Results 1 to 7 of 7

Thread: [SOLVED] zmmailboxmove :: timestamp check failed

  1. #1
    Join Date
    Jan 2007
    Posts
    22
    Rep Power
    8

    Default [SOLVED] zmmailboxmove :: timestamp check failed

    getting the following moving a mailbox to a new server using the zmmailboxmove CLI cmd:
    Error occurred: system failure: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed

    checked the ts on all the server and they are all correct, I set the TZ correctly during installation of the new server.

    this is prob an easy fix or something I am over looking, but I am in a crunch to get some mailboxes moved before a power loss to the existing building

    thanks

  2. #2
    Join Date
    Jan 2007
    Posts
    22
    Rep Power
    8

    Default

    which cert is validated for the mailmove?

    I see my master server has certs that are expired for MTA and LDAP, but have been expired since March .... (not sure why they weren't created for 2 yrs like the mailboxd) .... but do I have to recreate the these for this to work? Or am I looking in the wrong place.

    Here is the list of dates/certs from the admin console:
    Server1 MTA:
    Validation Days: Mar 11 15:20:21 2007 GMT - Mar 10 15:20:21 2008 GMT
    Server1 mailboxd:
    Validation Days: Mar 11 15:20:21 2007 GMT - Mar 10 15:20:21 2009 GMT
    Server1 ldap:
    Validation Days: Mar 11 15:20:21 2007 GMT - Mar 10 15:20:21 2008 GMT


    Server 2 (new):
    Certificate for Zimbra ldap Service:
    Validation Days: Jul 9 18:37:58 2008 GMT - Jul 9 18:37:58 2009 GMT
    Certificate for Zimbra mailboxd Service:
    Validation Days: Jul 9 18:37:58 2008 GMT - Jul 9 18:37:58 2009 GMT
    Certificate for Zimbra mta Service:
    Validation Days: Jul 9 18:37:58 2008 GMT - Jul 9 18:37:58 2009 GMT
    Certificate for Zimbra proxy Service:
    Validation Days: Jul 9 18:37:58 2008 GMT - Jul 9 18:37:58 2009 GMT

  3. #3
    Join Date
    Jan 2007
    Posts
    22
    Rep Power
    8

    Default

    bueller? bueller?

    linux to linux if that helps... looked at messages, zimbra.log and secure, I can't find anything extra logged about this.

  4. #4
    Join Date
    Jan 2007
    Posts
    22
    Rep Power
    8

    Default

    just got worse... noticed my backups have not run since upgrade to 5.0.7, which was the night of the 07/07 ... and I just installed the new server on the 9th.... tried running the zmbackup -f -a all manually as the zimbra user and get the timestamp check failed as well ....

  5. #5
    Join Date
    Jan 2007
    Posts
    22
    Rep Power
    8

    Default

    cannot even backup my newly installed server zmbackup -f -a all -s server.name.com ... get same timestamp check failed....

    5.0.7 on RHEL4 - clean install, everything installed but LDAP .... the ReplicaLDAP (ldap only) backs up just fine.

    so much for having one domain moved to the new server by tomorrow
    Last edited by skrewloose; 07-10-2008 at 10:36 AM.

  6. #6
    Join Date
    Jan 2007
    Posts
    22
    Rep Power
    8

    Default

    created new certificates to replace the two that had expired... waiting on a time to be able to cycle the server, I can see the new certs in the admin console, still getting same error when trying to backup (or anything for that matter) ....

    In the instructions ::
    this line didn't work: /opt/zimbra/bin/zmcertmgr deploycrt self

    I compared the files with the ldap contents and ended up running zmprov for each (like 4.x). Hope there isn't something else the new one does that I am missing now.

    and the chmod 644 to the keystores, had to do that, where v5 is says it doesn't and skip that step ...
    Last edited by skrewloose; 07-10-2008 at 12:09 PM.

  7. #7
    Join Date
    Jan 2007
    Posts
    22
    Rep Power
    8

    Default

    just an update - that was it - for that error anyway ... getting backups again... I couldn't find partial instructions on transferring/creating new keys from the new ca on other servers in a multiple server environment, not that big an issue on ldap replica, but my new server I tried partial instructions from the full version and apparently messed up ... I got the error of wrong server when using mailboxmove and read it was with the tomcat ssl (well jetty I guess for 5 but couldn't find exact instructions for 5) so used the path from the ssl instructions to export from both servers, but on import of the new server I got an error of the keystore being tampered with, blah blah ... and at 1am, I just started a new install with that box ... at least it was new and there were no mailboxes on it ....

    my test user wouldn't get mail from the new server after all that, kept getting lost connection for reason in the queue and the error was like the mailboxmove in the mailbox.log (wrong server, you want) ... deleting the mailbox and creating a new fixed the issue ...

    back to sending mail in/out of my test box, then will try the mailboxmove again ...

    I guess the "bigger" question I have... why if two keys expired in March, did it not complain until after the upgrade to 5.0.7??? Someone fix/add this check?
    Last edited by skrewloose; 07-11-2008 at 04:54 AM.

Similar Threads

  1. [SOLVED] Zimbra logwatch.
    By nishith in forum Administrators
    Replies: 5
    Last Post: 06-10-2009, 04:42 PM
  2. upgrading from 5.0.4 to 5.0.5 opensource
    By smoke in forum Installation
    Replies: 4
    Last Post: 10-19-2008, 10:38 AM
  3. Problem with Mail Server - Need help!
    By joeleo in forum Installation
    Replies: 2
    Last Post: 03-04-2008, 11:03 AM
  4. My Zimbra server down ... please help :)
    By frankb in forum Administrators
    Replies: 2
    Last Post: 12-12-2007, 10:29 AM
  5. Lotus migration
    By babou in forum Migration
    Replies: 15
    Last Post: 03-05-2007, 09:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •