ldap masters error - upgrade 8.7

[machadommm]

Hi everyone,

I am trying to upgrade to 8.7 the follow error below occurring:

Operations logged to /tmp/install.log.MQXdRUVz
Checking for existing installation...
zimbra-ldap...FOUND zimbra-ldap-8.6.0_GA_1153
zimbra-logger...FOUND zimbra-logger-8.6.0_GA_1153
zimbra-mta...FOUND zimbra-mta-8.6.0_GA_1153
zimbra-dnscache...FOUND zimbra-dnscache-8.6.0_GA_1153
zimbra-snmp...FOUND zimbra-snmp-8.6.0_GA_1153
zimbra-store...FOUND zimbra-store-8.6.0_GA_1153
zimbra-apache...FOUND zimbra-apache-8.6.0_GA_1153
zimbra-spell...FOUND zimbra-spell-8.6.0_GA_1153
zimbra-convertd...NOT FOUND
zimbra-memcached...FOUND zimbra-memcached-8.6.0_GA_1153
zimbra-proxy...FOUND zimbra-proxy-8.6.0_GA_1153
zimbra-archiving...NOT FOUND
zimbra-core...FOUND zimbra-core-8.6.0_GA_1153
ZCS upgrade from 8.6.0 to 8.7.0 will be performed.
Checking for existing proxy service in your environment
Checking for existing memcached service in your environment
Validating ldap configuration
Error: Unable to create a successful TLS connection to the ldap masters.
Fix cert configuration prior to upgrading.

I am using commercial cert in my zimbra server, but everything is working properly.

Any help?

Cheers,

Machado

[jorgedlcruz]

Hello,
Does this two commands match the name?
as root

Code: Select all

hostname

as zimbra

Code: Select all

zmhostname

Are those names matching your SSL config as well?

Best regards

[L. Mark Stone]

Jorge,

FWIW in my experience "hostname" returns just the host's name, whereas "zmhostname" returns the FQDN, like so:

Code: Select all

zimbra@securemail:~$ hostname
securemail
zimbra@securemail:~$ zmhostname
securemail.reliablenetworks.com
zimbra@securemail:~$ 

Is that going to be a problem when we try to do our own 8.7 upgrades?

All the best,
Mark

[btriem]

We had the same problem in our upgrade, and our zmhostname and hostname matched. What the zimbra support team did to get me past the errors, after spending a few hours trying to resolve, was the following:

Code: Select all

zmlocalconfig -e ldap_starttls_required=false
zmlocalconfig -e ldap_starttls_supported=0

On each server right before I upgraded them. (ldap, mta, mailstore, etc) This allowed us to continue with the upgrade. I plan on following up with support to get tls back in the picture but at least we were able to continue with the upgrade successfully.

[L. Mark Stone]

Brad/Jorge,

I opened up a support ticket just now with Zimbra to clarify both the hostname/zmhostname outputs, as well as the ldap_starttls_* variables.

Our Zimbra hosting farm is HIPAA compliant, so we can't legally have unencrypted LDAP traffic flying about. And we too are using commercial certificates on all of our servers.

I'll post as soon as I hear back.

FYI:

Code: Select all

zimbra@ldap-oak:~$ zmlocalconfig | grep ldap_starttls; hostname; zmhostname
ldap_starttls_required = true
ldap_starttls_supported = 1
ldap-oak
ldap-oak.reliablenetworks.com
zimbra@ldap-oak:~$ 

The output is the same on all servers (except for the specific hostname of course!)

All the best,
Mark

[tonster]

Hi everyone,

I am trying to upgrade to 8.7 the follow error below occurring:

Operations logged to /tmp/install.log.MQXdRUVz
Checking for existing installation...
zimbra-ldap...FOUND zimbra-ldap-8.6.0_GA_1153
zimbra-logger...FOUND zimbra-logger-8.6.0_GA_1153
zimbra-mta...FOUND zimbra-mta-8.6.0_GA_1153
zimbra-dnscache...FOUND zimbra-dnscache-8.6.0_GA_1153
zimbra-snmp...FOUND zimbra-snmp-8.6.0_GA_1153
zimbra-store...FOUND zimbra-store-8.6.0_GA_1153
zimbra-apache...FOUND zimbra-apache-8.6.0_GA_1153
zimbra-spell...FOUND zimbra-spell-8.6.0_GA_1153
zimbra-convertd...NOT FOUND
zimbra-memcached...FOUND zimbra-memcached-8.6.0_GA_1153
zimbra-proxy...FOUND zimbra-proxy-8.6.0_GA_1153
zimbra-archiving...NOT FOUND
zimbra-core...FOUND zimbra-core-8.6.0_GA_1153
ZCS upgrade from 8.6.0 to 8.7.0 will be performed.
Checking for existing proxy service in your environment
Checking for existing memcached service in your environment
Validating ldap configuration
Error: Unable to create a successful TLS connection to the ldap masters.
Fix cert configuration prior to upgrading.

I am using commercial cert in my zimbra server, but everything is working properly.

Any help?

Cheers,

Machado

Can we get the install.log.MQXdRUVz file? Feel free to sanitize as necessary. Is this single node or multi-node? Are all servers using the same ssl certificate?

[dirkomatic]

I am experiencing this same issue... I have been through all the steps... The only difference I see is that my certificate shows two entries in the alternative name, where the actual hostname is the first entry, listed as thus:

Code: Select all

Subject Alternative Name: mail.domain.com, www.mail.domain.com

... where mail.domain.com is the hostname.

Is there a valid work-around for this? I have to buy a new certificate? This works for everything else...

[alessandro.motta]

Hello everyone,
i had the very same problem 6 months ago upgrading from 8.0.9 to 8.6.0.
We have multi-server environment with commercial SSL certificates.
I reached to Zimbra Support and they pointed me to this bug:

https://bugzilla.zimbra.com/show_bug.cgi?id=95420

They also provided a workaround

Code: Select all

Step 1:-
Make changes on file "/opt/zimbra/libexec/zmupgrade.pm" and bypass the certificate check.

This section of zmupgrade.pm uses the Net::LDAP option of "verify=>'require'":
-----------------------------------------------------------------------------
403 if ( $ldap_starttls_supported ) {
404 my $result = $ldap->start_tls(
405 verify => 'require',
406 capath => "/opt/zimbra/conf/ca",
407 );
408 if ($result->code) {
409 main::progress("Unable to start TLS: ". $result->error . " when connecting to ldap master.\n");
410 return 1;
411 }
412 }
-----------------------------------------------------------------------------

From:-
verify => 'require',

To:-
verify => 'none',


Step 2:-
Now execute the following command to disable TLS on LDAP and restart zimbra services.

su - zimbra
zmlocalconfig -e ldap_starttls_supported=0
zmlocalconfig -e ldap_starttls_required=false
zmlocalconfig -e ldap_common_require_tls=0
zmlocalconfig -e ssl_allow_untrusted_certs=true
zmcontrol restart

Step 3:-
Now run the ./install.sh to upgrade existing setup to v8.6

I was luckily able to upgrade, but now i'm a bit afraid of upgrading to 8.7.

Hope someone can clear up this doubts.

Best regards

[toomanylogins]

I have been trying to install the open source version all afternoon to the test as an alternative to Microsoft exchange. A very painful process and I'm stuck with this error. I have not installed any certificates just followed the basic instructions zimbra website. The hostname returns zimbra ?

[DualBoot]

If it is a fresh install and not an upgrade as it is suggested by your post, please open an other thread with some more information about the error and how you run your process.
regards,