Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Huge problem after upgrade: TLS init def ctx failed: -1

  1. #1
    tvcian is offline Junior Member
    Join Date
    Oct 2008
    Posts
    7
    Rep Power
    6

    Default Huge problem after upgrade: TLS init def ctx failed: -1

    Hello all,

    First, thanks in advance for any help you might be able to give. I've been struggling mightily with this one issue and it could not have come at a worse time.

    I am in the process of migrating my whole company from Exchange to Zimbra on CentOS 5.2 (Hurray!), however the From sorting is broken and I need to upgrade to 5.0.10 to get that addressed. When I upgrade to 5.0.10 however, I can not start zimbra, it failed while trying to start ldap with this error "TLS init def ctx failed: -1".

    Digging a little deeper, I find that I am getting the following error when tring to start zimbra: TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:352

    Appears to be SSL related, but I can not pin down what is exactly missing, or what file it can not find.

    After 2 attempts and absolutely no success, I had to roll back to my backup, which of course works like clock work.

    Does anyone have any insight that may help?

    Again, thanks in advance.

  2. #2
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,196
    Rep Power
    9

    Default

    The error generally indicates the cert files are not readable or don't exist, which the fopen error confirms.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  3. #3
    tgx's Avatar
    tgx
    tgx is offline Elite Member
    Join Date
    Mar 2006
    Posts
    300
    Rep Power
    9

    Default

    Please see this thread and see if it helps.

    http://www.zimbra.com/forums/adminis...e-problem.html

    I think you've hit a known problem with 5.0.10. Be very careful when you upgrade as there are often gotchas.

  4. #4
    tvcian is offline Junior Member
    Join Date
    Oct 2008
    Posts
    7
    Rep Power
    6

    Default

    Thanks so much for the info, I think Im prepared to have another go at it.

    Is there a command or series of commands I can use to create and install new certificates to resolve this issue?

    I am going to try the upgrade again this weekend, and in the worst case scenario, Id like to have a backup plan.

  5. #5
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

  6. #6
    tvcian is offline Junior Member
    Join Date
    Oct 2008
    Posts
    7
    Rep Power
    6

    Default

    I was afraid Id get that answer.

    I tried that already, step by step, and it did not resolve the problem. Zimbra would not start and the error remained the same.

  7. #7
    tgx's Avatar
    tgx
    tgx is offline Elite Member
    Join Date
    Mar 2006
    Posts
    300
    Rep Power
    9

    Default

    Quote Originally Posted by tvcian View Post
    I was afraid Id get that answer.

    I tried that already, step by step, and it did not resolve the problem. Zimbra would not start and the error remained the same.
    Did you try this from the "5.0.10 upgrade problem" thread ?:

    -----------------------------------------------------------
    As per support instructions the fix was:

    1) Clear all the contents of the /opt/zimbra/conf/ca directory by backing them up
    somewhere on disk.
    2) Copy the /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/conf/ca/ca.key
    3) Copy /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/conf/ca/ca.pem
    4) Create the hash value
    ln -f -s ca.pem /opt/zimbra/conf/ca/`openssl x509 -hash -noout -in
    /opt/zimbra/conf/ca/ca.pem`.0
    5) Chmod 644 /opt/zimbra/conf/ca/*
    6) Restart the zmcontrol
    --------------------------------------------------------

  8. #8
    tvcian is offline Junior Member
    Join Date
    Oct 2008
    Posts
    7
    Rep Power
    6

    Default

    Thanks very much. Ill certainly try that on my next attempt.

  9. #9
    jars99 is offline New Member
    Join Date
    Jul 2008
    Posts
    4
    Rep Power
    6

    Default

    Problem still exists - fix works

    I just upgraded from 5.0.6 to 5.0.11, and had this exact problem. I followed the instructions on the post above (as the root user, restarting zimbra as the zimbra user), and now it looks like everything's working.

    Can a fix be applied so other people don't have this problem?

  10. #10
    frankb is offline Intermediate Member
    Join Date
    Sep 2007
    Posts
    18
    Rep Power
    7

    Default

    I Could not get into Zimbra from browser, zmcontrol showed everything down was receiving many errors one of which was: zimbra TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:352

    1. I removed ssl folder and recreated etc by doing the following:
    (Base on Recreating a Self-Signed SSL Certificate - Zimbra :: Wiki)

    As Root:
    rm -rf /opt/zimbra/ssl
    mkdir /opt/zimbra/ssl
    chown zimbra:zimbra /opt/zimbra/ssl
    chown zimbra:zimbra /opt/zimbra/java/jre/lib/security/cacerts
    chmod 644 /opt/zimbra/java/jre/lib/security/cacerts

    As zimbra:
    keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
    keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass zimbra
    zmlocalconfig -s -m nokey mailboxd_keystore_password

    As root:
    /opt/zimbra/bin/zmcertmgr createca -new
    /opt/zimbra/bin/zmcertmgr deployca -localonly
    /opt/zimbra/bin/zmcertmgr createcrt self -new
    /opt/zimbra/bin/zmcertmgr deploycrt self

    As zimbra
    zmcontrol start


    2. THen I followed the following steps:

    --Clear all the contents of the /opt/zimbra/conf/ca directory by backing them up somewhere
    --Copy the /opt/zimbra/ssl/zimbra/ca/ca.key /opt/zimbra/conf/ca/ca.key
    --Copy /opt/zimbra/ssl/zimbra/ca/ca.pem /opt/zimbra/conf/ca/ca.pem
    --Create the hash value by doing the following
    --ln -f -s ca.pem /opt/zimbra/conf/ca/`openssl x509 -hash -noout -in
    --/opt/zimbra/conf/ca/ca.pem`.0
    --chmod 644 /opt/zimbra/conf/ca/*
    --Restart the zmcontrol

    3. I restarted zimbra (su zimbra then zmcontrol restart) and everyting came up ok.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Spam training problem...
    By TaskMaster in forum Installation
    Replies: 2
    Last Post: 05-08-2007, 09:49 AM
  2. failed upgrade, failed restore, big trouble
    By feralcoder in forum Installation
    Replies: 2
    Last Post: 03-19-2007, 05:38 PM
  3. Lotus migration
    By babou in forum Migration
    Replies: 15
    Last Post: 03-05-2007, 10:33 PM
  4. 4.01 to 4.02 upgrade problem (with solution)
    By criley in forum Migration
    Replies: 2
    Last Post: 09-28-2006, 11:36 PM
  5. Upgrade SLAPD Cert problem
    By gregbazar in forum Installation
    Replies: 2
    Last Post: 11-29-2005, 12:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •