Hello,
I have inherited a messy zimbra deployment that is used for a testing lab. Using this as my learning exercise on the zimbra platform.
zmcontrol -v gives me: Release 8.8.15_GA_3869.RHEL7_64_20190917004220 RHEL7_64 NETWORK edition, Patch 8.8.15_P32.
However, not all servers in this deployment are on the same version. Here is a snapshot:
[zimbra@testlab-eml-ldp-003 ~]$ zmprov gas
testlab-eml-ldp-003.example.com (Release 8.8.15_GA_3869.RHEL7_64_20190917004220 RHEL7_64 NETWORK edition, Patch 8.8.15_P32.)
testlab-eml-ldp-004.example.com (Release 8.8.15_GA_3869.RHEL7_64_20190917004220 RHEL7_64 NETWORK edition, Patch 8.8.15_P32.)
testlab-eml-mbs-001.example.com (Release 8.8.15_GA_3869.RHEL7_64_20190917004220 RHEL7_64 NETWORK edition, Patch 8.8.15_P32.)
testlab-eml-mta-001.example.com (Release 8.8.15_GA_3869.RHEL7_64_20190917004220 RHEL7_64 NETWORK edition.)
log.example.com (Release 8.8.15_GA_3869.RHEL6_64_20190917004220 RHEL6_64 NETWORK edition, Patch 8.8.15_P22.)
mbs1.example.com (Release 8.6.0_GA_1153.RHEL6_64_20141215151258 RHEL6_64 NETWORK edition, Patch 8.6.0_P6.)
mbs2.example.com (Release 8.6.0_GA_1153.RHEL6_64_20141215151258 RHEL6_64 NETWORK edition, Patch 8.6.0_P6.)
It's quite a diverse patchwork for sure! Most are running RHEL 7.9, the last 2 are running RHEL 6.10 that I want to remove for now.
My goal was to move the few mailboxes off these unique (non Patch 8.8.15_P32) servers and remove them from the configuration to sort out some errors I have been tasked to resolve.
When I try to run zmprov gmi on some accounts on these servers, I get "ERROR: service.AUTH_EXPIRED (auth credentials have expired)"
If I try to move one of the mailboxes on these unique servers I get another variation: "Error occurred: auth credentials have expired"
I have a support case open with zimbra support, they determined it was issues with ldap, so they had me try doing an ldap dump/copy to the secondary ldap server, I followed: https://wiki.zimbra.com/wiki/LDAP_Multi ... is_cleared multiple times with no success.
I have tls disabled for the ldap servers, as this seemed to have been a root cause that brought on the errors. I have also tried running zmsshkeygen on all servers, and then zmupdateauthkeys, I checked then corrected the ldap_master_url and ldap_url in zmlocalconfig, thought that was the issue. They had me run zmcertmgr to create new certs on all servers, and restart services a few times. Nothing seems to resolve the auth credential errors.
Just curious if anyone has fought this auth cred expiry errors? Is there something I can try to get these accounts moved over to the patched mailbox servers? Zimbra support has been helpful, but I have been struggling over a month on this initial issue. Feel stuck so I thought I would post here. I did a few searches and found some tips that I have already tried. So here I am, sorry for the wall of text. Thanks
ERROR: service.AUTH_EXPIRED (auth credentials have expired)
- Oldfart423
- Posts: 13
- Joined: Tue Aug 02, 2022 9:47 pm
- Location: US
- ZCS/ZD Version: 8.8.15_P33
- Oldfart423
- Posts: 13
- Joined: Tue Aug 02, 2022 9:47 pm
- Location: US
- ZCS/ZD Version: 8.8.15_P33
Re: ERROR: service.AUTH_EXPIRED (auth credentials have expired)
I found this https://wiki.zimbra.com/wiki/ERROR:_ser ... IRED_error
Ran through the authtoken checks, all are set to 2days. And made sure the clocks all match, yet I still get the same error.
WIll keep swinging at it, may have to tear it all down and start over.
Is there a manual/rsync method to move mailboxes off servers by hand since zmmboxmove won't work?
Ran through the authtoken checks, all are set to 2days. And made sure the clocks all match, yet I still get the same error.
WIll keep swinging at it, may have to tear it all down and start over.
Is there a manual/rsync method to move mailboxes off servers by hand since zmmboxmove won't work?