Results 1 to 4 of 4

Thread: UI Errors in viewing multi servers.

  1. #1
    Join Date
    Mar 2010
    Posts
    23
    Rep Power
    5

    Default UI Errors in viewing multi servers.

    I attempted this method to start a migration from one zimbra host to another:

    Preferred Method of Moving Users To New Machine (zmmailboxmove - Network Edition Only) - Zimbra :: Wiki

    It seems like most things are working however when I try to view server status and other multi-server specific item in the admin I get errors in the UI.

    It seems to boil down to the SSL Cert and or the SSH keys. I tried to run

    zmsshkeygen on the new host and get this error:

    ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target)
    [zimbra@mail log]$ zmupdateauthkeys
    Same goes for zmupdateauthkeys.

    If I run zmupdateauthkeys on the old host I don't get that error, but it does fail to find the ssh key it's trying to retrieve from the new server.

    My two hosts are zimbra.company.com and mail.company.com, mail is the new one. zimbra.company.com has a signed cert from a third party. mail.company.com was setup by the installer with a cert signed by the ca installed on zimbra.company.com.

    I've seen similar errors discussed on the forum, but no solutions for me. All of the ones I found were single server or multi-server with self signed certs. And I don't think the directions are applicable to this environment. This document covers other scenarios but not multi server, commercial certs.

    Administration Console and CLI Certificate Tools - Zimbra :: Wiki

    I'm thinking I might need to put the zimbra CA cert on mail so mail trusts it's own cert? (I'm not ready to get a 3rd party cert for this guy just yet) But I wanted to bounce it here before I start breaking things.

  2. #2
    Join Date
    May 2008
    Location
    California!
    Posts
    226
    Rep Power
    7

    Default

    Quote Originally Posted by jeffbearer View Post
    I attempted this method to start a migration from one zimbra host to another:

    Preferred Method of Moving Users To New Machine (zmmailboxmove - Network Edition Only) - Zimbra :: Wiki

    It seems like most things are working however when I try to view server status and other multi-server specific item in the admin I get errors in the UI.

    It seems to boil down to the SSL Cert and or the SSH keys. I tried to run

    zmsshkeygen on the new host and get this error:



    Same goes for zmupdateauthkeys.

    If I run zmupdateauthkeys on the old host I don't get that error, but it does fail to find the ssh key it's trying to retrieve from the new server.

    My two hosts are zimbra.company.com and mail.company.com, mail is the new one. zimbra.company.com has a signed cert from a third party. mail.company.com was setup by the installer with a cert signed by the ca installed on zimbra.company.com.

    I've seen similar errors discussed on the forum, but no solutions for me. All of the ones I found were single server or multi-server with self signed certs. And I don't think the directions are applicable to this environment. This document covers other scenarios but not multi server, commercial certs.

    Administration Console and CLI Certificate Tools - Zimbra :: Wiki

    I'm thinking I might need to put the zimbra CA cert on mail so mail trusts it's own cert? (I'm not ready to get a 3rd party cert for this guy just yet) But I wanted to bounce it here before I start breaking things.
    You describe my exact problem. Did you ever fix this?

  3. #3
    Join Date
    Mar 2010
    Posts
    23
    Rep Power
    5

    Default

    I've been trying to recall all day what the solution was but I can't, I'm sorry. It might have been to put the CA cert from the old server onto the new one. Or I got a CA signed certificate for the new server. Sorry I can't be of more help.

  4. #4
    Join Date
    May 2008
    Location
    California!
    Posts
    226
    Rep Power
    7

    Default

    Finally solved this problem. Actually found 2 ways to solve:

    1) Purchase and install signed certificate
    2) Allow untrusted certificate - (run as zimbra user: zmlocalconfig -e ssl_allow_untrusted_certs=true)

Similar Threads

  1. multi servers in different timezone
    By tiger2000 in forum Administrators
    Replies: 2
    Last Post: 07-01-2011, 09:09 PM
  2. [SOLVED] Adding user with multi mailbox servers
    By Pro21 in forum Administrators
    Replies: 2
    Last Post: 04-13-2011, 07:08 AM
  3. Replies: 0
    Last Post: 12-11-2010, 12:35 PM
  4. Multi site - multi server - multi location
    By pedro in forum Installation
    Replies: 0
    Last Post: 06-22-2007, 01:24 PM
  5. Multi LDAP servers for authentication
    By JasonChase in forum Administrators
    Replies: 4
    Last Post: 10-01-2006, 04:22 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •