Printable View
after all I found a related article from "mackoftrack".
https://www.zimbra.com/forums/admini...p-replica.html
and
Installing a Gandi Commercial Certificate on ZCS 5.0.x and 6.0.x - Zimbra :: Wiki
problem was fixed by importing a ca bundle into a java keystore:
Code:/opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
It looks like zimbra uses certs for internet process communications and when some commercial certs are installed, zimbra is unable to perform critical internal communications.
And I stand by my comments about dot zero releases. Any major release involves a tremendous amount of new code and dot zero releases are the first public release of a major release and are invariable buggy to the point of being unusable. I've been in the computer industry for 25 years and have seen precious few dot zero releases that were worth the hassle. Some times it isn't until a point three or point four of the minor release before the major release is usable.
Here's the solution that worked for me:
Zimbra Unable to Determine Enabled Services From Ldap. Starting logger…Failed. – CK Web Logs
*******************Zimbra Unable to Determine Enabled Services From Ldap. Starting logger…Failed.
[zimbra@ck]$ zmcontrol start
Host quote.cklog.net
Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting logger...Failed.
Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target)
zimbra logger service is not enabled! failed.
The usual reason for this error is expired SSL certificate..
This error usually happens if your SSL certificate has expired. There are two solutions for this problem.
The first solution is renewing your certificate and deploying it with the following command :
[zimbra@ck]$ /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/your_new_ssl.crt /path/to/ca_bundle.crt
After this you need to restart zmcontrol.
The second solution is regenerating self-signed certificate.
[zimbra@ck]$ su - zimbra -c 'zmcontrol stop'
[zimbra@ck]$ rm -rf /opt/zimbra/ssl/*
[zimbra@ck]$ rm -rf /opt/zimbra/ssl/.rnd
[zimbra@ck]$ /opt/zimbra/java/bin/keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
[zimbra@ck]$ /opt/zimbra/java/bin/keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `su - zimbra -c 'zmlocalconfig -s -m nokey mailboxd_keystore_password'`
Than Yo need to edit /opt/zimbra/bin/zmcertmgr file ( you can use ‘vi’ )
Find validation_days=365 and change to validation_days=3650
And save /opt/zimbra/bin/zmcertmgr
[zimbra@ck]$ /opt/zimbra/bin/zmcertmgr createca -new
[zimbra@ck]$ /opt/zimbra/bin/zmcertmgr deployca -localonly
[zimbra@ck]$ /opt/zimbra/bin/zmcertmgr createcrt self -new
[zimbra@ck]$ /opt/zimbra/bin/zmcertmgr deploycrt self
[zimbra@ck]$ su - zimbra -c 'zmcontrol start'
[zimbra@ck]$ /opt/zimbra/bin/zmcertmgr deploycrt self
[zimbra@ck]$ /opt/zimbra/bin/zmcertmgr deployca
[zimbra@ck]$ su - zimbra -c 'zmupdateauthkeys'
[zimbra@ck]$ /opt/zimbra/bin/zmcertmgr viewdeployedcrt
Finally, zimbra back to work
******************************
I followed solution #2 for a self assigned cert. The only modifications I did to the solution was to su directly into zmcontrol for those commands and I used nano as the editor. Hope this helps anyone else who in the future also has this error.
Cheers!