<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hello David,</p>
<p>Zimbra uses Memcached to store information about which mailbox is
on which store. Memcached servers generally run on proxy servers
and for availability reasons both Memcached servers should contain
the same information so that if one Memcached / proxy server falls
down, the other one takes over.<br>
</p>
<p>Unless the network latency between both sites is so high that ZCS
is unable to operate properly, I would suggest you make sure that
both servers can reach each other on Memcached port 11211 and you
remove any values set for zimbraMemcachedBindAddress and
zimbraMemcachedClientServerList before giving it another try. Only
make sure ports 11211 are not exposed to the Internet.</p>
<p>You might find these documentations [1] and [2] interesting.<br>
</p>
<p>Regards,</p>
<p>Frédéric.</p>
<p>[1]
<a class="moz-txt-link-freetext" href="https://wiki.zimbra.com/index.php?title=Blocking_Memcached_Attack">https://wiki.zimbra.com/index.php?title=Blocking_Memcached_Attack</a><br>
[2]
<a class="moz-txt-link-freetext" href="https://wiki.zimbra.com/wiki/Enabling_Zimbra_Proxy_and_memcached">https://wiki.zimbra.com/wiki/Enabling_Zimbra_Proxy_and_memcached</a><br>
</p>
<div class="moz-cite-prefix">Le 10/05/2021 à 16:21, David Merrill a
écrit :<br>
</div>
<blockquote type="cite"
cite="mid:34A3A8D2-A572-4329-B899-ADFD7D7D70CE@otelco.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}</style>
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Hi All,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">I’ve been
struggling with a POC where I’ve got two Zimbra servers
(both with proxy, LDAP, mailbox, SMTP sevices installed) in
two different data-centers paired up as a “farm” (with the
hope that I’ll be able to ultimately migrate mailboxes
between them). I’ve arranged DNS-resolution, ACLs and local
UFW firewall rules so each server can find &
fully-access the other (via the others public-IP address).
Pairing up the servers was straightforward enough (LDAP MMR
is up and running) and I can fully manage both servers from
either proxy server.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l2 level1 lfo3"><span
style="font-size:11.0pt">End-user mailbox access via the
web-UI has issues though. I THINK I’ve isolated it to
memcached (it’s running on both Zimbra servers – at some
point I’ll retire one of the servers after mailboxes are
migrated).<o:p></o:p></span></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l2 level1 lfo3"><span
style="font-size:11.0pt">What happens is web-UI partially
loads (looks mostly fine, but the folder on the left hand
side is missing and some of the tabs are broken (they
throw javascript errors – due to missing content).<o:p></o:p></span></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l2 level1 lfo3"><span
style="font-size:11.0pt">Looking through the logs it seems
that each server is having trouble getting to port 11211
(memcached) on the “other server”<o:p></o:p></span></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l2 level1 lfo3"><span
style="font-size:11.0pt">Despite that I could telnet to
the other server on port 11211 just fine.<o:p></o:p></span></li>
</ul>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">I’ve got a
support ticket open w/Zimbra but I wanted to ask the group a
couple questions based on my observations.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Support had
me set the following on each server:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">zmprov
ms $(zmhostname) zimbraMemcachedBindAddress 127.0.0.1 <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">zmprov
ms $(zmhostname) zimbraMemcachedClientServerList 127.0.0.1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Once that
was one the web-UI was “fine” (albeit a bit slower – because
I think memcached on each server has been isolated to
itself).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Collateral-damage
on this was that ActiveSync clients starting having issues
(lots of log entries in nginx.log complaining about not
being able to get to memcahed).r<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Questions
(I’ve read much about memcached but references to this are
slim):<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l2 level1 lfo3"><span
style="font-size:11.0pt">What is
<span style="color:black">zimbraMemcachedClientServerList
for exactly? (I THOGUHT it might be a layer of security
– listing allowed clients & set allowed
private/public IPs – but no joy there)</span><o:p></o:p></span></li>
</ul>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Also:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l2 level1 lfo3"><span
style="font-size:11.0pt;color:black">Is memcached (as it’s
meant used in Zimbra) cool to be running on multiple
servers?</span><span style="font-size:11.0pt"><o:p></o:p></span></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l2 level1 lfo3"><span
style="font-size:11.0pt;color:black">If so are the
memcached processes(as it’s meant used in Zimbra) on each
server supposed to talk to each other?</span><span
style="font-size:11.0pt"><o:p></o:p></span></li>
</ul>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Thanks for
your consideration,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">David<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal" style="background:white"><b><span
style="font-size:13.0pt;font-family:"Arial",sans-serif;color:#003767">David
Merrill</span></b><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><b><span
style="font-family:"Arial",sans-serif;color:#949CA1">Senior
Systems Engineer,</span></b><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><b><span
style="font-family:"Arial",sans-serif;color:#949CA1">Managed
and Private/Hybrid Cloud Services</span></b><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><b><span
style="font-size:13.0pt;font-family:"Arial",sans-serif;color:#003767">OTELCO</span></b><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span
style="font-family:"Arial",sans-serif;color:#949CA1">92
Oak Street, Portland ME 04101</span><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span
style="font-family:"Arial",sans-serif;color:#949CA1">office
<a href="callto:207.772.5678" moz-do-not-send="true">207.772.5678</a></span><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><b><span
style="font-family:"Arial",sans-serif;color:black"><a
href="http://www.otelco.com/cloud-and-managed-services"
target="_blank" moz-do-not-send="true">http://www.otelco.com/cloud-and-managed-services</a></span></b><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt;background:white"><span
style="font-size:11.0pt;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="background:white"><b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#949CA1">Confidentiality
Message</span></b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#949CA1"><br>
The information contained in this e-mail transmission may be
confidential and legally privileged. If you are not the
intended recipient, you are notified that any dissemination,
distribution, copying or other use of this information,
including attachments, is prohibited. If you received this
message in error, please call me at <a
href="callto:207.772.5678" moz-do-not-send="true">
207.772.5678</a> so this error can be corrected.</span><span
style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Cordialement,
Frédéric Nass
Direction du Numérique
Sous-Direction Infrastructures et Services
Université de Lorraine.</pre>
</body>
</html>