Outlook Web Access using Apache2

mikesjn
mikesjn used Ask the Experts™
on
I have got lumbered with a system that I did not build , but was working . Our mail system is an Exchange 2000 System, but users can access the system using an external Apache2 we server. This same server is running Postfix server acting as a mail scanner and relay  to the above server. All was working until we had a system crash. The mail relay works and users can again access there mail using squirrel mail. But when users try to access Outlook Web Access (to the same exchange server) they get an error.
Here is a copy of the apache2/error_log

**********************************************************************************
smtp:/var/log/apache2 # tail -n 30 error_log
[Fri Jul 01 10:12:27 2005] [notice] child pid 3252 exit signal Segmentation fault (11)
[Fri Jul 01 10:32:47 2005] [error] Re-negotiation handshake failed: Not accepted by client!?
[Fri Jul 01 10:32:49 2005] [notice] child pid 3001 exit signal Segmentation fault (11)
[Fri Jul 01 10:34:48 2005] [notice] child pid 3288 exit signal Segmentation fault (11)
[Fri Jul 01 10:38:57 2005] [error] Re-negotiation handshake failed: Not accepted by client!?
[Fri Jul 01 10:38:59 2005] [notice] child pid 3004 exit signal Segmentation fault (11)
[Fri Jul 01 10:39:34 2005] [notice] caught SIGTERM, shutting down
[Fri Jul 01 10:39:41 2005] [warn] RSA server certificate CommonName (CN) `*.biowisdom.com' does NOT match server name!?
[Fri Jul 01 10:39:41 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2)
[Fri Jul 01 10:39:41 2005] [warn] RSA server certificate CommonName (CN) `*.biowisdom.com' does NOT match server name!?
[Fri Jul 01 10:39:42 2005] [notice] Apache/2.0.53 (Linux/SUSE) configured -- resuming normal operations
[Fri Jul 01 10:40:14 2005] [notice] child pid 5567 exit signal Segmentation fault (11)
[Fri Jul 01 10:40:20 2005] [notice] child pid 5568 exit signal Segmentation fault (11)
[Fri Jul 01 10:40:29 2005] [notice] child pid 5569 exit signal Segmentation fault (11)
[Fri Jul 01 10:43:34 2005] [error] [client 172.16.1.1] File does not exist: /srv/www/htdocs/squirrelmail/favicon.ico
[Fri Jul 01 10:43:34 2005] [error] [client 172.16.1.1] unable to include "include/bottom.html" in parsed file /usr/share/apache2/error/HTTP_NOT_FOUND.html.var
[Fri Jul 01 10:43:45 2005] [notice] child pid 5629 exit signal Segmentation fault (11)
[Fri Jul 01 10:43:55 2005] [notice] child pid 5571 exit signal Segmentation fault (11)
[Fri Jul 01 10:44:07 2005] [notice] child pid 5623 exit signal Segmentation fault (11)
[Fri Jul 01 10:44:09 2005] [notice] child pid 5625 exit signal Segmentation fault (11)
[Fri Jul 01 10:48:25 2005] [notice] caught SIGTERM, shutting down
[Fri Jul 01 10:49:57 2005] [warn] RSA server certificate CommonName (CN) `*.biowisdom.com' does NOT match server name!?
[Fri Jul 01 10:49:57 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2)
[Fri Jul 01 10:49:57 2005] [warn] RSA server certificate CommonName (CN) `*.biowisdom.com' does NOT match server name!?
[Fri Jul 01 10:50:05 2005] [notice] Apache/2.0.53 (Linux/SUSE) configured -- resuming normal operations
[Fri Jul 01 11:36:14 2005] [notice] child pid 3050 exit signal Segmentation fault (11)
[Fri Jul 01 13:10:39 2005] [error] Re-negotiation handshake failed: Not accepted by client!?
[Fri Jul 01 13:10:43 2005] [notice] child pid 6452 exit signal Segmentation fault (11)
[Fri Jul 01 13:36:40 2005] [notice] child pid 6457 exit signal Segmentation fault (11)
[Fri Jul 01 14:33:08 2005] [notice] child pid 6445 exit signal Segmentation fault (11)
smtp:/var/log/apache2 #

*********************************************************************************************

Here is the config file with regard to this

DocumentRoot /srv/www/htdocs/squirrelmail

<IfModule mod_dir.c>
    DirectoryIndex index.html index.php
</IfModule>

<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteRule ^/(.*) https://%{HTTP_HOST}/ [redirect=permanent]
</IfModule>    

<VirtualHost _default_:443>
    SSLEngine on

    <Location />
        SSLRequireSSL
    </Location>

    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
    SSLCertificateFile /etc/apache2/ssl.crt/biowisdom.com.2004.crt
    SSLCertificateKeyFile /etc/apache2/ssl.key/biowisdom.com.2004.key
    SSLCertificateChainFile /etc/apache2/ssl.crt/CA_keys.2004.crt

    SSLVerifyDepth 1

    SetEnvIf User-Agent ".*MSIE.*" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0

    # Exchange proxying with certificate checking
    <IfModule mod_proxy.c>
      SSLProxyEngine on
      ProxyRequests  Off

      SSLCACertificateFile /etc/apache2/ssl.crt/BioWisdomCA.crt
      SSLCARevocationFile /etc/apache2/ssl.crl/BioWisdomCA.crl
      SSLVerifyClient none

      <Proxy *>
          Order allow,deny
          Allow from all
      </Proxy>

      <Location /exchange>
          SSLRequire %{SSL_CLIENT_S_DN_O} eq "BioWisdom Ltd."
          SSLVerifyClient require
          SSLOptions +OptRenegotiate
          ProxyPass https://comms.biowisdom.com/Exchange
          ProxyPassReverse https://comms.biowisdom.com/Exchange
      </Location>

      <Location /Exchange>
          SSLRequire %{SSL_CLIENT_S_DN_O} eq "BioWisdom Ltd."
          SSLVerifyClient require
          SSLOptions +OptRenegotiate
          ProxyPass https://comms.biowisdom.com/Exchange
          ProxyPassReverse https://comms.biowisdom.com/Exchange
      </Location>

      <Location /Public>
          SSLRequire %{SSL_CLIENT_S_DN_O} eq "BioWisdom Ltd."
          SSLVerifyClient require
          SSLOptions +OptRenegotiate
          ProxyPass https://comms.biowisdom.com/public
          ProxyPassReverse https://comms.biowisdom.com/public
      </Location>

      <Location /exchweb>
          SSLRequire %{SSL_CLIENT_S_DN_O} eq "BioWisdom Ltd."
          SSLVerifyClient require
          SSLOptions +OptRenegotiate
          ProxyPass https://comms.biowisdom.com/exchweb
          ProxyPassReverse https://comms.biowisdom.com/exchweb
      </Location>
    </IfModule>
</VirtualHost>

This is a SuSE 9.2 server. With these modules installed.

apache2-mod_php4-4.3.10-14.4
apache2-2.0.53-10
apache2-prefork-2.0.53-10

The certificates are all valid and I can read with openssl

I know a fair mount of Linux admin, but it is not my main job- I don't want to make this worse.

Any suggestions

Mike



Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I would suggest that you backup your apache binaries, configuration and certificates and re-install / upgrade apache. The fact that you're getting a segfault is somewhat concerning, as this is not generally related to a configuration error. If you have access to the original RPMs, just remove the existing Apache rpm's and re-install.

Author

Commented:
Tried forcing an upgrade which it did and still the same!!
idmiskSolution manager

Commented:
Segmentation fault can result from:
- broken application binaries
- some broken (php,perl) code

some suggestions:
- was there a filesystem check after crash
- do these segfaults logged if you access your exchange stuff ('tail -f yourerror.log' and try to access)

> But when users try to access Outlook Web Access (to the same exchange server) they get an error.
what is the error?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
OWA works from the internal network going stright to the server, and the rights on IIS are set correctly for the Apache properly. Squirrel mail from the same apache server is working correctly but the error from using a revers proxy is page is not displayed. The Config file is shown above. The error using IE is "The Page Cannot be displayed", in Firefox it hangs - the page does not change, but I can see the certificate from the IIS sever loaded. It seems like a problem displaying the page - as opposed to it cannot find it. I  have heard the possibility of it being a header modification on the Apache server? I would not know how to add headers, my knowledge of Apache is not that good.
I would like to resolve this quickly- sorry for delay but I have been extremely busy.

Mike

Author

Commented:
I have added tried to add
<IfModule mod_headers.c>
        Header set Front-End-Https: on
</IfModule>
to configuration above, where should it go and does this look correct, apparently the front end server needs this- it has worked for months without it. I have added mod_headers, by the way.

Author

Commented:
Also getting, cannot find server error in IE top bar but Mozilla gets certificate and hangs

Author

Commented:
I setup (again) using this document http://3cx.org/item/46. Something must have changed with an update, now working fine
Commented:
PAQed with points (500) refunded

DarthMod
Community Support Moderator

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial