Results 1 to 4 of 4

Thread: Upgrade 7.1.3 to 8.0.2 failure

  1. #1
    positively4th is offline Junior Member
    Join Date
    Jul 2009
    Posts
    7
    Rep Power
    5

    Post Upgrade 7.1.3 to 8.0.2 failure

    Dear All,

    I work for a small company and we have been using Zimbra almost a year and we are really happy with the product!

    We are currently running Release 7.1.3_GA_3346.UBUNTU10_64 UBUNTU10_64 FOSS edition on a Single-Server but would like to upgrade to the latest 8.x.x FOSS release. Evetually we will upgrade to the latest supported Ubuntu release.

    Now my problem:

    This week a tried to upgrade to 8.0.2. But it failed. Luckily the restore from backup process worked without hazzle so no real damage done!

    We are running zimbra on a virtual machine without any other software packages installed. However the server is located in our intranet and send and receive mails through a relay host. The server name is x in the domain y.z. Communucation with the WAN/Internet is limited to imap, http through a firewall.

    I performed the following steps:

    1. /opt/zimbra/bin/zmcertmgr viewdeployedcrt - to verify that our certificates have not expired
    2. zmcontrol stop - Stopped zimbra
    3. unattended-upgrade - To verify that there are no pending sceurity updates
    4. mv /etc/init.d/zimbra /root/ - Prevent zimbra to start on boot
    5. cp -a /opt/zimbra /opt/zimbra.bup
    6. Shut down the virual machine and made a backup
    7. Disconnected the vm from the network (removed virtual network adapter)
    8. Restarted the vm.
    9. cd /.../installers/zcs-8.0.2_GA_5569.UBUNTU10_64...
    10. screen ./install

    The install process ran for (about half an hour) with some errors displayed on the sccreen:

    Code:
    mysql.general_log Error    : You can't use locks with log tables.
    mysql.slow_log Error    : You can't use locks with log tables.
    Adding x.y.z to zimbraMailHostPool in default COS...failed.
    Setting Keyboard Shortcut Preferences...failed.
    Setting zimbraFeatureTasksEnabled=TRUE...failed.
    Setting zimbraFeatureBriefcasesEnabled=TRUE...failed.
    Setting MTA auth host...failed.
    Setting TimeZone Preference...failed.
    Creating user spam.unjskakkv@x.y.z...failed.
    Creating user ham.r7pegyxs@lx.y.z...failed.
    Creating user virus-quarantine.8b66vkzh7g@x.y.z...failed.
    Setting spam training and Anti-virus quarantine accounts...failed.
    Setting spam training and Anti-virus quarantine accounts...failed.
    Installing common zimlets...
            com_zimbra_adminversioncheck...failed. This may impact system functionality.
    / ... And more ... /
            com_zimbra_ymemoticons...failed. This may impact system functionality.
    Finished installing common zimlets.
    However the relevant /opt/zimbra/log/zmsetup.txt has severe errors, here are the relevant selection:

    Code:
    Tue Jan  8 16:31:37 2013 Removing /opt/zimbra/ssl/zimbra/{ca,server} to force creation or download of new ca and certificates.
    Tue Jan  8 16:31:37 2013 Skipping update of unchanged value for ssl_allow_untrusted_certs=true.
    Tue Jan  8 16:35:40 2013 Skipping update of unchanged value for ssl_allow_untrusted_certs=true.
    Tue Jan  8 16:35:40 2013 Setting local config ssl_allow_mismatched_certs to true
    Tue Jan  8 16:35:45 2013 Setting up CA...
    Tue Jan  8 16:35:45 2013 *** Running as root user: /opt/zimbra/openssl/bin/openssl verify -purpose sslserver -CAfile /opt/zimbra/conf/ca/ca.pem /opt/zimbra/conf/ca/ca.pem | egrep "^error 10"
    error 10 at 0 depth lookup:certificate has expired
    Tue Jan  8 16:35:45 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr createca -new
    ** Creating directory /opt/zimbra/ssl/zimbra/ca
    ** Creating directory /opt/zimbra/ssl/zimbra/server
    ** Creating directory /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp
    ** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
    ** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
    Tue Jan  8 16:35:46 2013 done.
    Tue Jan  8 16:35:46 2013 Deploying CA to /opt/zimbra/conf/ca ...
    Tue Jan  8 16:35:46 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr deployca -localonly
    ** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
    ** Copying CA to /opt/zimbra/conf/ca...done.
    Tue Jan  8 16:35:47 2013 done.
    Tue Jan  8 16:35:47 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr verifycrt comm > /dev/null 2>&1
    ** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /opt/zimbra/ssl/zimbra/commercial/commercial.crt: OK
    Tue Jan  8 16:38:56 2013 Saving CA in ldap ...
    Tue Jan  8 16:38:56 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr deployca
    ** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
    ** Saving global config key zimbraCertAuthorityCertSelfSigned...failed.
    ** Saving global config key zimbraCertAuthorityKeySelfSigned...failed.
    ** Copying CA to /opt/zimbra/conf/ca...done.
    Tue Jan  8 16:39:03 2013 done.
    Tue Jan  8 16:39:03 2013 Saving SSL Certificate in ldap ...
    Tue Jan  8 16:39:03 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr savecrt comm
    ** Saving server config key zimbraSSLCertificate...failed.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    Tue Jan  8 16:39:08 2013 done.
    Tue Jan  8 16:39:08 2013 Setting spell check URL...
    Tue Jan  8 16:39:08 2013 Updating cached config attribute for Server x.y.z: zimbraSpellCheckURL=http://x.y.z:7780/aspell.php
    Tue Jan  8 16:39:08 2013 *** Running as zimbra user: /opt/zimbra/bin/zmprov -r -m -l ms x.y.z  zimbraSpellCheckURL 'http://x.y.z:7780/aspell.php'
    [] FATAL: failed to initialize LDAP client
    com.zimbra.cs.ldap.LdapException: LDAP error: : An error occurred while attempting to connect to server x.y.z:389:  java.io.IOException: An error occurred while attempting to establish a connection to server x.y.z:389:  java.net.SocketException: Network is unreachable
    ExceptionId:main:1357659551431:f30ef83c9df2dfc5
    Code:ldap.LDAP_ERROR
        at com.zimbra.cs.ldap.LdapException.LDAP_ERROR(LdapException.java:88)
        at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:72)
        at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:38)
        at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:117)
        at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnectionPool(LdapConnectionPool.java:64)
        at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.init(UBIDLdapContext.java:95)
        at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.init(UBIDLdapClient.java:37)
        at com.zimbra.cs.ldap.LdapClient.getInstance(LdapClient.java:63)
        at com.zimbra.cs.ldap.LdapClient.initialize(LdapClient.java:86)
        at com.zimbra.cs.account.ldap.LdapProv.<init>(LdapProv.java:46)
        at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:256)
        at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:253)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
        at java.lang.Class.newInstance0(Class.java:372)
        at java.lang.Class.newInstance(Class.java:325)
        at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:278)
        at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:238)
        at com.zimbra.cs.account.ProvUtil.initProvisioning(ProvUtil.java:745)
        at com.zimbra.cs.account.ProvUtil.main(ProvUtil.java:3509)
    Caused by: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server x.y.z:389:  java.io.IOException: An error occurred while attempting to establish a connection to server x.y.z:389:  java.net.SocketException: Network is unreachable')
        at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:741)
        at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:675)
        at com.unboundid.ldap.sdk.LDAPConnection.<init>(LDAPConnection.java:507)
        at com.unboundid.ldap.sdk.SingleServerSet.getConnection(SingleServerSet.java:229)
        at com.unboundid.ldap.sdk.ServerSet.getConnection(ServerSet.java:98)
        at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:616)
        at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:562)
        at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:113)
        ... 18 more
    Caused by: java.io.IOException: An error occurred while attempting to establish a connection to server x.y.z:389:  java.net.SocketException: Network is unreachable
        at com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:142)
        at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:732)
        ... 25 more
    Tue Jan  8 16:39:11 2013 failed.
    The LDAP error is then repeated many many times.

    As you see from the zmsetup snippet I suspect there is a problem with the certificates. We are not using a purchased commercial certificate but have created our own CA certificate (not sigend by any other CA). The certificate installed on the Zimbra server, as a comercial certificate, is sigend by our own CA-key. (I'm sorry if I am a bit vague or unclear here but my knowledge concering these matters is somewhat limited.) We did install our certificate using zmcertmgr from the command line and it has worked flawlessly so far. However I have noted (using zmprov gacl) that the zimbraSSLCertificate and zimbraSSLPrivateKey are missing in the LDAP config (zimbraCertAuthorityCertSelfSigned and zimbraCertAuthorityKeySelfSigned are present).

    I would really appreciate any hints on what went wrong and hints or qulified guesses on what to do to fix the problem.

  2. #2
    tgx's Avatar
    tgx
    tgx is offline Elite Member
    Join Date
    Mar 2006
    Posts
    300
    Rep Power
    9

    Default

    As you have surmised, your certificates are borked.

    You may be able to follow this method prior to running the upgrade:

    "You can do it through the Admin GUI. Go into the GUI, left hand side select Certificates and then Install Certificate on the tab to the right. This will walk you through creating the CSR and will then install it."

    reposted from this thread:

    [SOLVED] Create new certificate for Zimbra

  3. #3
    positively4th is offline Junior Member
    Join Date
    Jul 2009
    Posts
    7
    Rep Power
    5

    Default

    Thanks for your response tgx!

    The reason I did not use the GUI approach the last time was that I did not get it working.

    Perhaps I should start by "Install the self signed certificate" using the GUI. Then I do the upgrade. If the upgrade goes well I'll give our "quasi commercial" certificate a new try. Any thoughts on that strategy?

    Is there any way I can check the result of or, if there are any, errors from the GUI certificate install process, perhaps a logfile?

  4. #4
    positively4th is offline Junior Member
    Join Date
    Jul 2009
    Posts
    7
    Rep Power
    5

    Default Solved

    Problem is now solved.

    Two changes solved the issue:

    1. Upgrading to 8.0.3
    2. Isolating the server connecting it to a virtual switch without any connection to anything else.

    I believe the second point was the important change. Removing the virtual network adapter prevented any connection to the local ldap server on port 389.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Upgrade Failure
    By silbro in forum Installation
    Replies: 9
    Last Post: 04-14-2009, 08:28 AM
  2. Replies: 3
    Last Post: 03-09-2009, 06:07 PM
  3. Replies: 0
    Last Post: 08-30-2007, 10:06 AM
  4. 4.5 Upgrade failure
    By brained in forum Installation
    Replies: 9
    Last Post: 03-03-2007, 03:30 PM
  5. Failure after upgrade from M3 to 3.0.1GA
    By bsb in forum Installation
    Replies: 3
    Last Post: 02-25-2006, 06:26 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •