [qtp509886383-117:https://192.168.1.172:443/EWS/Exchange.asmx] [] ews - User: user1 has been successfully authorized. 2014-10-10 12:28:11,371 INFO [qtp509886383-117:https://192.168.1.172:443/EWS/Exchange.asmx] [name=user1@mail2.zimbra.DOMAIN.com;ip=192.168.1.73;ua=MacOSX/(F)ExchangeWebServices/()Contacts/();] ews - The account: 7277b33a-c7ee-4b03-bb4b-f24814c7cea3is true 2014-10-10 12:28:11,371 INFO [qtp509886383-117:https://192.168.1.172:443/EWS/Exchange.asmx] [name=user1@mail2.zimbra.DOMAIN.com;ip=192.168.1.73;ua=MacOSX/(F)ExchangeWebServices/()Contacts/();] ews - Folder Id was not provided with request, defaulting to 1 2014-10-10 12:28:11,427 INFO [qtp509886383-117:https://192.168.1.172:443/EWS/Exchange.asmx] [name=user1@mail2.zimbra.DOMAIN.com;ip=192.168.1.73;ua=MacOSX/(F)ExchangeWebServices/()Contacts/();] ews - End syncFolderHierarchy 2014-10-10 12:28:11,449 INFO [qtp509886383-118:https://192.168.1.172:443/EWS/Exchange.asmx] [] ews - Start createItem version 1.0.01 2014-10-10 12:28:11,450 INFO [qtp509886383-118:https://192.168.1.172:443/EWS/Exchange.asmx] [] ews - Start: createItem 2014-10-10 12:28:11,457 INFO [qtp509886383-118:https://192.168.1.172:443/EWS/Exchange.asmx] [] ews - User: user1 has been successfully authorized. 2014-10-10 12:28:11,457 INFO [qtp509886383-118:https://192.168.1.172:443/EWS/Exchange.asmx] [name=user1@mail2.zimbra.DOMAIN.com;ip=192.168.1.73;ua=MacOSX/(F)ExchangeWebServices/()Contacts/();] ews - The account: 7277b33a-c7ee-4b03-bb4b-f24814c7cea3is true 2014-10-10 12:28:11,580 INFO [qtp509886383-118:https://192.168.1.172:443/EWS/Exchange.asmx] [name=user1@mail2.zimbra.DOMAIN.com;ip=192.168.1.73;ua=MacOSX/(F)ExchangeWebServices/()Contacts/();] ews - End: createItem 2014-10-10 12:28:11,580 INFO [qtp509886383-118:https://192.168.1.172:443/EWS/Exchange.asmx] [name=user1@mail2.zimbra.DOMAIN.com;ip=192.168.1.73;ua=MacOSX/(F)ExchangeWebServices/()Contacts/();] ews - End createItem
- mailbox.log
2014-10-10 12:28:11,522 INFO [qtp509886383-118:https://192.168.1.172:443/EWS/Exchange.asmx] [name=user1@mail2.zimbra.DOMAIN.com;ip=192.168.1.73;ua=MacOSX/(F)ExchangeWebServices/()Contacts/();] mailop - adding contact test2@domain.com: id=269, folderId=7, folderName=Contacts.
- trace_log.[date]
12:28:11.323:qtp509886383-117:https://192.168.1.172:443/EWS/Exchange.asmx REQUEST 192.168.1.73 POST null; Mac OS X/10.9.5 (13F34); ExchangeWebServices/4.0 (193); Contacts/8.0 (1371.2) 12:28:11.330:qtp509886383-117:https://192.168.1.172:443/EWS/Exchange.asmx RESPONSE 401 text/xml; charset=UTF-8 12:28:11.354:qtp509886383-117:https://192.168.1.172:443/EWS/Exchange.asmx REQUEST 192.168.1.73 POST null; Mac OS X/10.9.5 (13F34); ExchangeWebServices/4.0 (193); Contacts/8.0 (1371.2) 12:28:11.429:qtp509886383-117:https://192.168.1.172:443/EWS/Exchange.asmx RESPONSE 200 text/xml; charset=UTF-8 12:28:11.446:qtp509886383-118:https://192.168.1.172:443/EWS/Exchange.asmx REQUEST 192.168.1.73 POST null; Mac OS X/10.9.5 (13F34); ExchangeWebServices/4.0 (193); Contacts/8.0 (1371.2) 12:28:11.581:qtp509886383-118:https://192.168.1.172:443/EWS/Exchange.asmx RESPONSE 200 text/xml; charset=UTF-8
AddressBook
Logging-Debug for Addressbook
First shutdown Addressbook app.
Launch terminal app.
defaults write com.apple.addressbook ABShowDebugMenu -bool true
Turn it off by just reversing it:
defaults write com.apple.addressbook ABShowDebugMenu -bool false
CardDAV
Contact Groups
- Contact groups do not sync via CardDAV
- https://bugzilla.zimbra.com/show_bug.cgi?id=46359#c30
- Resolved for ZCS 8+
10.6 - Snow Leopard Notes
Basic Setup Notes
Some notes I have against testing CardDAV I shared on a case. The following was done with CardDAV [OSX 10.6.4] & Addressbook [Version 5.0.2 (870)] .
Primary references I found related to :
- CardDAV fails in 6.0.8 for Evolution and Mac Address Book
- CardDAV do not work on the non-default domains in Zimbra
- WebDAV: Add support for CardDav
To setup, launch Addressbook.
- Addressbook > Preferences
- Accounts > click on + sign to add new account
- Account type = CardDav
- User Name = user
- bug/rfe's mentions the use of user@domain vs. just user will most likely cause Addressbook to attempt a DNS SRV record lookup.
- Password = accounts password
- Server Address = http://servername:80 or https://servername:443
- might need to adjust that for proxy setup or if you have load balancers/F5's/etc..
- Accounts > click on + sign to add new account
Additional Details And Troubleshooting Steps - Proxy Issues Most Likely
I was able to get my carddav account to work using my virtual hostname that points to my two servers that run ldap/proxy/mta . I have them setup in DNS as well.
$ host rr608.zimbra.DOMAIN.com rr608.zimbra.DOMAIN.com has address 192.168.0.42 rr608.zimbra.DOMAIN.com has address 192.168.0.41 rr608.zimbra.DOMAIN.com mail is handled by 10 rr608.zimbra.DOMAIN.com.
One thing I did hit though, was the way OSX handles it's odd resolution stuff. For example, initially it failed when I had just modified the /etc/resolv.conf to use my internal DNS. Doing :
host rr608.zimbra.DOMAIN.com
resolved properly but doing:
ping rr608.zimbra.DOMAIN.com
was resolved to the external ip and was being hampered by my firewall. Once host and ping were resolving correctly, the carddav account work.
The whole reason I mention this is that I think we should walk our way back from the mailstore hostname in the configuration.
First, setup a carddav account using the mailstore name and confirm it works and then close/exit the Address Book. Then do the following. In a terminal, be in the users home directory and cd to this subdirectory - for example:
$ pwd /Users/[username]/Library/Application Support/AddressBook/Sources/
Do a ls there and find the most recent directory that was made and cd into it, for example:
$ ls -latr total 0 drwx------ 7 ajcody staff 238 Nov 17 06:50 000C3E7F-3DE5-40C8-8820-AF96214D6AF0 drwx------ 4 ajcody staff 136 Nov 17 06:58 . drwx------ 6 ajcody staff 204 Nov 17 07:07 56892F5B-9F55-437E-9890-A8489A63EDAA drwx------@ 8 ajcody staff 272 Nov 17 07:07 .. Adams-MacBook-Pro:Sources username$ cd 56892F5B-9F55-437E-9890-A8489A63EDAA/ Adams-MacBook-Pro:56892F5B-9F55-437E-9890-A8489A63EDAA username$ ls AddressBook-v22.abcddb Configuration.plist Metadata SyncLockFile
We can now manually edit the Configuration.plist file with various test hostnames/ip addresses.
The two keys we're interested in will be like this:
<key>name</key> <string>ajcody@rr608.zimbra.DOMAIN.com</string> <key>servername</key> <string>http://rr608.zimbra.DOMAIN.com:80/principals/users/ajcody@rr608.zimbra.DOMAIN.com</string>
What I'd like you to attempt is adjusting the line for the servername using a hostname/ip address that will bypass the F5 if possible. You'll modify the file and save it. Launch Address Book and confirm/deny if the new hostname/ip address works.
- Use a static ip address of one of the zcs proxy servers. Please confirm it is pingable from the machine first.
- Use the hostname of the actual host of the same proxy server.
I'm assuming you can't use [your mailstore hostname] without going first to the F5, if the test above work you might want to setup a test BIND server you could use with the mac machine to resolve the [your mailstore hostname] using the various hostnames/ip's of the zcs proxy servers.
Use LDAP directory from ZCS for Mac Addressbook / Mail.App / iCal for Mac 10.4
Setting Up LDAP With Authentication - ZCS 8+
As an example, you would fill out the setup fields in the client to be like :
Username: uid=joe,ou=people,dc=abccompany,dc=com password: _zimbra_password_ Authentication Type: simple
Changing uid=joe to match the users email address [joe@abccompany] . You would also adjust the dc=abccompany above to match the users domain name in their email address.
To see and test what type of returns this setup will give, you can do the following from the ZCS server's CLI:
ldapsearch -x -H ldap://ldap.abccompany.com:389 -D uid=joe,ou=people,dc=abccompany,dc=com -w supp0rt -LLL -b 'ou=people,dc=abccompany,dc=com'
You would adjust the uid= , dc= , strings to match the user@domain for the user and also adjust "-w supp0rt" to be the user's password.
Older Reference Prior To ZCS 8
This is generally for those that aren't using Z-iSync.
First, test on shell that you have ldap connectivity.
ldapsearch -x -H ldap://ZCSserver-name:389 "uid=ajcody"
That returned successfully.
Then Addressbook Preferences
LDAP + (for new) Name: anything really Server: ip/hostname that was used successfully in the ldapsearch string Search Base: [leave blank] Port: 389 Scope: Subtree No auth needed * Save
I have no idea what the "Auto Update LDAP Cards" does.
Then setup Mail.App for IMAP to the Zimbra server. Check preferences to use LDAP - it will use the Address Book configuration that you did prior and it should auto-resolve to a username when you do a new message.
iCal will only use address that are in the LOCAL addressbook when you use the attendee field for a new event.
One way around this is to do a wildcard search in the Addressbook and drag those items to the local addressbook.
Goto to Address Book, selected Directories my ldap server and put in the below for the search field:
*.
This search result can then be dragged to the "All" folder in the Group column. It creates a "Last Import" item in the Group column now - it might warn about updating entries that all ready match.
Entourage And Calendars
Can't Sync Calendars Between Entourage and Zimbra
Bug/RFE filed to correct current public documents on issue:
- "Clean up references to having general support for Entourage and Calendars"
Bug/RFE filed to include comment in Release Notes:
- "Document 10.5 cannot sync entourage to zcs"
Summary of the situation:
Update [05/2010] : Many of the bugs/rfe's filed against iSync will now reference this:
- We are EOL'ing support for iSync in ZCS 7.0. See bug 42448 for more details,
- but support of CalDav and CardDav with MacOSX 1.6+ for ZSC 6.0.x+ will be the
- solution going forward.
- MacOS 10.4
- MacOS 10.4 still has the iSync/Entourage integration. Entourage integration worked via iSync rather than CalDAV (10.4 can't use CalDAV, only iSync). It would create a local calendar called Entourage within iCal and then the iSync service (via Zimbra Connector) would post updates to the users Zimbra calendar called Calendar (the default). I believe it would also check the box in Entourage under Preferences > Sync Services > Synchronize events and tasks with iCal and .Mac
- MacOS 10.5
- Apple's SyncServices issues make iSync unreliable and buggy so we (developers) now favor CalDAV.
- See bug 27380 "Leopard - CalDav only"
- Pre-5.0.6 Zimbra Connector
- The connectors before 5.0.6 release allowed you to select iSync rather than CalDav on MacOS 10.5.
- For the brave, you could always use connectors before the 5.0.6 release (on MacOS 10.5) . Since this would end in an unsupported situation [support staff and developers would tell a customer in a "support case" to upgrade to a new release] it would be best to encourage your users to keep a very clean and simple calendar as to avoid needed support. This might buy some time until the bugs mentioned are resolved.
- The connectors before 5.0.6 release allowed you to select iSync rather than CalDav on MacOS 10.5.
- 5.0.6+ Zimbra Connectors
- 5.0.6+ Zimbra connectors on MacOS 10.5 will only be able to use CalDAV and iCal for calendaring features. You will not have the option to use iSync for calendars and therefor the Entourage integration is lost. You can't even drag/drop items to/from Entourage and iCal.
- Entourage doesn't support CalDAV, only WebDAV.
- See RFE bug 24502 "Support for Entourage WebDav"
- Enable snow leopard messaging features, Outlook for Mac 2010
- http://bugzilla.zimbra.com/show_bug.cgi?id=38631
- This was marked as a dup of the above:
- Support for Outlook for Mac 2010
- http://bugzilla.zimbra.com/show_bug.cgi?id=41106
- 5.0.6+ Zimbra connectors on MacOS 10.5 will only be able to use CalDAV and iCal for calendaring features. You will not have the option to use iSync for calendars and therefor the Entourage integration is lost. You can't even drag/drop items to/from Entourage and iCal.
- Apple's SyncServices issues make iSync unreliable and buggy so we (developers) now favor CalDAV.
- Forum thread
For The Stubborn - Getting Old Z-iSync Connector
Please don't kill the messenger, I'm putting this up here for those that are desperate and would rather deal with the iSync bugs on their own versus moving to the iCal + CalDAV supported option. Don't expect support for this configuration. There's an internal discussion about making the latest connector available directly - I'll update this page depending on the outcome. Until that discussion is resolved, I don't feel comfortable posting the individual connector by itself.
Grab the 5.0.5 tar ball from here:
http://www.zimbra.com/products/downloads_previous.html
The connectors are in the zimbra-store*.rpm , you'll find it in the packages directory once you untar the zimbra tarball.
Copy this over to temp. Find the path of the file. Extract it.
mkdir /tmp/isync cp packages/zimbra-store*.rpm /tmp/isync/ cd /tmp/isync rpm2cpio zimbra-store*.rpm | cpio -iv --make-directories `rpm2cpio zimbra-store*.rpm | cpio -t | grep -i zimbra-isync`
You'll see the new directories and within them you'll see the dmg file for the connector.
iCal General Issues
Clearing iCal cache
Make and run script:
#!/bin/sh rm -rf ~/Library/Application\ Support/SyncServices/Local/clientdata/com.apple.iCal rm -rf ~/Library/Calendars rm -rf ~/Library/Preferences/com.apple.iCal.plist rm -rf ~/Library/Preferences/IcalExternalSync.plist rm -rf ~/Library/Preferences/ByHost/com.apple.iCal.helper.* rm -rf ~/Library/Caches/com.apple.iCal rm -rf ~/Library/Caches/Metadata/iCal
Clearing ALL of iCal
Careful, This Will Remove All Calendar Data. Have all iSync related programs shutdown [addressbook, ical, iMail]
You will also need to redo your CalDAV account setup for the Zimbra iSync Connector. It might also be necessary to uninstall and reinstall the Zimbra Connector. Make and run script:
#!/bin/sh rm -rf ~/Library/Application\ Support/SyncServices/Local rm -rf ~/Library/Application\ Support/SyncLocalCopy rm -rf ~/Library/Application\ Support/iSync/SyncLocalCopy rm -rf ~/Library/Application\ Support/iCal rm -rf ~/Library/Calendars rm -rf ~/Library/Preferences/com.apple.iCal.* rm -rf ~/Library/Preferences/IcalExternalSync.plist rm -rf ~/Library/Preferences/ByHost/com.apple.iCal.helper.* rm -rf ~/Library/Caches/com.apple.iCal rm -rf ~/Library/Caches/Metadata/iCal
You might be seeing this:
http://bugzilla.zimbra.com/show_bug.cgi?id=23671
Comment #30 give some instructions on a case they can reproduce.
zmprov gd <your domain name> zimbraPublicServiceHostname zmprov gs <your server name> zimbraServiceHostname
If zimbraPublicServiceHostname is not set, or set to a different name (such as an alias of the machine or a load balancer), you are hitting this issue.
Calendar events are displaying the wrong time
Apple expects the year of 1971 for the DTSTART variable within an ICS file. There is no standard that dictates this.
Zimbra (prior to version 5.0.5) was using 1601, this is in /opt/zimbra/conf/timezones.ics .
Please see bug for more details (resolved 5.0.5):
http://bugzilla.zimbra.com/show_bug.cgi?id=22808
Alarm & Calendar Notification Issues with iCal
These issues are getting worked out for the 5.0.7 release.
Please review:
http://bugzilla.zimbra.com/show_bug.cgi?id=28057
Some more details:
http://bugzilla.zimbra.com/show_bug.cgi?id=28883
http://bugzilla.mozilla.org/show_bug.cgi?id=432540
iCal calendar color changing modifies calendar name and/or doesn't retain color
Fixed in 5.0.5 . See bugs for details:
http://bugzilla.zimbra.com/show_bug.cgi?id=26627
http://bugzilla.zimbra.com/show_bug.cgi?id=26625
Colors for Calendar & Appointments (Non-client specific)
Here's some RFE's/Bugs you might be interested in:
- "Need more colors on calendars"
- "Making visual difference between meeting status is not easy."
- "Shared calendar should auto-select an unused color"
- "Support tagging of appointments in calendar"
- http://bugzilla.zimbra.com/show_bug.cgi?id=2769
- "Tags not synced for appointments and tasks"
- "Color-coding of appointments"
- http://bugzilla.zimbra.com/show_bug.cgi?id=2769
Calendar Ordering Issues
Please see RFE I made.
- "Allow the reordering of Calendars on webclient to match the order on iCal"
- http://bugzilla.zimbra.com/show_bug.cgi?id=32197
- Depends On:
- "allow changing the order/position of calendars in schedule view"
Directory Access configuration on Macs
File that configures [system wide] for Address Book resolution
/Library/Preferences/DirectoryService/DSLDAPv3PlugInConfig.plist
Calendar Invites can't be imported into iCal
If you look at the ics file, you might see an extra return character at the end.
You'll see this if an Outlook client send an invite to a user using a Mac with a thick client [Mail.app/Entourage].
This was resolved in the 5.0.5 release. Please see bug for more details:
http://bugzilla.zimbra.com/show_bug.cgi?id=26487
Mac clients cause spamming of invitation events when they adjust calendar events
This, at it's root, is caused by other bugs listed here. Usually this will get resolved with the proper upgrades that the bugs require (ZCS 5.0.5+)
There is a RFE/Bug though that will also resolve this, by allowing the "action" of an appointment to be set.
Please see bug for details [scheduled for 5.0.7]:
http://bugzilla.zimbra.com/show_bug.cgi?id=10536
Calendar.app 10.9.5 With ZCS 8.5+
EWS - Exchange Account Topics
Configuring EWS And Calendar.app
Note - currently, with ZCS 8.5 it is not working with calendars. See the following bug:
- Calendar.app via EWS setup doesn't work with ZCS Calendar
Configuring an EWS account on a Mac gives you the option to enabled multiple services. See EWS Configuration And ZCS 8.5 on setting this up.
CalDAV Account Topics
Delegate Issues
- can't create delegate from ical via caldav
iCal 10.5 - CalDAV Issues
Logging-Debug for CalDAV+iCAL
If you are using CalDAV account with ZCS, please help us investigating this problem. On your Mac please do the following and gather some data.
First shutdown iCal app.
Launch terminal app.
You can turn on the debug options in iCal by:
defaults write com.apple.iCal IncludeDebugMenu 1
Turn them off by just reversing it:
defaults write com.apple.iCal IncludeDebugMenu 0
Furthermore, you can log all of the HTTP transaction to the console via:
defaults write com.apple.iCal LogHTTPActivity yes
Turn them off by just reversing it:
defaults write com.apple.iCal LogHTTPActivity no
Logging will show up in /var/log/system.log
Launch iCal app.
Select the shared folder, right click, refresh.
Only Seeing 1 Month Back and 1 Year Ahead In CalDAV
Please see this bug: http://bugzilla.zimbra.com/show_bug.cgi?id=28713
Set to be resolved in 5.0.9
Not seeing Calendar's In iCAL/CALDAV
Space In Calendar Name's And Other "Special Characters"
For space's in Calendar names, this is resolved for the 5.0.7 release. (Need bug # for this)
There have also been reports in the forums that "special characters" can cause an issue where Calendars aren't displayed - even those without the special character name. Note, in one case, the "special character" where Norwegian character.
Server's With Multiple Domains - Effect Users Are In Default Domain
Bug filed:
http://bugzilla.zimbra.com/show_bug.cgi?id=30263
- Conditions:
- On ZCS 5.0.7
- Mac Clients using Zimbra Connector (provided from ZCS 5.0.7) and setting up iCal/CalDAV via the Connector.
- ZCS has multiple domains
- Error:
- Default domain accounts can't see calendars
- Reproduce:
- Clear iCal with no Accounts configured (CALDAV)
- Setup Accounts via Zimbra Connector
- User username@defaultdomain.com as format for the User Name Field
- Work Around:
- Clear iCal with no Accounts configured (CALDAV)
- Setup Accounts via Zimbra Connector
- User username as format for the User Name field
- Non-Default Domains - Works As:
- Clear iCal with no Accounts configured (CALDAV)
- Setup Accounts via Zimbra Connector
- User username@domain.com as format for the User Name Field
- Note, these accounts need @domain, will not work with just username.
iCal And Entourage Use for Calendars - Leopard/10.5 users
Update The 5.0.6+ Connectors will no longer work with Entourage. Your only option for Calendars will be using CalDAV with iCal.App. You still will see an option about Entourage in the Connector but it will be grayed out.
Because of some core issues with Apples SyncServices, we recommend that Entourage and iCal users use iCALv3 (Mac 10.5) configured for CALDAV. Please use the Zimbra Connector instructions to setup iCal for CALDAV.
For Entourage, this recommendation stems from the fact that Microsoft decided to use WebDAV rather than CALDAV. If MS decides later to include CALDAV support for Entourage, we'll have another option.
Please see bug for details:
- RFE: "Leopard - CalDav only" [FIXED]:
- RFE: "Support for Entourage WebDav" [WONTFIX]:
Snow Leopard , Outlook/Entourage , Exchange Web Services
There is no target milestone for it as of today [2010/02/23]. This topic applies to the following references or terms: Exchange auto discovery feature, Exchange Autodiscover service or anything else that relies on Exchange Web Services [ EWS ] on the Mac. Another Apple reference on the topic [pdf warning] : Mac OS X Snow Leopard: Integrating the Mac into an Exchange 2007 Environment .
Please see the following in regards to Zimbra's work and stance on the issue:
- Zimbra has open RFE's for the 'newer' Outlook for Mac versions that use Exchange Web Services [EWS] and will be bypassing the older Entourage versions that use WebDAV.
- "Support for Entourage WebDav" - marked as WONTFIX
- http://bugzilla.zimbra.com/show_bug.cgi?id=24502
- "entourage 2008 integration" - marked as a duplicate of bug 24502 above.
- "Support for Entourage WebDav" - marked as WONTFIX
- RFE: "Enable snow leopard messaging features, Outlook for Mac 2010"
- Assigned but no committed target release, you'll want to include your votes/comments to increase priority.
- http://bugzilla.zimbra.com/show_bug.cgi?id=38631
- Duplicate of bug 38631 above - RFE: "Support for Outlook for Mac 2010"
- http://bugzilla.zimbra.com/show_bug.cgi?id=41106
- In the meantime, Snow Leopard has 3 applications that will work like the following:
- Mail > IMAP [working]
- iCal > CalDAV [working]
- Address Book > CardDav
- We are waiting for Apple to have general support for CardDav and to allow 3rd party servers
- See the following dev comments in bug 22008 - "WebDAV: Add support for CardDav":
- We are waiting for Apple to have general support for CardDav and to allow 3rd party servers
Can't see Calendars after configuring Z-iSync for CALDAV - 10.5 users
You didn't follow the directions most likely. Goto iCal Preferences Accounts.
There should be NO configured accounts prior to configuring Z-iSync for CALDAV.
Remove the current Account listed in iCal and redo configuration for CALDAV with Z-iSync.
Trick to work around address lookup for the Attendee field in iCal Events
Configure the Addressbook using one of the other recommendations on this page.
You can now drag entries from your Addressbook into the Attendee field of iCal.
Attendee Lookups for iCALv3/MacOS10.5
iCal3 [webdav] needs to use the Apple Directory Access utility for attendees (It's on 10.5). It will only work against Apple OD/CAL servers.
RFE filed to include necessary LDAP attributes to provide ical oattendee lookups
See bug [scheduled for 5.0.7]:
http://bugzilla.zimbra.com/show_bug.cgi?id=26619
Free/Busy Lookup not working as expected
The Free/Busy lookup requires auto-attendee lookup to be working.
This requires bug 26619 [ http://bugzilla.zimbra.com/show_bug.cgi?id=26619 ] to be resolved for iCalv3/Mac 10.5.
iCal-CalDAV - server doesn't retain color information from iCal
Summary of issue: Zimbra only supports the preset colors on iCal, which are blue, green, red, orange, pink, and purple.
Please see the following:
- "CalDAV: server does not retain color information from iCal"
- http://bugzilla.zimbra.com/show_bug.cgi?id=26627
- I've added a private comment to this to see if another RFE is needed to expand this and if there's any show stopper reasoning with why it can't be done. I'll update this here when I hear back on it.
I created a bug for this issue, please see:
- "iCal - CalDAV used to create new calendars sets up share permissions on server"
Can't Select Which Calendars To Sync - I Could With 10.4 Though
This is because of the change from iSync to CalDAV. iCal always syncs all the calendars in a given CalDAV account together. The CalDAV spec allows syncing each Calendar, but iCal chooses to sync them all.
There is no known work around at this time. Nor is there an RFE made because the dev's have stated it's an iCal issue. If this changes, I'll update this entry.
iTunes & iPhone configuration for CALDAV
Please see main wiki page on iPhone http://wiki.zimbra.com/index.php?title=IPhone
If you follow the instructions about configuring the Zimbra iSync Connector for CALDAV use, there should be no issues about sync'ing with your iPhone.
At this time, new events created on a iPhone/CALDAV setup will write the event to a local calendar in iCal.app . There's no way around this yet. It's a limitation at this time with Apple's software. You can change the events calendar assignment though later via iCal.app.
Please see Screenshot of iTunes & iPhone
iPhone 3.0 will use port 8443 as default when setting up Caldav, you most likely need to change this to 443.
iCal 10.4 - iSync Issues
Attendee Lookup for iCal/Mac 10.4
iCal.app on Mac 10.4 only uses local entries in Apples Addressbook for address/username lookup for new appointments.
Addressbook+LDAP configuration requires a copy of an "all/*" search in ldap into the local addressbook. Sync doesn't seem to work.
Please see this bug comment and the 10.4 section for more details:
http://bugzilla.zimbra.com/show_bug.cgi?id=26619#c3
New Calendars don't sync unless you select "all". Mac 10.4/Z-isync
Please see bug for details:
http://bugzilla.zimbra.com/show_bug.cgi?id=26653
Sync To Do/Tasks Items in Leopard
RFE filed, please see http://bugzilla.zimbra.com/show_bug.cgi?id=12917
No target date, please vote for this RFE.
ZCO Zimbra Outlook Connector
The complete troubling-shooting guide (dev info requests)
- Reproduce
- ZCO install logs
- msiexec /i zco-installer.msi /lv 00022083-zco-install.log
- Get zco logs
- See Using Logging Control for Troubleshooting; within the below article :
- Check for core dumps - mandatory for all crashes
- Generating Core Dumps :
- Creating a Core Dump from a Running Process using WinDbg :
- Winhttp trace (issues where they can&amp;amp;amp;amp;#39;t connect - check zco logs first). Run this on the machine with Outlook.
- WinHttpTraceCfg -e 1 [prefix] -d 0
- When WinHttpTraceCfg is executed, try sending a message with an attachment. This time a log should be created.
- WinHttpTraceCfg Documentation
- DbgViewHttpTrace :
- WinHttpTraceCfg -e 1 [prefix] -d 0
- Are there any local failures/server failures?
- Winmsd (dump of the local environment configuration)
- Start Run winmsd
- This might take awhile to bring up the application
- From app [System Information titled] , File Export
- What about msinfo32.exe ?
- Start Run winmsd
- External factors (add-ins, other mapi clients)
- Network topology (firewall, proxy, etc)
- Server topology (single/multi-node, clustering, nginx, 3rd party lb)
- Search bugzilla
- Search old support cases
- Can we get remote access?
- Can we get an account on the server?
- Can we access the account in question?
- Get the id of the item
- get the original of the item from the server (mime representation)
- get the .msg of the item from outlook
- Quick analysis of zco logs
- sync - change record creation - CHANGE RECORD
- follow soap requests, look for soap faults
- look for the word - exception
- follow soap traces
- ignore MAPI_E_NOT_FOUND
Performance Issues
Sources:
http://msexchangeteam.com/archive/2007/12/17/447750.aspx
http://blogs.msdn.com/outlook/
http://support.microsoft.com/kb/940226/
http://technet.microsoft.com/en-us/library/bb738147.aspx
The skinny is this, [per Microsoft]
- ...recommended max OST size (2GB)
- ...we strongly recommend storing no more than 5,000 items in core folders, such as the Inbox and Sent Items folders. Creating more top-level folders, or subfolders underneath the Inbox and Sent Items folders, greatly reduces the costs associated with this index creation, so long as the number of items in any one folder does not exceed 5,000.
Mobility
Help Me Understand the Mobility Options
Let's break it down to three forms of access for mobile devices.
Mobile Web Client - http://www.zimbra.com/products/mobile_web_browser.html
A. Setups the web access to the Zimbra server to be viewable from a mobile device. This is accessing mail over the "web browser" on the mobile phone.
A1. http://servername.com/zimbra/m/
B. Built in - no license or additional software needed.
Zimbra Mobile - http://www.zimbra.com/products/mobile_smartphone.html
A. This allows two-way, over-the-air synchronization between the mobile device and Zimbra server.
A1. Think of this as "fat client" mail sync'ing on a mobile device
B. This page will describe that process in better detail - http://wiki.zimbra.com/index.php?title=Moble_Device_Setup
C. License required
Blackberry - http://www.zimbra.com/products/mobile_blackberry.html
A. Blackberry "two-way, over-the-air synchronization" requires the use of a Blackberry server. We use a "connector" on the Blackberry server that allows BES device to use their "fat client" for mail sync'ing.
B. This option requires a separate server, a Windows box that will run the Blackberry server software.
C. Zimbra Mobile license required. Windows Blackberry server require with appropriate Blackberry licenses. Installation of Zimbra BlackberryConnector on the Blackberry server.
D. This is still in BETA
Zimbra Mobile/Blackberry requires the license file to enable it. This cost can be discussed with your sales contact. It's only the Blackberry configuration that requires a "software" installation - so to speak. Enabling "Zimbra Mobility/option 2 above" is a license requirement - not a software installation one - and then configuration for the user. "You enable Zimbra Mobile in the ZCS COS or for individual Accounts."