Page 1 of 1

zmztozmig problem

Posted: Thu Feb 22, 2018 8:43 am
by rout3rx_blackhat
Hello
I have a problem with zimbra to zimbra migration using zmztozmig tool

Code: Select all

[INFO|main:1| 02/22/2018 11:49:17]: ConfigFile: /opt/zimbra/conf/zmztozmig.conf 
[INFO|main:1| 02/22/2018 11:49:17]: Version: 1.4 
[INFO|main:1| 02/22/2018 11:49:17]: Processing Domain: mail......
Creating account list....
[INFO|main:1| 02/22/2018 11:49:17]: Request URL: https://192.168.50.52:7071/service/admin/soap 
ZMSSLSocketFactory instantiated
Feb 22, 2018 11:49:17 AM com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection post
SEVERE: SAAJ0009: Message send failed
[SEVERE|main:1| 02/22/2018 11:49:17]: AuthenticateToZCS javax.xml.soap.SOAPException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed 
[SEVERE|main:1| 02/22/2018 11:49:17]: ------
com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
        at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:149)
        at com.zimbra.auth.ZCSAuth.AuthenticateToZCS(ZCSAuth.java:171)
        at com.zimbra.zcsprov.ZMSoapSession.DoZCSAuth(ZMSoapSession.java:147)
        at com.zimbra.zcsprov.ZMSoapSession.check_auth(ZMSoapSession.java:91)
        at com.zimbra.zcsprov.ZCSACProvision.Init(ZCSACProvision.java:75)
        at com.zimbra.tarformatter.tarFormatter.Init(tarFormatter.java:544)
        at com.zimbra.tarformatter.tarFormatter.main(tarFormatter.java:801)
Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
        at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:282)
        at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:145)
        ... 6 more
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1316)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1291)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
        at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:237)
        ... 7 more
Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1120)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1044)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:986)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
        ... 20 more

CAUSE:

com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
        at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:282)
        at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:145)
        at com.zimbra.auth.ZCSAuth.AuthenticateToZCS(ZCSAuth.java:171)
        at com.zimbra.zcsprov.ZMSoapSession.DoZCSAuth(ZMSoapSession.java:147)
        at com.zimbra.zcsprov.ZMSoapSession.check_auth(ZMSoapSession.java:91)
        at com.zimbra.zcsprov.ZCSACProvision.Init(ZCSACProvision.java:75)
        at com.zimbra.tarformatter.tarFormatter.Init(tarFormatter.java:544)
        at com.zimbra.tarformatter.tarFormatter.main(tarFormatter.java:801)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1316)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1291)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
        at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:237)
        ... 7 more
Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1120)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1044)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:986)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
        ... 20 more

CAUSE:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1316)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1291)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
        at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:237)
        at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:145)
        at com.zimbra.auth.ZCSAuth.AuthenticateToZCS(ZCSAuth.java:171)
        at com.zimbra.zcsprov.ZMSoapSession.DoZCSAuth(ZMSoapSession.java:147)
        at com.zimbra.zcsprov.ZMSoapSession.check_auth(ZMSoapSession.java:91)
        at com.zimbra.zcsprov.ZCSACProvision.Init(ZCSACProvision.java:75)
        at com.zimbra.tarformatter.tarFormatter.Init(tarFormatter.java:544)
        at com.zimbra.tarformatter.tarFormatter.main(tarFormatter.java:801)
Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1120)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1044)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:986)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
        ... 20 more
------
 
[INFO|main:1| 02/22/2018 11:49:17]: AUTH_REQUEST: <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header><nsg:context xmlns:nsg="urn:zimbra"/><name:userAgent xmlns:name="ZimbraProvisioningTool"/><type:format xmlns:type="xml"/></SOAP-ENV:Header><SOAP-ENV:Body><nsg:AuthRequest xmlns:nsg="urn:zimbraAdmin"><name>admin</name><password>.........../password><virtualHost>mail.......(192.168.50.15)</virtualHost></nsg:AuthRequest></SOAP-ENV:Body></SOAP-ENV:Envelope> 
[WARNING|main:1| 02/22/2018 11:49:17]: AuthenticateToZCS Failed. 
[INFO|main:1| 02/22/2018 11:49:17]: Going to get accounts from 192.168.50.52. It may take few minutes... 
[INFO|main:1| 02/22/2018 11:49:17]: REST URL: https://192.168.50.52:7071/service/afd/?action=getSR&types=accounts&domain=.......
Exception in thread "main" java.lang.NullPointerException
        at com.zimbra.zcsprov.ZCSACProvision.GetDomainAllAccountList(ZCSACProvision.java:308)
        at com.zimbra.tarformatter.tarFormatter.Init(tarFormatter.java:549)
        at com.zimbra.tarformatter.tarFormatter.main(tarFormatter.java:801)

Re: zmztozmig problem

Posted: Thu Feb 22, 2018 10:43 am
by rout3rx_blackhat
please help me. i should do this asap

Re: zmztozmig problem

Posted: Thu Feb 22, 2018 12:58 pm
by L. Mark Stone
The output is difficult to parse through it is true, but it shows that you have an authentication error. I'd start with that first.

Hope that helps,
Mark

Re: zmztozmig problem

Posted: Thu Feb 22, 2018 1:41 pm
by rout3rx_blackhat
no, all the Admin password correct i have check the administration panel.
is these error for untrusted SSL ?
but in help on https://wiki.zimbra.com/index.php?title ... _Migration i see all the SSL was untrusted...

Re: zmztozmig problem

Posted: Thu Feb 22, 2018 2:56 pm
by L. Mark Stone
rout3rx_blackhat wrote:no, all the Admin password correct i have check the administration panel.
is these error for untrusted SSL ?
but in help on https://wiki.zimbra.com/index.php?title ... _Migration i see all the SSL was untrusted...

How old is the source Zimbra system?

If its SSL certificate uses SHA-1, or if self-signed and the CA has expired, that could be the issue, yes.

Hope that helps,
Mark

Re: zmztozmig problem

Posted: Thu Feb 22, 2018 9:20 pm
by rout3rx_blackhat
the source is 6.0 and the destination is 8.8
is there any way to fix this ssl problem?

Re: zmztozmig problem

Posted: Thu Feb 22, 2018 9:30 pm
by L. Mark Stone
rout3rx_blackhat wrote:the source is 6.0 and the destination is 8.8
is there any way to fix this ssl problem?
Your better bet will be to use imapsync to move emails over, and on the 6.0 source server, export users' contacts and calendars to separate files and then import them on the new target 8.8 server.

Hope that helps,
Mark