Resolved Horde Active Sync does not work

[onki]

Hi,

I just upgraded to a new server from 12.0.18 to 12.5 (PHP 5.5.9 by OS vendor as fastCGI).
Horde seems to run properly and all mails are migrated properly.
I tried to activate Active Sync according to the instructions given and added these lines to my http /https config:

# Enable ActiveSync
<Directory /usr/share/psa-horde>
   Order allow,deny
   Allow from all
</Directory>
RewriteEngine On
RewriteRule ^/Microsoft-Server-ActiveSync /usr/share/psa-horde/rpc.php [L,QSA]
Alias /autodiscover/autodiscover.xml /usr/share/psa-horde/rpc.php
Alias /Autodiscover/Autodiscover.xml /usr/share/psa-horde/rpc.php
Alias /AutoDiscover/AutoDiscover.xml /usr/share/psa-horde/rpc.php
# End Enable ActiveSync

Whenever I try to connect my client say that the protocol is wrong. When I try to check the EAS function (using https://domain.tld/Microsoft-Server-ActiveSync in my browser)
I just can download the rpc.php rather than running it.
What could be wrong? Permission and group of .horde.shadow is correct.

Best regards
Onki

 

[onki]

Hi,

I also tested the installation with the Microsoft Active Sync Test Utility.
It says that there is a problem with authentification.
But according to the documantation the horde.shadow file has 0644 rights.
The Configuration in Horde should be fine and I can also see the ActiveSync relavant parameters in Horde.
It is really strange since EAS worked nicely for month on my old server but I had to move to a new one with Ubuntu 14.04.

Best regards
Onki

 

[onki]

Hi,

I am still struggling with the ActiveSync feature in Horde. Everything works like a charm but the most important feature (EAS) still does not work.
I was told by my server provider that there is no signifikant difference between the old (ubuntu 12.04 with Plesk 12.0.18) and the new Vserver (Ubuntu 14.04 with Plesk 12.5).
When running Microsoft EAS Remote Testing tool if gives me the following errors:

I still think the problem is related to the fact, that the rpc.php file in the Alias definition cannot be executed since it will be downloaded when I place a link in the browser.

Can someone give advice what could be wrong. I rally followed all the steps given in the docs.
The server is running on Apache 2 with FastGGI PHP 5.5.9. All SSl certs are valid and also installed for IMAP/SMTP. This mode is OK so far and I get no cert warnings wehn cobfiguring a client in IMAP mode. But I need EAS in oder to sync contacts and calenders.

Best regards
Onki

 

[Lloyd_mcse]

Hi Onki
Have you tried...

Alias /Microsoft-Server-ActiveSync /usr/share/psa-horde/rpc.php
Alias /autodiscover/autodiscover.xml /usr/share/psa-horde/rpc.php
Alias /Autodiscover/Autodiscover.xml /usr/share/psa-horde/rpc.php
Alias /AutoDiscover/AutoDiscover.xml /usr/share/psa-horde/rpc.php

<Directory /usr/share/psa-horde>
    php_flag magic_quotes_gpc off
    php_flag register_globals off
    php_flag magic_quotes_runtime off
    php_flag short_open_tag on
</Directory>

That's working for us on Ubuntu 14 and Plesk 12.5 #23
I hope that gets you up and running again.
Kind regards

Lloyd

 

[onki]

Hi Lloyd,

I tried your suggestion but I get an error message because php_flag is not accepted on my Apache 2.4 (invalid command).

Does this command require a specific module or is this a syntax problem with 2.4?
I think Apache 2.4 and its syntax this is the main reason for my problem.
Alias is working OK since the rpc.php is downloaded. But it should be executed rather than downloaded to work correctly. And this seems to be an Apache configuration problem since the rpc.php is not within the document root.

Best regards
Onki

 

[Lloyd_mcse]

Hi Onki,
I'm glad you mentioned the php_flag, I got that warning in the previews of 12.5 on Ubuntu 14, but I'm not getting it now.
Right, also working for me is...

Alias /Microsoft-Server-ActiveSync /usr/share/psa-horde/rpc.php
Alias /autodiscover/autodiscover.xml /usr/share/psa-horde/rpc.php
Alias /Autodiscover/Autodiscover.xml /usr/share/psa-horde/rpc.php
Alias /AutoDiscover/AutoDiscover.xml /usr/share/psa-horde/rpc.php

<Directory /usr/share/psa-horde>
    Order allow,deny
    Allow from all
</Directory>

So you can try that.

1. What do the logs say?
2. Did you run /opt/psa/admin/bin/httpdmng --reconfigure-all
3. Have you tried a subdomain as that will eliminate any issues with rewrites and PHP on the main domain.
4. I take it Horde itself is working ok?

Anyway, let me know what you find.
Kind regards

Lloyd

 

[onki]

Hi again,

Still no solution. I added a subdomain eas.domain.tld in plesk and added the following to the httpd configuration section in plesk for both http and https:

# Enable ActiveSync
<Directory "/usr/share/psa-horde">
   Require all granted
</Directory>
Alias "/Microsoft-Server-ActiveSync" "/usr/share/psa-horde/rpc.php"
Alias "/autodiscover/autodiscover.xml" "/usr/share/psa-horde/rpc.php"
Alias "/Autodiscover/Autodiscover.xml" "/usr/share/psa-horde/rpc.php"
Alias "/AutoDiscover/AutoDiscover.xml" "/usr/share/psa-horde/rpc.php"
RewriteEngine On
#RewriteRule ^/Microsoft-Server-ActiveSync /usr/share/psa-horde/rpc.php [L,QSA]
RewriteRule .* - [E=HTTP_MS_ASPROTOCOLVERSION:%{HTTP:Ms-Asprotocolversion}]
RewriteRule .* - [E=HTTP_X_MS_POLICYKEY:%{HTTP:X-Ms-Policykey}]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# End Enable ActiveSync

Still the same problem. when I enter "https://eas.domain.tld/Microsoft-Server-ActiveSync" in my browser it just downloads the rpc.php instead of executing.
In /usr/share/psa-horde there also is a .htaccess file:

# IMPORTANT: DO NOT EDIT THIS FILE!
# It will be overwritten with any future upgrade.

allow from all

<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule .* - [env=REDIRECT_HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteCond  %{REQUEST_FILENAME}  !-d
  RewriteCond  %{REQUEST_FILENAME}  !-f
  RewriteRule ^(.*)$ rampage.php [QSA,L]
</IfModule>

The logs of the domain doin't tell me something just a certificate warning (I just have a valid cert for the base domain - this is why I don't want to use a subdomain) and a message that I accessed the site with my IP.

Any suggestion how to get the /usr/local/psa-horde path contents executable?

Best regards
Onki

 

[neutron]

You are running into the same problem i already reported to the plesk team. As default, php as apache module is disabled in Plesk 12.5, so any apache instruction trying to access files outside the normal vhost docroot runs into this problem. You have 2 options, you can re-enable apache mod_php OR you define a php handler in your vhost.conf. The reason this file is downloaded is just because NO php is enabled at all if you are trying to get something via the Alias function, for example, of apache here.

 

[onki]

Hi neutron,

thanks for the detailed information.
How can I define a php handler in the vhosts configuration as this seems to be the easiest solution which has no impact on the websites installed on the server?
I am not such an Apache expert.

Best regards
Onki

 

[neutron]

Like this:

<Directory /usr/share/psa-horde>
    <Files ~ (\.php$)>
        SetHandler fcgid-script
        FCGIWrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper .php
        Options +ExecCGI
    </Files>
</Directory>

 

[onki]

Hi,

Thanks for your help.
I tried that on my subdomain but now I get "No Input file specified" when I try to run rpc.php through the sync test.
This is what my error log says:

[Sun Feb 28 18:06:02.578716 2016] [fcgid:warn] [pid 4528:tid 139789812614912] [client 87.180.xxx.xx9:53845] mod_fcgid: stderr: PHP Warning:  Unknown: open_basedir restriction in effect. File(/usr/share/psa-horde/rpc.php) is not within the allowed path(s): (/var/www/vhosts/onki.net/:/tmp/) in Unknown on line 0

On my old server I get:
"Trying to access the ActiveSync endpoint from a browser. Not Supported."

So it is a bit better but still not really working.
Do I need to add the horde path to open_basedir in php.ini?

Edit: I added the path to open_basedir, now error log says this:

[Sun Feb 28 18:19:40.044180 2016] [fcgid:warn] [pid 5190:tid 140295704381184] [client xxxxx:54091] mod_fcgid: stderr: PHP Warning:  require_once(Horde/Autoloader/Default.php): failed to open stream: No such file or directory in /usr/share/psa-horde/lib/core.php on line 49
[Sun Feb 28 18:19:40.044184 2016] [fcgid:warn] [pid 5190:tid 140295704381184] [client xxxxx:54091] mod_fcgid: stderr: PHP Fatal error:  require_once(): Failed opening required 'Horde/Autoloader/Default.php' (include_path='/usr/share/psa-horde/lib:.:/usr/share/php:/usr/share/pear') in /usr/share/psa-horde/lib/core.php on line 49

Best regards

 

[neutron]

This may be all due to the fact that you are using php as cgi, fcgi or whatever. In that mode php is not running with apache but with the user the vhosts belongs to. So you need to have a look at the correct permissions and owner,group stuff. That's the "bad" side of this. If you re-enable mod_php you don't need to do all this. Also, if you change permissions in /usr/share/psa-horde other domains using horde may not work. A possible way would be to copy the whole psa-horde directory to something else (new name) and make all changes there.

 

[onki]

Hi,

I have given up.
Just started the rollback to my old server as all the modifications are too complex for a regular Plesk setup and I am afraid that it will be overwritten with a coming update.
Please use this thread if there is any change in upcomoing versions of Plesk 12.5 so that EAS can be used with Horde on a Plesk based server.

Many thanks for your help anyway.

Best regards
Onki

 

[Lloyd_mcse]

Hi Onki,
sorry to hear you have given up.
Had you gone to...

Plesk -> Tools & Settings -> Apache Web Server

1. Select Prefork from the drop down menu.
2. You will now be able to select the PHP5 tick box.

And check your https://eas.domain.tld/Microsoft-Server-ActiveSync url.

You will now get the "Trying to access the ActiveSync endpoint from a browser. Not Supported." warning in your browser.

Also you mention you don't have an SSL Certificate for a eas subdomain, well you can get a free SSL Cert for the domain via the Let's Encrypt extension available in Plesk 12.5.

Regards

Lloyd

 

[neutron]

That's what i said, just re-enable mod_php. It's just 2 clicks away, as you can see in the example from Lloyd_mcse

 

[onki]

Hi again,

OK - my new VPS is already deleted because I just had one week time to move from old to new and I ran out of time.
So I decided to stay with the "old" version with working EAS (in parallel to the new one).

But I can try it again now that I know what might be wrong.
Just to make sure.
I have to create a subdomain like "eas.domain.tld"
In Plesk I have to switch over to the old and slow mod_php using the PHP Settings on server level (does it switch all domains to mod_php or just this subdomain?)
Then I need to add the directive, the alias and autodiscover entries shown a few post earlier:

<Directory "/usr/share/psa-horde">
   Require all granted
</Directory>
Alias "/Microsoft-Server-ActiveSync" "/usr/share/psa-horde/rpc.php"
Alias "/autodiscover/autodiscover.xml" "/usr/share/psa-horde/rpc.php"
Alias "/Autodiscover/Autodiscover.xml" "/usr/share/psa-horde/rpc.php"
Alias "/AutoDiscover/AutoDiscover.xml" "/usr/share/psa-horde/rpc.php"

and of course activate EAS in Horde - Thats it?

Best regards
Onki

 

[Lloyd_mcse]

Hi Onki,
Yeah just make sure php5 is ticked in Tools & Settings -> Apache Server, no it doesn't switch all domains.
The eas subdomain you'll want to run PHP as FactCGI still.
Let us know how you get on.
Regards

Lloyd

 

[Gabor H]

Hi,

I'm also struggling with set up EAS on Plesk 12.5 with apache 2.2.22 / Debian 7.9.
Would anyone of you be so king to ease our life and sum up with a step-by-step settings in Plesk and of course on the server?
And additionsl questions:

-if I have webmail.mydomain.com subdomain, then will it be the same URL for the EAS or do I need to create a eas.mydomain.com?
-what settings needed in DNS? Autodiscover needed to add?
-how to generate aurodiscover.xml file and where to put? Is it necessary to create this file? Just asking because non of the guides
are mention this step.
-adding a free SSL is necessary for the EAS's subdomain? No go without it?

I tried many guides here in Plesk community forums and this and this guide but still no luck.

Regards,
Gabor

 

[Lloyd_mcse]

Hi Gabor,

1. EAS will be on whatever domain we set it up on, you can have it on domain.tld, but it's best to have a subdomain so you can have seperate PHP and Apache settings.
2. You just need to add A records for eas and autodiscover, which will be created when you create the subdomains. You can of course add SRV records too.
3. You don't need to, you add aliases for the subdomain like...

Alias /Microsoft-Server-ActiveSync /usr/share/psa-horde/rpc.php
Alias /autodiscover/autodiscover.xml /usr/share/psa-horde/rpc.php
Alias /Autodiscover/Autodiscover.xml /usr/share/psa-horde/rpc.php
Alias /AutoDiscover/AutoDiscover.xml /usr/share/psa-horde/rpc.php

Assuming you have already setup ActiveSync in Horde that will handle everything.
4. YES you really must use a SSL certificate

If you use eas.domain.tld, you'll have to add redirects on the main domain, so I'll start there...

domain.tld - Additional directives for HTTP & HTTPS

RedirectMatch 301 (?i)/Microsoft-Server-ActiveSync https://eas.domain.tld/Microsoft-Server-ActiveSync
RedirectMatch 301 (?i)/autodiscover/autodiscover.xml https://eas.domain.tld/autodiscover/autodiscover.xml
RedirectMatch 301 (?i)/Autodiscover/Autodiscover.xml https://eas.domain.tld/autodiscover/autodiscover.xml
RedirectMatch 301 (?i)/AutoDiscover/AutoDiscover.xml https://eas.domain.tld/autodiscover/autodiscover.xml

eas.domain.tld - Additional directives for HTTP

 Redirect 301 / https://eas.domain.tld/

eas.domain.tld - Additional directives for HTTPS

RewriteEngine On
RewriteRule .* - [E=HTTP_MS_ASPROTOCOLVERSION:%{HTTP:Ms-Asprotocolversion}]
RewriteRule .* - [E=HTTP_X_MS_POLICYKEY:%{HTTP:X-Ms-Policykey}]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^/Microsoft-Server-ActiveSync /usr/share/psa-horde/rpc.php [L,QSA]

Alias /Microsoft-Server-ActiveSync /usr/share/psa-horde/rpc.php
Alias /autodiscover/autodiscover.xml /usr/share/psa-horde/rpc.php
Alias /Autodiscover/Autodiscover.xml /usr/share/psa-horde/rpc.php
Alias /AutoDiscover/AutoDiscover.xml /usr/share/psa-horde/rpc.php

<Directory /usr/share/psa-horde>
    Require all granted
</Directory>

autodiscover.domain.tld - Additional directives for HTTP

 Redirect 301 / https://autodiscover.domain.tld/

autodiscover.domain.tld - Additional directives for HTTPS

RedirectMatch 302 (?i)/autodiscover/autodiscover.xml https://eas.domain.tld/autodiscover/autodiscover.xml
RedirectMatch 302 (?i)/Autodiscover/Autodiscover.xml https://eas.domain.tld/autodiscover/autodiscover.xml
RedirectMatch 302 (?i)/AutoDiscover/AutoDiscover.xml https://eas.domain.tld/autodiscover/autodiscover.xml

Once the basic setup is all working you can think about adding provisioning etc.
If you need any further help, post back or start a conversation with me.
Regards

Lloyd

 

[Gabor H]

Hi Llloyd,

Thanks for the detailed instruction. I'll try it later on today.
I'd have additional question which are still not clear to me.

-Do I understand right that if I add the EAS to a different domain like eas.domain.tld then the regular webmail login for the Horde still can remain the webmail.domain.tld?
Or does it needed to install the Horde to eas.domain.tld too?

-How about the autodiscover.xml file? Is it necessary or not? If yes, then how to create it?
-The ActiveSync in Horde is enabled, but there's no check mark next to it. Shouldn't it be check marked as Application is ready?

Kind regards,
Gabor