ldap masters error - upgrade 8.7
-
- Posts: 1
- Joined: Sat Jul 16, 2016 3:26 pm
ldap masters error - upgrade 8.7
Hi everyone,
I am trying to upgrade to 8.7 the follow error below occurring:
Operations logged to /tmp/install.log.MQXdRUVz
Checking for existing installation...
zimbra-ldap...FOUND zimbra-ldap-8.6.0_GA_1153
zimbra-logger...FOUND zimbra-logger-8.6.0_GA_1153
zimbra-mta...FOUND zimbra-mta-8.6.0_GA_1153
zimbra-dnscache...FOUND zimbra-dnscache-8.6.0_GA_1153
zimbra-snmp...FOUND zimbra-snmp-8.6.0_GA_1153
zimbra-store...FOUND zimbra-store-8.6.0_GA_1153
zimbra-apache...FOUND zimbra-apache-8.6.0_GA_1153
zimbra-spell...FOUND zimbra-spell-8.6.0_GA_1153
zimbra-convertd...NOT FOUND
zimbra-memcached...FOUND zimbra-memcached-8.6.0_GA_1153
zimbra-proxy...FOUND zimbra-proxy-8.6.0_GA_1153
zimbra-archiving...NOT FOUND
zimbra-core...FOUND zimbra-core-8.6.0_GA_1153
ZCS upgrade from 8.6.0 to 8.7.0 will be performed.
Checking for existing proxy service in your environment
Checking for existing memcached service in your environment
Validating ldap configuration
Error: Unable to create a successful TLS connection to the ldap masters.
Fix cert configuration prior to upgrading.
I am using commercial cert in my zimbra server, but everything is working properly.
Any help?
Cheers,
Machado
I am trying to upgrade to 8.7 the follow error below occurring:
Operations logged to /tmp/install.log.MQXdRUVz
Checking for existing installation...
zimbra-ldap...FOUND zimbra-ldap-8.6.0_GA_1153
zimbra-logger...FOUND zimbra-logger-8.6.0_GA_1153
zimbra-mta...FOUND zimbra-mta-8.6.0_GA_1153
zimbra-dnscache...FOUND zimbra-dnscache-8.6.0_GA_1153
zimbra-snmp...FOUND zimbra-snmp-8.6.0_GA_1153
zimbra-store...FOUND zimbra-store-8.6.0_GA_1153
zimbra-apache...FOUND zimbra-apache-8.6.0_GA_1153
zimbra-spell...FOUND zimbra-spell-8.6.0_GA_1153
zimbra-convertd...NOT FOUND
zimbra-memcached...FOUND zimbra-memcached-8.6.0_GA_1153
zimbra-proxy...FOUND zimbra-proxy-8.6.0_GA_1153
zimbra-archiving...NOT FOUND
zimbra-core...FOUND zimbra-core-8.6.0_GA_1153
ZCS upgrade from 8.6.0 to 8.7.0 will be performed.
Checking for existing proxy service in your environment
Checking for existing memcached service in your environment
Validating ldap configuration
Error: Unable to create a successful TLS connection to the ldap masters.
Fix cert configuration prior to upgrading.
I am using commercial cert in my zimbra server, but everything is working properly.
Any help?
Cheers,
Machado
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
Re: ldap masters error - upgrade 8.7
Hello,
Does this two commands match the name?
as root
as zimbra
Are those names matching your SSL config as well?
Best regards
Does this two commands match the name?
as root
Code: Select all
hostname
Code: Select all
zmhostname
Are those names matching your SSL config as well?
Best regards
- L. Mark Stone
- Ambassador
- Posts: 2802
- Joined: Wed Oct 09, 2013 11:35 am
- Location: Portland, Maine, US
- ZCS/ZD Version: 10.0.7 Network Edition
- Contact:
Re: ldap masters error - upgrade 8.7
Jorge,
FWIW in my experience "hostname" returns just the host's name, whereas "zmhostname" returns the FQDN, like so:
Is that going to be a problem when we try to do our own 8.7 upgrades?
All the best,
Mark
FWIW in my experience "hostname" returns just the host's name, whereas "zmhostname" returns the FQDN, like so:
Code: Select all
zimbra@securemail:~$ hostname
securemail
zimbra@securemail:~$ zmhostname
securemail.reliablenetworks.com
zimbra@securemail:~$
All the best,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
Re: ldap masters error - upgrade 8.7
We had the same problem in our upgrade, and our zmhostname and hostname matched. What the zimbra support team did to get me past the errors, after spending a few hours trying to resolve, was the following:
On each server right before I upgraded them. (ldap, mta, mailstore, etc) This allowed us to continue with the upgrade. I plan on following up with support to get tls back in the picture but at least we were able to continue with the upgrade successfully.
Code: Select all
zmlocalconfig -e ldap_starttls_required=false
zmlocalconfig -e ldap_starttls_supported=0
Regards,
Brad
Brad
- L. Mark Stone
- Ambassador
- Posts: 2802
- Joined: Wed Oct 09, 2013 11:35 am
- Location: Portland, Maine, US
- ZCS/ZD Version: 10.0.7 Network Edition
- Contact:
Re: ldap masters error - upgrade 8.7
Brad/Jorge,
I opened up a support ticket just now with Zimbra to clarify both the hostname/zmhostname outputs, as well as the ldap_starttls_* variables.
Our Zimbra hosting farm is HIPAA compliant, so we can't legally have unencrypted LDAP traffic flying about. And we too are using commercial certificates on all of our servers.
I'll post as soon as I hear back.
FYI:
The output is the same on all servers (except for the specific hostname of course!)
All the best,
Mark
I opened up a support ticket just now with Zimbra to clarify both the hostname/zmhostname outputs, as well as the ldap_starttls_* variables.
Our Zimbra hosting farm is HIPAA compliant, so we can't legally have unencrypted LDAP traffic flying about. And we too are using commercial certificates on all of our servers.
I'll post as soon as I hear back.
FYI:
Code: Select all
zimbra@ldap-oak:~$ zmlocalconfig | grep ldap_starttls; hostname; zmhostname
ldap_starttls_required = true
ldap_starttls_supported = 1
ldap-oak
ldap-oak.reliablenetworks.com
zimbra@ldap-oak:~$
All the best,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
- tonster
- Zimbra Employee
- Posts: 313
- Joined: Fri Feb 21, 2014 10:14 am
- Location: Ypsilanti, MI
- ZCS/ZD Version: Release 8.7.0_GA_1659.RHEL6_64_2016
Re: ldap masters error - upgrade 8.7
Can we get the install.log.MQXdRUVz file? Feel free to sanitize as necessary. Is this single node or multi-node? Are all servers using the same ssl certificate?machadommm wrote:Hi everyone,
I am trying to upgrade to 8.7 the follow error below occurring:
Operations logged to /tmp/install.log.MQXdRUVz
Checking for existing installation...
zimbra-ldap...FOUND zimbra-ldap-8.6.0_GA_1153
zimbra-logger...FOUND zimbra-logger-8.6.0_GA_1153
zimbra-mta...FOUND zimbra-mta-8.6.0_GA_1153
zimbra-dnscache...FOUND zimbra-dnscache-8.6.0_GA_1153
zimbra-snmp...FOUND zimbra-snmp-8.6.0_GA_1153
zimbra-store...FOUND zimbra-store-8.6.0_GA_1153
zimbra-apache...FOUND zimbra-apache-8.6.0_GA_1153
zimbra-spell...FOUND zimbra-spell-8.6.0_GA_1153
zimbra-convertd...NOT FOUND
zimbra-memcached...FOUND zimbra-memcached-8.6.0_GA_1153
zimbra-proxy...FOUND zimbra-proxy-8.6.0_GA_1153
zimbra-archiving...NOT FOUND
zimbra-core...FOUND zimbra-core-8.6.0_GA_1153
ZCS upgrade from 8.6.0 to 8.7.0 will be performed.
Checking for existing proxy service in your environment
Checking for existing memcached service in your environment
Validating ldap configuration
Error: Unable to create a successful TLS connection to the ldap masters.
Fix cert configuration prior to upgrading.
I am using commercial cert in my zimbra server, but everything is working properly.
Any help?
Cheers,
Machado
-
- Posts: 5
- Joined: Sat Sep 13, 2014 1:03 am
Re: ldap masters error - upgrade 8.7
I am experiencing this same issue... I have been through all the steps... The only difference I see is that my certificate shows two entries in the alternative name, where the actual hostname is the first entry, listed as thus:
... where mail.domain.com is the hostname.
Is there a valid work-around for this? I have to buy a new certificate? This works for everything else...
Code: Select all
Subject Alternative Name: mail.domain.com, www.mail.domain.com
Is there a valid work-around for this? I have to buy a new certificate? This works for everything else...
- alessandro.motta
- Posts: 15
- Joined: Mon Mar 24, 2014 9:47 am
- Location: Merate
- ZCS/ZD Version: 8.6.0.GA.1194.UBUNTU14.64 NETWORK
- Contact:
Re: ldap masters error - upgrade 8.7
Hello everyone,
i had the very same problem 6 months ago upgrading from 8.0.9 to 8.6.0.
We have multi-server environment with commercial SSL certificates.
I reached to Zimbra Support and they pointed me to this bug:
https://bugzilla.zimbra.com/show_bug.cgi?id=95420
They also provided a workaround
I was luckily able to upgrade, but now i'm a bit afraid of upgrading to 8.7.
Hope someone can clear up this doubts.
Best regards
i had the very same problem 6 months ago upgrading from 8.0.9 to 8.6.0.
We have multi-server environment with commercial SSL certificates.
I reached to Zimbra Support and they pointed me to this bug:
https://bugzilla.zimbra.com/show_bug.cgi?id=95420
They also provided a workaround
Code: Select all
Step 1:-
Make changes on file "/opt/zimbra/libexec/zmupgrade.pm" and bypass the certificate check.
This section of zmupgrade.pm uses the Net::LDAP option of "verify=>'require'":
-----------------------------------------------------------------------------
403 if ( $ldap_starttls_supported ) {
404 my $result = $ldap->start_tls(
405 verify => 'require',
406 capath => "/opt/zimbra/conf/ca",
407 );
408 if ($result->code) {
409 main::progress("Unable to start TLS: ". $result->error . " when connecting to ldap master.\n");
410 return 1;
411 }
412 }
-----------------------------------------------------------------------------
From:-
verify => 'require',
To:-
verify => 'none',
Step 2:-
Now execute the following command to disable TLS on LDAP and restart zimbra services.
su - zimbra
zmlocalconfig -e ldap_starttls_supported=0
zmlocalconfig -e ldap_starttls_required=false
zmlocalconfig -e ldap_common_require_tls=0
zmlocalconfig -e ssl_allow_untrusted_certs=true
zmcontrol restart
Step 3:-
Now run the ./install.sh to upgrade existing setup to v8.6
Hope someone can clear up this doubts.
Best regards
-
- Posts: 3
- Joined: Thu Nov 17, 2016 5:32 pm
Re: ldap masters error - upgrade 8.7
I have been trying to install the open source version all afternoon to the test as an alternative to Microsoft exchange. A very painful process and I'm stuck with this error. I have not installed any certificates just followed the basic instructions zimbra website. The hostname returns zimbra ?
- DualBoot
- Elite member
- Posts: 1326
- Joined: Mon Apr 18, 2016 8:18 pm
- Location: France - Earth
- ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
- Contact:
Re: ldap masters error - upgrade 8.7
If it is a fresh install and not an upgrade as it is suggested by your post, please open an other thread with some more information about the error and how you run your process.
regards,
regards,