Results 1 to 2 of 2

Thread: [SOLVED] Zimbra Master + Replica Upgrade

  1. #1
    Join Date
    Dec 2009
    Rep Power

    Default [SOLVED] Zimbra Master + Replica Upgrade


    My System:
    OS: Ubuntu 8.04 LTS
    Zimbra Master (m01-zimbra.local)
    Zimbra replica01 (r01-zimbra.local)
    Zimbra replica02 (r02-zimbra.local)

    Yesterday i have upgraded alle Servers from 6.03 to 6.05. After that the System does not work anymore

    If i create a new user on the Master the user is not replied to the replicas.
    On the replicas i get the following error in the "/var/log/zimbra.log":
    Mar 29 14:10:30 r01-zimbra slapd[3808]: slap_client_connect: URI=ldap://m01-zimbra.local:389 Error, ldap_start_tls failed (-11) 
    Mar 29 14:10:30 r01-zimbra slapd[3808]: do_syncrepl: rid=100 rc -11 retrying
    For this i have found the following:

    So i have tried a few things. In the "/opt/zimbra/conf/ca/" folter are two files and one Symlink
    ls -alhs
    insgesamt 16K
    4,0K drwxr-xr-x 2 root   root   4,0K 2010-03-29 13:59 .
    4,0K drwxr-xr-x 9 zimbra zimbra 4,0K 2010-03-29 14:03 ..
       0 lrwxrwxrwx 1 root   root      6 2010-03-29 13:59 2767710d.0 -> ca.pem
    4,0K -rw-r----- 1 zimbra zimbra  887 2010-03-29 13:59 ca.key
    4,0K -rw-r----- 1 zimbra zimbra  993 2010-03-29 13:59 ca.pem
    Delete the three files on the replicas and replace it with the files from the master -> Reboot everything -> Does not work
    Create new certificates on the WebGUI -> Reboot everything -> Does not work
    Replace the three files on all servers with the files from my backups -> Reboot everything -> Does not work

    I don't understand why nothing of this is working. In my backups the private key (ca.key), the cert (ca.pem) and the symlink are the same on all machines.

    Has someone an idea how i get my replicas working?


    I have also found the Bugreport to this:
    Bug 45048 – LDAP replication fails with self-signed certificates and different certificate authorities

    The Bug is marked as RESOLVED, so there should be a fin in 6.0.6 oder 6.0.7. But i can't wait for this
    The promoted workarounds does also not work (see above). Has someone a working workaround for this Problem?
    Last edited by yogg1; 03-29-2010 at 07:02 AM.
    Release 7.1.2_GA_3268.UBUNTU8_64 UBUNTU8_64 NETWORK edition.

  2. #2
    Join Date
    Dec 2009
    Rep Power


    The Problem is solved now.

    The only thing to do is, replacing the ca.pem file on all replicas with the ca.pem file from the master and create a new symlink (with the hash).
    This works fine with "c_rehash".

    Release 7.1.2_GA_3268.UBUNTU8_64 UBUNTU8_64 NETWORK edition.

Similar Threads

  1. ldap id2entry.bdb has bad LSN
    By pixelplumber in forum Administrators
    Replies: 5
    Last Post: 02-03-2010, 09:44 PM
  2. [SOLVED] Important Mta Issue!!!!!!!!
    By borngunners in forum Migration
    Replies: 2
    Last Post: 01-05-2010, 05:44 AM
  3. dspam logrotate errors
    By michaeln in forum Users
    Replies: 7
    Last Post: 02-19-2007, 11:45 AM
  4. Unable to start tomcat
    By chanck in forum Administrators
    Replies: 11
    Last Post: 06-11-2006, 12:58 AM
  5. Fedora Core 3, Clean Install - Not working!
    By pcjackson in forum Installation
    Replies: 17
    Last Post: 03-05-2006, 06:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts