zmtlsctl command not completing successfully

[relay23]

Hi, I have seen the various posts and the bug out there for network edition regarding the change to http from redirect and vice-versa and I have tried to modify my web.xml and web.xml.in files as appropriate and i'm still not having any luck. I uncommented the redirect block in web.xml and it actually redirects me to https, but there is nothing listening on 443 apparently.

I am on 5.05 (open source edition) on Ubuntu 7.10 trying to change from "http" to "redirect" (or "both") for that matter. Aside from this weirdness everything else (including godaddy cert import) works like a champion. I know the cert is good because when i go to my 7071 admin port via https, there is no longer a self-signed certificate complaint.

Here's what is happening:

sudo -u zimbra ./zmtlsctl redirect
Setting tls mode to redirect
Updating /opt/zimbra/mailboxd/etc/jetty.xml.in...done.
Updating /opt/zimbra/jetty/etc/zimbra.web.xml.in...done.
Updating /opt/zimbra/jetty/etc/zimbraAdmin.web.xml.in...done.
Updating PROTOCOL MODE in /opt/zimbra/mailboxd/etc/zimbra.web.xml.in...done.
Rewriting config files for webxml and mailboxd...failed.

When I look at the server options using the zmprov tool I see this:
zimbraMailMode: http

Here is what my nmap looks like, obviously nothing listening on 443, that is obviously the problem. How do i get it to listen on https?

PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
110/tcp open pop3
139/tcp open netbios-ssn
143/tcp open imap
445/tcp open microsoft-ds
465/tcp open smtps
631/tcp open ipp
902/tcp open iss-realsecure-sensor
953/tcp open rndc
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql
5900/tcp open vnc
8009/tcp open ajp13
8888/tcp open sun-answerbook

thanks

[p24t]

When trying to run (most) ZCS commands on your Zimbra server, you need to "su - zimbra" to become the zimbra user (sudo that if necessary). Then you can run commands like zmtlsctl.

[relay23]

Thanks, I'm definitely well familiar with that by now. here's what was mentioned above in bold.

<snip>
sudo -u zimbra ./zmtlsctl redirect
</snip>

~~~~~~~~~by the way~~~

it is worth noting that I did this on my fedora 7 box that is configured almost identically and it worked without a problem,, it started listening on 443 right away after using the "redirect" option.

Could it be the ubuntu version that is the root of the problem? Does anyone know a way to work around this? thanks!

[mbd]

What are the permissions of your files in /opt/zimbra/jetty-6.1.5/etc/?

I've attached a listing of mine for comparison in case it's a permissions problem (This is from 5.0.6 FOSS edition on Debian).

Code:

zimbra@utopia:~$ ls -l /opt/zimbra/jetty/etc/
total 132
-r--r--r-- 1 zimbra zimbra  5055 May 23 04:42 jetty-setuid.xml
-r--r----- 1 zimbra zimbra   836 Jun  1 08:58 jetty.properties
-r--r--r-- 1 zimbra zimbra  1152 May 23 04:42 jetty.properties.in
-r--r----- 1 zimbra zimbra 14759 Jun  1 08:58 jetty.xml
-rw------- 1 zimbra zimbra 14518 Jun  1 08:58 jetty.xml.in
-r--r--r-- 1 zimbra zimbra   289 May 23 04:42 jettyrc
-rw-r--r-- 1 root   root    1461 May 28 05:11 keystore
-r-xr-xr-x 1 zimbra zimbra 10283 May 23 04:42 service.web.xml.in
-r--r--r-- 1 zimbra zimbra  2973 May 23 04:42 start.config
-r--r--r-- 1 zimbra zimbra 27587 May 23 04:42 webdefault.xml
-rw------- 1 zimbra zimbra 12354 Jun  1 08:58 zimbra.web.xml.in
-rw------- 1 zimbra zimbra 12361 Jun  1 08:58 zimbraAdmin.web.xml.in

Note that zmtlsctl is a bash script located in /opt/zimbra/bin/ so if the above doesn't help, perhaps looking at what the script does might give a clue as to why it's failing....

[mmorse]

Welcome to the forums,

Though we had just fixed Bug 24884 - zmtlsctl doesn't update zimbra.web.xml.in or zimbraAdmin.web.xml.in .4/.5 & the all time favorite Bug 5594 - TLS mode "both" causes redirection limit problem in .5 I sort of remember another bug but can't find it - could you update to 5.0.6 & try again?

5.0.6 is out!

[relay23]

Thanks for the permissions output sharing.. Mine looks about the same..

total 144
-r--r----- 1 zimbra zimbra 836 2008-05-28 11:31 jetty.properties
-r--r--r-- 1 zimbra zimbra 1152 2008-05-22 15:19 jetty.properties.in
-r--r--r-- 1 zimbra zimbra 289 2008-05-22 15:19 jettyrc
-r--r--r-- 1 zimbra zimbra 5055 2008-05-22 15:19 jetty-setuid.xml
-r--r----- 1 zimbra zimbra 14743 2008-05-28 11:31 jetty.xml
-rw------- 1 zimbra zimbra 14518 2008-05-29 17:31 jetty.xml.in
-rw-r--r-- 1 root root 5385 2008-05-29 15:32 keystore
-rw-r----- 1 root root 1308 2008-05-29 16:01 mailboxd.der
-rw-r----- 1 root root 1826 2008-05-29 16:01 mailboxd.pem
-r-xr-xr-x 1 zimbra zimbra 10283 2008-05-22 15:19 service.web.xml.in
-r--r--r-- 1 zimbra zimbra 2973 2008-05-22 15:19 start.config
-r--r--r-- 1 zimbra zimbra 27587 2008-05-22 15:19 webdefault.xml
-rw------- 1 zimbra zimbra 12352 2008-05-29 17:31 zimbraAdmin.web.xml.in
-rw------- 1 zimbra zimbra 12344 2008-05-29 17:31 zimbra.web.xml.in

I will definitely try to find the reason in the bash script, thanks for the pointers.

After I do that I am going to try the update to 5.0.6!

Thanks guys

[relay23]

Well it turns out I was already on 5.0.6 I am looking through the zmtlsctl bash script and see this block:

echo -n "Rewriting config files for webxml and mailboxd..."
${zimbra_home}/libexec/zmmtaconfig webxml mailbox > /dev/null 2>&1
if [ $? = 0 ]; then
echo "done."
else
echo "failed."
exit 1
fi
}

I have that /opt/zimbra/libexec/zmmtaconfig script but don't understand how to run it by itself by passing the right parameters to webxml and mailbox. My guess is that webxml is where it's failing but I really have no idea. When I run it manually i get the following:

root@frontend:/opt/zimbra/jetty/webapps/zimbra/WEB-INF# sudo -u zimbra /opt/zimbra/libexec/zmmtaconfig webxml mailbox
Thu Jun 5 14:11:11 2008 Skipping Configuration for server zimbra.mail.hssc.com No data returned.
Thu Jun 5 14:11:11 2008 Key lookup failed.
zmmtaconfig shutting down

[relay23]

Still no luck on this,, and getting pretty desperate. Could someone please let me know how I can work around this issue? I'd really appreciate it.

[Spencer]

Just want to say.. i have the same issue also.

I am on Version 5.0.6_GA_2313.UBUNTU6_64.NETWORK May 22, 2008

**edit**

When the command is run i get this in my /var/log/messages

Jun 13 13:49:31 mail zimbramon[5536]: 5536:info: zmmtaconfig: Sleeping...Key lookup failed.
Jun 13 13:49:46 mail zimbramon[5536]: 5536:info: zmmtaconfig: Skipping Configuration for server xx.xx.xx No data returned.
Jun 13 13:49:46 mail zimbramon[5536]: 5536:info: zmmtaconfig: Sleeping...Key lookup failed.

I also updated the SSL cert to a paid cert. I didn't try changing the mode until that was done.

[Protack]

I have the same issue.

Running 5.0.6 on Ubuntu 6.06.2 x64

God Bless,
Marty