After Cert install Zimbra will not start LDAP errors

[pinkstond]

First of all I want to say I have researched the crap out of this. I have done all of the DNS splitting and now have the required results when running dig mydomain.com mx and dig mydomain.com any . So it doesn't seem to be a DNS issue.

A day after successfully installing new commercial certs I notice the server status isn't looking right. So I ssh in and restart zimbra. I then get this error:

Code:

Host mail.mydomain.com
Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn't exist.

Keep in mind I HAVE got the DNS working properly. Verification:

/etc/hosts:

Code:

127.0.0.1   localhost.localdomain   localhost
10.1.1.5    mail.mydomain.com mail

dig mydomain.com mx:

Code:

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> *****.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30077
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4

;; QUESTION SECTION:
;*****.com.                   IN      MX

;; ANSWER SECTION:
*****.com.            86400   IN      MX      10 mail.*****.com.

;; AUTHORITY SECTION:
*****.com.            86400   IN      NS      mercury.*****.com.
*****.com.            86400   IN      NS      servair.*****.com.

;; ADDITIONAL SECTION:
mail.*****.com.       86400   IN      A       10.1.1.5
mercury.******.com.    86400   IN      A       10.1.1.1
servair.*****.com.    86400   IN      A       10.1.1.14
servair.*****.com.    86400   IN      A       10.1.1.15

;; Query time: 0 msec
;; SERVER: 10.1.1.1#53(10.1.1.1)
;; WHEN: Thu Mar 15 19:18:21 2012
;; MSG SIZE  rcvd: 158

dig domain.com any:

Code:

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> *****.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3123
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4

;; QUESTION SECTION:
;*****.com.                   IN      ANY

;; ANSWER SECTION:
*****.com.            86400   IN      SOA     servair.*****.com. root.*****.com. 20051045 28800 14400 3600000 86400
*****.com.            86400   IN      NS      servair.*****.com.
*****.com.            86400   IN      NS      mercury.*****.com.
*****.com.            86400   IN      MX      10 mail.*****.com.

;; ADDITIONAL SECTION:
mercury.*****.com.    86400   IN      A       10.1.1.1
servair.*****.com.    86400   IN      A       10.1.1.15
servair.*****.com.    86400   IN      A       10.1.1.14
mail.*****.com.       86400   IN      A       10.1.1.5

;; Query time: 0 msec
;; SERVER: 10.1.1.1#53(10.1.1.1)
;; WHEN: Thu Mar 15 19:19:30 2012
;; MSG SIZE  rcvd: 199

I have followed forum posts on generating new SSL certs but when I do that I get these errors:

Code:

/opt/zimbra/bin/zmcertmgr createca -new
** Creating directory /opt/zimbra/ssl/zimbra
** Creating directory /opt/zimbra/ssl/zimbra/ca
** Creating directory /opt/zimbra/ssl/zimbra/server
** Creating directory /opt/zimbra/ssl/zimbra/commercial
chown: invalid option -- '1'
Try `chown --help' for more information.
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...chown: invalid option -- '1'
Try `chown --help' for more information.
done
chown: invalid option -- '1'
Try `chown --help' for more information.
chown: invalid option -- '1'
Try `chown --help' for more information.
chown: invalid option -- '1'
Try `chown --help' for more information.
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.

And I can't get it to work right... So right now I am pretty much stuck, and my company is not getting e-mails relayed properly until I get it fixed. Any help would be much appreciated...

[phoenix]

I have followed forum posts on generating new SSL certs but when I do that I get these errors:

Why did you not use the Admin UI or this article?

And I can't get it to work right... So right now I am pretty much stuck, and my company is not getting e-mails relayed properly until I get it fixed. Any help would be much appreciated...

Did you check this thread: Help, failed 7.1.1->7.1.3 upgrade

[pinkstond]

Why did you not use the Admin UI or this article?

OH YES!!! I abused the heck out of that article to no avail..

Did you check this thread: Help, failed 7.1.1->7.1.3 upgrade

I did check that, and it seems the resolution was a config directory back up, which I do not have.

I think I may have been making a little bit of progress.
I now can get most service running.. Result of status:

Host mail.xxxxxx.com
ldap Running
logger Running
mailbox Stopped
mysql.server is not running.
mta Running
snmp Running
spell Running
stats Stopped
zmconfigd Running

I manually start mysqld and it doesn't seem to change the status.

[phoenix]

OH YES!!! I abused the heck out of that article to no avail..


I did check that, and it seems the resolution was a config directory back up, which I do not have.

You know, it really would help if you gave details of what steps you've taken to try and fix the problem so we don't go over things you've already tried.

I think I may have been making a little bit of progress.
I now can get most service running..

Then you need to look in the log files to see what the errors are.

Result of status:

Host mail.xxxxxx.com
ldap Running
logger Running
mailbox Stopped
mysql.server is not running.
mta Running
snmp Running
spell Running
stats Stopped
zmconfigd Running

I manually start mysqld and it doesn't seem to change the status.

That tells us nothing other than a service isn't running.

[pinkstond]

It appears that somewhere in the mix I hosed up my localconfig.xml file (couldn't get a good backup either...) I had to re-populate all the info in the localconfig file based on what I found in various forums. Then of course I didn't know any of the postfix, mysql, ldap passwords that were previously entered, so I had to scour the forums to find all the right commands to reset all of the passwords. After all that, Zimbra started. Then I regenerated my certs and uploaded them through the WebUI... We will wait a day or so and see if that cert messes up the system again.

I've gotta find a better way of automating the backup process with free/cheap resources... Lesson learned I suppose.

[MrGreen]

Hi pinkstond,

It looks like I have the same issue as you. I have also lost most of my localconfig.xml file and re-populated it from a lab server that I have set up. can you perhaps let me know which passwords are required to reset? Also did you manage to regenerate your certs without any issues? And finally, is your system running ok after all this?

Thanks
Gert