Results 1 to 7 of 7

Thread: Migration Wizard problem with IMAP error

  1. #1
    Join Date
    Feb 2011
    Posts
    1
    Rep Power
    4

    Default Migration Wizard problem with IMAP error

    I'm trying to import users and mailboxes from a ZCS 6.0.1 FOSS to ZCS 7.0.0 FOSS.

    Importing users went ok, but when it came to importing the mailboxes it fails.
    I figure it has something to do with the certificate, but what and how do I fix it? Can anyone point me in the right direction?

    When I look in mailbox.log I find the following lines:

    .
    .
    .
    ExceptionId:Thread-184:1298408193238:16af3f115e71a164
    Code:service.FAILURE
    at com.zimbra.common.service.ServiceException.FAILURE (ServiceException.java:248)
    at com.zimbra.cs.datasource.imap.ConnectionManager.ne wConnection(ConnectionManager.java:168)
    at com.zimbra.cs.datasource.imap.ConnectionManager.op enConnection(ConnectionManager.java:84)
    at com.zimbra.cs.datasource.imap.ImapSync.connect(Ima pSync.java:111)
    at com.zimbra.cs.datasource.imap.ImapSync.importData( ImapSync.java:160)
    at com.zimbra.cs.datasource.imap.ImapSync.importData( ImapSync.java:134)
    at com.zimbra.cs.datasource.DataSourceManager.importD ata(DataSourceManager.java:312)
    at com.zimbra.cs.datasource.DataSourceManager.importD ata(DataSourceManager.java:276)
    at com.zimbra.bp.BulkIMAPImportTaskManager$SingleIMAP IMportThread.run(BulkIMAPImportTaskManager.java:25 2)
    Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:..."CERTIF ICATE STUFF"
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(S SLSocketImpl.java:1649)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:241)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:235)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:1206)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.proc essMessage(ClientHandshaker.java:136)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoo p(Handshaker.java:593)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_re cord(Handshaker.java:529)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:893)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1138)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1165)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1149)
    at com.zimbra.common.net.CustomSSLSocket.startHandsha ke(CustomSSLSocket.java:90)
    at com.zimbra.cs.mailclient.MailConnection.startTls(M ailConnection.java:100)
    at com.zimbra.cs.mailclient.MailConnection.connect(Ma ilConnection.java:84)
    at com.zimbra.cs.datasource.imap.ConnectionManager.ne wConnection(ConnectionManager.java:146)
    ... 7 more
    .
    .
    .

  2. #2
    Join Date
    Apr 2010
    Posts
    10
    Rep Power
    5

    Default

    same here ... some help pls

  3. #3
    Join Date
    Mar 2011
    Posts
    11
    Rep Power
    4

    Default

    Quote Originally Posted by ppetre View Post
    same here ... some help pls
    ...and another.

    Here's the source server:

    # # #

    2011-03-18 12:39:42,676 INFO [ImapSSLServer-1] [] imap - [172.*.*.*] connected
    2011-03-18 12:39:42,747 INFO [ImapSSLServer-1] [] ProtocolHandler - Exception occurred while handling
    connection
    javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:150)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:117)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAle rt(SSLSocketImpl.java:1650)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:925)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1089)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRe cord(SSLSocketImpl.java:618)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write (AppOutputStream.java:59)
    at java.io.BufferedOutputStream.flushBuffer(BufferedO utputStream.java:65)
    at java.io.BufferedOutputStream.flush(BufferedOutputS tream.java:123)
    at com.zimbra.cs.imap.TcpImapHandler.sendLine(TcpImap Handler.java:258)
    at com.zimbra.cs.imap.ImapHandler.sendResponse(ImapHa ndler.java:3533)
    at com.zimbra.cs.imap.ImapHandler.sendUntagged(ImapHa ndler.java:3524)
    at com.zimbra.cs.imap.TcpImapHandler.setupConnection( TcpImapHandler.java:64)
    at com.zimbra.cs.tcpserver.ProtocolHandler.run(Protoc olHandler.java:126)
    at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Wo rker.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:595)
    2011-03-18 12:39:42,748 INFO [ImapSSLServer-1] [] ProtocolHandler - Handler exiting normally

    # # #

    Here's the destination server:

    # # #

    2011-03-18 12:39:42,777 ERROR [Thread-85] [] extensions - Error in IMAP import task for account 3f249
    7ff-9a45-4cf5-86ae-998cf77b532c, datasource 68e7c9c9-ef86-4e22-84af-a04b22f22175
    com.zimbra.common.service.ServiceException: system failure: Unable to connect to IMAP server: DataSou
    rce: { id=68e7c9c9-ef86-4e22-84af-a04b22f22175, type=imap, isEnabled=true, name=__imap_import__, host
    ="DOMAIN_NAME", port=993, connectionType=ssl, username=admin, folderId=1 }
    ExceptionId:Thread-85:1300477182724:a8afd41ff165d181
    Code:service.FAILURE
    at com.zimbra.common.service.ServiceException.FAILURE (ServiceException.java:248)
    at com.zimbra.cs.datasource.imap.ConnectionManager.ne wConnection(ConnectionManager.java:168)
    at com.zimbra.cs.datasource.imap.ConnectionManager.op enConnection(ConnectionManager.java:84)
    at com.zimbra.cs.datasource.imap.ImapSync.connect(Ima pSync.java:112)
    at com.zimbra.cs.datasource.imap.ImapSync.importData( ImapSync.java:161)
    at com.zimbra.cs.datasource.imap.ImapSync.importData( ImapSync.java:135)
    at com.zimbra.cs.datasource.DataSourceManager.importD ata(DataSourceManager.java:312)
    at com.zimbra.cs.datasource.DataSourceManager.importD ata(DataSourceManager.java:276)
    at com.zimbra.bp.BulkIMAPImportTaskManager$SingleIMAP IMportThread.run(BulkIMAPImportTaskManag
    er.java:252)
    Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: d2:CN26:"DOMAIN.NAME":O33:"COMAPNY"2:OU26:"DEPARTM ENT"6:accep
    t4:true5:alias67:"HOST.NAME":10D78DFE5552EC0A7072A D2A0A26B4363E6B19C94:fromi1268816251
    000e4:host26:"HOSTNAME"3:icn16:"Level 1 CA"2:io27:"CA_NAME"3:io
    u15:"CERT"3:md532:"SOME_HEX_STRING":mismatch5:fals e1:s40:"SOME_HEX_STRING":"TYPE"40:"SOME_HEX_STRING ":toi"BLAH_BLAH"
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(S SLSocketImpl.java:1649)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:241)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:235)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:1206
    )
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.proc essMessage(ClientHandshaker.java:136)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoo p(Handshaker.java:593)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_re cord(Handshaker.java:529)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:893)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1138
    )
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1165)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1149)
    at com.zimbra.common.net.CustomSSLSocket.startHandsha ke(CustomSSLSocket.java:90)
    at com.zimbra.common.net.CustomSSLSocket.getInputStre am(CustomSSLSocket.java:341)
    at com.zimbra.cs.mailclient.MailConnection.connect(Ma ilConnection.java:75)
    at com.zimbra.cs.datasource.imap.ConnectionManager.ne wConnection(ConnectionManager.java:146)
    ... 7 more
    Caused by: java.security.cert.CertificateException: d2:CN26:"HOSTNAME"O33:"CITY":"COMPANY"2:OU26:"DEAP RTMENT"6:accept4:true5:alias67:"HOSTNAME":"SOME_HE X_STRING":from:host26:"HOSTNAME"3:icn:"Level 1 CA"2:io27:"CA_NAME"3:iou:"CERT"3:md532:"STUFF":mis match5:false1:s40:"SOME_HEX_STRING":"TYPE":"SOME_H EX_STRING":toi"BLAH_BLAH_BLAH"
    at com.zimbra.common.net.CustomTrustManager.checkServ erTrusted(CustomTrustManager.java:90)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:1198
    )

  4. #4
    Join Date
    Apr 2010
    Posts
    10
    Rep Power
    5

    Default

    wtf ... thw migration wizard is not workink . i try 7.0.1 same error

  5. #5
    Join Date
    Mar 2011
    Posts
    11
    Rep Power
    4

    Default Migration Tool Works w/Commercial Cert!!!

    I was able to get the migration tool to work with a commercial cert on the destination server (already had a comm cert on the source server). The self-signed cert always came up "unknown" and failed.

    Hope this helps,

    - Rob.

  6. #6
    Join Date
    Aug 2011
    Posts
    3
    Rep Power
    4

    Default Solution

    Hello to alls.

    In my migration, i had the same error, and the solution is:

    you have to import the ssl certificate from the old server (the .crt file) in the trusted keystore from the java of the zimbra.

    I used this command:

    /opt/zimbra/java/bin/keytool -import -alias oldserver -keystore /opt/zimbra/java/jre/lib/security/cacerts -import -trustcacerts -file /tmp/mail.second.medeiros.eng.br.crt

    (The password is 'changeit')

    With this the java will trust in the old certificate and dont refuse the certificate anymore.

    After do this, you have to restart the zimbra, and make the wizard without any problem.

    Sorry for my bad english, if some need question about this tell me in this thread.

    Thanks in advance

    Romeu Medeiros

  7. #7
    Join Date
    Jul 2012
    Posts
    12
    Rep Power
    3

    Default

    Quote Originally Posted by medeiros405 View Post
    Hello to alls.


    I used this command:

    /opt/zimbra/java/bin/keytool -import -alias oldserver -keystore /opt/zimbra/java/jre/lib/security/cacerts -import -trustcacerts -file /tmp/mail.second.medeiros.eng.br.crt

    (The password is 'changeit')
    If you get this kind of error with IMAP logins to external mailboxes, you need to import the CA crt or pem file from those IMAP servers. Beware imap servers on various flavours of linux that dont have commercial keys (which is what would cause this problem of course - most commercial cert roots are in zimbra already of course) - the openssl-snakeoil keys generally are generated without a CA (or without a CA file around to copy to zimbra). Regenerating your own CA and SSL key off it, then using those in your imap servers (dovecot, etc) by editing their configs, and copying the CA file to zimbra and importing it works.

Similar Threads

  1. Dropping IMAP connection during migration
    By RickATMS in forum Administrators
    Replies: 1
    Last Post: 11-29-2010, 10:58 AM
  2. Migration from Mac OS X to Centos - LDAP Problem
    By harreaic in forum Migration
    Replies: 2
    Last Post: 11-04-2010, 06:08 AM
  3. Replies: 1
    Last Post: 10-19-2010, 01:28 AM
  4. Replies: 2
    Last Post: 09-09-2007, 05:27 PM
  5. Replies: 5
    Last Post: 06-05-2007, 05:18 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •