[SOLVED] New mail store installation fails

[patit]

Hi everybody,

couldn't find much material apart from installation guide on multi server installation. Anyway I tried to install a second mail store with a bad result
That's what I did:

Quote:

Select the packages to install

Install zimbra-ldap [Y] n

Install zimbra-logger [Y] n

Install zimbra-mta [Y] n

Install zimbra-snmp [Y] n

Install zimbra-store [Y] y

Install zimbra-spell [Y] n
Checking required space for zimbra-core
checking space for zimbra-store

Installing:
zimbra-core
zimbra-store

The system will be modified. Continue? [N]

So I only chose to install zimbra-store. I inserted my main server ldap settings and password and configured zimbra-store as follows:

Quote:

Store configuration

1) Status: Enabled
2) Create Admin User: no
3) Enable automated spam training: no
4) Global Documents Account: wiki@mydomain.dom
5) SMTP host: host.mydomain.com
6) Web server HTTP port: 80
7) Web server HTTPS port: 443
8) Web server mode: https
9) Enable POP/IMAP proxy: no
10) IMAP server port: 143
11) IMAP server SSL port: 993
12) POP server port: 110
13) POP server SSL port: 995
14) Use spell check server: yes
15) Spell server URL: http://host.mydomain.com:7780/aspell.php

And this is the review of the overall configuration:

Quote:

Main menu

1) Hostname: host.mydomain.com
2) Ldap master host: primaryserver.mydomain.com
3) Ldap port: 389
4) Ldap password: set
5) TimeZone: (GMT+01.00) Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna
6) zimbra-store: Enabled
7) zimbra-mta: Disabled
8) zimbra-snmp: Disabled
9) zimbra-logger: Disabled
10) zimbra-spell: Disabled
11) Enable default backup schedule: yes
r) Start servers after configuration yes
s) Save config to file
x) Expand menu
q) Quit

*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help)

After applying settings I get the following:

Quote:

Setting local config values...Done
Updating ldap_root_password and zimbra_ldap_passwd...Done
Fetching CA from ldap...ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.CommunicationException localhost:389)
ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.CommunicationException localhost:389)
Done
Setting up CA...Done
Creating SSL certificate...Done
Fetching CA from ldap...ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.CommunicationException localhost:389)
ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.CommunicationException localhost:389)
Done
Installing SSL certificate...Done
Creating server entry for host.mydomain.com...Done
Setting spell check URL...Done
Setting service ports on host.mydomain.com..Done
Adding host.mydomain.com to zimbraMailHostPool in default COS...ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.CommunicationException localhost:389)
ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.CommunicationException localhost:389)
Done

It goes on and for every service it gets the same error as if it were trying to get and set infos from an ldap on localhost till I get

Quote:

Restarting tomcat...Done


Operations logged to /tmp/zmsetup.log.4499


Configuration complete - press return to exit

when I try to start services I get

Quote:

zimbra@host:~$ zmcontrol start
Host host.mydomain.com
Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn't exist.

On the forum I found these kind of errors only related to LDAP problems on the same host. But on the main host ldap is working properly (although users are authenticating against AD). And I can telnet the main host on port 389 without problems.
I couldn't find anything more helpful on the logs.

Any help is appreciated.

[jholder]

On the failed install (should have tried to install, failed at ldap), can you run this:
su - zimbra
zmlocalconfig | grep ldap

and look through the values. If any say localhost, the change them using
zmlocalconfig -e (attribute)=(new value)

Once you've made the changes, then rerun the zsetup.pl script located in /opt/zimbra/libexec

[patit]

So the output of zmlocalconfig showed no localhost but rather empty values:

Quote:

ldap_cache_account_maxage = 15
ldap_cache_account_maxsize = 5000
ldap_cache_cos_maxage = 15
ldap_cache_cos_maxsize = 100
ldap_cache_domain_maxage = 15
ldap_cache_domain_maxsize = 100
ldap_cache_server_maxage = 15
ldap_cache_server_maxsize = 100
ldap_cache_timezone_maxsize = 100
ldap_cache_zimlet_maxage = 15
ldap_cache_zimlet_maxsize = 100
ldap_connect_pool_debug = false
ldap_connect_pool_initsize = 1
ldap_connect_pool_master = false
ldap_connect_pool_maxsize = 50
ldap_connect_pool_prefsize = 0
ldap_connect_pool_timeout = 120000
ldap_connect_timeout = 30000
ldap_host =
ldap_is_master = false
ldap_log_level = 32768
ldap_master_url =
ldap_port =
ldap_root_password = *
ldap_url =
postfix_sender_canonical_maps = ldap:/opt/zimbra/conf/ldap-scm.cf
postfix_transport_maps = ldap:/opt/zimbra/conf/ldap-transport.cf
postfix_virtual_alias_domains = ldap:/opt/zimbra/conf/ldap-vad.cf
postfix_virtual_alias_maps = ldap:/opt/zimbra/conf/ldap-vam.cf
postfix_virtual_mailbox_domains = ldap:/opt/zimbra/conf/ldap-vmd.cf
postfix_virtual_mailbox_maps = ldap:/opt/zimbra/conf/ldap-vmm.cf
zimbra_class_provisioning = com.zimbra.cs.account.ldap.LdapProvisioning
zimbra_ldap_password = *
zimbra_ldap_user = zimbra
zimbra_ldap_userdn = uid=zimbra,cn=admins,cn=zimbra
zimbra_zmprov_default_to_ldap = false

By the way, before populating the keys I had to run a zmfixperms because I had a permission denied.
On zmsetup.pl during dpkg controls I got

Quote:

Setting defaults...ERROR: account.NO_SUCH_SERVER (no such server: host.mydomain.dom)

and checking the zmsetup.log I saw that installer seems to fail when adding new server to default COS:

Quote:

Adding host.mydomain.dom to zimbraMailHostPool in default COS...
usage: modifyCos(mc) {name|id} [attr1 value1 [attr2 value2...]]

zmprov [args] [cmd] [cmd-args ...]

-h/--help display usage
-f/--file use file as input stream
-s/--server {host}[:{port}] server hostname and optional port
-l/--ldap provision via LDAP instead of SOAP
-a/--account {name} account name to auth as
-p/--password {pass} password for account
-P/--passfile {file} read password from file
-z/--zadmin use zimbra admin name/password from localconfig for admin/password
-v/--verbose verbose mode (dumps full exception stack trace)
-d/--debug debug mode (dumps SOAP messages)

zmprov is used for provisioning. Try:

zmprov help account help on account-related commands
zmprov help calendar help on calendar resource-related commands
zmprov help commands help on all commands
zmprov help config help on config-related commands
zmprov help cos help on COS-related commands
zmprov help domain help on domain-related commands
zmprov help list help on distribution list-related commands
zmprov help misc help on misc commands
zmprov help notebook help on notebook-related commands
zmprov help search help on search-related commands
zmprov help server help on server-related commands

Done

And actually the outcome is the same:

Quote:

zimbra@host:~$ zmcontrol start
Host host.mydomain.dom
Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn't exist.

I shall try a fresh install tomorrow.

[jholder]

did you run the zmlocalconfig -e and change the values from null to what they're supposed to be?

[patit]

Yes, and actually in zmsetup.log I see:

Quote:

checking isEnabled zimbra-mta
zimbra-mta is enabled
checking isEnabled zimbra-snmp
zimbra-snmp is enabled
checking isEnabled zimbra-spell
zimbra-spell is enabled
Checking ldap on primaryhost.mydomain.dom:389
Verfied ldap running at ldap://primaryhost.mydomain.dom:389
Skipping ldap_url=ldap://primaryhost.mydomain.dom:3899. Already written.
Skipping zimbra_ldap_password=ldapPassword. Already written.

with the right values. And it seems it can contact ldap correctly.

[jholder]

Looks like this value is incorrect:

Code:

Skipping ldap_url=ldap://primaryhost.mydomain.dom:3899. Already written.

Should be port 389

[patit]

Sorry. Just a cut&paste error to hide real hostname
btw I tried a fresh install and now i get

Quote:

ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])

in zmsetup.log. I can't understand why since both zmlocaconfig -s and localconfig.xml show the right ldap root password

Is there a way I can test ldap credentials on the main server? Also installation does not set the right permissions on zimbra folder contents. I need to run zmfixperms to get them right with installer still open.

[patit]

What impact would it have if I ran

Quote:

zmldappasswd --root newpasss
zmldappasswd newpass2

on production server? Do you think it might help solving credentials issue?

[jholder]

Sorry, missed your earlier message.

Well, if your binding to an external server, I'm not sure it will have an impact unless your going to change it to a password that is already on AD.

[patit]

Quote:

Originally Posted by jholder

Sorry, missed your earlier message.

Well, if your binding to an external server, I'm not sure it will have an impact unless your going to change it to a password that is already on AD.

That's not clear to me. Users are authenticating against AD but new server is trying to get in contact with zimbra ldap. As my last installation attempt failed on wrong credentials I wanted to try to change zimbra ldap password. As you can imagine I can make all the tests I want on the new server but i can't make something wrong on production server.