I have inherited a messy zimbra deployment that is used for a testing lab. Using this as my learning exercise on the zimbra platform.
zmcontrol -v gives me: Release 8.8.15_GA_3869.RHEL7_64_20190917004220 RHEL7_64 NETWORK edition, Patch 8.8.15_P32.
However, not all servers in this deployment are on the same version. Here is a snapshot:
[zimbra@testlab-eml-ldp-003 ~]$ zmprov gas
testlab-eml-ldp-003.example.com (Release 8.8.15_GA_3869.RHEL7_64_20190917004220 RHEL7_64 NETWORK edition, Patch 8.8.15_P32.)
testlab-eml-ldp-004.example.com (Release 8.8.15_GA_3869.RHEL7_64_20190917004220 RHEL7_64 NETWORK edition, Patch 8.8.15_P32.)
testlab-eml-mbs-001.example.com (Release 8.8.15_GA_3869.RHEL7_64_20190917004220 RHEL7_64 NETWORK edition, Patch 8.8.15_P32.)
testlab-eml-mta-001.example.com (Release 8.8.15_GA_3869.RHEL7_64_20190917004220 RHEL7_64 NETWORK edition.)
log.example.com (Release 8.8.15_GA_3869.RHEL6_64_20190917004220 RHEL6_64 NETWORK edition, Patch 8.8.15_P22.)
mbs1.example.com (Release 8.6.0_GA_1153.RHEL6_64_20141215151258 RHEL6_64 NETWORK edition, Patch 8.6.0_P6.)
mbs2.example.com (Release 8.6.0_GA_1153.RHEL6_64_20141215151258 RHEL6_64 NETWORK edition, Patch 8.6.0_P6.)
It's quite a diverse patchwork for sure! Most are running RHEL 7.9, the last 2 are running RHEL 6.10 that I want to remove for now.
My goal was to move the few mailboxes off these unique (non Patch 8.8.15_P32) servers and remove them from the configuration to sort out some errors I have been tasked to resolve.
When I try to run zmprov gmi on some accounts on these servers, I get "ERROR: service.AUTH_EXPIRED (auth credentials have expired)"
If I try to move one of the mailboxes on these unique servers I get another variation: "Error occurred: auth credentials have expired"
I have a support case open with zimbra support, they determined it was issues with ldap, so they had me try doing an ldap dump/copy to the secondary ldap server, I followed: https://wiki.zimbra.com/wiki/LDAP_Multi ... is_cleared multiple times with no success.
I have tls disabled for the ldap servers, as this seemed to have been a root cause that brought on the errors. I have also tried running zmsshkeygen on all servers, and then zmupdateauthkeys, I checked then corrected the ldap_master_url and ldap_url in zmlocalconfig, thought that was the issue. They had me run zmcertmgr to create new certs on all servers, and restart services a few times. Nothing seems to resolve the auth credential errors.
Just curious if anyone has fought this auth cred expiry errors? Is there something I can try to get these accounts moved over to the patched mailbox servers? Zimbra support has been helpful, but I have been struggling over a month on this initial issue. Feel stuck so I thought I would post here. I did a few searches and found some tips that I have already tried. So here I am, sorry for the wall of text.
Thanks