On 11/1 I upgraded JDK's Kerio server from 6.5.2 to 6.6.
While I had a downtime window, I also applied the latest MOSX updates: ARD 3.2.2, QT7.5.5, Java 10.5 Upd2, MOSX 10.5.5, and SecUpd2008-007.
Extensive research beforehand indicated no potential issues with any of the above.
Those processes went smoothly with the exception of one boot that strangely resulted in securityd crashing and failing to restart. A simple shutdown & restart fixed it.
I did some testing and everything looked good, so opened it back up to users. Shortly after that, users reported they were unable to modify their own calendar events. It seems that KMS no longer sees them as the owner of the event; the event "Organizer".
LOTS of debugging resulted in Nate Herzog (http://isitcreative.blogspot.com) finding the key: KMS is now doing a case-sensitive compare; "john_smith@domain" is not allowed to modify an event that is assigned to the Organizer "John_Smith@domain". (Nate's done a great deal of work understanding calendaring in KMS.)
Further, merely modifying the file on the server that corresponds to the event, such that the case matched, allows a user to modify the event. (No other action is necessary; no reset of an index.fld file and no reboot.)
And according to our experience, the case of the Organizer may appears either way (since before the upgrades) so we can't just do a one-time edit to force it one way; the problem will simply reappear.
It's the compare operation that's the problem; somehow case-sensitivity was newly introduced to it.
After trying for most of a day to fix it or find workarounds (Kerio support has no responded yet), we gave up and downgraded to 6.5.2. The problem persisted.
We restored the boot volume to an image made just before upgrading. The problem persists.
The backup we restored includes the OS & KMS code (/usr/local/kerio) not the data; the mailstore is on a separate volume.
This makes very little sense; apparently there's something changed in the mailstore that carries this problem forward, since the problem did not exist before this weekend's upgrades.
And in the mean time, after 14+ hours straight out, calendaring is still horribly broken.
Today, as a sanity check, I'm going to restore the entire server (code & mailstore) to its pre-upgrade state, to another machine and see if the problem somehow magically persists there.
20081104-0918 update:
1) Overnight, our IS Director, Nate Herzog (http://isitcreative.blogspot.com) had an idea that seems so far to work: Modifying the aliases for each account to be all lowercase. Simply editing the case doesn't take (it seems there remains a case-INsensitive compare there); it's necessary to remove the entry and then add it back in, with all lowercase. Editing the users.cfg file directly may also work, though we didn't want to take the server offline.
2) There's some chatter about Kerio releasing a patch to V6.6.
5 comments:
Ouch. No problem with 10.4.11 server, but I doubt that's any consolation.
Every data point helps; there may indeed have been some interaction with the other Apple updates. No response at all from Kerio yet. :(
I'm sure you know 6.6.1 is out - did that solve your problems?
Unfortunately, I don't know - I'm no longer admin of that server.
You might try Nate Herzog (http://isitcreative.blogspot.com).
(Thanks for asking though!)
Post a Comment