common ldap error -Unable to determine enabled services from ldap

[indunil75]

Dear all,

I can't start zimbra service. i get below common error.


Search error: Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn't exist.

I checked /etc/hosts , /etc/resolve.conf file and I used dig mx domain.com.

All r perfect.

My certificate was valid up to 2020.
But I regenerated it.

then , I came a cross below errors.

/opt/zimbra/bin/zmcertmgr createcrt -new -days 1825

Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer mail.domain.com...failed (rc=1)

/opt/zimbra/bin/zmcertmgr deploycrt self

** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer mail.domain.com...failed (rc=1)

/opt/zimbra/bin/zmcertmgr deployca

** Saving config key 'zimbraCertAuthorityCertSelfSigned' via zmprov modifyConfig...failed (rc=1)

below thing I performed.

zmlocalconfig -s |grep ldap.*password

I checked localconfig.xml file.

I tried to upgrarde it. It gave me ldap error. then I followed this below URL.

https://wiki.zimbra.com/wiki/Upgrade_Sc ... figuration


Still no luck. my zimbra version is given below.

Release 8.8.11_GA_3737.RHEL7_64_20181207111719 RHEL7_64 FOSS edition, Patch 8.8.11_P4.

Hope to hear from you.

[DualBoot]

Hello

Maybe you should try this :
https://wiki.zimbra.com/wiki/Regenerate ... gle-Server

Regards,

[indunil75]

Hello

Maybe you should try this :
https://wiki.zimbra.com/wiki/Regenerate ... gle-Server

Regards,

Thanks for you response. I hv been working on this zimbra system moire than 24 hours.

I tried your URL. But it gave me errors. Pls see them.


$ /opt/zimbra/bin/zmcertmgr deployca

** Saving config key 'zimbraCertAuthorityCertSelfSigned' via zmprov modifyConfig...failed (rc=1) -----------> Can u tell me why?

Why is that?


$ /opt/zimbra/bin/zmcertmgr createcrt -new -days 365
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20200505152645
** Recreating /opt/zimbra/conf/zmssl.cnf
** Generating a server CSR of type 'self' for download
** Using CA cert in '/opt/zimbra/ssl/zimbra/ca/ca.pem'
** Using CA private key in '/opt/zimbra/ssl/zimbra/ca/ca.key'
** Retrieving Commercial CA cert from LDAP... failed
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr with keysize=2048 digest=sha256
** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer mail.domian.com...failed (rc=1). ------------> can u tell me why?
** Signing cert request /opt/zimbra/ssl/zimbra/server/serve

[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr deploycrt self

** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer mail.domain.com...failed (rc=1) ----------->. Can u tell me why?
** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'
** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/imapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/imapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/conf/imapd.keystore'
** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'
** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/slapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/slapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/mailboxd/etc/keystore'
** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'
** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/smtpd.crt'
** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/smtpd.key'
** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'
** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/nginx.crt'
** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/nginx.key'
** NOTE: restart services to use the new certificates.
** Cleaning up 3 files from '/opt/zimbra/conf/ca'
** Removing /opt/zimbra/conf/ca/6f5437d0.0
** Removing /opt/zimbra/conf/ca/ca.key
** Removing /opt/zimbra/conf/ca/ca.pem
** Copying CA to /opt/zimbra/conf/ca
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'
** Creating CA hash symlink '6f5437d0.0' -> 'ca.pem'

Really appreciate, if you can help further.

[Klug]

Is your DNS set up properly (splt DNS might be needed)?
Can you server resolve its own FQDN?

[indunil75]

Is your DNS set up properly (splt DNS might be needed)?
Can you server resolve its own FQDN?

zmhostname and nslookup and ping work properly. This worked until 2 days ago very well. This issue started suddenly.

how can I get email addresses. the below command does not work

$ zmprov -l gaa
[] INFO: master is down, falling back to replica...
[] FATAL: failed to initialize LDAP client
com.zimbra.cs.ldap.LdapException: LDAP error: : invalid credentials

Is there a alternative way to get email addresses?

another command.
$ zmprov getMailboxInfo admin@domain.com
[] INFO: I/O exception (java.net.ConnectException) caught when processing request: Connection refused (Connection refused)

There r messages under
/opt/zimbra/store/0 directory. I got a back up of this.

It there a way to restore these mails to the SAME USERS after a fresh install of zimbra?

[DualBoot]

You should investigate your zmlocalconfig setup. Maybe LDAP configuration is wrong.
Regards,

[indunil75]

Hello

Maybe you should try this :
https://wiki.zimbra.com/wiki/Regenerate ... gle-Server

Regards,

How can I solve this?


ldapsearch -x -h mail.domain.com -D uid=zimbra,cn=admins,cn=zimbra,dc=domain,dc=com -w PASSWORD
ldap_bind: Invalid credentials (49)

This may be problem?

How can I give a password?

zmldappassword newpass ?

Or

zmlocalconfig -e ?

Hope to hear from you.

[DualBoot]

before using zmlocalconf -e you should search the right password for the right LDAP user.
zmlocalconfig -s should show you all password which are stored in the setup. If you get them
replace them in the LDAP with Zimbra internal command.

Regards,

[indunil75]

before using zmlocalconf -e you should search the right password for the right LDAP user.
zmlocalconfig -s should show you all password which are stored in the setup. If you get them
replace them in the LDAP with Zimbra internal command.

Regards,

Thanks a lot.
zmlocalconfig -s |grep -i password gave me passwords. All r same. Let's say PASSWORD

Now how to replace them in zimbra LDAP with zimbra internal command?

What's the zimbra internal command?

Plz guide me I will do my homework...

[DualBoot]

You have answered it yourself earlier
zmldappasswd

Before make sure you have a backup and after each modification you should verify with common ldap command.