IMAP and SWA login problems - my experience and solution

[les]

Hi All,

Just thought i would share my experiences here.

There have been quite a few threads previously relating to failed imap logins, especially for a handful of users, not all.

I hit this problem today, seemingly out of the blue, but managed to resolve the issue.

i tried omscans, omcheck, deleting imap-cache, re-indexing etc etc etc. They all didn't help. Passwords were correct, tried resetting them anyway, but still no joy.

I even added a brand new test user and they too could not login to imap or swa (swa uses the same auth as imap, pop3 uses its own as does mapi, which is why they still work).

The penny dropped when i checked all users. out of 10 users only 4 could login via imap. On closer insepction they 4 that worked were all "Full Administrators".
Adding a new user as a full administrator made imap work!! But that wasn't the fix, just a workaround.

Looking more closely at user logins after enabling imap debugging i could see in log files that for a "broken" user it was crapping out at the BB Area.

permissions on the root of the Public Folder had been changed to none (doh!), meaning folders were not visible to anyone but administrators. This broke imap access.

After restoring permissions and restarting scalix all is back to normal.

Observation:

Anything using imap access needs to at least see the root of the Public Folder.

Outlook allows you to change permissions on the root Public Folder, which if you make a mistake can cause a lot of grief. swa does not allow you to change permissions on the root level public folder.

Suggestion:

I think it would be wise to either disable the ability for outlook to edit the permissions on the root level of public folders, or at least have default "visible" permissions which cannot be changed.

Hope this helps someone if they find themselves in a similar situation.


:)

[Valerion]

I've never modified the permissions on the root, but I think that's a good warning, thanks. Would have taken me a long time to come up with that answer, not what I would have expected the issue is.

[les]

I've never modified the permissions on the root, but I think that's a good warning, thanks. Would have taken me a long time to come up with that answer, not what I would have expected the issue is.

yep, took me about 4-6 hours of troubleshooting, hopefully save someone else the time should they come across it.

[rgmhtt]

Very interersting.... But help me here.

There have been quite a few threads previously relating to failed imap logins, especially for a handful of users, not all.

Looking more closely at user logins after enabling imap debugging i could see in log files that for a "broken" user it was crapping out at the BB Area.

permissions on the root of the Public Folder had been changed to none (doh!), meaning folders were not visible to anyone but administrators. This broke imap access.

After restoring permissions and restarting scalix all is back to normal.

Where is the "root of the Public Folder" so I can check its permissions?

I notice that on my Scalix 11 server the BB Server aborted. Not the case on my Scalix 10 server. But even more interesting is I do not HAVE any BBs on either system...

[les]

Very interersting.... But help me here.

There have been quite a few threads previously relating to failed imap logins, especially for a handful of users, not all.

Looking more closely at user logins after enabling imap debugging i could see in log files that for a "broken" user it was crapping out at the BB Area.

permissions on the root of the Public Folder had been changed to none (doh!), meaning folders were not visible to anyone but administrators. This broke imap access.

After restoring permissions and restarting scalix all is back to normal.

Where is the "root of the Public Folder" so I can check its permissions?

I notice that on my Scalix 11 server the BB Server aborted. Not the case on my Scalix 10 server. But even more interesting is I do not HAVE any BBs on either system...

root of "Pulbic Folder" is the Folder called "Public Folders" as you see it in Outlook.

Note that you can only see these permissions of Public Folders if you are a full administrator. So setup an outlook profile as your administrator account, or make yourself a full administrator via SAC.

Then ensure the default permissions are at least reviewer so that everyone can get it, as well as for "Local". Administrator permissions will be different, dont change them.

Hope that helps.

p.s. you do need to fix the aborted BB server also. When Imap logs in it tries to list all folders. if the BB server is not on then it might be failing at that point and that can be why it logs you off. Even if you have no public folders.

The actual imap username and password do authenticate but because it cant get a list of folders it falls back to a standard error of failed password.

[rgmhtt]

[
root of "Pulbic Folder" is the Folder called "Public Folders" as you see it in Outlook.

Don't use no stinking Outlook. All POP clients here. But sometimes someone is on the road and needs the webmail interface....

Note that you can only see these permissions of Public Folders if you are a full administrator. So setup an outlook profile as your administrator account, or make yourself a full administrator via SAC.

I am full admin in SAC. And can use SWA. But can't get in.

Plus this last time I got the dreaded "eval time is up" message....

And this is CE.

Hope that helps.

Sigh. No closser.

p.s. you do need to fix the aborted BB server also. When Imap logs in it tries to list all folders. if the BB server is not on then it might be failing at that point and that can be why it logs you off. Even if you have no public folders.

Tell me about it. More to the point, tell me how I can troubleshoot this. I start BB server from SAC and it runs for about 20s then stops. No logs anywhere that I can find.

The actual imap username and password do authenticate but because it cant get a list of folders it falls back to a standard error of failed password.

Typical of my day.

[rgmhtt]

:D


I unsinstalled Scalix 11.
Removed all the data structures.
Set up the scalix user id PROPERLY (including the Group scalix, that I got wrong last time).
rsynced all the scalix directories.

installed (really an upgraded) of Scalix 11.

Now everything is working.

Problem appears to be permissions on the files I rsynced. All is well now.

Well I still have a lot of tuning to do, and spamassasin...

[les]

:D


I unsinstalled Scalix 11.
Removed all the data structures.
Set up the scalix user id PROPERLY (including the Group scalix, that I got wrong last time).
rsynced all the scalix directories.

installed (really an upgraded) of Scalix 11.

Now everything is working.

Problem appears to be permissions on the files I rsynced. All is well now.

Well I still have a lot of tuning to do, and spamassasin...

great news!!!