Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 32

Thread: SAN failure - recovery advice

  1. #21
    mhammett is offline Special Member
    Join Date
    Nov 2009
    Posts
    102
    Rep Power
    5

    Default

    Here are the differences between the straces on the new and old servers.


    https://www.dropbox.com/s/93u2eg0umn...fferences.html
    Last edited by mhammett; 03-18-2013 at 08:08 AM.
    Release 7.1.4_GA_2555.RHEL5_64_20120105094627 CentOS5_64 FOSS edition.

  2. #22
    mhammett is offline Special Member
    Join Date
    Nov 2009
    Posts
    102
    Rep Power
    5

    Default

    Although I just made some headway... I have a program comparing differences between files from the recovered server and a new server setup in the same way. I understand there will be quite a few differences, mainly things that are unique from one install to the next. Do you notice what's wrong between these files? https://www.dropbox.com/s/pz46qr01p9...fferences.html

    Now I have to figure out what belongs in that file on the old server so I can rebuild it properly.

    What goes where the entryCSN field is? I can't find that field repeated elsewhere.
    Last edited by mhammett; 03-18-2013 at 09:13 AM.
    Release 7.1.4_GA_2555.RHEL5_64_20120105094627 CentOS5_64 FOSS edition.

  3. #23
    mhammett is offline Special Member
    Join Date
    Nov 2009
    Posts
    102
    Rep Power
    5

    Default

    I just copied the same file (olcOverlay={1}accesslog.ldif) over from the new array to the old one and zmcontrol start worked! Now to work on a regular LDAP backup and restore.
    Release 7.1.4_GA_2555.RHEL5_64_20120105094627 CentOS5_64 FOSS edition.

  4. #24
    mhammett is offline Special Member
    Join Date
    Nov 2009
    Posts
    102
    Rep Power
    5

    Default

    All of the mail stores were lost. In the process of getting everything back, the new MTAs aren't binding to the LDAP server.

    Code:
    Tue Mar 19 22:34:19 2013 Checking ldap on ldap1.ics-il.net:389
    Tue Mar 19 22:34:19 2013 Unable to bind to ldap://ldap1.ics-il.net:389 with user uid=zmpostfix,cn=appaccts,cn=zimbra:
    Tue Mar 19 22:34:19 2013 Couldn't bind to ldap1.ics-il.net as uid=zmpostfix,cn=appaccts,cn=zimbra
    Tue Mar 19 22:34:19 2013 Checking ldap on ldap1.ics-il.net:389
    Tue Mar 19 22:34:19 2013 Unable to bind to ldap://ldap1.ics-il.net:389 with user uid=zmamavis,cn=appaccts,cn=zimbra:
    Tue Mar 19 22:34:19 2013 Couldn't bind to ldap1.ics-il.net as uid=zmamavis,cn=appaccts,cn=zimbra
    Tue Mar 19 22:34:19 2013 Checking ldap on ldap1.ics-il.net:389
    Tue Mar 19 22:34:19 2013 Verified ldap running at ldap://ldap1.ics-il.net:389
    It did connect once, apparently, but fails to connect later.

    Code:
    [root@ldap1 ~]# ps aux | grep slap
    zimbra    3420  0.1  0.8 528432 66972 ?        Ssl  14:27   0:45 /opt/zimbra/openldap/sbin/slapd -l LOCAL0 -u zimbra -h ldap://ldap1.ics-il.net:389 ldapi:/// -F /opt/zimbra/data/ldap/config
    root     10175  0.0  0.0  61204   760 pts/0    S+   23:09   0:00 grep slap
    [root@ldap1 ~]# su zimbra
    [zimbra@ldap1 root]$ zmcontrol status
    Host ldap1.ics-il.net
            ldap                    Running
            snmp                    Running
            stats                   Running
            zmconfigd               Running

    Code:
    [root@ldap1 ~]# cat /etc/hosts
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1               localhost.localdomain localhost
    ::1             localhost6.localdomain6 localhost6
    10.1.8.3                ldap1.ics-il.net ldap1
    [root@ldap1 ~]# cat /etc/resolv.conf
    search ics-il.net
    nameserver 10.1.5.101
    [root@ldap1 ~]# dig `hostname` mx
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> ldap1.ics-il.net mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42008
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;ldap1.ics-il.net.              IN      MX
    
    ;; AUTHORITY SECTION:
    ics-il.net.             38400   IN      SOA     dns1.ics-il.net. admin.ics-il.net. 1276451201 10800 3600 604800 38400
    
    ;; Query time: 3 msec
    ;; SERVER: 10.1.5.101#53(10.1.5.101)
    ;; WHEN: Tue Mar 19 22:58:27 2013
    ;; MSG SIZE  rcvd: 81
    
    [root@ldap1 ~]# dig `hostname` any
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> ldap1.ics-il.net any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11444
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;ldap1.ics-il.net.              IN      ANY
    
    ;; ANSWER SECTION:
    ldap1.ics-il.net.       38400   IN      A       10.1.8.3
    
    ;; AUTHORITY SECTION:
    ics-il.net.             38400   IN      NS      dns1.ics-il.net.
    
    ;; ADDITIONAL SECTION:
    dns1.ics-il.net.        38400   IN      A       10.1.5.101
    
    ;; Query time: 3 msec
    ;; SERVER: 10.1.5.101#53(10.1.5.101)
    ;; WHEN: Tue Mar 19 22:58:27 2013
    ;; MSG SIZE  rcvd: 85
    
    [root@ldap1 ~]# host `hostname`
    ldap1.ics-il.net has address 10.1.8.3
    Code:
    [root@ldap2 ~]# cat /etc/hosts
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1               localhost.localdomain localhost
    ::1             localhost6.localdomain6 localhost6
    10.1.8.4                ldap2.ics-il.net ldap2
    [root@ldap2 ~]# cat /etc/resolv.conf
    search ics-il.net
    nameserver 10.1.5.101
    [root@ldap2 ~]# dig `hostname` mx
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> ldap2.ics-il.net mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58577
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;ldap2.ics-il.net.              IN      MX
    
    ;; AUTHORITY SECTION:
    ics-il.net.             38400   IN      SOA     dns1.ics-il.net. admin.ics-il.net. 1276451201 10800 3600 604800 38400
    
    ;; Query time: 8 msec
    ;; SERVER: 10.1.5.101#53(10.1.5.101)
    ;; WHEN: Wed Mar 20 00:16:04 2013
    ;; MSG SIZE  rcvd: 81
    
    [root@ldap2 ~]# dig `hostname` any
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> ldap2.ics-il.net any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49432
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;ldap2.ics-il.net.              IN      ANY
    
    ;; ANSWER SECTION:
    ldap2.ics-il.net.       38400   IN      A       10.1.8.4
    
    ;; AUTHORITY SECTION:
    ics-il.net.             38400   IN      NS      dns1.ics-il.net.
    
    ;; ADDITIONAL SECTION:
    dns1.ics-il.net.        38400   IN      A       10.1.5.101
    
    ;; Query time: 4 msec
    ;; SERVER: 10.1.5.101#53(10.1.5.101)
    ;; WHEN: Wed Mar 20 00:16:04 2013
    ;; MSG SIZE  rcvd: 85
    
    [root@ldap2 ~]# host `hostname`
    ldap2.ics-il.net has address 10.1.8.4
    Code:
    [root@mailbox1 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# cat /etc/hosts
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1               localhost.localdomain localhost
    ::1             localhost6.localdomain6 localhost6
    10.1.8.5                mailbox1.ics-il.net mailbox1
    [root@mailbox1 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# cat /etc/resolv.conf
    search ics-il.net
    nameserver 10.1.5.101
    [root@mailbox1 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# dig `hostname` mx
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> mailbox1.ics-il.net mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25171
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;mailbox1.ics-il.net.           IN      MX
    
    ;; AUTHORITY SECTION:
    ics-il.net.             38400   IN      SOA     dns1.ics-il.net. admin.ics-il.net. 1276451201 10800 3600 604800 38400
    
    ;; Query time: 4 msec
    ;; SERVER: 10.1.5.101#53(10.1.5.101)
    ;; WHEN: Tue Mar 19 23:01:24 2013
    ;; MSG SIZE  rcvd: 84
    
    [root@mailbox1 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# dig `hostname` any
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> mailbox1.ics-il.net any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8508
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;mailbox1.ics-il.net.           IN      ANY
    
    ;; ANSWER SECTION:
    mailbox1.ics-il.net.    38400   IN      A       10.1.8.5
    
    ;; AUTHORITY SECTION:
    ics-il.net.             38400   IN      NS      dns1.ics-il.net.
    
    ;; ADDITIONAL SECTION:
    dns1.ics-il.net.        38400   IN      A       10.1.5.101
    
    ;; Query time: 1 msec
    ;; SERVER: 10.1.5.101#53(10.1.5.101)
    ;; WHEN: Tue Mar 19 23:01:24 2013
    ;; MSG SIZE  rcvd: 88
    
    [root@mailbox1 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# host `hostname`
    mailbox1.ics-il.net has address 10.1.8.5
    Code:
    [root@mailbox2 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# cat /etc/hosts
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1               localhost.localdomain localhost
    ::1             localhost6.localdomain6 localhost6
    10.1.8.6                mailbox2.ics-il.net mailbox2
    [root@mailbox2 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# cat /etc/resolv.conf
    search ics-il.net
    nameserver 10.1.5.101
    [root@mailbox2 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# dig `hostname` mx
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> mailbox2.ics-il.net mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20280
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;mailbox2.ics-il.net.           IN      MX
    
    ;; AUTHORITY SECTION:
    ics-il.net.             38400   IN      SOA     dns1.ics-il.net. admin.ics-il.net. 1276451201 10800 3600 604800 38400
    
    ;; Query time: 4 msec
    ;; SERVER: 10.1.5.101#53(10.1.5.101)
    ;; WHEN: Tue Mar 19 23:02:52 2013
    ;; MSG SIZE  rcvd: 84
    
    [root@mailbox2 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# dig `hostname` any
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> mailbox2.ics-il.net any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17877
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;mailbox2.ics-il.net.           IN      ANY
    
    ;; ANSWER SECTION:
    mailbox2.ics-il.net.    38400   IN      A       10.1.8.6
    
    ;; AUTHORITY SECTION:
    ics-il.net.             38400   IN      NS      dns1.ics-il.net.
    
    ;; ADDITIONAL SECTION:
    dns1.ics-il.net.        38400   IN      A       10.1.5.101
    
    ;; Query time: 2 msec
    ;; SERVER: 10.1.5.101#53(10.1.5.101)
    ;; WHEN: Tue Mar 19 23:02:52 2013
    ;; MSG SIZE  rcvd: 88
    
    [root@mailbox2 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# host `hostname`
    mailbox2.ics-il.net has address 10.1.8.6
    Code:
    [root@mta1 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# cat /etc/hosts
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1               localhost.localdomain localhost
    ::1             localhost6.localdomain6 localhost6
    10.1.8.7                mta1.ics-il.net mta1
    [root@mta1 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# cat /etc/resolv.conf
    search ics-il.net
    nameserver 10.1.5.101
    [root@mta1 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# dig `hostname` mx
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> mta1.ics-il.net mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51289
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;mta1.ics-il.net.               IN      MX
    
    ;; AUTHORITY SECTION:
    ics-il.net.             38400   IN      SOA     dns1.ics-il.net. admin.ics-il.net. 1276451201 10800 3600 604800 38400
    
    ;; Query time: 9 msec
    ;; SERVER: 10.1.5.101#53(10.1.5.101)
    ;; WHEN: Tue Mar 19 23:06:23 2013
    ;; MSG SIZE  rcvd: 80
    
    [root@mta1 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# dig `hostname` any
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> mta1.ics-il.net any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23731
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;mta1.ics-il.net.               IN      ANY
    
    ;; ANSWER SECTION:
    mta1.ics-il.net.        38400   IN      A       10.1.8.7
    
    ;; AUTHORITY SECTION:
    ics-il.net.             38400   IN      NS      dns1.ics-il.net.
    
    ;; ADDITIONAL SECTION:
    dns1.ics-il.net.        38400   IN      A       10.1.5.101
    
    ;; Query time: 3 msec
    ;; SERVER: 10.1.5.101#53(10.1.5.101)
    ;; WHEN: Tue Mar 19 23:06:23 2013
    ;; MSG SIZE  rcvd: 84
    
    [root@mta1 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# host `hostname`
    mta1.ics-il.net has address 10.1.8.7
    Code:
    [root@mta2 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# cat /etc/resolv.conf
    search ics-il.net
    nameserver 10.1.5.101
    [root@mta2 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# dig `hostname` mx
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> mta2.ics-il.net mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11885
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;mta2.ics-il.net.               IN      MX
    
    ;; AUTHORITY SECTION:
    ics-il.net.             38400   IN      SOA     dns1.ics-il.net. admin.ics-il.net. 1276451201 10800 3600 604800 38400
    
    ;; Query time: 9 msec
    ;; SERVER: 10.1.5.101#53(10.1.5.101)
    ;; WHEN: Tue Mar 19 23:07:18 2013
    ;; MSG SIZE  rcvd: 80
    
    [root@mta2 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# dig `hostname` any
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> mta2.ics-il.net any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1358
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;mta2.ics-il.net.               IN      ANY
    
    ;; ANSWER SECTION:
    mta2.ics-il.net.        38400   IN      A       10.1.8.8
    
    ;; AUTHORITY SECTION:
    ics-il.net.             38400   IN      NS      dns1.ics-il.net.
    
    ;; ADDITIONAL SECTION:
    dns1.ics-il.net.        38400   IN      A       10.1.5.101
    
    ;; Query time: 2 msec
    ;; SERVER: 10.1.5.101#53(10.1.5.101)
    ;; WHEN: Tue Mar 19 23:07:18 2013
    ;; MSG SIZE  rcvd: 84
    
    [root@mta2 zcs-7.1.1_GA_3196.RHEL5_64.20110527011124]# host `hostname`
    mta2.ics-il.net has address 10.1.8.8
    Code:
    [root@proxy ~]# cat /etc/hosts
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1               localhost.localdomain localhost
    ::1             localhost6.localdomain6 localhost6
    10.1.8.9                proxy.ics-il.net proxy
    [root@proxy ~]# cat /etc/resolv.conf
    search ics-il.net
    nameserver 10.1.5.101
    [root@proxy ~]# dig `hostname` mx
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> proxy.ics-il.net mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12717
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;proxy.ics-il.net.              IN      MX
    
    ;; AUTHORITY SECTION:
    ics-il.net.             38400   IN      SOA     dns1.ics-il.net. admin.ics-il.ne                                                                                                                               t. 1276451201 10800 3600 604800 38400
    
    ;; Query time: 10 msec
    ;; SERVER: 10.1.5.101#53(10.1.5.101)
    ;; WHEN: Wed Mar 20 00:18:17 2013
    ;; MSG SIZE  rcvd: 81
    
    [root@proxy ~]# dig `hostname` any
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> proxy.ics-il.net any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2027
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;proxy.ics-il.net.              IN      ANY
    
    ;; ANSWER SECTION:
    proxy.ics-il.net.       38400   IN      A       10.1.8.9
    
    ;; AUTHORITY SECTION:
    ics-il.net.             38400   IN      NS      dns1.ics-il.net.
    
    ;; ADDITIONAL SECTION:
    dns1.ics-il.net.        38400   IN      A       10.1.5.101
    
    ;; Query time: 3 msec
    ;; SERVER: 10.1.5.101#53(10.1.5.101)
    ;; WHEN: Wed Mar 20 00:18:17 2013
    ;; MSG SIZE  rcvd: 85
    
    [root@proxy ~]# host `hostname`
    proxy.ics-il.net has address 10.1.8.9
    Last edited by mhammett; 03-19-2013 at 10:19 PM.
    Release 7.1.4_GA_2555.RHEL5_64_20120105094627 CentOS5_64 FOSS edition.

  5. #25
    mhammett is offline Special Member
    Join Date
    Nov 2009
    Posts
    102
    Rep Power
    5

    Default

    When trying to bring up the second LDAP server.

    Code:
    Wed Mar 20 00:00:11 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:00:11 2013 Verified ldap running at ldap://ldap1.ics-il.net:389
    Wed Mar 20 00:00:11 2013 Setting local config ldap_url to ldap://ldap1.ics-il.net:389
    Wed Mar 20 00:00:11 2013 *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e ldap_url='ldap://ldap1.ics-il.net:389' 2> /dev/null
    Wed Mar 20 00:00:12 2013 Setting local config ldap_starttls_supported to 1
    Wed Mar 20 00:00:12 2013 *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e ldap_starttls_supported='1' 2> /dev/null
    Wed Mar 20 00:00:14 2013 Setting local config zimbra_require_interprocess_security to 1
    Wed Mar 20 00:00:14 2013 *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e zimbra_require_interprocess_security='1' 2> /dev/null
    Wed Mar 20 00:00:15 2013 Setting local config ssl_allow_untrusted_certs to true
    Wed Mar 20 00:00:15 2013 *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e ssl_allow_untrusted_certs='true' 2> /dev/null
    Wed Mar 20 00:00:16 2013 Verified uid=zimbra,cn=admins,cn=zimbra on ldap1.ics-il.net.
    Wed Mar 20 00:00:16 2013 Setting local config zimbra_ldap_password to hcgrtZHf
    Wed Mar 20 00:00:16 2013 *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e zimbra_ldap_password='hcgrtZHf' 2> /dev/null
    Wed Mar 20 00:00:18 2013 Setting defaults from ldap...
    Wed Mar 20 00:00:23 2013 ERROR: account.NO_SUCH_SERVER (no such server: ldap2.ics-il.net)
    Wed Mar 20 00:00:29 2013 Returning retrieved global config attribute zimbraDefaultDomainName=ics-il.net
    Wed Mar 20 00:00:29 2013 Returning cached global config attribute: zimbraSmtpHostname=localhost
    Wed Mar 20 00:00:29 2013 Returning cached global config attribute: zimbraSpamIsSpamAccount=spam.u67m6ydk1@mailbox1.ics-il.net
    Wed Mar 20 00:00:29 2013 Returning cached global config attribute: zimbraSpamIsNotSpamAccount=ham.rzz6pmdba@mailbox1.ics-il.net
    Wed Mar 20 00:00:29 2013 Returning cached global config attribute: zimbraAmavisQuarantineAccount=virus-quarantine.xfufocrc@mailbox1.ics-il.net
    Wed Mar 20 00:00:29 2013 Returning cached global config attribute: zimbraVersionCheckInterval=1d
    Wed Mar 20 00:00:29 2013 Returning cached global config attribute: zimbraVersionCheckSendNotifications=TRUE
    Wed Mar 20 00:00:29 2013 Returning cached global config attribute: zimbraVersionCheckServer=0bb726f7-77ad-476b-81c3-7d060295081b
    Wed Mar 20 00:00:29 2013 Returning cached global config attribute: zimbraVersionCheckNotificationEmail=admin@ics-il.net
    Wed Mar 20 00:00:29 2013 Returning cached global config attribute: zimbraVersionCheckNotificationEmailFrom=admin@mailbox1.ics-il.net
    Wed Mar 20 00:00:34 2013 Returning retrieved cos config attribute for default: zimbraPrefUseKeyboardShortcuts=
    Wed Mar 20 00:00:34 2013 Returning cached cos config attribute for default: zimbraPrefTimeZoneId=America/Chicago
    Wed Mar 20 00:00:34 2013 Returning cached cos config attribute for default: zimbraFeatureTasksEnabled=TRUE
    Wed Mar 20 00:00:34 2013 Returning cached cos config attribute for default: zimbraFeatureBriefcasesEnabled=TRUE
    Wed Mar 20 00:00:40 2013 Returning retrieved domain config attribute for ics-il.net: zimbraGalAccountId=
    Wed Mar 20 00:00:40 2013 done.
    Wed Mar 20 00:00:40 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:00:40 2013 Unable to bind to ldap://ldap1.ics-il.net:389 with user uid=zmreplica,cn=admins,cn=zimbra:
    Wed Mar 20 00:00:40 2013 Couldn't bind to ldap1.ics-il.net as uid=zmreplica,cn=admins,cn=zimbra
    Wed Mar 20 00:00:40 2013 Checking ldap replication is enabled on ldap1.ics-il.net:389
    Wed Mar 20 00:00:40 2013 Verified ability to query accesslog on master.
    Wed Mar 20 00:00:40 2013 ldap replication ability verified
    Wed Mar 20 00:00:49 2013 checking isEnabled zimbra-ldap
    Wed Mar 20 00:00:49 2013 zimbra-ldap is enabled
    Wed Mar 20 00:00:49 2013 checking isEnabled zimbra-mta
    Wed Mar 20 00:00:49 2013 zimbra-mta is not enabled
    Wed Mar 20 00:00:49 2013 checking isEnabled zimbra-proxy
    Wed Mar 20 00:00:49 2013 zimbra-proxy not in enabled cache
    Wed Mar 20 00:00:49 2013 enabled packages zimbra-logger zimbra-store zimbra-mta zimbra-cluster zimbra-snmp zimbra-core zimbra-spell zimbra-ldap
    Wed Mar 20 00:00:49 2013 Newinstall enabling all installed packages
    Wed Mar 20 00:00:49 2013 Enabling zimbra-core
    Wed Mar 20 00:00:49 2013 Enabling zimbra-ldap
    Wed Mar 20 00:00:49 2013 Enabling zimbra-snmp
    Wed Mar 20 00:00:50 2013 checking isEnabled zimbra-snmp
    Wed Mar 20 00:00:50 2013 zimbra-snmp is enabled
    Wed Mar 20 00:00:50 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:00:50 2013 Verified ldap running at ldap://ldap1.ics-il.net:389
    Wed Mar 20 00:00:50 2013 Skipping update of unchanged value for ldap_url=ldap://ldap1.ics-il.net:389.
    Wed Mar 20 00:00:50 2013 Skipping update of unchanged value for ldap_starttls_supported=1.
    Wed Mar 20 00:00:50 2013 Skipping update of unchanged value for zimbra_require_interprocess_security=1.
    Wed Mar 20 00:00:50 2013 Skipping update of unchanged value for ssl_allow_untrusted_certs=true.
    Wed Mar 20 00:00:50 2013 Verified uid=zimbra,cn=admins,cn=zimbra on ldap1.ics-il.net.
    Wed Mar 20 00:00:50 2013 Skipping update of unchanged value for zimbra_ldap_password=hcgrtZHf.
    Wed Mar 20 00:00:50 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:00:51 2013 Unable to bind to ldap://ldap1.ics-il.net:389 with user uid=zmreplica,cn=admins,cn=zimbra:
    Wed Mar 20 00:00:51 2013 Couldn't bind to ldap1.ics-il.net as uid=zmreplica,cn=admins,cn=zimbra
    Wed Mar 20 00:00:51 2013 Checking ldap replication is enabled on ldap1.ics-il.net:389
    Wed Mar 20 00:00:51 2013 Verified ability to query accesslog on master.
    Wed Mar 20 00:00:51 2013 ldap replication ability verified
    Wed Mar 20 00:00:51 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:00:51 2013 Verified ldap running at ldap://ldap1.ics-il.net:389
    Wed Mar 20 00:00:51 2013 Skipping update of unchanged value for ldap_url=ldap://ldap1.ics-il.net:389.
    Wed Mar 20 00:00:51 2013 Skipping update of unchanged value for ldap_starttls_supported=1.
    Wed Mar 20 00:00:51 2013 Skipping update of unchanged value for zimbra_require_interprocess_security=1.
    Wed Mar 20 00:00:51 2013 Skipping update of unchanged value for ssl_allow_untrusted_certs=true.
    Wed Mar 20 00:00:51 2013 Verified uid=zimbra,cn=admins,cn=zimbra on ldap1.ics-il.net.
    Wed Mar 20 00:00:51 2013 Skipping update of unchanged value for zimbra_ldap_password=hcgrtZHf.
    Wed Mar 20 00:00:51 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:00:51 2013 Unable to bind to ldap://ldap1.ics-il.net:389 with user uid=zmreplica,cn=admins,cn=zimbra:
    Wed Mar 20 00:00:51 2013 Couldn't bind to ldap1.ics-il.net as uid=zmreplica,cn=admins,cn=zimbra
    Wed Mar 20 00:00:51 2013 Checking ldap replication is enabled on ldap1.ics-il.net:389
    Wed Mar 20 00:00:51 2013 Verified ability to query accesslog on master.
    Wed Mar 20 00:00:51 2013 ldap replication ability verified
    Wed Mar 20 00:00:51 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:00:51 2013 Verified ldap running at ldap://ldap1.ics-il.net:389
    Wed Mar 20 00:00:51 2013 Skipping update of unchanged value for ldap_url=ldap://ldap1.ics-il.net:389.
    Wed Mar 20 00:00:51 2013 Skipping update of unchanged value for ldap_starttls_supported=1.
    Wed Mar 20 00:00:51 2013 Skipping update of unchanged value for zimbra_require_interprocess_security=1.
    Wed Mar 20 00:00:51 2013 Skipping update of unchanged value for ssl_allow_untrusted_certs=true.
    Wed Mar 20 00:00:51 2013 Verified uid=zimbra,cn=admins,cn=zimbra on ldap1.ics-il.net.
    Wed Mar 20 00:00:51 2013 Skipping update of unchanged value for zimbra_ldap_password=hcgrtZHf.
    Wed Mar 20 00:00:51 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:00:51 2013 Unable to bind to ldap://ldap1.ics-il.net:389 with user uid=zmreplica,cn=admins,cn=zimbra:
    Wed Mar 20 00:00:51 2013 Couldn't bind to ldap1.ics-il.net as uid=zmreplica,cn=admins,cn=zimbra
    Wed Mar 20 00:00:51 2013 Checking ldap replication is enabled on ldap1.ics-il.net:389
    Wed Mar 20 00:00:51 2013 Verified ability to query accesslog on master.
    Wed Mar 20 00:00:51 2013 ldap replication ability verified
    Wed Mar 20 00:00:51 2013 Checking ldap replication is enabled on ldap1.ics-il.net:389
    Wed Mar 20 00:00:51 2013 Verified ability to query accesslog on master.
    Wed Mar 20 00:00:51 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:00:51 2013 Verified ldap running at ldap://ldap1.ics-il.net:389
    Wed Mar 20 00:00:51 2013 Skipping update of unchanged value for ldap_url=ldap://ldap1.ics-il.net:389.
    Wed Mar 20 00:00:51 2013 Skipping update of unchanged value for ldap_starttls_supported=1.
    Wed Mar 20 00:00:51 2013 Skipping update of unchanged value for zimbra_require_interprocess_security=1.
    Wed Mar 20 00:00:51 2013 Skipping update of unchanged value for ssl_allow_untrusted_certs=true.
    Wed Mar 20 00:00:51 2013 Verified uid=zimbra,cn=admins,cn=zimbra on ldap1.ics-il.net.
    Wed Mar 20 00:00:51 2013 Skipping update of unchanged value for zimbra_ldap_password=hcgrtZHf.
    Wed Mar 20 00:00:52 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:00:52 2013 Unable to bind to ldap://ldap1.ics-il.net:389 with user uid=zmreplica,cn=admins,cn=zimbra:
    Wed Mar 20 00:00:52 2013 Couldn't bind to ldap1.ics-il.net as uid=zmreplica,cn=admins,cn=zimbra
    Wed Mar 20 00:00:52 2013 Checking ldap replication is enabled on ldap1.ics-il.net:389
    Wed Mar 20 00:00:52 2013 Verified ability to query accesslog on master.
    Wed Mar 20 00:00:52 2013 ldap replication ability verified
    Wed Mar 20 00:00:52 2013 checking isEnabled zimbra-ldap
    Wed Mar 20 00:00:52 2013 zimbra-ldap is enabled
    Wed Mar 20 00:00:52 2013 checking isEnabled zimbra-mta
    Wed Mar 20 00:00:52 2013 zimbra-mta is not enabled
    Wed Mar 20 00:00:52 2013 checking isEnabled zimbra-proxy
    Wed Mar 20 00:00:52 2013 zimbra-proxy is not enabled
    Wed Mar 20 00:00:55 2013 checking isEnabled zimbra-ldap
    Wed Mar 20 00:00:55 2013 zimbra-ldap is enabled
    Wed Mar 20 00:00:55 2013 checking isEnabled zimbra-mta
    Wed Mar 20 00:00:55 2013 zimbra-mta is not enabled
    Wed Mar 20 00:00:55 2013 checking isEnabled zimbra-proxy
    Wed Mar 20 00:00:55 2013 zimbra-proxy is not enabled
    Wed Mar 20 00:01:04 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:01:04 2013 Verified ldap running at ldap://ldap1.ics-il.net:389
    Wed Mar 20 00:01:04 2013 Skipping update of unchanged value for ldap_url=ldap://ldap1.ics-il.net:389.
    Wed Mar 20 00:01:04 2013 Skipping update of unchanged value for ldap_starttls_supported=1.
    Wed Mar 20 00:01:04 2013 Skipping update of unchanged value for zimbra_require_interprocess_security=1.
    Wed Mar 20 00:01:04 2013 Skipping update of unchanged value for ssl_allow_untrusted_certs=true.
    Wed Mar 20 00:01:04 2013 Verified uid=zimbra,cn=admins,cn=zimbra on ldap1.ics-il.net.
    Wed Mar 20 00:01:04 2013 Skipping update of unchanged value for zimbra_ldap_password=hcgrtZHf.
    Wed Mar 20 00:01:04 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:01:04 2013 Unable to bind to ldap://ldap1.ics-il.net:389 with user uid=zmreplica,cn=admins,cn=zimbra:
    Wed Mar 20 00:01:04 2013 Couldn't bind to ldap1.ics-il.net as uid=zmreplica,cn=admins,cn=zimbra
    Wed Mar 20 00:01:04 2013 Checking ldap replication is enabled on ldap1.ics-il.net:389
    Wed Mar 20 00:01:04 2013 Verified ability to query accesslog on master.
    Wed Mar 20 00:01:04 2013 ldap replication ability verified
    Wed Mar 20 00:01:04 2013 checking isEnabled zimbra-ldap
    Wed Mar 20 00:01:04 2013 zimbra-ldap is enabled
    Wed Mar 20 00:01:04 2013 checking isEnabled zimbra-mta
    Wed Mar 20 00:01:04 2013 zimbra-mta is not enabled
    Wed Mar 20 00:01:04 2013 checking isEnabled zimbra-proxy
    Wed Mar 20 00:01:04 2013 zimbra-proxy is not enabled
    Wed Mar 20 00:01:10 2013 checking isEnabled zimbra-ldap
    Wed Mar 20 00:01:10 2013 zimbra-ldap is enabled
    Wed Mar 20 00:01:10 2013 checking isEnabled zimbra-mta
    Wed Mar 20 00:01:10 2013 zimbra-mta is not enabled
    Wed Mar 20 00:01:10 2013 checking isEnabled zimbra-proxy
    Wed Mar 20 00:01:10 2013 zimbra-proxy is not enabled
    Wed Mar 20 00:01:10 2013 checking isEnabled zimbra-snmp
    Wed Mar 20 00:01:10 2013 zimbra-snmp is enabled
    Wed Mar 20 00:01:10 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:01:10 2013 Verified ldap running at ldap://ldap1.ics-il.net:389
    Wed Mar 20 00:01:10 2013 Skipping update of unchanged value for ldap_url=ldap://ldap1.ics-il.net:389.
    Wed Mar 20 00:01:10 2013 Skipping update of unchanged value for ldap_starttls_supported=1.
    Wed Mar 20 00:01:10 2013 Skipping update of unchanged value for zimbra_require_interprocess_security=1.
    Wed Mar 20 00:01:10 2013 Skipping update of unchanged value for ssl_allow_untrusted_certs=true.
    Wed Mar 20 00:01:10 2013 Verified uid=zimbra,cn=admins,cn=zimbra on ldap1.ics-il.net.
    Wed Mar 20 00:01:10 2013 Skipping update of unchanged value for zimbra_ldap_password=hcgrtZHf.
    Wed Mar 20 00:01:11 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:01:11 2013 Unable to bind to ldap://ldap1.ics-il.net:389 with user uid=zmreplica,cn=admins,cn=zimbra:
    Wed Mar 20 00:01:11 2013 Couldn't bind to ldap1.ics-il.net as uid=zmreplica,cn=admins,cn=zimbra
    Wed Mar 20 00:01:11 2013 Checking ldap replication is enabled on ldap1.ics-il.net:389
    Wed Mar 20 00:01:11 2013 Verified ability to query accesslog on master.
    Wed Mar 20 00:01:11 2013 ldap replication ability verified
    Wed Mar 20 00:01:11 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:01:11 2013 Verified ldap running at ldap://ldap1.ics-il.net:389
    Wed Mar 20 00:01:11 2013 Skipping update of unchanged value for ldap_url=ldap://ldap1.ics-il.net:389.
    Wed Mar 20 00:01:11 2013 Skipping update of unchanged value for ldap_starttls_supported=1.
    Wed Mar 20 00:01:11 2013 Skipping update of unchanged value for zimbra_require_interprocess_security=1.
    Wed Mar 20 00:01:11 2013 Skipping update of unchanged value for ssl_allow_untrusted_certs=true.
    Wed Mar 20 00:01:11 2013 Verified uid=zimbra,cn=admins,cn=zimbra on ldap1.ics-il.net.
    Wed Mar 20 00:01:11 2013 Skipping update of unchanged value for zimbra_ldap_password=hcgrtZHf.
    Wed Mar 20 00:01:11 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:01:11 2013 Unable to bind to ldap://ldap1.ics-il.net:389 with user uid=zmreplica,cn=admins,cn=zimbra:
    Wed Mar 20 00:01:11 2013 Couldn't bind to ldap1.ics-il.net as uid=zmreplica,cn=admins,cn=zimbra
    Wed Mar 20 00:01:11 2013 Checking ldap replication is enabled on ldap1.ics-il.net:389
    Wed Mar 20 00:01:11 2013 Verified ability to query accesslog on master.
    Wed Mar 20 00:01:11 2013 ldap replication ability verified
    Wed Mar 20 00:01:11 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:01:11 2013 Verified ldap running at ldap://ldap1.ics-il.net:389
    Wed Mar 20 00:01:11 2013 Skipping update of unchanged value for ldap_url=ldap://ldap1.ics-il.net:389.
    Wed Mar 20 00:01:11 2013 Skipping update of unchanged value for ldap_starttls_supported=1.
    Wed Mar 20 00:01:11 2013 Skipping update of unchanged value for zimbra_require_interprocess_security=1.
    Wed Mar 20 00:01:11 2013 Skipping update of unchanged value for ssl_allow_untrusted_certs=true.
    Wed Mar 20 00:01:11 2013 Verified uid=zimbra,cn=admins,cn=zimbra on ldap1.ics-il.net.
    Wed Mar 20 00:01:11 2013 Skipping update of unchanged value for zimbra_ldap_password=hcgrtZHf.
    Wed Mar 20 00:01:11 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:01:11 2013 Unable to bind to ldap://ldap1.ics-il.net:389 with user uid=zmreplica,cn=admins,cn=zimbra:
    Wed Mar 20 00:01:11 2013 Couldn't bind to ldap1.ics-il.net as uid=zmreplica,cn=admins,cn=zimbra
    Wed Mar 20 00:01:11 2013 Checking ldap replication is enabled on ldap1.ics-il.net:389
    Wed Mar 20 00:01:11 2013 Verified ability to query accesslog on master.
    Wed Mar 20 00:01:11 2013 ldap replication ability verified
    Wed Mar 20 00:01:11 2013 Checking ldap replication is enabled on ldap1.ics-il.net:389
    Wed Mar 20 00:01:11 2013 Verified ability to query accesslog on master.
    Wed Mar 20 00:01:11 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:01:11 2013 Verified ldap running at ldap://ldap1.ics-il.net:389
    Wed Mar 20 00:01:11 2013 Skipping update of unchanged value for ldap_url=ldap://ldap1.ics-il.net:389.
    Wed Mar 20 00:01:11 2013 Skipping update of unchanged value for ldap_starttls_supported=1.
    Wed Mar 20 00:01:11 2013 Skipping update of unchanged value for zimbra_require_interprocess_security=1.
    Wed Mar 20 00:01:11 2013 Skipping update of unchanged value for ssl_allow_untrusted_certs=true.
    Wed Mar 20 00:01:11 2013 Verified uid=zimbra,cn=admins,cn=zimbra on ldap1.ics-il.net.
    Wed Mar 20 00:01:11 2013 Skipping update of unchanged value for zimbra_ldap_password=hcgrtZHf.
    Wed Mar 20 00:01:12 2013 Checking ldap on ldap1.ics-il.net:389
    Wed Mar 20 00:01:12 2013 Unable to bind to ldap://ldap1.ics-il.net:389 with user uid=zmreplica,cn=admins,cn=zimbra:
    Wed Mar 20 00:01:12 2013 Couldn't bind to ldap1.ics-il.net as uid=zmreplica,cn=admins,cn=zimbra
    Wed Mar 20 00:01:12 2013 Checking ldap replication is enabled on ldap1.ics-il.net:389
    Wed Mar 20 00:01:12 2013 Verified ability to query accesslog on master.
    Wed Mar 20 00:01:12 2013 ldap replication ability verified
    Wed Mar 20 00:01:12 2013 checking isEnabled zimbra-ldap
    Wed Mar 20 00:01:12 2013 zimbra-ldap is enabled
    Wed Mar 20 00:01:12 2013 checking isEnabled zimbra-mta
    Wed Mar 20 00:01:12 2013 zimbra-mta is not enabled
    Wed Mar 20 00:01:12 2013 checking isEnabled zimbra-proxy
    Wed Mar 20 00:01:12 2013 zimbra-proxy is not enabled
    Before the install was attempted:
    Code:
    [zimbra@ldap1 root]$ zmlocalconfig -s | grep ldap_amavis_password
    zmlocalconfig -s | grep ldap_root_password
    zmlocalconfig -s | grep zimbra_ldap_passwordldap_amavis_password = 0qygn8STQd
    [zimbra@ldap1 root]$ zmlocalconfig -s | grep ldap_nginx_password
    ldap_nginx_password = 0qygn8STQd
    [zimbra@ldap1 root]$ zmlocalconfig -s | grep ldap_postfix_password
    ldap_postfix_password = 0qygn8STQd
    [zimbra@ldap1 root]$ zmlocalconfig -s | grep ldap_replication_password
    ldap_replication_password = 0qygn8STQd
    [zimbra@ldap1 root]$ zmlocalconfig -s | grep ldap_root_password
    ldap_root_password = 0qygn8STQd
    [zimbra@ldap1 root]$ zmlocalconfig -s | grep zimbra_ldap_password
    zimbra_ldap_password = hcgrtZHf
    [zimbra@ldap1 root]$ su zimbra
    [zimbra@ldap1 root]$ zmprov ds ldap2.ics-il.net
    [zimbra@ldap1 root]$ zmprov ds ldap2.ics-il.net
    ERROR: account.NO_SUCH_SERVER (no such server: ldap2.ics-il.net)
    Release 7.1.4_GA_2555.RHEL5_64_20120105094627 CentOS5_64 FOSS edition.

  6. #26
    mhammett is offline Special Member
    Join Date
    Nov 2009
    Posts
    102
    Rep Power
    5

    Default

    There must have been a mismatch between the config file and LDAP as I corrected the issue by using the following commands to reset the passwords.

    Code:
     Command Usage: /opt/zimbra/bin/zmldappasswd [-h] [-r] [-p] [-l] newpassword
    	-h: display this help message
    	-a: change ldap_amavis_password
    	-l: change ldap_replication_password
    	-n: change ldap_nginx_password
    	-p: change ldap_postfix_password
    	-r: change ldap_root_passwd
    	Only one of a, l, n, p, or r may be specified
    	Without options zimbra_ldap_password is changed
    Release 7.1.4_GA_2555.RHEL5_64_20120105094627 CentOS5_64 FOSS edition.

  7. #27
    mhammett is offline Special Member
    Join Date
    Nov 2009
    Posts
    102
    Rep Power
    5

    Default

    I'm having an SSL problem, so I looked at: Administration Console and CLI Certificate Tools - Zimbra :: Wiki

    Code:
    [root@ldap1 ~]# /opt/zimbra/bin/zmcertmgr createca -new
    ** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
    ** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
    ** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
    [root@ldap1 ~]# /opt/zimbra/bin/zmcertmgr createcrt -new -days 3650 -subject "/C=US/ST=CA/L=NVA/O=ZCS/OU=ZCS/CN=*.ics-il.net"
    Validation days: 3650
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20130320084025
    ** Generating a server csr for download self -new -keysize 1024
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20130320084025
    ** Retrieving Commercial CA cert from ldap...failed.
    ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    [root@ldap1 ~]#  /opt/zimbra/bin/zmcertmgr deploycrt self -allserver
    ** Saving global config key zimbraSSLCertificate...failed.
    ** Saving global config key zimbraSSLPrivateKey...failed.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/ldap1.ics-il.net.pkcs12...done.
    ** Creating keystore file /opt/zimbra/conf/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
    ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.naming.CommunicationException ldap1.ics-il.net:389)
    Release 7.1.4_GA_2555.RHEL5_64_20120105094627 CentOS5_64 FOSS edition.

  8. #28
    mhammett is offline Special Member
    Join Date
    Nov 2009
    Posts
    102
    Rep Power
    5

    Default

    I decided to rerun the zmsetup.pl on the servers.

    Code:
    Wed Mar 20 10:03:19 2013 Setting up CA...
    Wed Mar 20 10:03:19 2013 *** Running as root user: /opt/zimbra/openssl/bin/openssl verify -purpose sslserver -CAfile /opt/zimbra/conf/ca/ca.pem /opt/zimbra/conf/ca/ca.pem | egrep "^error 10"
    Wed Mar 20 10:03:19 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr createca
    ** Retrieving Commercial CA cert from ldap...done.
    Wed Mar 20 10:03:27 2013 done.
    Wed Mar 20 10:03:27 2013 Deploying CA to /opt/zimbra/conf/ca ...
    Wed Mar 20 10:03:27 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr deployca -localonly
    ** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
    ** Copying CA to /opt/zimbra/conf/ca...done.
    Wed Mar 20 10:03:30 2013 done.
    Wed Mar 20 10:03:30 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr verifycrt comm > /dev/null 2>&1
    ** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    XXXXX ERROR: Can't find private key  /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Wed Mar 20 10:03:31 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr verifycrt self > /dev/null 2>&1
    ** Verifying /opt/zimbra/ssl/zimbra/server/server.crt against /opt/zimbra/ssl/zimbra/server/server.key
    Certificate (/opt/zimbra/ssl/zimbra/server/server.crt) and private key (/opt/zimbra/ssl/zimbra/server/server.key) match.
    Valid Certificate: /opt/zimbra/ssl/zimbra/server/server.crt: OK
    Is the private key error a problem?

    Code:
    Wed Mar 20 10:05:01 2013 Saving CA in ldap ...
    Wed Mar 20 10:05:01 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr deployca
    ** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
    ** Saving global config key zimbraCertAuthorityCertSelfSigned...done.
    ** Saving global config key zimbraCertAuthorityKeySelfSigned...done.
    ** Copying CA to /opt/zimbra/conf/ca...done.
    Wed Mar 20 10:05:16 2013 done.
    Wed Mar 20 10:05:16 2013 Saving SSL Certificate in ldap ...
    Wed Mar 20 10:05:16 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr savecrt self
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    Wed Mar 20 10:05:29 2013 done.
    Release 7.1.4_GA_2555.RHEL5_64_20120105094627 CentOS5_64 FOSS edition.

  9. #29
    mhammett is offline Special Member
    Join Date
    Nov 2009
    Posts
    102
    Rep Power
    5

    Default

    I uninstalled and deleted Zimbra on all but my LDAP master server. I did an upgrade install there, then reinstalled it on all of the other servers because of unresolvable problems.

    I did have to reindex all of the mailboxes, which I found a script somewhere to do it. It was about 4 or 5 lines.

    Now on to redeploying my new SSL certificate.
    Release 7.1.4_GA_2555.RHEL5_64_20120105094627 CentOS5_64 FOSS edition.

  10. #30
    mhammett is offline Special Member
    Join Date
    Nov 2009
    Posts
    102
    Rep Power
    5

    Default

    If you're having any server - server communication issues, I've found running the following commands cleans things up a bit. These issues may manifest themselves in mail queue issues or being prompted for the zimbra user's password when in the CLI.

    Code:
    su - zimbra -c 'zmcontrol stop'
    /opt/zimbra/libexec/zmfixperms
    su - zimbra -c 'zmcontrol start'
    
    su - zimbra -c 'zmsshkeygen'
    su - zimbra -c 'zmupdateauthkeys'
    su - zimbra -c 'zmupdateauthkeys'
    
    
    su - zimbra -c 'zmcontrol restart'
    Release 7.1.4_GA_2555.RHEL5_64_20120105094627 CentOS5_64 FOSS edition.

Page 3 of 4 FirstFirst 1234 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. ubuntu 8.04 zimbra 6.0.7 FAILURE need restore advice
    By cornbread in forum Administrators
    Replies: 2
    Last Post: 11-10-2011, 05:16 AM
  2. Replies: 0
    Last Post: 11-10-2011, 04:59 AM
  3. Recovery after disk failure
    By pingwin in forum Administrators
    Replies: 16
    Last Post: 01-14-2011, 03:24 AM
  4. Replies: 1
    Last Post: 08-18-2010, 11:22 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •