Handshake Failure after upgrade

Ask questions about your setup or get help installing ZCS server (ZD section below).
Post Reply
martin-juhl
Posts: 1
Joined: Wed Jul 01, 2020 9:50 am

Handshake Failure after upgrade

Post by martin-juhl »

Hi

After upgrading I have alot of issues with Handshake failure...

I have tried changing some of the Cipher setup, but doesn't really have the full knowledge to do so..

I have gotten the Web and admin interface to work.. but some of the services like zmtrainsa is still failing:

[zimbra@jarjar conf]$ zmtrainsa
20220304013329 Starting spam/ham extraction from system accounts.
Exception in thread "main" com.zimbra.common.service.ServiceException: system failure: admin auth failed url=https://jarjar.outerrim.lan:7071/service/admin/soap/
ExceptionId:main:1646354010172:94bd60bc7e99519c
Code:service.FAILURE
at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:288)
at com.zimbra.cs.util.SpamExtract.getAdminAuthToken(SpamExtract.java:566)
at com.zimbra.cs.util.SpamExtract.main(SpamExtract.java:218)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:311)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:285)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:184)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1460)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1368)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:437)
at com.zimbra.common.net.CustomSSLSocket.startHandshake(CustomSSLSocket.java:95)
at com.zimbra.common.net.CustomSSLSocket.getInputStream(CustomSSLSocket.java:360)
at org.apache.http.impl.BHttpConnectionBase.getSocketInputStream(BHttpConnectionBase.java:141)
at org.apache.http.impl.conn.LoggingManagedHttpClientConnection.getSocketInputStream(LoggingManagedHttpClientConnection.java:103)
at org.apache.http.impl.BHttpConnectionBase.ensureOpen(BHttpConnectionBase.java:133)
at org.apache.http.impl.DefaultBHttpClientConnection.sendRequestHeader(DefaultBHttpClientConnection.java:140)
at org.apache.http.impl.conn.CPoolProxy.sendRequestHeader(CPoolProxy.java:147)
at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:205)
at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:272)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:321)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:196)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:189)
at com.zimbra.common.soap.SoapTransport.invoke(SoapTransport.java:447)
at com.zimbra.common.soap.SoapTransport.invokeWithoutSession(SoapTransport.java:432)
at com.zimbra.cs.util.SpamExtract.getAdminAuthToken(SpamExtract.java:561)
... 1 more
Exception in thread "main" com.zimbra.common.service.ServiceException: system failure: admin auth failed url=https://jarjar.outerrim.lan:7071/service/admin/soap/
ExceptionId:main:1646354011287:3cc77e804f053255
Code:service.FAILURE
at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:288)
at com.zimbra.cs.util.SpamExtract.getAdminAuthToken(SpamExtract.java:566)
at com.zimbra.cs.util.SpamExtract.main(SpamExtract.java:218)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:311)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:285)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:184)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1460)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1368)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:437)
at com.zimbra.common.net.CustomSSLSocket.startHandshake(CustomSSLSocket.java:95)
at com.zimbra.common.net.CustomSSLSocket.getInputStream(CustomSSLSocket.java:360)
at org.apache.http.impl.BHttpConnectionBase.getSocketInputStream(BHttpConnectionBase.java:141)
at org.apache.http.impl.conn.LoggingManagedHttpClientConnection.getSocketInputStream(LoggingManagedHttpClientConnection.java:103)
at org.apache.http.impl.BHttpConnectionBase.ensureOpen(BHttpConnectionBase.java:133)
at org.apache.http.impl.DefaultBHttpClientConnection.sendRequestHeader(DefaultBHttpClientConnection.java:140)
at org.apache.http.impl.conn.CPoolProxy.sendRequestHeader(CPoolProxy.java:147)
at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:205)
at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:272)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:321)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:196)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:189)
at com.zimbra.common.soap.SoapTransport.invoke(SoapTransport.java:447)
at com.zimbra.common.soap.SoapTransport.invokeWithoutSession(SoapTransport.java:432)
at com.zimbra.cs.util.SpamExtract.getAdminAuthToken(SpamExtract.java:561)
... 1 more
20220304013331 Finished extracting spam/ham from system accounts.
20220304013331 Starting spamassassin training.
netset: cannot include 127.0.0.0/8 as it has already been included
netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
Learned tokens from 0 message(s) (0 message(s) examined)
netset: cannot include 127.0.0.0/8 as it has already been included
netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
Learned tokens from 0 message(s) (0 message(s) examined)
netset: cannot include 127.0.0.0/8 as it has already been included
netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
20220304013333 Finished spamassassin training.

Seems like it zmspamextract that fails:
[zimbra@jarjar conf]$ /opt/zimbra/libexec/zmspamextract -o /tmp/test -s
Exception in thread "main" com.zimbra.common.service.ServiceException: system failure: admin auth failed url=https://jarjar.outerrim.lan:7071/service/admin/soap/
ExceptionId:main:1646354040712:1c6b2792d1a6fd3a
Code:service.FAILURE
at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:288)
at com.zimbra.cs.util.SpamExtract.getAdminAuthToken(SpamExtract.java:566)
at com.zimbra.cs.util.SpamExtract.main(SpamExtract.java:218)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:311)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:285)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:184)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1460)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1368)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:437)
at com.zimbra.common.net.CustomSSLSocket.startHandshake(CustomSSLSocket.java:95)
at com.zimbra.common.net.CustomSSLSocket.getInputStream(CustomSSLSocket.java:360)
at org.apache.http.impl.BHttpConnectionBase.getSocketInputStream(BHttpConnectionBase.java:141)
at org.apache.http.impl.conn.LoggingManagedHttpClientConnection.getSocketInputStream(LoggingManagedHttpClientConnection.java:103)
at org.apache.http.impl.BHttpConnectionBase.ensureOpen(BHttpConnectionBase.java:133)
at org.apache.http.impl.DefaultBHttpClientConnection.sendRequestHeader(DefaultBHttpClientConnection.java:140)
at org.apache.http.impl.conn.CPoolProxy.sendRequestHeader(CPoolProxy.java:147)
at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:205)
at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:272)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:321)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:196)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:189)
at com.zimbra.common.soap.SoapTransport.invoke(SoapTransport.java:447)
at com.zimbra.common.soap.SoapTransport.invokeWithoutSession(SoapTransport.java:432)
at com.zimbra.cs.util.SpamExtract.getAdminAuthToken(SpamExtract.java:561)


Can someone please help??
User avatar
jholder
Ambassador
Ambassador
Posts: 4824
Joined: Fri Sep 12, 2014 10:00 pm

Re: Handshake Failure after upgrade

Post by jholder »

May I ask why you think this is an SSL handshake failure? That doesn't appear to be the case from the trace.

From the trace, it looks like the password is wrong for the zimbra user.
This password can be found via
zmlocalconfig -s | grep zimbra|grep password
^ that password is wrong.

You can set it for Zimbra by:
zmprov -l sp zimbra (password from localconfig)
Post Reply