Dear All,

I work for a small company and we have been using Zimbra almost a year and we are really happy with the product!

We are currently running Release 7.1.3_GA_3346.UBUNTU10_64 UBUNTU10_64 FOSS edition on a Single-Server but would like to upgrade to the latest 8.x.x FOSS release. Evetually we will upgrade to the latest supported Ubuntu release.

Now my problem:

This week a tried to upgrade to 8.0.2. But it failed. Luckily the restore from backup process worked without hazzle so no real damage done!

We are running zimbra on a virtual machine without any other software packages installed. However the server is located in our intranet and send and receive mails through a relay host. The server name is x in the domain y.z. Communucation with the WAN/Internet is limited to imap, http through a firewall.

I performed the following steps:

1. /opt/zimbra/bin/zmcertmgr viewdeployedcrt - to verify that our certificates have not expired
2. zmcontrol stop - Stopped zimbra
3. unattended-upgrade - To verify that there are no pending sceurity updates
4. mv /etc/init.d/zimbra /root/ - Prevent zimbra to start on boot
5. cp -a /opt/zimbra /opt/zimbra.bup
6. Shut down the virual machine and made a backup
7. Disconnected the vm from the network (removed virtual network adapter)
8. Restarted the vm.
9. cd /.../installers/zcs-8.0.2_GA_5569.UBUNTU10_64...
10. screen ./install

The install process ran for (about half an hour) with some errors displayed on the sccreen:

Code:
mysql.general_log Error    : You can't use locks with log tables.
mysql.slow_log Error    : You can't use locks with log tables.
Adding x.y.z to zimbraMailHostPool in default COS...failed.
Setting Keyboard Shortcut Preferences...failed.
Setting zimbraFeatureTasksEnabled=TRUE...failed.
Setting zimbraFeatureBriefcasesEnabled=TRUE...failed.
Setting MTA auth host...failed.
Setting TimeZone Preference...failed.
Creating user spam.unjskakkv@x.y.z...failed.
Creating user ham.r7pegyxs@lx.y.z...failed.
Creating user virus-quarantine.8b66vkzh7g@x.y.z...failed.
Setting spam training and Anti-virus quarantine accounts...failed.
Setting spam training and Anti-virus quarantine accounts...failed.
Installing common zimlets...
        com_zimbra_adminversioncheck...failed. This may impact system functionality.
/ ... And more ... /
        com_zimbra_ymemoticons...failed. This may impact system functionality.
Finished installing common zimlets.
However the relevant /opt/zimbra/log/zmsetup.txt has severe errors, here are the relevant selection:

Code:
Tue Jan  8 16:31:37 2013 Removing /opt/zimbra/ssl/zimbra/{ca,server} to force creation or download of new ca and certificates.
Tue Jan  8 16:31:37 2013 Skipping update of unchanged value for ssl_allow_untrusted_certs=true.
Tue Jan  8 16:35:40 2013 Skipping update of unchanged value for ssl_allow_untrusted_certs=true.
Tue Jan  8 16:35:40 2013 Setting local config ssl_allow_mismatched_certs to true
Tue Jan  8 16:35:45 2013 Setting up CA...
Tue Jan  8 16:35:45 2013 *** Running as root user: /opt/zimbra/openssl/bin/openssl verify -purpose sslserver -CAfile /opt/zimbra/conf/ca/ca.pem /opt/zimbra/conf/ca/ca.pem | egrep "^error 10"
error 10 at 0 depth lookup:certificate has expired
Tue Jan  8 16:35:45 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr createca -new
** Creating directory /opt/zimbra/ssl/zimbra/ca
** Creating directory /opt/zimbra/ssl/zimbra/server
** Creating directory /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
Tue Jan  8 16:35:46 2013 done.
Tue Jan  8 16:35:46 2013 Deploying CA to /opt/zimbra/conf/ca ...
Tue Jan  8 16:35:46 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr deployca -localonly
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
** Copying CA to /opt/zimbra/conf/ca...done.
Tue Jan  8 16:35:47 2013 done.
Tue Jan  8 16:35:47 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr verifycrt comm > /dev/null 2>&1
** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /opt/zimbra/ssl/zimbra/commercial/commercial.crt: OK
Tue Jan  8 16:38:56 2013 Saving CA in ldap ...
Tue Jan  8 16:38:56 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr deployca
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
** Saving global config key zimbraCertAuthorityCertSelfSigned...failed.
** Saving global config key zimbraCertAuthorityKeySelfSigned...failed.
** Copying CA to /opt/zimbra/conf/ca...done.
Tue Jan  8 16:39:03 2013 done.
Tue Jan  8 16:39:03 2013 Saving SSL Certificate in ldap ...
Tue Jan  8 16:39:03 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr savecrt comm
** Saving server config key zimbraSSLCertificate...failed.
** Saving server config key zimbraSSLPrivateKey...failed.
Tue Jan  8 16:39:08 2013 done.
Tue Jan  8 16:39:08 2013 Setting spell check URL...
Tue Jan  8 16:39:08 2013 Updating cached config attribute for Server x.y.z: zimbraSpellCheckURL=http://x.y.z:7780/aspell.php
Tue Jan  8 16:39:08 2013 *** Running as zimbra user: /opt/zimbra/bin/zmprov -r -m -l ms x.y.z  zimbraSpellCheckURL 'http://x.y.z:7780/aspell.php'
[] FATAL: failed to initialize LDAP client
com.zimbra.cs.ldap.LdapException: LDAP error: : An error occurred while attempting to connect to server x.y.z:389:  java.io.IOException: An error occurred while attempting to establish a connection to server x.y.z:389:  java.net.SocketException: Network is unreachable
ExceptionId:main:1357659551431:f30ef83c9df2dfc5
Code:ldap.LDAP_ERROR
    at com.zimbra.cs.ldap.LdapException.LDAP_ERROR(LdapException.java:88)
    at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:72)
    at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:38)
    at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:117)
    at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnectionPool(LdapConnectionPool.java:64)
    at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.init(UBIDLdapContext.java:95)
    at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.init(UBIDLdapClient.java:37)
    at com.zimbra.cs.ldap.LdapClient.getInstance(LdapClient.java:63)
    at com.zimbra.cs.ldap.LdapClient.initialize(LdapClient.java:86)
    at com.zimbra.cs.account.ldap.LdapProv.<init>(LdapProv.java:46)
    at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:256)
    at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:253)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
    at java.lang.Class.newInstance0(Class.java:372)
    at java.lang.Class.newInstance(Class.java:325)
    at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:278)
    at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:238)
    at com.zimbra.cs.account.ProvUtil.initProvisioning(ProvUtil.java:745)
    at com.zimbra.cs.account.ProvUtil.main(ProvUtil.java:3509)
Caused by: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server x.y.z:389:  java.io.IOException: An error occurred while attempting to establish a connection to server x.y.z:389:  java.net.SocketException: Network is unreachable')
    at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:741)
    at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:675)
    at com.unboundid.ldap.sdk.LDAPConnection.<init>(LDAPConnection.java:507)
    at com.unboundid.ldap.sdk.SingleServerSet.getConnection(SingleServerSet.java:229)
    at com.unboundid.ldap.sdk.ServerSet.getConnection(ServerSet.java:98)
    at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:616)
    at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:562)
    at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:113)
    ... 18 more
Caused by: java.io.IOException: An error occurred while attempting to establish a connection to server x.y.z:389:  java.net.SocketException: Network is unreachable
    at com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:142)
    at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:732)
    ... 25 more
Tue Jan  8 16:39:11 2013 failed.
The LDAP error is then repeated many many times.

As you see from the zmsetup snippet I suspect there is a problem with the certificates. We are not using a purchased commercial certificate but have created our own CA certificate (not sigend by any other CA). The certificate installed on the Zimbra server, as a comercial certificate, is sigend by our own CA-key. (I'm sorry if I am a bit vague or unclear here but my knowledge concering these matters is somewhat limited.) We did install our certificate using zmcertmgr from the command line and it has worked flawlessly so far. However I have noted (using zmprov gacl) that the zimbraSSLCertificate and zimbraSSLPrivateKey are missing in the LDAP config (zimbraCertAuthorityCertSelfSigned and zimbraCertAuthorityKeySelfSigned are present).

I would really appreciate any hints on what went wrong and hints or qulified guesses on what to do to fix the problem.