system failure: ZimbraLdapContext

[lvlbeam2]

Hello all,
I'm new to this list, so I'll do my best to explain my issue cleary.

FIRST MY ISSUE:
I started with a self signed cert that was working. A few days later I tried to install a godaddy cert via the admin interface and was getting errors, so then I tried via cli commands. When that didn't seem to work I went back to trying to install a self signed cert.
Basically, the web interface no longer responds and when I stop or start the services, I get errors as listed below having to do with LDAP.
My guess is that services are having trouble communicating with LDAP because I changed the certs...and each time I try to install a new one, the tool wants to use LDAP and has issues.

Anybody have any ideas how to fix this or how I can zero out the certs and install new ones into LDAP and the rest of the system?

Thanks for any help,
---Dean.



NEXT SOME SYSTEM INFORMATION:
zmcontrol -v
Release 6.0.6_GA_2324.RHEL5_20100406144520 CentOS5 FOSS edition.

zmcontrol status
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Host mail.mydomainname.com
antispam Running
antivirus Running
ldap Running
logger Stopped
zmlogswatchctl is not running
mailbox Stopped
zmmailboxdctl is not running.
mta Running
snmp Running
spell Running
stats Stopped
Unable to determine enabled services from ldap

zmcontrol start
[zimbra@mail ~]$ zmcontrol start
Host mail.mydomainname.com
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting logger...Failed.
Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)
zimbra logger service is not enabled! failed.


Starting mailbox...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.


Also, doubt it's a DNS problem, a few days before the update everything was working fine and no DNS changes since then.

cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
x.x.x.x mail.mydomainname.com mail

[phoenix]

You should either regenerate the self signed certificates or install the GoDaddy certificate via the command line (you should also search the forums for more information on the GoDaddy 'problem'). Either one of those should get your server working again.

[lvlbeam2]

I tried reinstalling the self signed cert, but it gives an error when it tries to "...Saving server config key zimbraSSLPrivateKey...". Same thing with the GoDaddy cert. See my output below:

I've read 100 or more posts about the GoDaddy issue, and I understand it's an issue and what I might do about it if I ever get the server running again, but at this point I think the problem is beyond the GoDaddy cert install issue.
Especially since the self signed cert isn't working either and now zimbra won't start correctly.

To install the self signed cert, I'm using these directions: Administration Console and CLI Certificate Tools - Zimbra :: Wiki

The self signed cert install gives me the following:
[root@mail bin]# /opt/zimbra/bin/zmcertmgr createca -new
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.

[root@mail bin]# /opt/zimbra/bin/zmcertmgr createcrt -new -days 365
Validation days: 365
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100512101651
** Generating a server csr for download self -new -keysize 1024
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100512101651
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
** Saving server config key zimbraSSLPrivateKey...failed.
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.

[root@mail bin]# /opt/zimbra/bin/zmcertmgr deploycrt self
** Saving server config key zimbraSSLCertificate...failed.
** Saving server config key zimbraSSLPrivateKey...failed.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.

[root@mail bin]# /opt/zimbra/bin/zmcertmgr viewdeployedcrt
::service mta::
notBefore=May 12 17:16:57 2010 GMT
notAfter=May 12 17:16:57 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomianname.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomianname.com
SubjectAltName=
::service proxy::
notBefore=May 12 17:16:57 2010 GMT
notAfter=May 12 17:16:57 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomainname.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomainname.com
SubjectAltName=
::service mailboxd::
notBefore=May 12 17:16:57 2010 GMT
notAfter=May 12 17:16:57 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomianname.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomianname.com
SubjectAltName=
::service ldap::
notBefore=May 12 17:16:57 2010 GMT
notAfter=May 12 17:16:57 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomianname.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomianname.com
SubjectAltName=

Any other ideas?

Thanks for the help by the way.
---Dean.

[lvlbeam2]

I have tried reinstalling the self signed cert and get errors, see below:

/opt/zimbra/bin/zmcertmgr createcrt -new -days 365
Validation days: 365
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100512103640
** Generating a server csr for download self -new -keysize 1024
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100512103640
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
** Saving server config key zimbraSSLPrivateKey...failed.
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.

Thanks,
---Dean.

[lvlbeam2]

trying to create the self signed cert:
Saving server config key zimbraSSLPrivateKey...failed.

[leSasch]

Same problem here:

root@zimbra:~# /opt/zimbra/bin/zmcertmgr deploycrt self
** Creating directory /opt/zimbra/ssl/zimbra
** Creating directory /opt/zimbra/ssl/zimbra/ca
** Creating directory /opt/zimbra/ssl/zimbra/server
** Creating directory /opt/zimbra/ssl/zimbra/commercial
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100623103025
** Retrieving server config key zimbraSSLCertificate...failed.
** Retrieving server config key zimbraSSLPrivateKey...failed.
** Generating a server csr for download self -keysize 1024
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100623103200
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
** Retrieving CA private key from ldap...failed.
** Retrieving CA cert from ldap...failed.
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
** Saving server config key zimbraSSLPrivateKey...failed.
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
** Saving server config key zimbraSSLCertificate...failed.
** Saving server config key zimbraSSLPrivateKey...failed.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.

[leSasch]

No luck here?
I'm encountering the same issue.