Results 1 to 7 of 7

Thread: Cannot view certificate panel in Admin Console

  1. #1
    Join Date
    Jan 2008
    Location
    Escondido, CA
    Posts
    4
    Rep Power
    7

    Default Cannot view certificate panel in Admin Console

    Hi guys. I just upgraded from 5.0.0 to 5.0.5. Now when I go to the Certificates, click on my Service Host Name (mail.codecobblers.com) and hit "View Certificate", I get "Invalid Request". Clicking on "Details" gives me:

    Message: invalid request: missing required attribute: server Error code: service.INVALID_REQUEST Method: GetCertRequest Details:soap:Sender

    This worked fine on 5.0.0. Any idea what might have gone wrong?

    Thanks.
    Scott Maxwell
    Code Cobblers, Inc

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Code:
    su - zimbra
    cd /opt/zimbra/zimlets
    zmzimletctl deploy com_zimbra_cert_manager.zip

  3. #3
    Join Date
    Jan 2008
    Location
    Escondido, CA
    Posts
    4
    Rep Power
    7

    Default

    No change. com_zimbra_cert_manager was already deployed but I tried doing the deploy again. When that didn't help, I undeployed it, deployed it and restarted the server. Still no change.

    I noticed one more thing that may or may not be relevant. If I go to the Admin Extensions panel, I see com_zimbra_cert_manager listed. However, if I click on it, the "Undeploy" button remains grayed out.

    Here is the complete error message from mailbox.log in case it is useful:

    2008-05-08 08:14:07,256 INFO [btpool0-7] [name=scott@codecobblers.com;ip=69.230.17.254;ua=Zi mbraWebClient - IE7 (Win);] SoapEngine - handler exception
    com.zimbra.common.service.ServiceException: invalid request: missing required attribute: server
    ExceptionId:btpool0-7:1210259647256:dd41fce9121be8f6
    Code:service.INVALID_REQUEST
    at com.zimbra.common.service.ServiceException.INVALID _REQUEST(ServiceException.java:260)
    at com.zimbra.common.soap.Element.checkNull(Element.j ava:228)
    at com.zimbra.common.soap.Element.getAttribute(Elemen t.java:196)
    at com.zimbra.cert.GetCert.handle(GetCert.java:53)
    at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEng ine.java:391)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:250)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:156)
    at com.zimbra.soap.SoapServlet.doPost(SoapServlet.jav a:266)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:727)
    at com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:187)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:820)
    at org.mortbay.jetty.servlet.ServletHolder.handle(Ser vletHolder.java:487)
    at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1093)
    at org.mortbay.servlet.UserAgentFilter.doFilter(UserA gentFilter.java:81)
    at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter .java:132)
    at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1084)
    at org.mortbay.jetty.servlet.ServletHandler.handle(Se rvletHandler.java:360)
    at org.mortbay.jetty.security.SecurityHandler.handle( SecurityHandler.java:216)
    at org.mortbay.jetty.servlet.SessionHandler.handle(Se ssionHandler.java:181)
    at org.mortbay.jetty.handler.ContextHandler.handle(Co ntextHandler.java:716)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebA ppContext.java:406)
    at org.mortbay.jetty.handler.ContextHandlerCollection .handle(ContextHandlerCollection.java:211)
    at org.mortbay.jetty.handler.HandlerCollection.handle (HandlerCollection.java:114)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:139)
    at org.mortbay.jetty.handler.rewrite.RewriteHandler.h andle(RewriteHandler.java:315)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:139)
    at org.mortbay.jetty.Server.handle(Server.java:313)
    at org.mortbay.jetty.HttpConnection.handleRequest(Htt pConnection.java:506)
    at org.mortbay.jetty.HttpConnection$RequestHandler.co ntent(HttpConnection.java:844)
    at org.mortbay.jetty.HttpParser.parseNext(HttpParser. java:644)
    at org.mortbay.jetty.HttpParser.parseAvailable(HttpPa rser.java:205)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnec tion.java:381)
    at org.mortbay.io.nio.SelectChannelEndPoint.run(Selec tChannelEndPoint.java:396)
    at org.mortbay.thread.BoundedThreadPool$PoolThread.ru n(BoundedThreadPool.java:442)

    Any other suggestions?

    Thanks.
    Scott Maxwell
    Code Cobblers, Inc

  4. #4
    Join Date
    Oct 2008
    Posts
    3
    Rep Power
    0

    Default

    I get the same error message over here. Followed the advice of (re-)deploying the extension, but to no avail.

    Have you managed to solve that problem by now?

    Might this be linked to the fact that I've changed the local server name a few days ago?

    Code:
    2008-10-06 11:54:16,002 INFO  [btpool0-7] [name=ckesselh@<my domain>.com;mid=5;ip=172.20.2.213;ua=ZimbraWebClient - FF3.0 (Linux);] SoapEngine - handler exception
    com.zimbra.common.service.ServiceException: system failure: exception during auth {RemoteManager: mail.<my domain>.com->zimbra@mail.<my domain>.lu:22}
    ExceptionId:btpool0-7:1223286856002:7ede8c72eeefa39c
    Code:service.FAILURE
    	at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:253)
    	at com.zimbra.cs.rmgmt.RemoteManager.getSession(RemoteManager.java:192)
    	at com.zimbra.cs.rmgmt.RemoteManager.execute(RemoteManager.java:126)
    	at com.zimbra.cert.GetCert.handle(GetCert.java:90)
    	at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:411)
    	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:268)
    	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:160)
    	at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:266)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    	at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:188)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    	at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
    	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093)
    	at org.mortbay.servlet.UserAgentFilter.doFilter(UserAgentFilter.java:81)
    	at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter.java:132)
    	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
    	at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
    	at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
    	at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
    	at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:716)
    	at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:406)
    	at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:211)
    	at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
    	at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
    	at org.mortbay.jetty.handler.rewrite.RewriteHandler.handle(RewriteHandler.java:350)
    	at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
    	at org.mortbay.jetty.Server.handle(Server.java:313)
    	at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506)
    	at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:844)
    	at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:644)
    	at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
    	at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381)
    	at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)
    	at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)
    Caused by: java.io.IOException: Publickey authentication failed.
    	at ch.ethz.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:259)
    	at ch.ethz.ssh2.Connection.authenticateWithPublicKey(Connection.java:371)
    	at ch.ethz.ssh2.Connection.authenticateWithPublicKey(Connection.java:422)
    	at com.zimbra.cs.rmgmt.RemoteManager.getSession(RemoteManager.java:184)
    	... 32 more
    Caused by: java.io.IOException: The connection is closed.
    	at ch.ethz.ssh2.auth.AuthenticationManager.deQueue(AuthenticationManager.java:77)
    	at ch.ethz.ssh2.auth.AuthenticationManager.getNextMessage(AuthenticationManager.java:99)
    	at ch.ethz.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:234)
    	... 35 more
    Caused by: java.io.IOException: Cannot read full block, EOF reached.
    	at ch.ethz.ssh2.crypto.cipher.CipherInputStream.getBlock(CipherInputStream.java:81)
    	at ch.ethz.ssh2.crypto.cipher.CipherInputStream.read(CipherInputStream.java:108)
    	at ch.ethz.ssh2.transport.TransportConnection.receiveMessage(TransportConnection.java:231)
    	at ch.ethz.ssh2.transport.TransportManager.receiveLoop(TransportManager.java:520)
    	at ch.ethz.ssh2.transport.TransportManager$1.run(TransportManager.java:315)
    	at java.lang.Thread.run(Thread.java:595)
    Thnx,

    Chris
    Last edited by ckesselh; 10-06-2008 at 04:32 AM.

  5. #5
    Join Date
    Oct 2008
    Posts
    3
    Rep Power
    0

    Default

    This is what "ssh -vvv -i /opt/zimbra/.ssh/zimbra_identity zimbra@localhost" gives me:
    Code:
    OpenSSH_4.3p2 Debian-9etch3, OpenSSL 0.9.8c 05 Sep 2006
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to localhost [127.0.0.1] port 22.
    debug1: Connection established.
    debug3: Not a RSA1 key file /opt/zimbra/.ssh/zimbra_identity.
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: missing keytype
    debug1: identity file /opt/zimbra/.ssh/zimbra_identity type 2
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-9etch3
    debug1: match: OpenSSH_4.3p2 Debian-9etch3 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-9etch3
    debug2: fd 3 setting O_NONBLOCK
    debug1: An invalid name was supplied
    Configuration file does not specify default realm
    
    debug1: An invalid name was supplied
    A parameter was malformed
    Validation error
    
    debug1: An invalid name was supplied
    Configuration file does not specify default realm
    
    debug1: An invalid name was supplied
    A parameter was malformed
    Validation error
    
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: first_kex_follows 0 
    debug2: kex_parse_kexinit: reserved 0 
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: first_kex_follows 0 
    debug2: kex_parse_kexinit: reserved 0 
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug2: dh_gen_key: priv key bits set: 119/256
    debug2: bits set: 552/1024
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug3: check_host_in_hostfile: filename /opt/zimbra/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug1: Host 'localhost' is known and matches the RSA host key.
    debug1: Found key in /opt/zimbra/.ssh/known_hosts:1
    debug2: bits set: 497/1024
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /opt/zimbra/.ssh/zimbra_identity (0x8096620)
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
    debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
    debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
    debug3: authmethod_lookup gssapi-keyex
    debug3: remaining preferred: gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
    debug3: authmethod_is_enabled gssapi-keyex
    debug1: Next authentication method: gssapi-keyex
    debug1: No valid Key exchange context
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup gssapi-with-mic
    debug3: remaining preferred: gssapi,publickey,keyboard-interactive,password
    debug3: authmethod_is_enabled gssapi-with-mic
    debug1: Next authentication method: gssapi-with-mic
    debug1: An invalid name was supplied
    Configuration file does not specify default realm
    
    debug1: An invalid name was supplied
    Configuration file does not specify default realm
    
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Offering public key: /opt/zimbra/.ssh/zimbra_identity
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred: ,password
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password
    zimbra@localhost's password:
    Any idea?

    Chris
    Last edited by ckesselh; 10-06-2008 at 04:37 AM.

  6. #6
    Join Date
    Jan 2008
    Location
    Escondido, CA
    Posts
    4
    Rep Power
    7

    Default

    Quote Originally Posted by ckesselh View Post
    I get the same error message over here. Followed the advice of (re-)deploying the extension, but to no avail.

    Have you managed to solve that problem by now?
    I solved the problem but I think I did so by simply installing the next release of Zimbra when it came out. To install the certificate, I had to use the manual process. That had changed since I got my SSL cert so I had to recert with GoDaddy.

    Good luck.
    Scott Maxwell
    Code Cobblers, Inc

  7. #7
    Join Date
    Oct 2008
    Posts
    3
    Rep Power
    0

    Default

    Solved it. One of my colleagues recently enabled pam_access with a configuration like the one below (from /etc/security/access.conf) and forgot that Zimbra was not in the list of users for which a remote login was to be accepted:
    Code:
    # Deny every login if the user isn't either root or
    # one of the acknowledge unix users.
    #
    -:ALL EXCEPT root unix-users:ALL
    Once I add the adm group or zimbra user to that white-list, everything goes back to normal.

    Thanks,

    Chris

Similar Threads

  1. Replies: 2
    Last Post: 05-05-2008, 06:50 PM
  2. Not able to view Admin Console....
    By worldwidenandhu in forum Installation
    Replies: 2
    Last Post: 11-01-2007, 08:47 AM
  3. Silly mistake -- now cant log into admin console
    By animasana in forum Administrators
    Replies: 10
    Last Post: 07-05-2007, 05:00 AM
  4. View Mails in Admin Console
    By rajan in forum Administrators
    Replies: 1
    Last Post: 05-07-2007, 12:58 AM
  5. view mail in admin console
    By randyg in forum Administrators
    Replies: 1
    Last Post: 05-03-2007, 09:04 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •