Results 1 to 5 of 5

Thread: Migrate zimbra 5.0.15 32-bit xen to 5.0.15 64-bit xen

  1. #1
    Join Date
    Jun 2006
    Posts
    13
    Rep Power
    9

    Default Migrate zimbra 5.0.15 32-bit xen to 5.0.15 64-bit xen

    Hello,

    I am trying to upgrade 5.0.15 to 6.0.5 on my server, but unfortunately, I ran into the segmentation fault because I was running RHEL 5.1. With 4/15 coming soon and the issue with clamv being outdated, I am trying to migrate 5.0.15 32-bit server to 5.0.15 64-bit server. In following the Network Edition: Moving from 32-bit to 64-bit Server - Zimbra :: Wiki guide (with a series of other helpful documents, I now have the zimbra server up and running on the 64-bit server.

    I am using tsplit-dns as I have both mail servers running at the same time, but the new one in isolation.

    Host mail.tanval.com
    antispam Running
    antivirus Running
    ldap Running
    logger Running
    mailbox Running
    mta Running
    snmp Running
    spell Running
    stats Running

    I can log into the admin console and see all of the migrated accounts.

    However, when I try and log into the new mail server as a regular user, via http, I am greeted with a network error.

    Below is the log file from mailbox.log.

    I have tried to update the certificate and have tried the different suggestions I have found in these forums, but no luck. Any help would be greatly appreciated. Any other information that is needed, please let me know.

    Billy



    ==> mailbox.log <==
    2010-04-12 15:43:20,797 INFO [btpool0-6] [] AuthProvider - Adding auth provider: zimbra com.zimbra.cs.service.ZimbraAuthProvider
    2010-04-12 15:43:20,798 INFO [btpool0-6] [oip=10.200.30.14;ua=zclient/5.0.15_GA_2851.RHEL5_64;] soap - AuthRequest
    2010-04-12 15:43:21,054 INFO [btpool0-6] [name=billy_oconnell@tanval.com;oip=10.200.30.14;ua =zclient/5.0.15_GA_2851.RHEL5_64;] SoapEngine - handler exception
    com.zimbra.common.service.ServiceException: system failure: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target
    ExceptionId:btpool0-6:1271101401052:0ea271d7e601d35f
    Code:service.FAILURE
    at com.zimbra.common.service.ServiceException.FAILURE (ServiceException.java:253)
    at com.zimbra.cs.account.ldap.LdapProvisioning.extern alLdapAuth(LdapProvisioning.java:2959)
    at com.zimbra.cs.account.auth.AuthMechanism$LdapAuth. doAuth(AuthMechanism.java:167)
    at com.zimbra.cs.account.ldap.LdapProvisioning.verify PasswordInternal(LdapProvisioning.java:3005)
    at com.zimbra.cs.account.ldap.LdapProvisioning.verify Password(LdapProvisioning.java:2978)
    at com.zimbra.cs.account.ldap.LdapProvisioning.authAc count(LdapProvisioning.java:2851)
    at com.zimbra.cs.account.ldap.LdapProvisioning.authAc count(LdapProvisioning.java:2830)
    at com.zimbra.cs.service.account.Auth.handle(Auth.jav a:125)
    at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEng ine.java:429)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:286)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:160)
    at com.zimbra.soap.SoapServlet.doPost(SoapServlet.jav a:269)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:727)
    at com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:190)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:820)
    at org.mortbay.jetty.servlet.ServletHolder.handle(Ser vletHolder.java:487)
    at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1093)
    at org.mortbay.servlet.UserAgentFilter.doFilter(UserA gentFilter.java:81)
    at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter .java:148)
    at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1084)
    at org.mortbay.jetty.servlet.ServletHandler.handle(Se rvletHandler.java:360)
    at org.mortbay.jetty.security.SecurityHandler.handle( SecurityHandler.java:216)
    at org.mortbay.jetty.servlet.SessionHandler.handle(Se ssionHandler.java:181)
    at org.mortbay.jetty.handler.ContextHandler.handle(Co ntextHandler.java:716)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebA ppContext.java:406)
    at org.mortbay.jetty.handler.ContextHandlerCollection .handle(ContextHandlerCollection.java:211)
    at org.mortbay.jetty.handler.HandlerCollection.handle (HandlerCollection.java:114)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:139)
    at org.mortbay.jetty.handler.rewrite.RewriteHandler.h andle(RewriteHandler.java:350)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:139)
    at org.mortbay.jetty.Server.handle(Server.java:313)
    at org.mortbay.jetty.HttpConnection.handleRequest(Htt pConnection.java:506)
    at org.mortbay.jetty.HttpConnection$RequestHandler.co ntent(HttpConnection.java:844)
    at org.mortbay.jetty.HttpParser.parseNext(HttpParser. java:644)
    at org.mortbay.jetty.HttpParser.parseAvailable(HttpPa rser.java:211)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnec tion.java:381)
    at org.mortbay.io.nio.SelectChannelEndPoint.run(Selec tChannelEndPoint.java:396)
    at org.mortbay.thread.BoundedThreadPool$PoolThread.ru n(BoundedThreadPool.java:442)
    Caused by: javax.naming.CommunicationException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target]; remaining name 'ou=people,ou=accounts,dc=tanval,dc=com'
    at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:19 61)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1 806)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:17 31)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_sea rch(ComponentDirContext.java:368)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContex t.search(PartialCompositeDirContext.java:338)
    at javax.naming.directory.InitialDirContext.search(In itialDirContext.java:257)
    at com.zimbra.cs.account.ldap.ZimbraLdapContext.searc hDir(ZimbraLdapContext.java:551)
    at com.zimbra.cs.account.ldap.LdapUtil.ldapAuthentica te(LdapUtil.java:132)
    at com.zimbra.cs.account.ldap.LdapProvisioning.extern alLdapAuth(LdapProvisioning.java:2942)
    ... 36 more
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:150)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(S SLSocketImpl.java:1584)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:174)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:168)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:848)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.proc essMessage(ClientHandshaker.java:106)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoo p(Handshaker.java:495)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_re cord(Handshaker.java:433)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:877)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1089)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRe cord(SSLSocketImpl.java:618)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write (AppOutputStream.java:59)
    at java.io.BufferedOutputStream.flushBuffer(BufferedO utputStream.java:65)
    at java.io.BufferedOutputStream.flush(BufferedOutputS tream.java:123)
    at com.sun.jndi.ldap.Connection.writeRequest(Connecti on.java:390)
    at com.sun.jndi.ldap.Connection.writeRequest(Connecti on.java:364)
    at com.sun.jndi.ldap.LdapClient.search(LdapClient.jav a:528)
    at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:19 44)
    ... 44 more
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXV alidator.java:221)
    at sun.security.validator.PKIXValidator.engineValidat e(PKIXValidator.java:145)
    at sun.security.validator.Validator.validate(Validato r.java:203)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl. checkServerTrusted(X509TrustManagerImpl.java:172)
    at com.sun.net.ssl.internal.ssl.JsseX509TrustManager. checkServerTrusted(SSLContextImpl.java:320)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:841)
    ... 57 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder. engineBuild(SunCertPathBuilder.java:236)
    at java.security.cert.CertPathBuilder.build(CertPathB uilder.java:194)
    at sun.security.validator.PKIXValidator.doBuild(PKIXV alidator.java:216)
    ... 62 more
    2010-04-12 15:43:21,307 INFO [btpool0-7] [ip=127.0.0.1;] soap - GetDomainInfoRequest
    2010-04-12 15:43:21,700 INFO [btpool0-6] [ip=127.0.0.1;] soap - GetDomainInfoRequest
    2010-04-12 15:43:23,046 INFO [btpool0-6] [ip=127.0.0.1;] soap - GetDomainInfoRequest

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Have you tried regenerating the certificate and restarting the server?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Jun 2006
    Posts
    13
    Rep Power
    9

    Default

    Yes, many times. The last attempt I used the notes from Ajcody-Notes-SSLCerts - Zimbra :: Wiki

    Before I began populating the new server with my current mail server mailboxes, etc, I was able to create a test user and login and even send mail as that user; just an fyi.

  4. #4
    Join Date
    Jun 2006
    Posts
    13
    Rep Power
    9

    Default

    It seems that on my network, the external ldap server is having an issue with the cert. from my mail server.

    In the log file:
    SSL peer had some unspecified issue with the certificate it received.

    I am using ssl and ldaps://

    I think I am on the right track, but have not solved this issue yet.

    I did not have this problem on my original mail server, so I am still poking around trying to find out how to resolve this. Any tips are welcome.

    Thanks.

  5. #5
    Join Date
    Jun 2006
    Posts
    13
    Rep Power
    9

    Default

    Looks like my zimbra server is having trouble trusting my ldap server certificate. The solution is supposedly:

    LDAP - Zimbra :: Wiki

    I have not go it to work quite yet, so I have disabled ldaps:// in the gal and auth areas, and I can now log into the server as a networked user.

    I was then able to upgrade from 5.0.15 to 6.0.5 just as my mail server stopped working because of the clamav eol.

    I am going to go back and try to get the cert from my ldap server trusted, but at least for now I am ok.

Similar Threads

  1. postfix relay=none status=bounced for local mails
    By vdd in forum Administrators
    Replies: 1
    Last Post: 08-06-2009, 09:05 AM
  2. Zimbra spam system
    By rajahd in forum Administrators
    Replies: 9
    Last Post: 04-16-2008, 08:25 PM
  3. Major Issue - 5.0RC2 NE to 5.0GA NE failed
    By DougWare in forum Installation
    Replies: 7
    Last Post: 01-06-2008, 09:56 PM
  4. Replies: 22
    Last Post: 12-02-2007, 05:05 PM
  5. 4.5 Upgrade failure
    By brained in forum Installation
    Replies: 9
    Last Post: 03-03-2007, 03:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •