I attempted this method to start a migration from one zimbra host to another:
Preferred Method of Moving Users To New Machine (zmmailboxmove - Network Edition Only) - Zimbra :: Wiki
It seems like most things are working however when I try to view server status and other multi-server specific item in the admin I get errors in the UI.
It seems to boil down to the SSL Cert and or the SSH keys. I tried to run
zmsshkeygen on the new host and get this error:
[QUOTE]ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
[zimbra@mail log]$ zmupdateauthkeys [/QUOTE]
Same goes for zmupdateauthkeys.
If I run zmupdateauthkeys on the old host I don't get that error, but it does fail to find the ssh key it's trying to retrieve from the new server.
My two hosts are zimbra.company.com and mail.company.com, mail is the new one. zimbra.company.com has a signed cert from a third party. mail.company.com was setup by the installer with a cert signed by the ca installed on zimbra.company.com.
I've seen similar errors discussed on the forum, but no solutions for me. All of the ones I found were single server or multi-server with self signed certs. And I don't think the directions are applicable to this environment. This document covers other scenarios but not multi server, commercial certs.
Administration Console and CLI Certificate Tools - Zimbra :: Wiki
I'm thinking I might need to put the zimbra CA cert on mail so mail trusts it's own cert? (I'm not ready to get a 3rd party cert for this guy just yet) But I wanted to bounce it here before I start breaking things.
UI Errors in viewing multi servers.
UI Errors in viewing multi servers.
[quote user="jeffbearer"]I attempted this method to start a migration from one zimbra host to another:
Preferred Method of Moving Users To New Machine (zmmailboxmove - Network Edition Only) - Zimbra :: Wiki
It seems like most things are working however when I try to view server status and other multi-server specific item in the admin I get errors in the UI.
It seems to boil down to the SSL Cert and or the SSH keys. I tried to run
zmsshkeygen on the new host and get this error:
Same goes for zmupdateauthkeys.
If I run zmupdateauthkeys on the old host I don't get that error, but it does fail to find the ssh key it's trying to retrieve from the new server.
My two hosts are zimbra.company.com and mail.company.com, mail is the new one. zimbra.company.com has a signed cert from a third party. mail.company.com was setup by the installer with a cert signed by the ca installed on zimbra.company.com.
I've seen similar errors discussed on the forum, but no solutions for me. All of the ones I found were single server or multi-server with self signed certs. And I don't think the directions are applicable to this environment. This document covers other scenarios but not multi server, commercial certs.
Administration Console and CLI Certificate Tools - Zimbra :: Wiki
I'm thinking I might need to put the zimbra CA cert on mail so mail trusts it's own cert? (I'm not ready to get a 3rd party cert for this guy just yet) But I wanted to bounce it here before I start breaking things.[/QUOTE]
You describe my exact problem. Did you ever fix this?
Preferred Method of Moving Users To New Machine (zmmailboxmove - Network Edition Only) - Zimbra :: Wiki
It seems like most things are working however when I try to view server status and other multi-server specific item in the admin I get errors in the UI.
It seems to boil down to the SSL Cert and or the SSH keys. I tried to run
zmsshkeygen on the new host and get this error:
Same goes for zmupdateauthkeys.
If I run zmupdateauthkeys on the old host I don't get that error, but it does fail to find the ssh key it's trying to retrieve from the new server.
My two hosts are zimbra.company.com and mail.company.com, mail is the new one. zimbra.company.com has a signed cert from a third party. mail.company.com was setup by the installer with a cert signed by the ca installed on zimbra.company.com.
I've seen similar errors discussed on the forum, but no solutions for me. All of the ones I found were single server or multi-server with self signed certs. And I don't think the directions are applicable to this environment. This document covers other scenarios but not multi server, commercial certs.
Administration Console and CLI Certificate Tools - Zimbra :: Wiki
I'm thinking I might need to put the zimbra CA cert on mail so mail trusts it's own cert? (I'm not ready to get a 3rd party cert for this guy just yet) But I wanted to bounce it here before I start breaking things.[/QUOTE]
You describe my exact problem. Did you ever fix this?
-
jeffbearer
- Posts: 22
- Joined: Sat Sep 13, 2014 1:07 am
UI Errors in viewing multi servers.
I've been trying to recall all day what the solution was but I can't, I'm sorry. It might have been to put the CA cert from the old server onto the new one. Or I got a CA signed certificate for the new server. Sorry I can't be of more help.
UI Errors in viewing multi servers.
Finally solved this problem. Actually found 2 ways to solve:
1) Purchase and install signed certificate
2) Allow untrusted certificate - (run as zimbra user: zmlocalconfig -e ssl_allow_untrusted_certs=true)
1) Purchase and install signed certificate
2) Allow untrusted certificate - (run as zimbra user: zmlocalconfig -e ssl_allow_untrusted_certs=true)