Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Zimbra Collaboration Suite Appliance died on me

  1. #11
    Join Date
    Oct 2010
    Location
    Netherlands
    Posts
    11
    Rep Power
    4

    Default

    also, zmsshkeygen still gives me the same error:

    zimbra@zimbra:~$ zmsshkeygen
    Generating public/private dsa key pair.
    Your identification has been saved in /opt/zimbra/.ssh/zimbra_identity.
    Your public key has been saved in /opt/zimbra/.ssh/zimbra_identity.pub.
    The key fingerprint is:
    b0:3f:aa:67:b0:66:6a:e3:32:78:eb:60:db:8a:37:4a zimbra.infra.local
    ERROR: service.FAILURE (system failure: unable to lookup server by name: zimbra.infra.local message: [LDAP: error code 49 - Invalid Credentials]) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])
    zimbra@zimbra:~$

    As I mentioned before, the localconfig.xml file suddenly was empty. In this file, the passwords are set for LDAP access. Now when I look at the error message above, it stats that the credentials are invalid. Could there be a relation here?

  2. #12
    Join Date
    Oct 2010
    Location
    Netherlands
    Posts
    11
    Rep Power
    4

    Default

    Apparently I have a very complicated issue.. or so it seems..?

    Clues anyone..?
    Last edited by alex vmguru.nl; 10-27-2010 at 12:51 PM.

  3. #13
    Join Date
    Oct 2010
    Location
    Netherlands
    Posts
    11
    Rep Power
    4

    Thumbs down new start, old problems

    so, since nobody had a clue what to do, I decided to build a new server parallel to the appliance edition and move the data. I installed zimbra, kept the config exactly the same, used the same license file, same passwords etc. and moved the data.

    before moving the data, the server worked fine, no problems. I could log on and configure the server. After migrating the users and the data, I also migrated all my problems. Hurray..BUT I get more info now.

    So, we still have the locally installed DNS who points all MX records to the internal address of the zimbra server. I migrated the LDAP entries but I left the rest of the config behind. Now I get this when I start the server:

    zimbra@zimbra:~$ zmcontrol start
    Host zimbra.infra.local
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    Starting logger...Failed.
    Starting logswatch...ERROR: service.FAILURE (system failure: unable to lookup server by name: zimbra.infra.local message: [LDAP: error code 49 - Invalid Credentials]) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])
    zimbra logger service is not enabled! failed.


    Starting convertd...Done.
    Starting mailbox...Done.
    Starting memcached...Done.
    Starting antispam...Done.
    Starting antivirus...Done.
    Starting snmp...Done.
    Starting spell...Done.
    Starting mta...Done.
    Starting stats…Done.

    When I try to generate new certificates, I run into the next problems:

    root@zimbra:/opt/zimbra/bin# ./zmcertmgr createcrt -new -days 365Validation days: 365
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20101028020457
    ** Generating a server csr for download self -new -keysize 1024
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20101028020457
    ** Retrieving Commercial CA cert from ldap...failed.
    ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    root@zimbra:/opt/zimbra/bin# ./zmcertmgr deploycrt self** Saving server config key zimbraSSLCertificate...failed.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...failed.

    Exception in thread "main" java.io.IOException: Keystore was tampered with, or password was incorrect
    at sun.security.provider.JavaKeyStore.engineLoad(Java KeyStore.java:771)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad( JavaKeyStore.java:38)
    at java.security.KeyStore.load(KeyStore.java:1185)
    at com.zimbra.cert.MyPKCS12Import.main(MyPKCS12Import .java:98)
    Caused by: java.security.UnrecoverableKeyException: Password verification failed
    at sun.security.provider.JavaKeyStore.engineLoad(Java KeyStore.java:769)
    ... 3 more

    ** Installing CA to /opt/zimbra/conf/ca…done.

    So, I still stand with my previous remark that the problem is not within the name resolution but somewhere in the LDAP config. Also, when I run zmsshkeygen, the problem still occurs:
    Generating public/private dsa key pair.
    Your identification has been saved in /opt/zimbra/.ssh/zimbra_identity.
    Your public key has been saved in /opt/zimbra/.ssh/zimbra_identity.pub.
    The key fingerprint is:
    fc:c6:95:a6:db:a4:65:cb:ea:32:10:60:16:5b:14:1c zimbra.infra.local
    The key's randomart image is:
    +--[ DSA 1024]----+
    | .+Eo |
    | +o. |
    | o.. |
    | .. . |
    | .S + |
    | . o + |
    | . = + |
    | o. O . |
    | +=.+ |
    +-----------------+
    ERROR: service.FAILURE (system failure: unable to lookup server by name: zimbra.infra.local message: [LDAP: error code 49 - Invalid Credentials]) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])

    so, I am still stuck, even with a band new server, with the same trouble not getting forward.

    I hope anyone has a suggestion..?

    Any help is greatly appreciated.

    Cheers,
    Alex

  4. #14
    rdlal is offline New Member
    Join Date
    Sep 2010
    Posts
    3
    Rep Power
    4

    Default

    well.. i'm no zimbra expert nor ldap, but i'd say that's password mismatch

    you could nmap that box to see opened ports, and check if ldap is accepting connections..
    or simply telnet localhost 389

    if you're unable to do that, your ldap is not up

    if it responds, you can try resetting it (zmldappassword --help) and try again

    also you could try moving your old data to your fresh install, but not the ldap configuration folder, and see how it goes.

    im pretty sure this is not the "best practice solution", but you might be able to troubleshoot and actually find the problem.

    zmprov gas should work now, and show you active servers, otherwise you'll get ldap error

    Best of luck

  5. #15
    Join Date
    Oct 2010
    Location
    Netherlands
    Posts
    11
    Rep Power
    4

    Default

    well, I'm not completely up2date but the problem definitely was within the LDAP database. In the end Zimbra gave excellent service because an engineer of Zimbra spent a lot of time fixing our Zimbra box.

    Why it died is still a mystery though, and this bothers me a lot. But I guess we will never know.

    But, I must say, a big hand for Zimbra for fixing our box!

  6. #16
    pete irvine is offline Active Member
    Join Date
    May 2011
    Location
    Wellington
    Posts
    47
    Rep Power
    4

    Default I have the same problem

    what did the zimbra engineer do to fix your box ?

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Big Fubar on 5 FOSS GA Upgrade
    By uxbod in forum Administrators
    Replies: 24
    Last Post: 01-21-2008, 03:37 AM
  2. Cleanup after many upgrades
    By tobru in forum Installation
    Replies: 1
    Last Post: 12-23-2007, 09:21 AM
  3. huge log size
    By rmvg in forum Administrators
    Replies: 5
    Last Post: 01-02-2007, 10:39 AM
  4. Fedora Core 3, Clean Install - Not working!
    By pcjackson in forum Installation
    Replies: 17
    Last Post: 03-05-2006, 07:38 PM
  5. Mail logs
    By Rick Baker in forum Installation
    Replies: 8
    Last Post: 01-17-2006, 04:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •