RemoteManager exception: Difference between revisions
Asrivastava (talk | contribs) |
Asrivastava (talk | contribs) m (→Solution) |
||
Line 10: | Line 10: | ||
== Solution == | == Solution == | ||
Regenerate the SSH key and make sure auth keys get updated in all the servers. | |||
=== Regenerating Keys === | |||
To regenerate the ssh keys, on all hosts (as the zimbra user): | |||
zmsshkeygen | |||
To deploy the keys, on all hosts (as the zimbra user): | |||
zmupdateauthkeys | |||
=== Verifying sshd configuration === | |||
The authentication method assumes that sshd on the mta is running on port 22, and that RSA Authentication is enabled. You can test the ssh command with: | |||
ssh -i .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM | |||
(Swap MAIL.DOMAIN.COM for your hostname, as it appears in the error). | |||
You should NOT be prompted for a password; if you are, recreate the ssh keys and retry the test. | |||
If you're not running sshd on port 22, modify the zimbraRemoteManagementPort attribute on the server: | |||
zmprov ms MAIL.DOMAIN.COM zimbraRemoteManagementPort 2222 | |||
Verify in /etc/sshd_config (or /etc/ssh/sshd_config) that the zimbra user is an allow user | |||
AllowUsers admin zimbra | |||
Note: applying this change resulted in not being to ssh as root. Should we add root to the list of AllowUsers! | |||
As soon this fix you should be able to see the following logging in mailbox.log while accessing the queue in the monitoring tab of admin console. |
Revision as of 06:36, 1 May 2018
Remote Manager Exception
ZCS 8.8 ZCS 8.7
Problem
While accessing the email queue or monitoring graphs and other services at times server gives the exception saying "Server error encountered" with the system failure exception during auth. mailbox.log would have similar exception. Keyword to look for is RemoteManager
Solution
Regenerate the SSH key and make sure auth keys get updated in all the servers.
Regenerating Keys
To regenerate the ssh keys, on all hosts (as the zimbra user):
zmsshkeygen
To deploy the keys, on all hosts (as the zimbra user):
zmupdateauthkeys
Verifying sshd configuration
The authentication method assumes that sshd on the mta is running on port 22, and that RSA Authentication is enabled. You can test the ssh command with:
ssh -i .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM
(Swap MAIL.DOMAIN.COM for your hostname, as it appears in the error).
You should NOT be prompted for a password; if you are, recreate the ssh keys and retry the test.
If you're not running sshd on port 22, modify the zimbraRemoteManagementPort attribute on the server:
zmprov ms MAIL.DOMAIN.COM zimbraRemoteManagementPort 2222
Verify in /etc/sshd_config (or /etc/ssh/sshd_config) that the zimbra user is an allow user
AllowUsers admin zimbra
Note: applying this change resulted in not being to ssh as root. Should we add root to the list of AllowUsers!
As soon this fix you should be able to see the following logging in mailbox.log while accessing the queue in the monitoring tab of admin console.