Results 1 to 6 of 6

Thread: [SOLVED] Zimbra 6 mailboxd and zmmailboxdctl do not start after upgrade (solution)

Threaded View

  1. #1
    Join Date
    Jul 2006
    Location
    Australia, ACT
    Posts
    197
    Rep Power
    9

    Smile [SOLVED] Zimbra 6 mailboxd and zmmailboxdctl do not start after upgrade (solution)

    Short Explanation
    Step 1: Re-create and install self-signed SSL certificates.
    As root:
    Code:
    /opt/zimbra/bin/zmcertmgr createca -new
    /opt/zimbra/bin/zmcertmgr deployca
    /opt/zimbra/bin/zmcertmgr deploycrt self
    
    Or (if the /opt/zimbra/bin/zmcertmgr viewdeployedcrt indicates that the SSL certificate was not updated) 
    /opt/zimbra/bin/zmcertmgr createca -new
    /opt/zimbra/bin/zmcertmgr deployca -localonly
    /opt/zimbra/bin/zmcertmgr createcrt self -new
    /opt/zimbra/bin/zmcertmgr deploycrt self
    
    As zimbra:
    zmcontrol stop && zmcontrol start
    From Problem with Certificate can cause MTA Failure - Zimbra :: Wiki

    How to solve the Exception in thread "main" java.io.IOException: Keystore was tampered with, or password was incorrect
    If you see this receive this error for the command: /opt/zimbra/bin/zmcertmgr deploycrt self
    Code:
    # /opt/zimbra/bin/zmcertmgr deploycrt self
    ** Saving server config key zimbraSSLCertificate...failed.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...failed.
    
    Exception in thread "main" java.io.IOException: Keystore was tampered with, or password was incorrect
    	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
    	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
    	at java.security.KeyStore.load(KeyStore.java:1185)
    	at com.zimbra.cert.MyPKCS12Import.main(MyPKCS12Import.java:98)
    Caused by: java.security.UnrecoverableKeyException: Password verification failed
    	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
    	... 3 more
    
    ** Installing CA to /opt/zimbra/conf/ca...done.
    Then the solution is to do this as root:
    Code:
    # mv /opt/zimbra/mailboxd/etc/keystore /root/keystore.old
    # /opt/zimbra/bin/zmcertmgr deploycrt self
    See Ajcody-Notes-SSLCerts - Keystore Password Errors - Server Move Stuff - Zimbra :: Wiki

    Step 2: Re-install your commercial SSL certificates (if any)
    Geotrust SSL certificate, Installing a GeoTrust Commercial Certificate - Zimbra :: Wiki
    RapidSSL SSL certificate, 5.x Commercial Certificates Guide - Zimbra :: Wiki

    Long Explanation
    Upgraded a Zimbra 5.0.18 SLES10 server last night and everything went well with the install upgrade. And even when the Zimbra service started no errors were reported and all services appeared to start OK.

    However, when trying to access Zimbra Admin UI or Zimbra Web UI, no response. Running
    Code:
    zmcontrol status
    shows that the mailbox process is not running at all!

    Check the /var/log/zimbra.log and there are no errors about mailbox but a lot of email being deferred as the mailbox server is not available.

    The only errors are reported in /opt/zimbra/log/zmmailboxd.out
    Code:
    Zimbra server reserving server socket port=110 bindaddr=null ssl=false
    Zimbra server reserving server socket port=995 bindaddr=null ssl=true
    Fatal error. exception while binding to ports.
    Java.net.BindException: cannot assign requested address
    The above error message are misleading and from searching the forums can indicate any number of problems (see references below) from DNS to networking etc.

    In my case, what worked was to replace the commercial SSL certificate which were valid and installed correctly (working in ZCS 5) with new self-signed certificate. And then to re-install the commercial SSL certificate again. Thinking about this again, you can probably just skip the self-signed SSL install and just re-install the commercial SSL. Will try that next time.

    It is important to note that the commercial SSL certificate had NOT expired and was working fine in Zimbra 5.

    Steps are below:
    1. Make sure you have a backup of the commercial certificate, csr etc and root certificate as these are just about to be deleted!

    As root:
    Code:
    cp -r /opt/zimbra/ssl/zimbra/commercial ~/ssl-backup
    2. Reset the certificates with a self-signed certificate, Problem with Certificate can cause MTA Failure - Zimbra :: Wiki

    As root:
    Code:
    /opt/zimbra/bin/zmcertmgr createca -new
    /opt/zimbra/bin/zmcertmgr deployca
    /opt/zimbra/bin/zmcertmgr deploycrt self
    As zimbra:
    Code:
    zmcontrol stop && zmcontrol start
    3. Re-install your commercial SSL certificates
    As root:
    Code:
    /opt/zimbra/bin/zmcertmgr deploycrt comm /root/ssl-backup/commercial.crt  /root/ssl-backup/commercial_ca.crt
    As zimbra:
    Code:
    zmmailboxdctl stop
    zmmailboxdctl start
    Now check Zimbra status with zmcontrol status and via Web Mail

    Other methods to install SSL certificates:
    Geotrust SSL certificate, Installing a GeoTrust Commercial Certificate - Zimbra :: Wiki
    RapidSSL SSL certificate, 5.x Commercial Certificates Guide - Zimbra :: Wiki


    Some other possible solutions:
    https://www.zimbra.com/forums/admini...t-running.html
    http://www.zimbra.com/forums/install...-ssl-cert.html
    http://www.zimbra.com/forums/adminis...mplemente.html
    http://www.zimbra.com/forums/install...nate-port.html
    http://www.zimbra.com/forums/adminis...mmailboxd.html
    Last edited by greenrenault; 02-20-2011 at 06:46 PM. Reason: Add solution for the Keystore was tampered with, or password was incorrect

    http://agilemail.com.au

    Your Australian Zimbra experts
    Sales, consulting, installation, support

Similar Threads

  1. Replies: 5
    Last Post: 01-16-2009, 05:13 PM
  2. Mailboxd fails to start
    By sfoe in forum Installation
    Replies: 4
    Last Post: 10-26-2008, 01:28 AM
  3. [SOLVED] 5.0 RC1 - mailboxd won't start after a reboot
    By staufj22 in forum Installation
    Replies: 17
    Last Post: 10-22-2007, 08:26 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •