Results 1 to 6 of 6

Thread: After Cert install Zimbra will not start LDAP errors

  1. #1
    pinkstond is offline Member
    Join Date
    Mar 2012
    Posts
    11
    Rep Power
    3

    Default After Cert install Zimbra will not start LDAP errors

    First of all I want to say I have researched the crap out of this. I have done all of the DNS splitting and now have the required results when running dig mydomain.com mx and dig mydomain.com any . So it doesn't seem to be a DNS issue.

    A day after successfully installing new commercial certs I notice the server status isn't looking right. So I ssh in and restart zimbra. I then get this error:

    Code:
    Host mail.mydomain.com
    Unable to determine enabled services from ldap.
    Unable to determine enabled services. Cache is out of date or doesn't exist.
    Keep in mind I HAVE got the DNS working properly. Verification:

    /etc/hosts:
    Code:
    127.0.0.1   localhost.localdomain   localhost
    10.1.1.5    mail.mydomain.com mail
    dig mydomain.com mx:
    Code:
    ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> *****.com mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30077
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4
    
    ;; QUESTION SECTION:
    ;*****.com.                   IN      MX
    
    ;; ANSWER SECTION:
    *****.com.            86400   IN      MX      10 mail.*****.com.
    
    ;; AUTHORITY SECTION:
    *****.com.            86400   IN      NS      mercury.*****.com.
    *****.com.            86400   IN      NS      servair.*****.com.
    
    ;; ADDITIONAL SECTION:
    mail.*****.com.       86400   IN      A       10.1.1.5
    mercury.******.com.    86400   IN      A       10.1.1.1
    servair.*****.com.    86400   IN      A       10.1.1.14
    servair.*****.com.    86400   IN      A       10.1.1.15
    
    ;; Query time: 0 msec
    ;; SERVER: 10.1.1.1#53(10.1.1.1)
    ;; WHEN: Thu Mar 15 19:18:21 2012
    ;; MSG SIZE  rcvd: 158
    dig domain.com any:
    Code:
    ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> *****.com any
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3123
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
    
    ;; QUESTION SECTION:
    ;*****.com.                   IN      ANY
    
    ;; ANSWER SECTION:
    *****.com.            86400   IN      SOA     servair.*****.com. root.*****.com. 20051045 28800 14400 3600000 86400
    *****.com.            86400   IN      NS      servair.*****.com.
    *****.com.            86400   IN      NS      mercury.*****.com.
    *****.com.            86400   IN      MX      10 mail.*****.com.
    
    ;; ADDITIONAL SECTION:
    mercury.*****.com.    86400   IN      A       10.1.1.1
    servair.*****.com.    86400   IN      A       10.1.1.15
    servair.*****.com.    86400   IN      A       10.1.1.14
    mail.*****.com.       86400   IN      A       10.1.1.5
    
    ;; Query time: 0 msec
    ;; SERVER: 10.1.1.1#53(10.1.1.1)
    ;; WHEN: Thu Mar 15 19:19:30 2012
    ;; MSG SIZE  rcvd: 199
    I have followed forum posts on generating new SSL certs but when I do that I get these errors:

    Code:
    /opt/zimbra/bin/zmcertmgr createca -new
    ** Creating directory /opt/zimbra/ssl/zimbra
    ** Creating directory /opt/zimbra/ssl/zimbra/ca
    ** Creating directory /opt/zimbra/ssl/zimbra/server
    ** Creating directory /opt/zimbra/ssl/zimbra/commercial
    chown: invalid option -- '1'
    Try `chown --help' for more information.
    ** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...chown: invalid option -- '1'
    Try `chown --help' for more information.
    done
    chown: invalid option -- '1'
    Try `chown --help' for more information.
    chown: invalid option -- '1'
    Try `chown --help' for more information.
    chown: invalid option -- '1'
    Try `chown --help' for more information.
    ** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
    ** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
    And I can't get it to work right... So right now I am pretty much stuck, and my company is not getting e-mails relayed properly until I get it fixed. Any help would be much appreciated...

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,582
    Rep Power
    57

    Default

    Quote Originally Posted by pinkstond View Post
    I have followed forum posts on generating new SSL certs but when I do that I get these errors:
    Why did you not use the Admin UI or this article?

    Quote Originally Posted by pinkstond View Post
    And I can't get it to work right... So right now I am pretty much stuck, and my company is not getting e-mails relayed properly until I get it fixed. Any help would be much appreciated...
    Did you check this thread: Help, failed 7.1.1->7.1.3 upgrade
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    pinkstond is offline Member
    Join Date
    Mar 2012
    Posts
    11
    Rep Power
    3

    Default

    Quote Originally Posted by phoenix View Post
    Why did you not use the Admin UI or this article?
    OH YES!!! I abused the heck out of that article to no avail..

    Quote Originally Posted by phoenix View Post
    Did you check this thread: Help, failed 7.1.1->7.1.3 upgrade
    I did check that, and it seems the resolution was a config directory back up, which I do not have.

    I think I may have been making a little bit of progress.
    I now can get most service running.. Result of status:

    Host mail.xxxxxx.com
    ldap Running
    logger Running
    mailbox Stopped
    mysql.server is not running.
    mta Running
    snmp Running
    spell Running
    stats Stopped
    zmconfigd Running

    I manually start mysqld and it doesn't seem to change the status.

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,582
    Rep Power
    57

    Default

    Quote Originally Posted by pinkstond View Post
    OH YES!!! I abused the heck out of that article to no avail..


    I did check that, and it seems the resolution was a config directory back up, which I do not have.
    You know, it really would help if you gave details of what steps you've taken to try and fix the problem so we don't go over things you've already tried.

    Quote Originally Posted by pinkstond View Post
    I think I may have been making a little bit of progress.
    I now can get most service running..
    Then you need to look in the log files to see what the errors are.

    Quote Originally Posted by pinkstond View Post
    Result of status:

    Host mail.xxxxxx.com
    ldap Running
    logger Running
    mailbox Stopped
    mysql.server is not running.
    mta Running
    snmp Running
    spell Running
    stats Stopped
    zmconfigd Running

    I manually start mysqld and it doesn't seem to change the status.
    That tells us nothing other than a service isn't running.
    Last edited by phoenix; 03-21-2013 at 01:04 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    pinkstond is offline Member
    Join Date
    Mar 2012
    Posts
    11
    Rep Power
    3

    Default

    It appears that somewhere in the mix I hosed up my localconfig.xml file (couldn't get a good backup either...) I had to re-populate all the info in the localconfig file based on what I found in various forums. Then of course I didn't know any of the postfix, mysql, ldap passwords that were previously entered, so I had to scour the forums to find all the right commands to reset all of the passwords. After all that, Zimbra started. Then I regenerated my certs and uploaded them through the WebUI... We will wait a day or so and see if that cert messes up the system again.

    I've gotta find a better way of automating the backup process with free/cheap resources... Lesson learned I suppose.

  6. #6
    MrGreen is offline Junior Member
    Join Date
    Mar 2013
    Posts
    6
    Rep Power
    2

    Default

    Hi pinkstond,

    It looks like I have the same issue as you. I have also lost most of my localconfig.xml file and re-populated it from a lab server that I have set up. can you perhaps let me know which passwords are required to reset? Also did you manage to regenerate your certs without any issues? And finally, is your system running ok after all this?

    Thanks
    Gert

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Issues after upgrading from 6.0.10 to 7
    By rhorist in forum Administrators
    Replies: 8
    Last Post: 02-25-2011, 08:38 AM
  2. fatal: parameter "smtpd_recipient_restrictions"
    By Robin in forum Administrators
    Replies: 8
    Last Post: 12-22-2010, 05:48 AM
  3. Big Fubar on 5 FOSS GA Upgrade
    By uxbod in forum Administrators
    Replies: 24
    Last Post: 01-21-2008, 03:37 AM
  4. Major Issue - 5.0RC2 NE to 5.0GA NE failed
    By DougWare in forum Installation
    Replies: 7
    Last Post: 01-06-2008, 09:56 PM
  5. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •