Results 1 to 6 of 6

Thread: Upgrade from 5.09 to 5.13 failed with LDAP TLS error on valid self signed cert

  1. #1
    cdmdotnet is offline Intermediate Member
    Join Date
    May 2008
    Posts
    24
    Rep Power
    7

    Exclamation Upgrade from 5.09 to 5.13 failed with LDAP TLS error on valid self signed cert

    Hi

    I install zimbra 5.09 approximately in September last year.
    It's worked well until i today decided to upgrade to 5.0.13.

    I'm getting what appears to be a common SSL cert issue, although i'm doing a straight upgrade ont he same unchanged machine with a valid SSL cert.
    IE ip and host names haven't changed and SSL cert is still valid for 6 months

    I've tried following the "recreate a self signed" guide and ran into a number of issues, either permission errors when trying to backup and delete the exiting certs ( folder not existing and java saying permission not allowed )

    however I'm not sure i should be trying to re-create a cert when it's valid as that would suggest to me the error is not really the cert.

    the log has a lot of repeated error as below
    ************************
    Mon Feb 16 14:17:58 2009 Operations logged to /tmp/zmsetup.02162009-141758.log
    Mon Feb 16 14:17:58 2009 Getting installed packages
    Mon Feb 16 14:18:01 2009 Getting local config zimbra_server_hostname
    Mon Feb 16 14:18:02 2009 Getting local config ldap_url
    Mon Feb 16 14:18:04 2009 zimbra_server_hostname contained in ldap_url checking ldap status
    Mon Feb 16 14:18:04 2009 Checking ldap status.
    Mon Feb 16 14:18:05 2009 *** Running as zimbra user: /opt/zimbra/bin/ldap status
    Mon Feb 16 14:18:08 2009 Starting ldap...
    Mon Feb 16 14:18:08 2009 *** Running as zimbra user: /opt/zimbra/sleepycat/bin/db_recover -h /opt/zimbra/openldap-data
    Mon Feb 16 14:18:10 2009 *** Running as zimbra user: /opt/zimbra/libexec/zmldapapplyldif
    IO::Socket::INET: connect: Connection refused at /opt/zimbra/libexec/zmldapapplyldif line 145.
    Mon Feb 16 14:20:28 2009 *** Running as zimbra user: /opt/zimbra/bin/ldap status
    Mon Feb 16 14:20:29 2009 *** Running as zimbra user: /opt/zimbra/bin/ldap start
    Failed to start slapd. Attempting debug start to determine error.
    TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
    TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
    TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
    TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
    TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:356
    TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:358
    TLS: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib ssl_rsa.c:648
    main: TLS init def ctx failed: -1


    Mon Feb 16 14:44:37 2009 failed with exit code 256.
    Mon Feb 16 14:46:17 2009 checking isEnabled zimbra-store
    Mon Feb 16 14:46:17 2009 zimbra-store not in enabled cache
    Mon Feb 16 14:46:17 2009 enabled packages
    Mon Feb 16 14:46:17 2009 zimbra_server_hostname contained in ldap_url checking ldap status
    Mon Feb 16 14:46:17 2009 Checking ldap status.
    Mon Feb 16 14:46:18 2009 *** Running as zimbra user: /opt/zimbra/bin/ldap status
    Mon Feb 16 14:46:19 2009 Starting ldap...
    Mon Feb 16 14:46:19 2009 *** Running as zimbra user: /opt/zimbra/sleepycat/bin/db_recover -h /opt/zimbra/openldap-data
    Mon Feb 16 14:46:19 2009 *** Running as zimbra user: /opt/zimbra/libexec/zmldapapplyldif
    IO::Socket::INET: connect: Connection refused at /opt/zimbra/libexec/zmldapapplyldif line 145.
    Mon Feb 16 14:48:33 2009 *** Running as zimbra user: /opt/zimbra/bin/ldap status
    Mon Feb 16 14:48:34 2009 *** Running as zimbra user: /opt/zimbra/bin/ldap start
    Failed to start slapd. Attempting debug start to determine error.
    TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
    TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
    TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
    TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
    TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:356
    TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:358
    TLS: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib ssl_rsa.c:648
    main: TLS init def ctx failed: -1
    ***************************





    Any help would be greatly appriciated
    Last edited by cdmdotnet; 02-15-2009 at 07:18 PM.

  2. #2
    jwilke is offline Senior Member
    Join Date
    Aug 2008
    Location
    NL
    Posts
    68
    Rep Power
    7

    Default

    Try making a backup of your /opt/zimbra/ssl/ and /opt/zimbra/conf/ca folders,

    cleaning them out, and then following

    Problem with Certificate can cause MTA Failure - Zimbra :: Wiki

    to recreate your self signed certs.

    Regards



    Jeroen

  3. #3
    cdmdotnet is offline Intermediate Member
    Join Date
    May 2008
    Posts
    24
    Rep Power
    7

    Exclamation

    Hi jwilke

    Thanks for the advise

    Luckily I'm running zimbra in a VM machine so i restored the virtual drive.
    I tried the details you mentioned below on the restored system and again during installation it started to produce tls errors
    I ran the same commands while the install was still going ( had only produced one error at this time ) and then things started to work correctly until i got the the "starting mysql "step at which point the install made no more progress with an hour
    I stopped the install and am now trying again to get this upgrade installed correctly.
    This time I've run the commands just after the core package installed so as to avoid that first ldap starting issue.
    i'm now again at the starting mysql stage




    ********************************
    Thu Feb 26 11:55:06 2009 Getting installed packages
    Thu Feb 26 11:55:09 2009 Getting local config zimbra_server_hostname
    Thu Feb 26 11:55:11 2009 Getting local config ldap_url
    Thu Feb 26 11:55:13 2009 zimbra_server_hostname contained in ldap_url checking ldap status
    Thu Feb 26 11:55:13 2009 Checking ldap status.
    Thu Feb 26 11:55:13 2009 *** Running as zimbra user: /opt/zimbra/bin/ldap status
    Thu Feb 26 11:55:14 2009 Starting ldap...
    Thu Feb 26 11:55:14 2009 *** Running as zimbra user: /opt/zimbra/sleepycat/bin/db_recover -h /opt/zimbra/openldap-data
    Thu Feb 26 11:55:16 2009 *** Running as zimbra user: /opt/zimbra/libexec/zmldapapplyldif
    Thu Feb 26 11:55:59 2009 *** Running as zimbra user: /opt/zimbra/bin/ldap status slapd running pid: 14412
    Thu Feb 26 11:56:00 2009 done.
    Thu Feb 26 11:56:00 2009 Getting installed services from ldap
    Thu Feb 26 11:56:07 2009 checking isEnabled zimbra-core
    Thu Feb 26 11:56:07 2009 zimbra-core not in enabled cache
    Thu Feb 26 11:56:07 2009 enabled packages
    Thu Feb 26 11:56:07 2009 zimbra_server_hostname contained in ldap_url checking ldap status
    Thu Feb 26 11:56:07 2009 Checking ldap status.
    Thu Feb 26 11:56:07 2009 *** Running as zimbra user: /opt/zimbra/bin/ldap status slapd running pid: 14412
    Thu Feb 26 11:56:10 2009 slapd already running.
    Thu Feb 26 11:56:10 2009 Getting enabled services from ldap
    Thu Feb 26 11:56:25 2009 Marking zimbra-apache as installed. Services for zimbra-apache will be enabled.
    Thu Feb 26 11:56:27 2009 Setting defaults...
    Thu Feb 26 11:56:27 2009 Setting local config zimbra_java_home to /opt/zimbra/java
    Thu Feb 26 11:56:27 2009 *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e zimbra_java_home='/opt/zimbra/java' 2> /dev/null
    Thu Feb 26 11:56:29 2009 checking isEnabled zimbra-cluster
    Thu Feb 26 11:56:29 2009 zimbra-cluster not in enabled cache
    Thu Feb 26 11:56:29 2009 enabled packages zimbra-logger zimbra-store zimbra-mta zimbra-core zimbra-apache zimbra-proxy zimbra-snmp zimbra-spell zimbra-ldap
    Thu Feb 26 11:56:29 2009 zimbra_server_hostname contained in ldap_url checking ldap status
    Thu Feb 26 11:56:29 2009 Checking ldap status.
    Thu Feb 26 11:56:29 2009 *** Running as zimbra user: /opt/zimbra/bin/ldap status slapd running pid: 14412
    Thu Feb 26 11:56:32 2009 slapd already running.
    Thu Feb 26 11:56:32 2009 Getting enabled services from ldap
    Thu Feb 26 11:56:42 2009 Marking zimbra-apache as installed. Services for zimbra-apache will be enabled.
    Thu Feb 26 11:56:44 2009 checking isEnabled zimbra-store
    Thu Feb 26 11:56:44 2009 zimbra-store is enabled
    Thu Feb 26 11:56:46 2009 checking isEnabled zimbra-ldap
    Thu Feb 26 11:56:46 2009 zimbra-ldap is enabled
    Thu Feb 26 11:56:48 2009 checking isEnabled zimbra-ldap
    Thu Feb 26 11:56:48 2009 zimbra-ldap is enabled
    Thu Feb 26 11:56:48 2009 checking isEnabled zimbra-store
    Thu Feb 26 11:56:48 2009 zimbra-store is enabled
    Thu Feb 26 11:56:48 2009 checking isEnabled zimbra-mta
    Thu Feb 26 11:56:48 2009 zimbra-mta is enabled
    Thu Feb 26 11:56:49 2009 done.
    Thu Feb 26 11:56:49 2009 Upgrading from 5.0.9_GA_2533 to 5.0.13_GA_2791
    Thu Feb 26 11:56:53 2009 Stopping zimbra services
    Thu Feb 26 11:57:06 2009 Verifying /opt/zimbra/conf/my.cnf
    Thu Feb 26 11:57:07 2009 Starting mysql
    ********************************

  4. #4
    cdmdotnet is offline Intermediate Member
    Join Date
    May 2008
    Posts
    24
    Rep Power
    7

    Default

    Ok After several months of trying this I've made no progress. My install of zimbra cannot be upgraded. I'll thanks everyone who has told me to regenerate the SSL certs.

    I've tried both the instructions in posts Problem with Certificate can cause MTA Failure - Zimbra :: Wiki and Huge problem after upgrade: TLS init def ctx failed: -1

    without success.
    I've regenerated the SSL certs before upgrading - this just fail as if i didn't regenerate the certs so this methods the worse one although it's the one i keep getting told to do.
    I've regenerated the SSL certs after a failed upgrade - even worse since all the settings are now wrong from the failed upgrade so everything just blows up.
    The only one that even remotely works in regenerating the SSL certs WHILE the upgrade is taking place, however this results in mysql failing to start during the upgrade ( see above where it's stalls then just quits with an error about root user not being able to start mysql with password - generate mysql error ) - although this sounds like the worse thing i should be doing as i'm sure only some of the settings are getting set.

    So, Can anyone provide anymore insight ? Should I keep going down this path of regenerating the SSL certs while upgrade is in progress? Somehow I maybe need to freeze the install process before any settings are being set so I can re-generate the certs so nothing gets missed being set. maybe check the mysql password? make sure zimbra sets it correctly on the new install?

    any ideas?

  5. #5
    cdmdotnet is offline Intermediate Member
    Join Date
    May 2008
    Posts
    24
    Rep Power
    7

    Default

    One last curious thing I've noticed hunting down the version number in the web console says the installed version in 5.0.6, however dpkg reports 5.0.9 the install works and runs well, should I be assuming that a previous failed upgrade from 5.0.6 to 5.0.9 has buggered future upgrades?

  6. #6
    cdmdotnet is offline Intermediate Member
    Join Date
    May 2008
    Posts
    24
    Rep Power
    7

    Default

    I could really do with some help now, two months of trying everything and I'm still stuck without much help.

    Because the help menu said my version was 5.06 ( even though dpkg said I had 5.09 installed ) I ran dpkg to install all the 5.06 packages ( refreshing the database ) restored the /opt/zimbra folder ( everything ran as per usual.

    Then tried an upgrade from 5.06 to 5.07 and again the same errors are happening, LDAP fails to start with a "TLS init def ctx failed : -1" error IE the certs are still wrong.

    As I've said before : updating the certs before the upgrade doesn't fix this. Infact it doesn't do anything for me. updating the certs while the install is running results in a mess of an install because mysql fails to start - and i doubt i'm fast enough to update the certs while the install is actually happening without missing any settings.

    Can this be fixed or do I have a poked install of zimbra and just give up?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Help!!! Moving ZCS does not work!
    By ASebestian in forum Migration
    Replies: 7
    Last Post: 02-12-2009, 06:06 PM
  2. upgrading from 5.0.4 to 5.0.5 opensource
    By smoke in forum Installation
    Replies: 4
    Last Post: 10-19-2008, 10:38 AM
  3. Upgrade: 4.5.5 -> 4.5.6 failed, LDAP/slapd issues
    By Daimyo in forum Installation
    Replies: 7
    Last Post: 08-04-2007, 09:23 PM
  4. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 10:12 AM
  5. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •