zmmailboxdctl failing to run after most recent apt-get

Ask questions about your setup or get help installing ZCS server (ZD section below).
mtk
Posts: 37
Joined: Sat Jun 21, 2014 1:00 am

Re: zmmailboxdctl failing to run after most recent apt-get

Post by mtk »

Same situation here, happend after apt-get update and zimbra packages were upgraded.
Wondering what would be an emergency recovery possibility? apt-remove zimbra-* and reinstall with 'Use Zimbra's package repository [Y]' No?
mgmailadmin
Posts: 10
Joined: Wed Jun 15, 2022 3:18 am

Re: zmmailboxdctl failing to run after most recent apt-get

Post by mgmailadmin »

Thanks @liveLace,

I downgraded that list of packages (slightly different package naming in Ubuntu).

Turns out the zimbra-ldap-components wasn't installed.

I will post some notes for specifics on Ubuntu in a few minutes.

Possibly because of the ldap package issue, I was getting zimbra user prompts for a password when ldap starts up with zmcontrol start.

Looking into the wiki page on sudoers,d, I realized that there was a missing configuration file for ldap (02_zimbra-ldap) which authorizes the slapd task to run w/o password.

I was able to craft the file and installed it in sudoers.d and we were able to start!

fingers crossed this stays up.

Thanks all for the followup. Been a long 24 hours.
mgmailadmin
Posts: 10
Joined: Wed Jun 15, 2022 3:18 am

Re: zmmailboxdctl failing to run after most recent apt-get

Post by mgmailadmin »

mtk wrote:Same situation here, happend after apt-get update and zimbra packages were upgraded.
Wondering what would be an emergency recovery possibility? apt-remove zimbra-* and reinstall with 'Use Zimbra's package repository [Y]' No?
I actually tried this with a clean install on a new instance and it made no difference. It is clearly an issue with some of the updated packages.
kevindods
Advanced member
Advanced member
Posts: 166
Joined: Fri Sep 12, 2014 9:58 pm

Re: zmmailboxdctl failing to run after most recent apt-get

Post by kevindods »

We have been fighting this for 30 odd hours now and not getting anywhere. What is worrying that in the forums even a new Zextras installer fresh copy fails to start? Is that true? If the installer itself is wrong that is not reassuring.

We have a clients NE version which worked fine on the latest patch 25 on Zimbra's own repos and installation.

When I started looking the was nothing showing, sort of comfort knowing we are not alone but a solution would be more comforting!

The Centos lower version installs recovering the installations sound interesting but suggest we are downgrading which is not ideal.

A fair bit has been updated for security reasons so perhaps its hidden in the new Jetty upgrades?
mgmailadmin
Posts: 10
Joined: Wed Jun 15, 2022 3:18 am

Re: zmmailboxdctl failing to run after most recent apt-get

Post by mgmailadmin »

livelace wrote:Just registered to inform you guys about the same problem.
My system is Centos 7. And for avoiding this problem I had to downgrade some packages:

Removed:
zimbra-core-components.x86_64 0:3.0.12-1zimbra8.8b1.el7
zimbra-jetty-distribution.x86_64 0:9.4.46.v20220331-2.r7
zimbra-ldap-components.x86_64 0:2.0.6-1zimbra8.8b1.el7
zimbra-openjdk.x86_64 0:17.0.2-1zimbra8.8b1.el7

Installed:
zimbra-core-components.x86_64 0:3.0.11-1zimbra8.8b1.el7
zimbra-jetty-distribution.x86_64 0:9.4.18.v20190429-2.r7
zimbra-ldap-components.x86_64 0:2.0.5-1zimbra8.8b1.el7
zimbra-openjdk.x86_64 0:13.0.1-1zimbra8.8b1.el7

Right now all services works as expected.
Thanks @livelace. This was essential info.

In the Ubuntu world, at least in the 18.04.6 LTS platform I'm running, this translated to doing an apt-get install package=version downgrade operation.



The specifics would be:
To find out what is currently installed:

Code: Select all

sudo apt-cache showpkg zimbra-core-components
sudo apt-cache showpkg zimbra-jetty-distribution
sudo apt-cache showpkg zimbra-ldap-components
sudo apt-cache showpkg zimbra-openjdk
Each line will spit out lots of stuff about dependencies as well as the version history at the bottom with the most current version at the top of the list.

You may not need to downgrade the zimbra-ldap-compenents package. It wasn't installed in my platform which seems odd but...
Following the versioning @Livelace documentented, The steps to downgrade would then be:

Code: Select all

sudo apt-get install zimbra-core-components=3.0.11-1zimbra8.8b1.18.04
sudo apt-get install zimbra-jetty-distribution=9.4.18.v20190429-2.u18
sudo apt-get install zimbra-openjdk=13.0.1-1zimbra8.8b1.18.04
and optionally
sudo apt-get install zimbra-ldap-components=2.0.5-1zimbra8.8b1.18.04
You should be able to try to stop/start (or restart) next.

Code: Select all

zmcontrol stop
zmcontrol start 
As I mentioned I had an issue with the zmcontrol start command in that when LDAP ran, it prompted for a sudo zimbra password.
After perusing this issue in other contexts, I dug into the /etc/sudoer.d configuration files and found that slapd was not being authorized to run with No password. The wiki article (here)https://wiki.zimbra.com/index.php?title=Sudoers on this subject was informative and helped resolve the issue. The bottom line was that the 02_zimbra-ldap configuration file was missing from /etc/sudoers.d/
The contents of that file is a single line used to authorize slapd:

Code: Select all

%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmslapd
Once I cleaned that up, I was able to restart with all modules loading.

Hopefully others have success with this.
Very disappointing experience though.
czv
Posts: 2
Joined: Wed Jun 15, 2022 3:32 pm

Re: zmmailboxdctl failing to run after most recent apt-get

Post by czv »

Yes after apt upgrade not starting services
Martinwiertz wrote:Hi CZV,

is this an error due to applying the latest patch via apt-get?

czv wrote:it doesn't work for me after the upgrade:

Cleaning up 7 files from '/opt/zimbra/conf/ca'
** Removing /opt/zimbra/conf/ca/b0a45f62.0
** Removing /opt/zimbra/conf/ca/4042bcee.0
** Removing /opt/zimbra/conf/ca/8d33f237.0
** Removing /opt/zimbra/conf/ca/ca.pem
** Removing /opt/zimbra/conf/ca/ca.key
** Removing /opt/zimbra/conf/ca/commercial_ca_1.crt
** Removing /opt/zimbra/conf/ca/commercial_ca_2.crt
** Copying CA to /opt/zimbra/conf/ca
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'
** Creating CA hash symlink 'b0a45f62.0' -> 'ca.pem'
** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt
** Creating CA hash symlink '8d33f237.0' -> 'commercial_ca_1.crt'
** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt
** Creating CA hash symlink '4042bcee.0' -> 'commercial_ca_2.crt'

Warning:
</home/build/git/87/packages/thirdparty/openjdk-cacerts/build/ubuntu18_64/dkggybsmr2/0moabupzxs.der> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
</home/build/git/87/packages/thirdparty/openjdk-cacerts/build/ubuntu18_64/dkggybsmr2/bkwovpzfpf.der> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
</home/build/git/87/packages/thirdparty/openjdk-cacerts/build/ubuntu18_64/dkggybsmr2/bxa9zyd1et.der> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
</home/build/git/87/packages/thirdparty/openjdk-cacerts/build/ubuntu18_64/dkggybsmr2/cgzfi9yc6d.der> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
</home/build/git/87/packages/thirdparty/openjdk-cacerts/build/ubuntu18_64/dkggybsmr2/fxwhxxevl1.der> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
</home/build/git/87/packages/thirdparty/openjdk-cacerts/build/ubuntu18_64/dkggybsmr2/nwzy226jtt.der> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
</home/build/git/87/packages/thirdparty/openjdk-cacerts/build/ubuntu18_64/dkggybsmr2/o1c9y9tgcu.der> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
</home/build/git/87/packages/thirdparty/openjdk-cacerts/build/ubuntu18_64/dkggybsmr2/oviepbozvc.der> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
</home/build/git/87/packages/thirdparty/openjdk-cacerts/build/ubuntu18_64/dkggybsmr2/pgi4sds2cj.der> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
</home/build/git/87/packages/thirdparty/openjdk-cacerts/build/ubuntu18_64/dkggybsmr2/t0dclkmbdn.der> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
</home/build/git/87/packages/thirdparty/openjdk-cacerts/build/ubuntu18_64/dkggybsmr2/tkmqgsimhx.der> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
</home/build/git/87/packages/thirdparty/openjdk-cacerts/build/ubuntu18_64/dkggybsmr2/ug_ybbhecf.der> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
</home/build/git/87/packages/thirdparty/openjdk-cacerts/build/ubuntu18_64/dkggybsmr2/vgfxlcbunt.der> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
Certificate stored in file </opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.18.04/my_ca.crt>
ERROR: Can't read file '/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.18.04/my_ca.crt'
Certificate stored in file </opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.18.04/zcs-user-commercial_ca.crt>
ERROR: Can't read file '/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.18.04/zcs-user-commercial_ca.crt'
User avatar
jasggomes
Advanced member
Advanced member
Posts: 90
Joined: Sat Sep 13, 2014 12:59 am
Location: Lisbon, PT
ZCS/ZD Version: Release 8.7.11.GA.1854.UBUNTU14.64
Contact:

Re: zmmailboxdctl failing to run after most recent apt-get

Post by jasggomes »

mgmailadmin wrote:
livelace wrote:Just registered to inform you guys about the same problem.
My system is Centos 7. And for avoiding this problem I had to downgrade some packages:

Removed:
zimbra-core-components.x86_64 0:3.0.12-1zimbra8.8b1.el7
zimbra-jetty-distribution.x86_64 0:9.4.46.v20220331-2.r7
zimbra-ldap-components.x86_64 0:2.0.6-1zimbra8.8b1.el7
zimbra-openjdk.x86_64 0:17.0.2-1zimbra8.8b1.el7

Installed:
zimbra-core-components.x86_64 0:3.0.11-1zimbra8.8b1.el7
zimbra-jetty-distribution.x86_64 0:9.4.18.v20190429-2.r7
zimbra-ldap-components.x86_64 0:2.0.5-1zimbra8.8b1.el7
zimbra-openjdk.x86_64 0:13.0.1-1zimbra8.8b1.el7

Right now all services works as expected.
Thanks @livelace. This was essential info.

In the Ubuntu world, at least in the 18.04.6 LTS platform I'm running, this translated to doing an apt-get install package=version downgrade operation.



The specifics would be:
To find out what is currently installed:

Code: Select all

sudo apt-cache showpkg zimbra-core-components
sudo apt-cache showpkg zimbra-jetty-distribution
sudo apt-cache showpkg zimbra-ldap-components
sudo apt-cache showpkg zimbra-openjdk
Each line will spit out lots of stuff about dependencies as well as the version history at the bottom with the most current version at the top of the list.

You may not need to downgrade the zimbra-ldap-compenents package. It wasn't installed in my platform which seems odd but...
Following the versioning @Livelace documentented, The steps to downgrade would then be:

Code: Select all

sudo apt-get install zimbra-core-components=3.0.11-1zimbra8.8b1.18.04
sudo apt-get install zimbra-jetty-distribution=9.4.18.v20190429-2.u18
sudo apt-get install zimbra-openjdk=13.0.1-1zimbra8.8b1.18.04
and optionally
sudo apt-get install zimbra-ldap-components=2.0.5-1zimbra8.8b1.18.04
You should be able to try to stop/start (or restart) next.

Code: Select all

zmcontrol stop
zmcontrol start 
As I mentioned I had an issue with the zmcontrol start command in that when LDAP ran, it prompted for a sudo zimbra password.
After perusing this issue in other contexts, I dug into the /etc/sudoer.d configuration files and found that slapd was not being authorized to run with No password. The wiki article (here)https://wiki.zimbra.com/index.php?title=Sudoers on this subject was informative and helped resolve the issue. The bottom line was that the 02_zimbra-ldap configuration file was missing from /etc/sudoers.d/
The contents of that file is a single line used to authorize slapd:

Code: Select all

%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmslapd
Once I cleaned that up, I was able to restart with all modules loading.

Hopefully others have success with this.
Very disappointing experience though.

AMAZING SOLUTION !!! THANK YOU !!

Suduers issue also, no LDAP component needed to.
mafiabusiness
Advanced member
Advanced member
Posts: 53
Joined: Sat Sep 13, 2014 3:28 am

Re: zmmailboxdctl failing to run after most recent apt-get

Post by mafiabusiness »

Hi there,

I had a system that was working a charm and then I applied the patch… :-(

so after the instructions above, I get

zimbra@securemail:~$ zmcontrol start
Host securemail.private-hosting.com
Starting ldap...[sudo] password for zimbra:

[1]+ Stopped zmcontrol start
zimbra@securemail:~$

and then check the folder for sudoers according to the instructions above and I get

root@securemail:~# ls -l /etc/sudoers.d/
total 28
-r--r----- 1 root root 28 Sep 17 2019 01_zimbra
-r--r----- 1 root root 53 Sep 17 2019 02_zimbra-core
-r--r----- 1 root root 482 Sep 17 2019 02_zimbra-mta
-r--r----- 1 root root 51 Sep 17 2019 02_zimbra-proxy
-r--r----- 1 root root 55 Sep 17 2019 02_zimbra-store
-r--r----- 1 root root 151 Dec 10 2018 90-cloud-init-users
-r--r----- 1 root root 958 Mar 30 2016 README
root@securemail:~#

I understand I have to create a new file using visudo called

02_zimbra-ldap

and in there put

%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmslapd

…but I am not familiar with that process at all.
Can anybody help me with the syntax to create the file, put the content in there and save it?
I would really appreciate it. My clients will call soon… :-(

Thank you very much in advance,

Miguel
mafiabusiness
Advanced member
Advanced member
Posts: 53
Joined: Sat Sep 13, 2014 3:28 am

Re: zmmailboxdctl failing to run after most recent apt-get

Post by mafiabusiness »

So I reached out to the friendly people at Zextras who told me to enter

echo "%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmslapd" >/etc/sudoers.d/02_zimbra-ldap

That did the trick, the LDAP started, but

zimbra@securemail:~$ zmcontrol start
Host securemail.private-hosting.com
Starting ldap...Done.
Starting zmconfigd...Done.
Starting logger...Done.
Starting mailbox...Failed.


Starting memcached...Done.
Starting proxy...Done.
Starting amavis...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting opendkim...Done.
Starting cbpolicyd...Done.
Starting snmp...Done.
Starting mta...Done.
Starting stats...Done.
Starting service webapp...Done.
Starting zimbra webapp...Done.
Starting zimbraAdmin webapp...Done.
Starting zimlet webapp...Done.
zimbra@securemail:~$


I started it up again and now I get all started, but webmail does not work.
https://securemail.private-hosting.com/
Error 502.

IMAP connections do not work either.
Nor does Exchange (by way of Zextras)

mailq
72B303917E95 2216 Thu Jun 16 06:15:55 zph-admin@private-hosting.com
(delivery temporarily suspended: connect to securemail.private-hosting.com[10.0.0.110]:7025: Connection refused)
miguel@mafiabusiness.com


Help?
bludns
Posts: 1
Joined: Thu Jun 16, 2022 7:30 am

Re: zmmailboxdctl failing to run after most recent apt-get

Post by bludns »

Hi, I have the same problem...but have webapp that doesn't start...have you found a solution ? can you share it ?Thank you
Post Reply