Results 1 to 7 of 7

Thread: system failure: ZimbraLdapContext

  1. #1
    lvlbeam2 is offline Starter Member
    Join Date
    May 2010
    Posts
    4
    Rep Power
    5

    Default system failure: ZimbraLdapContext

    Hello all,
    I'm new to this list, so I'll do my best to explain my issue cleary.

    FIRST MY ISSUE:
    I started with a self signed cert that was working. A few days later I tried to install a godaddy cert via the admin interface and was getting errors, so then I tried via cli commands. When that didn't seem to work I went back to trying to install a self signed cert.
    Basically, the web interface no longer responds and when I stop or start the services, I get errors as listed below having to do with LDAP.
    My guess is that services are having trouble communicating with LDAP because I changed the certs...and each time I try to install a new one, the tool wants to use LDAP and has issues.

    Anybody have any ideas how to fix this or how I can zero out the certs and install new ones into LDAP and the rest of the system?

    Thanks for any help,
    ---Dean.



    NEXT SOME SYSTEM INFORMATION:
    zmcontrol -v
    Release 6.0.6_GA_2324.RHEL5_20100406144520 CentOS5 FOSS edition.

    zmcontrol status
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    Host mail.mydomainname.com
    antispam Running
    antivirus Running
    ldap Running
    logger Stopped
    zmlogswatchctl is not running
    mailbox Stopped
    zmmailboxdctl is not running.
    mta Running
    snmp Running
    spell Running
    stats Stopped
    Unable to determine enabled services from ldap

    zmcontrol start
    [zimbra@mail ~]$ zmcontrol start
    Host mail.mydomainname.com
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    Starting logger...Failed.
    Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)
    zimbra logger service is not enabled! failed.


    Starting mailbox...Done.
    Starting antispam...Done.
    Starting antivirus...Done.
    Starting snmp...Done.
    Starting spell...Done.
    Starting mta...Done.
    Starting stats...Done.


    Also, doubt it's a DNS problem, a few days before the update everything was working fine and no DNS changes since then.

    cat /etc/hosts
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1 localhost.localdomain localhost
    ::1 localhost6.localdomain6 localhost6
    x.x.x.x mail.mydomainname.com mail
    Last edited by lvlbeam2; 05-13-2010 at 09:13 PM.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,582
    Rep Power
    57

    Default

    You should either regenerate the self signed certificates or install the GoDaddy certificate via the command line (you should also search the forums for more information on the GoDaddy 'problem'). Either one of those should get your server working again.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    lvlbeam2 is offline Starter Member
    Join Date
    May 2010
    Posts
    4
    Rep Power
    5

    Default

    I tried reinstalling the self signed cert, but it gives an error when it tries to "...Saving server config key zimbraSSLPrivateKey...". Same thing with the GoDaddy cert. See my output below:

    I've read 100 or more posts about the GoDaddy issue, and I understand it's an issue and what I might do about it if I ever get the server running again, but at this point I think the problem is beyond the GoDaddy cert install issue.
    Especially since the self signed cert isn't working either and now zimbra won't start correctly.

    To install the self signed cert, I'm using these directions: Administration Console and CLI Certificate Tools - Zimbra :: Wiki

    The self signed cert install gives me the following:
    [root@mail bin]# /opt/zimbra/bin/zmcertmgr createca -new
    ** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
    ** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
    ** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.

    [root@mail bin]# /opt/zimbra/bin/zmcertmgr createcrt -new -days 365
    Validation days: 365
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100512101651
    ** Generating a server csr for download self -new -keysize 1024
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100512101651
    ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.

    [root@mail bin]# /opt/zimbra/bin/zmcertmgr deploycrt self
    ** Saving server config key zimbraSSLCertificate...failed.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.

    [root@mail bin]# /opt/zimbra/bin/zmcertmgr viewdeployedcrt
    ::service mta::
    notBefore=May 12 17:16:57 2010 GMT
    notAfter=May 12 17:16:57 2011 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomianname.com
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomianname.com
    SubjectAltName=
    ::service proxy::
    notBefore=May 12 17:16:57 2010 GMT
    notAfter=May 12 17:16:57 2011 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomainname.com
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomainname.com
    SubjectAltName=
    ::service mailboxd::
    notBefore=May 12 17:16:57 2010 GMT
    notAfter=May 12 17:16:57 2011 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomianname.com
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomianname.com
    SubjectAltName=
    ::service ldap::
    notBefore=May 12 17:16:57 2010 GMT
    notAfter=May 12 17:16:57 2011 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomianname.com
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomianname.com
    SubjectAltName=

    Any other ideas?

    Thanks for the help by the way.
    ---Dean.

  4. #4
    lvlbeam2 is offline Starter Member
    Join Date
    May 2010
    Posts
    4
    Rep Power
    5

    Default

    I have tried reinstalling the self signed cert and get errors, see below:

    /opt/zimbra/bin/zmcertmgr createcrt -new -days 365
    Validation days: 365
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100512103640
    ** Generating a server csr for download self -new -keysize 1024
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100512103640
    ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.

    Thanks,
    ---Dean.

  5. #5
    lvlbeam2 is offline Starter Member
    Join Date
    May 2010
    Posts
    4
    Rep Power
    5

    Default

    trying to create the self signed cert:
    Saving server config key zimbraSSLPrivateKey...failed.

  6. #6
    leSasch is offline Senior Member
    Join Date
    Jun 2010
    Posts
    56
    Rep Power
    5

    Default

    Same problem here:

    root@zimbra:~# /opt/zimbra/bin/zmcertmgr deploycrt self
    ** Creating directory /opt/zimbra/ssl/zimbra
    ** Creating directory /opt/zimbra/ssl/zimbra/ca
    ** Creating directory /opt/zimbra/ssl/zimbra/server
    ** Creating directory /opt/zimbra/ssl/zimbra/commercial
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100623103025
    ** Retrieving server config key zimbraSSLCertificate...failed.
    ** Retrieving server config key zimbraSSLPrivateKey...failed.
    ** Generating a server csr for download self -keysize 1024
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100623103200
    ** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
    ** Retrieving CA private key from ldap...failed.
    ** Retrieving CA cert from ldap...failed.
    ** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
    ** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
    ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    ** Saving server config key zimbraSSLCertificate...failed.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.

  7. #7
    leSasch is offline Senior Member
    Join Date
    Jun 2010
    Posts
    56
    Rep Power
    5

    Default

    No luck here?
    I'm encountering the same issue.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 1
    Last Post: 03-07-2010, 12:12 PM
  2. mysql not starting, sort of.
    By lhutton in forum Installation
    Replies: 6
    Last Post: 06-19-2009, 10:45 AM
  3. Replies: 8
    Last Post: 10-19-2008, 09:52 AM
  4. Replies: 4
    Last Post: 08-04-2008, 06:17 PM
  5. [SOLVED] Mailserver down when send file attach of 50Mb
    By ZMilton in forum Administrators
    Replies: 20
    Last Post: 04-10-2008, 11:44 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •