Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Upgrade to 7.1.2 Massive Failure

  1. #1
    blackmogu is offline Junior Member
    Join Date
    Sep 2011
    Posts
    7
    Rep Power
    3

    Default Upgrade to 7.1.2 Massive Failure

    Hi,

    I did an upgrade from 7.1.1 to 7.1.2 of the open source zimbra edition, and stupidly chose the wrong package for CentOS 6 instead of CentOS 5. The install removed all packages and then bailed, leaving the server in an unusable state.

    I took a tarball of the zimbra directory before, but when I reinstall Zimbra 7.1.1 and use this tarball, nothing can connect. I get the following errors on startup :-

    Starting ldap...Done.
    Unable to determine enabled services from ldap.
    Unable to determine enabled services. Cache is out of date or doesn't exist.


    So, I tried a few things such as changing the ldap passwords, which gives me the error:-

    Updating local config and LDAP
    TLS: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


    I am at a loss as to how to get the server to start. Any help would be appreciated !

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,499
    Rep Power
    56

    Default

    Quote Originally Posted by blackmogu View Post
    I took a tarball of the zimbra directory before, but when I reinstall Zimbra 7.1.1 and use this tarball, nothing can connect. I get the following errors on startup
    Did you run zmfixperms after you restored the backup? Id suggest you do that and then run the install again for ZCS 7.1.1.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    blackmogu is offline Junior Member
    Join Date
    Sep 2011
    Posts
    7
    Rep Power
    3

    Default

    hi,

    having done that you outlined, on startup zimbra gives :-

    Starting ldap...Done.
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    Starting zmconfigd...Done.
    Starting logger...Failed.
    Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target)
    zimbra logger service is not enabled! failed


    I'm at my wits end after battling for 2 days !
    Thank you for your assistance.

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,499
    Rep Power
    56

    Default

    What's the status of the Zimbra services:

    Code:
    zmcontrol status
    Have you tried regenerating the certificates? Is your DNS records and hosts file correct? Go to the Split DNS article and run all the commands in the 'Verify...' section of that article, just for confirmation. Do you see any other errors in the log files?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    blackmogu is offline Junior Member
    Join Date
    Sep 2011
    Posts
    7
    Rep Power
    3

    Default

    My hosts file, MX record and resolving are all correct. I've read through the posts you outlined and have no issues. The server was running fine for over 2 years until now. The server is using a public IP.

    /opt/zimbra/bin/zmcertmgr createca -new
    ** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
    ** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
    ** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.

    /opt/zimbra/bin/zmcertmgr createcrt -new -days 365
    Validation days: 365
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20110918190900
    ** Generating a server csr for download self -new -keysize 1024
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20110918190900
    ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.

    /opt/zimbra/bin/zmcertmgr deploycrt self
    ** Saving server config key zimbraSSLCertificate...failed.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...failed.

    Exception in thread "main" java.io.IOException: Keystore was tampered with, or password was incorrect
    at sun.security.provider.JavaKeyStore.engineLoad(Java KeyStore.java:771)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad( JavaKeyStore.java:38)
    at java.security.KeyStore.load(KeyStore.java:1185)
    at com.zimbra.cert.MyPKCS12Import.main(MyPKCS12Import .java:98)
    Caused by: java.security.UnrecoverableKeyException: Password verification failed
    at sun.security.provider.JavaKeyStore.engineLoad(Java KeyStore.java:769)
    ... 3 more

    ** Installing CA to /opt/zimbra/conf/ca...done.

    /opt/zimbra/bin/zmcertmgr deployca
    ** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
    ** Saving global config key zimbraCertAuthorityCertSelfSigned...failed.
    ** Saving global config key zimbraCertAuthorityKeySelfSigned...failed.

    ** Copying CA to /opt/zimbra/conf/ca...done.

  6. #6
    blackmogu is offline Junior Member
    Join Date
    Sep 2011
    Posts
    7
    Rep Power
    3

    Default

    zmcontrol status gives :-

    antispam Running
    antivirus Running
    imapproxy Running
    ldap Running
    logger Stopped
    zmlogswatchctl is not running
    mailbox Stopped
    mysql.server is not running.
    zmmailboxdctl is not running.
    memcached Running
    mta Running
    snmp Running
    spell Running
    stats Stopped
    zmconfigd Running

    On starting zimbra, I also got the error :-

    Starting logswatch...ERROR: service.FAILURE (system failure: unable to lookup server by name: my.host.com message: [LDAP: error code 49 - Invalid Credentials]) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])
    zimbra logger service is not enabled! failed.

  7. #7
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,367
    Rep Power
    10

    Default

    Quote Originally Posted by blackmogu View Post
    I took a tarball of the zimbra directory before, but when I reinstall Zimbra 7.1.1 and use this tarball, nothing can connect. I get the following errors on startup :-
    Was Zimbra running when you took this tarball?
    Last edited by LMStone; 09-18-2011 at 01:03 PM.

  8. #8
    blackmogu is offline Junior Member
    Join Date
    Sep 2011
    Posts
    7
    Rep Power
    3

    Default

    possibly - I can't be sure.

  9. #9
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,367
    Rep Power
    10

    Default

    Without Zimbra having been shut down before taking a tarball of /opt/zimbra, many things won't be stored in the tar file in a restorable state. MySQL, LDAP etc. keeping much of their working set in memory, and changes made in RAM are not flushed to disk immediately.

    The Zimbra installer does shut down Zimbra prior to running the upgrade, so what you had in /opt/zimbra just after the upgrade bailed sounds like your only "backup".

    If you restored your tar file on top of the existing /opt/zimbra tree, you may have compromised your only "backup."

    There are routines to recover mailstores as I understand it, but it's a manual process and I don't have any familiarity with them.

    I wish I had better news...

  10. #10
    blackmogu is offline Junior Member
    Join Date
    Sep 2011
    Posts
    7
    Rep Power
    3

    Smile Resolved in a manner

    hi all,

    Here is what I did to get around my issue - it may be of some use to someone in the future.

    1. I had an old backup that was 6 months old. I restored this and upgraded it to the same zimbra version as the corrupted one.

    2. I copied the data and db and store directories from the corrupted installation to this recovered one.

    3. Started the recovered zimbra no problems.

    4. Used imapsync to sync the accounts to a new server.

    Thank the gods that this worked ! I've had a horrible weekend with no end of calls about emails not working. Moral of this story is ...

    BACK UP YOUR ZIMBRA INSTALLATION PROPERLY !

    Once you have a disaster like this you'll never skimp again

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 5
    Last Post: 05-11-2012, 02:16 PM
  2. Upgrade from 6.0.10 to 7 beta4
    By alex70 in forum Installation
    Replies: 14
    Last Post: 05-11-2012, 02:02 PM
  3. MySQL errors
    By mludwig in forum Administrators
    Replies: 1
    Last Post: 07-11-2011, 03:40 AM
  4. Replies: 6
    Last Post: 03-14-2011, 04:21 AM
  5. [SOLVED] New zcs 7 install : database errors founds
    By dkbk in forum Administrators
    Replies: 4
    Last Post: 03-01-2011, 06:49 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •