Outlook Web Access using Apache2

I have got lumbered with a system that I did not build , but was working . Our mail system is an Exchange 2000 System, but users can access the system using an external Apache2 we server. This same server is running Postfix server acting as a mail scanner and relay  to the above server. All was working until we had a system crash. The mail relay works and users can again access there mail using squirrel mail. But when users try to access Outlook Web Access (to the same exchange server) they get an error.
Here is a copy of the apache2/error_log

**********************************************************************************
smtp:/var/log/apache2 # tail -n 30 error_log
[Fri Jul 01 10:12:27 2005] [notice] child pid 3252 exit signal Segmentation fault (11)
[Fri Jul 01 10:32:47 2005] [error] Re-negotiation handshake failed: Not accepted by client!?
[Fri Jul 01 10:32:49 2005] [notice] child pid 3001 exit signal Segmentation fault (11)
[Fri Jul 01 10:34:48 2005] [notice] child pid 3288 exit signal Segmentation fault (11)
[Fri Jul 01 10:38:57 2005] [error] Re-negotiation handshake failed: Not accepted by client!?
[Fri Jul 01 10:38:59 2005] [notice] child pid 3004 exit signal Segmentation fault (11)
[Fri Jul 01 10:39:34 2005] [notice] caught SIGTERM, shutting down
[Fri Jul 01 10:39:41 2005] [warn] RSA server certificate CommonName (CN) `*.biowisdom.com' does NOT match server name!?
[Fri Jul 01 10:39:41 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2)
[Fri Jul 01 10:39:41 2005] [warn] RSA server certificate CommonName (CN) `*.biowisdom.com' does NOT match server name!?
[Fri Jul 01 10:39:42 2005] [notice] Apache/2.0.53 (Linux/SUSE) configured -- resuming normal operations
[Fri Jul 01 10:40:14 2005] [notice] child pid 5567 exit signal Segmentation fault (11)
[Fri Jul 01 10:40:20 2005] [notice] child pid 5568 exit signal Segmentation fault (11)
[Fri Jul 01 10:40:29 2005] [notice] child pid 5569 exit signal Segmentation fault (11)
[Fri Jul 01 10:43:34 2005] [error] [client 172.16.1.1] File does not exist: /srv/www/htdocs/squirrelmail/favicon.ico
[Fri Jul 01 10:43:34 2005] [error] [client 172.16.1.1] unable to include "include/bottom.html" in parsed file /usr/share/apache2/error/HTTP_NOT_FOUND.html.var
[Fri Jul 01 10:43:45 2005] [notice] child pid 5629 exit signal Segmentation fault (11)
[Fri Jul 01 10:43:55 2005] [notice] child pid 5571 exit signal Segmentation fault (11)
[Fri Jul 01 10:44:07 2005] [notice] child pid 5623 exit signal Segmentation fault (11)
[Fri Jul 01 10:44:09 2005] [notice] child pid 5625 exit signal Segmentation fault (11)
[Fri Jul 01 10:48:25 2005] [notice] caught SIGTERM, shutting down
[Fri Jul 01 10:49:57 2005] [warn] RSA server certificate CommonName (CN) `*.biowisdom.com' does NOT match server name!?
[Fri Jul 01 10:49:57 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2)
[Fri Jul 01 10:49:57 2005] [warn] RSA server certificate CommonName (CN) `*.biowisdom.com' does NOT match server name!?
[Fri Jul 01 10:50:05 2005] [notice] Apache/2.0.53 (Linux/SUSE) configured -- resuming normal operations
[Fri Jul 01 11:36:14 2005] [notice] child pid 3050 exit signal Segmentation fault (11)
[Fri Jul 01 13:10:39 2005] [error] Re-negotiation handshake failed: Not accepted by client!?
[Fri Jul 01 13:10:43 2005] [notice] child pid 6452 exit signal Segmentation fault (11)
[Fri Jul 01 13:36:40 2005] [notice] child pid 6457 exit signal Segmentation fault (11)
[Fri Jul 01 14:33:08 2005] [notice] child pid 6445 exit signal Segmentation fault (11)
smtp:/var/log/apache2 #

*********************************************************************************************

Here is the config file with regard to this

DocumentRoot /srv/www/htdocs/squirrelmail

<IfModule mod_dir.c>
    DirectoryIndex index.html index.php
</IfModule>

<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteRule ^/(.*) https://%{HTTP_HOST}/ [redirect=permanent]
</IfModule>    

<VirtualHost _default_:443>
    SSLEngine on

    <Location />
        SSLRequireSSL
    </Location>

    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
    SSLCertificateFile /etc/apache2/ssl.crt/biowisdom.com.2004.crt
    SSLCertificateKeyFile /etc/apache2/ssl.key/biowisdom.com.2004.key
    SSLCertificateChainFile /etc/apache2/ssl.crt/CA_keys.2004.crt

    SSLVerifyDepth 1

    SetEnvIf User-Agent ".*MSIE.*" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0

    # Exchange proxying with certificate checking
    <IfModule mod_proxy.c>
      SSLProxyEngine on
      ProxyRequests  Off

      SSLCACertificateFile /etc/apache2/ssl.crt/BioWisdomCA.crt
      SSLCARevocationFile /etc/apache2/ssl.crl/BioWisdomCA.crl
      SSLVerifyClient none

      <Proxy *>
          Order allow,deny
          Allow from all
      </Proxy>

      <Location /exchange>
          SSLRequire %{SSL_CLIENT_S_DN_O} eq "BioWisdom Ltd."
          SSLVerifyClient require
          SSLOptions +OptRenegotiate
          ProxyPass https://comms.biowisdom.com/Exchange
          ProxyPassReverse https://comms.biowisdom.com/Exchange
      </Location>

      <Location /Exchange>
          SSLRequire %{SSL_CLIENT_S_DN_O} eq "BioWisdom Ltd."
          SSLVerifyClient require
          SSLOptions +OptRenegotiate
          ProxyPass https://comms.biowisdom.com/Exchange
          ProxyPassReverse https://comms.biowisdom.com/Exchange
      </Location>

      <Location /Public>
          SSLRequire %{SSL_CLIENT_S_DN_O} eq "BioWisdom Ltd."
          SSLVerifyClient require
          SSLOptions +OptRenegotiate
          ProxyPass https://comms.biowisdom.com/public
          ProxyPassReverse https://comms.biowisdom.com/public
      </Location>

      <Location /exchweb>
          SSLRequire %{SSL_CLIENT_S_DN_O} eq "BioWisdom Ltd."
          SSLVerifyClient require
          SSLOptions +OptRenegotiate
          ProxyPass https://comms.biowisdom.com/exchweb
          ProxyPassReverse https://comms.biowisdom.com/exchweb
      </Location>
    </IfModule>
</VirtualHost>

This is a SuSE 9.2 server. With these modules installed.

apache2-mod_php4-4.3.10-14.4
apache2-2.0.53-10
apache2-prefork-2.0.53-10

The certificates are all valid and I can read with openssl

I know a fair mount of Linux admin, but it is not my main job- I don't want to make this worse.

Any suggestions

Mike



mikesjnAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AnonymouslemmingCommented:
I would suggest that you backup your apache binaries, configuration and certificates and re-install / upgrade apache. The fact that you're getting a segfault is somewhat concerning, as this is not generally related to a configuration error. If you have access to the original RPMs, just remove the existing Apache rpm's and re-install.
mikesjnAuthor Commented:
Tried forcing an upgrade which it did and still the same!!
idmiskSolution managerCommented:
Segmentation fault can result from:
- broken application binaries
- some broken (php,perl) code

some suggestions:
- was there a filesystem check after crash
- do these segfaults logged if you access your exchange stuff ('tail -f yourerror.log' and try to access)

> But when users try to access Outlook Web Access (to the same exchange server) they get an error.
what is the error?
Get Blueprints for Increased Customer Retention

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

mikesjnAuthor Commented:
OWA works from the internal network going stright to the server, and the rights on IIS are set correctly for the Apache properly. Squirrel mail from the same apache server is working correctly but the error from using a revers proxy is page is not displayed. The Config file is shown above. The error using IE is "The Page Cannot be displayed", in Firefox it hangs - the page does not change, but I can see the certificate from the IIS sever loaded. It seems like a problem displaying the page - as opposed to it cannot find it. I  have heard the possibility of it being a header modification on the Apache server? I would not know how to add headers, my knowledge of Apache is not that good.
I would like to resolve this quickly- sorry for delay but I have been extremely busy.

Mike
mikesjnAuthor Commented:
I have added tried to add
<IfModule mod_headers.c>
        Header set Front-End-Https: on
</IfModule>
to configuration above, where should it go and does this look correct, apparently the front end server needs this- it has worked for months without it. I have added mod_headers, by the way.
mikesjnAuthor Commented:
Also getting, cannot find server error in IE top bar but Mozilla gets certificate and hangs
mikesjnAuthor Commented:
I setup (again) using this document http://3cx.org/item/46. Something must have changed with an update, now working fine
DarthModCommented:
PAQed with points (500) refunded

DarthMod
Community Support Moderator

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Installation

From novice to tech pro — start learning today.