No access to mailserver after uncontrolled domain migration

UCS - Univention Corporate Server
#1

Hello,

we have an urgent case here, our it service provider did a domain migration over the weekend, They have replaced our 2008 R2 domain controller with a 2019 and have changed our internal domain from “{ourdomain}.local” to “internal.{ourdomain}.de”. They said, this was nessesary because “.local” is not supported for enrcyption certificates.

They did migration with a toolset from m$, and all other windows servers and clients as well as the user accounts are working well after migration, no issues here.

The only thing is, the ucs kopano mailserver which is not available any more…

The login box shows the correct domain after migration, but logins fails with “Error: TLS: hostname does not match CN in peer certificate”. Even as Administrator we can not login into it.

System seems to be runnnig so far, as mails are fetched from our mail provider, but we can’t see them, because login does not work.

I talked to our it service provider, the old dc (which was virtualized) has been purged. Talking about the mailserver issues, they simply say, they don’t support linux systems and it is our fault to use them, so it is our problem, if there are things not running after migration.

So, what can I do to get the mailserver working again?
Please help.

Addition: I managed it to get access to the server via ssh. So I tried to do the steps from article here:


But when generating the certificates, they are set with the old domain name, not with the new one, so I think this is my problem to solve. Can anybody tell me where this domain info needs to be changed to get the certificates set to the new domain?

#2

Hi,

unfortunately in UCS you cannot change the domain name after installation. I guess you will need to re-install your Kopano from scratch. Mails and so should be backed up before and restored afterwards. I guess this should be no issue.

/CV

#3

Hi Christian,

ok, that are bad news for us, but it is ok in this case, because there are plans to migrate from kopano to open exchange. So this might be the point to do this.

But I have still a question about the scenario happened last weekend.
What would be the right way to change domain within a UCS domain? To migrate all the computer and user accounts, etc.

We still want to migrate our it to ucs / linux based systems, the migration to server 2019 was not our idea, but service provider said it must be done now. I case of a migration from server 2019 to ucs as domain controller, how can I change the domain name and get all accounts etc. taken over? For windows, there is a tool called Active Directory Migration Kit to do this, is there a similar tool for ucs / linux?

#4

If you are talking about an AD takeover check our documentation.

#5

I am interested to learn your reasons for the planned migration. You can also contact me at f.bartels@kopano.com if you like.

#6

The documentation is only about a domain takeover with the SAME domain name. But in case of the stupid choice of the actual domain name done by our it service provider (36 letters), we want to change this within the migration. That part is not in the documentation, is it?

#7

Hi,

indeed this is not in our documentation because it is not supported. An AD takeover only can use the same domain name.

/CV

#8

The reasons why there are plans to move to open exchange are mainly problems within the webapp, which was used as frontend, but ended up in installing Outlook on the clients again, which is now used as client. Maybe these problems are related to some misconfiguration, but I did not get it running as expected.

  • Search does not find all mails related to the search words
  • It is not possible to send/answer mails from public folders
  • Often the WebApp is not loading when you want to login (white page).
  • Refreshing does not work correct, sometimes about an hour no new mails are shown in the frontend, but when refreshing the page via Browser F5, there are new mails.
  • Interop with windows applications does not work correct or not at all. (attachments missing, etc)

There are some more issues, but mainly these things are the reasons, the users are not happy with kopano and requested to get back their outlook. And as Open Exchange is used by many providers as hosted solution, it was chosen as open source alternative to M$ Exchange.

Maybe these issues can be solved, but now I at first I have to do the backup and set up a new server for kopano and restore it, to get mail running again.

#9

When domain name change is not supported by takeover, so what IS the way to change domain name, if it is nessesary? How is this done with UCS? Domain name changes can always come nessesary, by restructuring, company name changes, etc. How can this be done with UCS?

#10

Hi,

as I wrote:

No news here…

/CV

#11

So, in short, there is NO way to do this.
With the result, that a migration to a ucs domain will be a DEAD end, when domain changes are nessesary.
So, it was not so wrong to migrate the servers to Windows Server 2019, as domain changes were here obvious possible without any issues. And UCS should stay as member server in the future.

#12

Hi,

if one of your requirements is to change the domain name frequently (and not just adding/ editing DNS Zones!) then UCS is not the system you need, indeed.

/CV

#13

Those definitely do not sounds like known issues to me. you can for example definitely reply to mails from a public folder, but I guess you expect a specific email to be used here?

But you seem to have more pressing issues at the moment. Let me know when/if you want to dive into the Kopano topics you mentioned.

#14

You can not rename a Windows Server AD Domain with Exchange Server and many more Apps - also if you use PKI infrastrukture - so it’s only possible if you have only a few DC’s and PC’s - and also there you may get issues.

In normal you set up a new Domain and do a Data-Migration & reinstall of the apps

rg
Christian

#15

Hi,
we had a meeting with or it service provider today, and we discussed the situation.

I our case, with a dc, a backup dc, 3 windows member servers and about 26 clients, a migration is always possible with the m$ toolkit. They seem to be right so far, as the only issue we had after migration is the ucs kopano server, which does not support this.

After long discussions, the boss has made the decision to migrate the mail-part back to to m$, with hosted exchange and switch to m$ Office 365. In case of domain name changed the hosted exchange is managed by m$, so we don’t need to make any toughts about it.

This will cost some more bucks, but we are fully supported by our isp.

So, we had a (short) cours about using Linux and OpenSource (LibreOffice, Thunderbird, etc) in daily business. The result is, some thing are possible, but it is still far away from commercial products. Office integration works only with m$ Office, OpenOffice and LibreOffice are very poor supported by business apps. Integration of mail is the same, it works great with Outlook, but not really with Thunderbird or Kopano. Simple things work, but things like automated invoice mailing, or the transfer from files out of a business app to a mail attachment don 't work at all.

I personally like Linux and OpenSource and will use them, but in the office I have to use m$ product, just because a simple thing: They just work.

Mastodon