Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: zmtlsctl command not completing successfully

  1. #1
    Join Date
    May 2008
    Posts
    19
    Rep Power
    7

    Default zmtlsctl command not completing successfully

    Hi, I have seen the various posts and the bug out there for network edition regarding the change to http from redirect and vice-versa and I have tried to modify my web.xml and web.xml.in files as appropriate and i'm still not having any luck. I uncommented the redirect block in web.xml and it actually redirects me to https, but there is nothing listening on 443 apparently.

    I am on 5.05 (open source edition) on Ubuntu 7.10 trying to change from "http" to "redirect" (or "both") for that matter. Aside from this weirdness everything else (including godaddy cert import) works like a champion. I know the cert is good because when i go to my 7071 admin port via https, there is no longer a self-signed certificate complaint.

    Here's what is happening:

    sudo -u zimbra ./zmtlsctl redirect

    Setting tls mode to redirect
    Updating /opt/zimbra/mailboxd/etc/jetty.xml.in...done.
    Updating /opt/zimbra/jetty/etc/zimbra.web.xml.in...done.
    Updating /opt/zimbra/jetty/etc/zimbraAdmin.web.xml.in...done.
    Updating PROTOCOL MODE in /opt/zimbra/mailboxd/etc/zimbra.web.xml.in...done.
    Rewriting config files for webxml and mailboxd...failed.

    When I look at the server options using the zmprov tool I see this:
    zimbraMailMode: http

    Here is what my nmap looks like, obviously nothing listening on 443, that is obviously the problem. How do i get it to listen on https?

    PORT STATE SERVICE
    22/tcp open ssh
    25/tcp open smtp
    53/tcp open domain
    110/tcp open pop3
    139/tcp open netbios-ssn
    143/tcp open imap
    445/tcp open microsoft-ds
    465/tcp open smtps
    631/tcp open ipp
    902/tcp open iss-realsecure-sensor
    953/tcp open rndc
    993/tcp open imaps
    995/tcp open pop3s
    3306/tcp open mysql
    5900/tcp open vnc
    8009/tcp open ajp13
    8888/tcp open sun-answerbook

    thanks
    Last edited by relay23; 05-29-2008 at 03:35 PM.

  2. #2
    Join Date
    Mar 2007
    Location
    Austin
    Posts
    441
    Rep Power
    8

    Default

    When trying to run (most) ZCS commands on your Zimbra server, you need to "su - zimbra" to become the zimbra user (sudo that if necessary). Then you can run commands like zmtlsctl.
    Last edited by p24t; 05-30-2008 at 07:40 AM. Reason: specified 'ZCS commands'

  3. #3
    Join Date
    May 2008
    Posts
    19
    Rep Power
    7

    Default

    Thanks, I'm definitely well familiar with that by now. here's what was mentioned above in bold.

    <snip>
    sudo -u zimbra ./zmtlsctl redirect
    </snip>

    ~~~~~~~~~by the way~~~

    it is worth noting that I did this on my fedora 7 box that is configured almost identically and it worked without a problem,, it started listening on 443 right away after using the "redirect" option.

    Could it be the ubuntu version that is the root of the problem? Does anyone know a way to work around this? thanks!

  4. #4
    Join Date
    Dec 2006
    Location
    Melbourne, AU
    Posts
    58
    Rep Power
    8

    Default

    What are the permissions of your files in /opt/zimbra/jetty-6.1.5/etc/?

    I've attached a listing of mine for comparison in case it's a permissions problem (This is from 5.0.6 FOSS edition on Debian).

    Code:
    zimbra@utopia:~$ ls -l /opt/zimbra/jetty/etc/
    total 132
    -r--r--r-- 1 zimbra zimbra  5055 May 23 04:42 jetty-setuid.xml
    -r--r----- 1 zimbra zimbra   836 Jun  1 08:58 jetty.properties
    -r--r--r-- 1 zimbra zimbra  1152 May 23 04:42 jetty.properties.in
    -r--r----- 1 zimbra zimbra 14759 Jun  1 08:58 jetty.xml
    -rw------- 1 zimbra zimbra 14518 Jun  1 08:58 jetty.xml.in
    -r--r--r-- 1 zimbra zimbra   289 May 23 04:42 jettyrc
    -rw-r--r-- 1 root   root    1461 May 28 05:11 keystore
    -r-xr-xr-x 1 zimbra zimbra 10283 May 23 04:42 service.web.xml.in
    -r--r--r-- 1 zimbra zimbra  2973 May 23 04:42 start.config
    -r--r--r-- 1 zimbra zimbra 27587 May 23 04:42 webdefault.xml
    -rw------- 1 zimbra zimbra 12354 Jun  1 08:58 zimbra.web.xml.in
    -rw------- 1 zimbra zimbra 12361 Jun  1 08:58 zimbraAdmin.web.xml.in

    Note that zmtlsctl is a bash script located in /opt/zimbra/bin/ so if the above doesn't help, perhaps looking at what the script does might give a clue as to why it's failing....

  5. #5
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Welcome to the forums,

    Though we had just fixed Bug 24884 - zmtlsctl doesn't update zimbra.web.xml.in or zimbraAdmin.web.xml.in .4/.5 & the all time favorite Bug 5594 - TLS mode "both" causes redirection limit problem in .5 I sort of remember another bug but can't find it - could you update to 5.0.6 & try again?

    http://www.zimbra.com/forums/announc...5-0-6-out.html

  6. #6
    Join Date
    May 2008
    Posts
    19
    Rep Power
    7

    Default

    Thanks for the permissions output sharing.. Mine looks about the same..

    total 144
    -r--r----- 1 zimbra zimbra 836 2008-05-28 11:31 jetty.properties
    -r--r--r-- 1 zimbra zimbra 1152 2008-05-22 15:19 jetty.properties.in
    -r--r--r-- 1 zimbra zimbra 289 2008-05-22 15:19 jettyrc
    -r--r--r-- 1 zimbra zimbra 5055 2008-05-22 15:19 jetty-setuid.xml
    -r--r----- 1 zimbra zimbra 14743 2008-05-28 11:31 jetty.xml
    -rw------- 1 zimbra zimbra 14518 2008-05-29 17:31 jetty.xml.in
    -rw-r--r-- 1 root root 5385 2008-05-29 15:32 keystore
    -rw-r----- 1 root root 1308 2008-05-29 16:01 mailboxd.der
    -rw-r----- 1 root root 1826 2008-05-29 16:01 mailboxd.pem
    -r-xr-xr-x 1 zimbra zimbra 10283 2008-05-22 15:19 service.web.xml.in
    -r--r--r-- 1 zimbra zimbra 2973 2008-05-22 15:19 start.config
    -r--r--r-- 1 zimbra zimbra 27587 2008-05-22 15:19 webdefault.xml
    -rw------- 1 zimbra zimbra 12352 2008-05-29 17:31 zimbraAdmin.web.xml.in
    -rw------- 1 zimbra zimbra 12344 2008-05-29 17:31 zimbra.web.xml.in

    I will definitely try to find the reason in the bash script, thanks for the pointers.

    After I do that I am going to try the update to 5.0.6!

    Thanks guys

  7. #7
    Join Date
    May 2008
    Posts
    19
    Rep Power
    7

    Default

    Well it turns out I was already on 5.0.6 I am looking through the zmtlsctl bash script and see this block:

    echo -n "Rewriting config files for webxml and mailboxd..."
    ${zimbra_home}/libexec/zmmtaconfig webxml mailbox > /dev/null 2>&1
    if [ $? = 0 ]; then
    echo "done."
    else
    echo "failed."
    exit 1
    fi
    }

    I have that /opt/zimbra/libexec/zmmtaconfig script but don't understand how to run it by itself by passing the right parameters to webxml and mailbox. My guess is that webxml is where it's failing but I really have no idea. When I run it manually i get the following:

    root@frontend:/opt/zimbra/jetty/webapps/zimbra/WEB-INF# sudo -u zimbra /opt/zimbra/libexec/zmmtaconfig webxml mailbox
    Thu Jun 5 14:11:11 2008 Skipping Configuration for server zimbra.mail.hssc.com No data returned.
    Thu Jun 5 14:11:11 2008 Key lookup failed.
    zmmtaconfig shutting down

  8. #8
    Join Date
    May 2008
    Posts
    19
    Rep Power
    7

    Default

    Still no luck on this,, and getting pretty desperate. Could someone please let me know how I can work around this issue? I'd really appreciate it.

  9. #9
    Join Date
    Jul 2006
    Location
    Milwaukee, WI
    Posts
    63
    Rep Power
    9

    Default

    Just want to say.. i have the same issue also.

    I am on Version 5.0.6_GA_2313.UBUNTU6_64.NETWORK May 22, 2008

    **edit**

    When the command is run i get this in my /var/log/messages

    Jun 13 13:49:31 mail zimbramon[5536]: 5536:info: zmmtaconfig: Sleeping...Key lookup failed.
    Jun 13 13:49:46 mail zimbramon[5536]: 5536:info: zmmtaconfig: Skipping Configuration for server xx.xx.xx No data returned.
    Jun 13 13:49:46 mail zimbramon[5536]: 5536:info: zmmtaconfig: Sleeping...Key lookup failed.

    I also updated the SSL cert to a paid cert. I didn't try changing the mode until that was done.
    Last edited by Spencer; 06-13-2008 at 11:51 AM. Reason: More information

  10. #10
    Join Date
    Jun 2008
    Location
    Lexington, KY
    Posts
    65
    Rep Power
    7

    Default

    I have the same issue.

    Running 5.0.6 on Ubuntu 6.06.2 x64

    God Bless,
    Marty

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •