To change the repository, did you follow this instructions: https://community.grommunio.com/d/1012-convert-grommunio-from-the-community-edition-to-the-supported-edition ?
Outlook ask for password in cycle after repo to supported change
Did you the update with zypper dup
and did you reboot the server?
Do you see any errors in: tail /var/log/grommunio/* -f
?
- Edited
ladas
When I configure account at outlook again this is only new log records:
2023/05/12 21:06:41 [error] 805#805: *684 output on closed stream while sending to client, client: 10.0.3.32, server: _, request: "POST /autodiscover/autodiscover.xml HTTP/2.0", upstream: "https://[::1]:10443/autodiscover/autodiscover.xml", host: "autodiscover.domain.de"
10.0.3.32 - - [12/May/2023:21:06:41 +0200] "POST /autodiscover/autodiscover.xml HTTP/2.0" 401 0 "-" "Microsoft Office/16.0 (Windows NT 10.0; MAPICPL 16.0.16327; Pro)"
10.0.3.32 - username@domain.de [12/May/2023:21:06:54 +0200] "POST /autodiscover/autodiscover.xml HTTP/2.0" 200 3465 "-" "Microsoft Office/16.0 (Windows NT 10.0; MAPICPL 16.0.16327; Pro)"
You stated the certificate do not match the URL. Is ist possible to get a Lets Encrypt certificate that matches the server URL?
You my need to setup a split DNS for the mail and Autodiscover URL, so the certificate matches both URLs.
Outlook is sometimes very tricky if the certificate do not match.
WalterH
Hi Walter,
I have my own CA and all our customers servers use our signed certificates. We just import our CA into client devices. It is easy, we have control, independence and servers necessary need not to have access into internet Most of our servers works off-line. For mails we use mail gateway which send emails out and forward incoming emails into local networks.
But back to my problem. I configured my new account in production server (the same which I configured at upgraded server clone) and outlook connected and create account for first kick. Just ask for certificate acceptation and start. So it seems the problem is not here, unfortunately
I can clone and upgrade repos with new user and we will see, if something change.
Just another question. When I generate certificate for server I add all necessary domains into one certificate. Is it possible to generate certificate for each domain separately and match them into bundle certificate? Will it work with nginx? Thank you for your answer.
- Edited
WalterH
Hi Walter,
I found the problem in the end! It was in autodiscover configuration. I hope I will explain it clearly. I cloned my production vm and moved it to our test environment. It means to another network. So I changed IP address (for details you can look above at the first post) . I repaired DNS records according to new server address. BUT. On server we host mailboxes for five domains. One of them is not used yet, so I planed to use it for my tests, rest of the DNS records was left untouched (they are set for production server which is in use). I created new user for unused domain and tried to connect outlook to the cloned server. BUT at cloned server was autodiscover configuration left unchanged for main server domain. And DNS record for this main domain was pointed to production server. And at production server there was not new user .
At the end I made upgrade to supported version during night. Unfortunately problems with Public folders which I described in other thread did not changed at all. It seems nobody use it because it is really broken and there is no information here.
Walter, thank you very much for the tips and help. Can you change this thread as solved, please?