Hi
After upgrading I have alot of issues with Handshake failure...
I have tried changing some of the Cipher setup, but doesn't really have the full knowledge to do so..
I have gotten the Web and admin interface to work.. but some of the services like zmtrainsa is still failing:
[zimbra@jarjar conf]$ zmtrainsa
20220304013329 Starting spam/ham extraction from system accounts.
Exception in thread "main" com.zimbra.common.service.ServiceException: system failure: admin auth failed url=https://jarjar.outerrim.lan:7071/service/admin/soap/
ExceptionId:main:1646354010172:94bd60bc7e99519c
Code:service.FAILURE
at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:288)
at com.zimbra.cs.util.SpamExtract.getAdminAuthToken(SpamExtract.java:566)
at com.zimbra.cs.util.SpamExtract.main(SpamExtract.java:218)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:311)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:285)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:184)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1460)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1368)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:437)
at com.zimbra.common.net.CustomSSLSocket.startHandshake(CustomSSLSocket.java:95)
at com.zimbra.common.net.CustomSSLSocket.getInputStream(CustomSSLSocket.java:360)
at org.apache.http.impl.BHttpConnectionBase.getSocketInputStream(BHttpConnectionBase.java:141)
at org.apache.http.impl.conn.LoggingManagedHttpClientConnection.getSocketInputStream(LoggingManagedHttpClientConnection.java:103)
at org.apache.http.impl.BHttpConnectionBase.ensureOpen(BHttpConnectionBase.java:133)
at org.apache.http.impl.DefaultBHttpClientConnection.sendRequestHeader(DefaultBHttpClientConnection.java:140)
at org.apache.http.impl.conn.CPoolProxy.sendRequestHeader(CPoolProxy.java:147)
at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:205)
at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:272)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:321)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:196)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:189)
at com.zimbra.common.soap.SoapTransport.invoke(SoapTransport.java:447)
at com.zimbra.common.soap.SoapTransport.invokeWithoutSession(SoapTransport.java:432)
at com.zimbra.cs.util.SpamExtract.getAdminAuthToken(SpamExtract.java:561)
... 1 more
Exception in thread "main" com.zimbra.common.service.ServiceException: system failure: admin auth failed url=https://jarjar.outerrim.lan:7071/service/admin/soap/
ExceptionId:main:1646354011287:3cc77e804f053255
Code:service.FAILURE
at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:288)
at com.zimbra.cs.util.SpamExtract.getAdminAuthToken(SpamExtract.java:566)
at com.zimbra.cs.util.SpamExtract.main(SpamExtract.java:218)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:311)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:285)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:184)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1460)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1368)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:437)
at com.zimbra.common.net.CustomSSLSocket.startHandshake(CustomSSLSocket.java:95)
at com.zimbra.common.net.CustomSSLSocket.getInputStream(CustomSSLSocket.java:360)
at org.apache.http.impl.BHttpConnectionBase.getSocketInputStream(BHttpConnectionBase.java:141)
at org.apache.http.impl.conn.LoggingManagedHttpClientConnection.getSocketInputStream(LoggingManagedHttpClientConnection.java:103)
at org.apache.http.impl.BHttpConnectionBase.ensureOpen(BHttpConnectionBase.java:133)
at org.apache.http.impl.DefaultBHttpClientConnection.sendRequestHeader(DefaultBHttpClientConnection.java:140)
at org.apache.http.impl.conn.CPoolProxy.sendRequestHeader(CPoolProxy.java:147)
at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:205)
at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:272)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:321)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:196)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:189)
at com.zimbra.common.soap.SoapTransport.invoke(SoapTransport.java:447)
at com.zimbra.common.soap.SoapTransport.invokeWithoutSession(SoapTransport.java:432)
at com.zimbra.cs.util.SpamExtract.getAdminAuthToken(SpamExtract.java:561)
... 1 more
20220304013331 Finished extracting spam/ham from system accounts.
20220304013331 Starting spamassassin training.
netset: cannot include 127.0.0.0/8 as it has already been included
netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
Learned tokens from 0 message(s) (0 message(s) examined)
netset: cannot include 127.0.0.0/8 as it has already been included
netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
Learned tokens from 0 message(s) (0 message(s) examined)
netset: cannot include 127.0.0.0/8 as it has already been included
netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
20220304013333 Finished spamassassin training.
Seems like it zmspamextract that fails:
[zimbra@jarjar conf]$ /opt/zimbra/libexec/zmspamextract -o /tmp/test -s
Exception in thread "main" com.zimbra.common.service.ServiceException: system failure: admin auth failed url=https://jarjar.outerrim.lan:7071/service/admin/soap/
ExceptionId:main:1646354040712:1c6b2792d1a6fd3a
Code:service.FAILURE
at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:288)
at com.zimbra.cs.util.SpamExtract.getAdminAuthToken(SpamExtract.java:566)
at com.zimbra.cs.util.SpamExtract.main(SpamExtract.java:218)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:311)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:285)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:184)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1460)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1368)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:437)
at com.zimbra.common.net.CustomSSLSocket.startHandshake(CustomSSLSocket.java:95)
at com.zimbra.common.net.CustomSSLSocket.getInputStream(CustomSSLSocket.java:360)
at org.apache.http.impl.BHttpConnectionBase.getSocketInputStream(BHttpConnectionBase.java:141)
at org.apache.http.impl.conn.LoggingManagedHttpClientConnection.getSocketInputStream(LoggingManagedHttpClientConnection.java:103)
at org.apache.http.impl.BHttpConnectionBase.ensureOpen(BHttpConnectionBase.java:133)
at org.apache.http.impl.DefaultBHttpClientConnection.sendRequestHeader(DefaultBHttpClientConnection.java:140)
at org.apache.http.impl.conn.CPoolProxy.sendRequestHeader(CPoolProxy.java:147)
at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:205)
at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:272)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:321)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:196)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:189)
at com.zimbra.common.soap.SoapTransport.invoke(SoapTransport.java:447)
at com.zimbra.common.soap.SoapTransport.invokeWithoutSession(SoapTransport.java:432)
at com.zimbra.cs.util.SpamExtract.getAdminAuthToken(SpamExtract.java:561)
Can someone please help??
Handshake Failure after upgrade
Re: Handshake Failure after upgrade
May I ask why you think this is an SSL handshake failure? That doesn't appear to be the case from the trace.
From the trace, it looks like the password is wrong for the zimbra user.
This password can be found via
zmlocalconfig -s | grep zimbra|grep password
^ that password is wrong.
You can set it for Zimbra by:
zmprov -l sp zimbra (password from localconfig)
From the trace, it looks like the password is wrong for the zimbra user.
This password can be found via
zmlocalconfig -s | grep zimbra|grep password
^ that password is wrong.
You can set it for Zimbra by:
zmprov -l sp zimbra (password from localconfig)