zmztozmig problem

Looking to migrate to ZCS? Ask here. Got a great tip or script that helped you migrate? Post it here.
Post Reply
rout3rx_blackhat
Posts: 10
Joined: Thu May 26, 2016 5:02 am

zmztozmig problem

Post by rout3rx_blackhat »

Hello
I have a problem with zimbra to zimbra migration using zmztozmig tool

Code: Select all

[INFO|main:1| 02/22/2018 11:49:17]: ConfigFile: /opt/zimbra/conf/zmztozmig.conf 
[INFO|main:1| 02/22/2018 11:49:17]: Version: 1.4 
[INFO|main:1| 02/22/2018 11:49:17]: Processing Domain: mail......
Creating account list....
[INFO|main:1| 02/22/2018 11:49:17]: Request URL: https://192.168.50.52:7071/service/admin/soap 
ZMSSLSocketFactory instantiated
Feb 22, 2018 11:49:17 AM com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection post
SEVERE: SAAJ0009: Message send failed
[SEVERE|main:1| 02/22/2018 11:49:17]: AuthenticateToZCS javax.xml.soap.SOAPException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed 
[SEVERE|main:1| 02/22/2018 11:49:17]: ------
com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
        at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:149)
        at com.zimbra.auth.ZCSAuth.AuthenticateToZCS(ZCSAuth.java:171)
        at com.zimbra.zcsprov.ZMSoapSession.DoZCSAuth(ZMSoapSession.java:147)
        at com.zimbra.zcsprov.ZMSoapSession.check_auth(ZMSoapSession.java:91)
        at com.zimbra.zcsprov.ZCSACProvision.Init(ZCSACProvision.java:75)
        at com.zimbra.tarformatter.tarFormatter.Init(tarFormatter.java:544)
        at com.zimbra.tarformatter.tarFormatter.main(tarFormatter.java:801)
Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
        at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:282)
        at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:145)
        ... 6 more
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1316)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1291)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
        at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:237)
        ... 7 more
Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1120)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1044)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:986)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
        ... 20 more

CAUSE:

com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
        at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:282)
        at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:145)
        at com.zimbra.auth.ZCSAuth.AuthenticateToZCS(ZCSAuth.java:171)
        at com.zimbra.zcsprov.ZMSoapSession.DoZCSAuth(ZMSoapSession.java:147)
        at com.zimbra.zcsprov.ZMSoapSession.check_auth(ZMSoapSession.java:91)
        at com.zimbra.zcsprov.ZCSACProvision.Init(ZCSACProvision.java:75)
        at com.zimbra.tarformatter.tarFormatter.Init(tarFormatter.java:544)
        at com.zimbra.tarformatter.tarFormatter.main(tarFormatter.java:801)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1316)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1291)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
        at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:237)
        ... 7 more
Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1120)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1044)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:986)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
        ... 20 more

CAUSE:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1316)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1291)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
        at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:237)
        at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:145)
        at com.zimbra.auth.ZCSAuth.AuthenticateToZCS(ZCSAuth.java:171)
        at com.zimbra.zcsprov.ZMSoapSession.DoZCSAuth(ZMSoapSession.java:147)
        at com.zimbra.zcsprov.ZMSoapSession.check_auth(ZMSoapSession.java:91)
        at com.zimbra.zcsprov.ZCSACProvision.Init(ZCSACProvision.java:75)
        at com.zimbra.tarformatter.tarFormatter.Init(tarFormatter.java:544)
        at com.zimbra.tarformatter.tarFormatter.main(tarFormatter.java:801)
Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1120)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1044)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:986)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
        ... 20 more
------
 
[INFO|main:1| 02/22/2018 11:49:17]: AUTH_REQUEST: <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header><nsg:context xmlns:nsg="urn:zimbra"/><name:userAgent xmlns:name="ZimbraProvisioningTool"/><type:format xmlns:type="xml"/></SOAP-ENV:Header><SOAP-ENV:Body><nsg:AuthRequest xmlns:nsg="urn:zimbraAdmin"><name>admin</name><password>.........../password><virtualHost>mail.......(192.168.50.15)</virtualHost></nsg:AuthRequest></SOAP-ENV:Body></SOAP-ENV:Envelope> 
[WARNING|main:1| 02/22/2018 11:49:17]: AuthenticateToZCS Failed. 
[INFO|main:1| 02/22/2018 11:49:17]: Going to get accounts from 192.168.50.52. It may take few minutes... 
[INFO|main:1| 02/22/2018 11:49:17]: REST URL: https://192.168.50.52:7071/service/afd/?action=getSR&types=accounts&domain=.......
Exception in thread "main" java.lang.NullPointerException
        at com.zimbra.zcsprov.ZCSACProvision.GetDomainAllAccountList(ZCSACProvision.java:308)
        at com.zimbra.tarformatter.tarFormatter.Init(tarFormatter.java:549)
        at com.zimbra.tarformatter.tarFormatter.main(tarFormatter.java:801)
rout3rx_blackhat
Posts: 10
Joined: Thu May 26, 2016 5:02 am

Re: zmztozmig problem

Post by rout3rx_blackhat »

please help me. i should do this asap
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2796
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.6 Network Edition
Contact:

Re: zmztozmig problem

Post by L. Mark Stone »

The output is difficult to parse through it is true, but it shows that you have an authentication error. I'd start with that first.

Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
rout3rx_blackhat
Posts: 10
Joined: Thu May 26, 2016 5:02 am

Re: zmztozmig problem

Post by rout3rx_blackhat »

no, all the Admin password correct i have check the administration panel.
is these error for untrusted SSL ?
but in help on https://wiki.zimbra.com/index.php?title ... _Migration i see all the SSL was untrusted...
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2796
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.6 Network Edition
Contact:

Re: zmztozmig problem

Post by L. Mark Stone »

rout3rx_blackhat wrote:no, all the Admin password correct i have check the administration panel.
is these error for untrusted SSL ?
but in help on https://wiki.zimbra.com/index.php?title ... _Migration i see all the SSL was untrusted...

How old is the source Zimbra system?

If its SSL certificate uses SHA-1, or if self-signed and the CA has expired, that could be the issue, yes.

Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
rout3rx_blackhat
Posts: 10
Joined: Thu May 26, 2016 5:02 am

Re: zmztozmig problem

Post by rout3rx_blackhat »

the source is 6.0 and the destination is 8.8
is there any way to fix this ssl problem?
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2796
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.6 Network Edition
Contact:

Re: zmztozmig problem

Post by L. Mark Stone »

rout3rx_blackhat wrote:the source is 6.0 and the destination is 8.8
is there any way to fix this ssl problem?
Your better bet will be to use imapsync to move emails over, and on the 6.0 source server, export users' contacts and calendars to separate files and then import them on the new target 8.8 server.

Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
Post Reply