[SOLVED] New Cert install - LDAP "Unable to determine enabled services from ldap

[jdp459]

5.0.18_GA_3011.UBUNTU8_64 FOSS edition

Our commercial cert expires today, so I created a new cert, but didn't provide a CSR. The CSR was provided by the CA. I placed the CSR into the /opt/zimbra/ssl/zimbra/commercial/ directory.

After verifying the files with:
/opt/zimbra/bin/zmcertmgr verifycrt comm ./commercial.key ./commercial.crt ./commercial_ca.crt

I deployed them with:
/opt/zimbra/bin/zmcertmgr deploycrt comm ./commercial.crt ./commercial_ca.crt
Did it twice, to be certain.

Everything seemed fine, no warnings or errors reported either time. Restarted zimbra and see this

Host mail.domain.com
Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting logger...Done.
Starting mailbox...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.

I am able to login with webmail, remote IMAPS or to the admin console without issues, but the LDAP warning is concerning.
The output from
/opt/zimbra/bin/zmcertmgr viewdeployedcrt all
Seems ok and shows the new cert expiration date, even for LDAP.

A full reboot didn't help clear the startup messages. grep'in for errors in the log directory didn't find anything after the new cert was installed.

Is there something else I need/should have done to clear the LDAP cache? Any log files needed? Thanks for any help!

[jdp459]

The solution for us was to clean out older cert files from the
/opt/zimbra/conf/ca directory.
Basically, delete these (yours will be different) files

rm 0ef90221.0 0fae25b0.0 16687ed5.0 1d1c32fa.0 1f167f52.0 4d70f561.0 6fe6f9b8.0 81af5811.0 bead18a7.0

But be careful to leave ca.key, ca.pem, commercial_ca.pem and the 2 softlinks that point to them alone. stop and start zimbra - the "Unable to determine enabled services from ldap." message is gone.