Pages

Zimbra Unable to determine enabled services from LDAP

[zimbra@host]$ zmcontrol start
Host mail.plugged.in
Starting ldap…Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting logger…Failed.
Starting logswatch…ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
zimbra logger service is not enabled! failed.

The usual reason for this error is expired an SSL certificate.

This error usually happens if your SSL certificate has expired. There are two solutions for this problem.

The first solution is renewing your certificate and deploying it with the following command :

[zimbra@host]$ /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/your_new_ssl.crt /path/to/ca_bundle.crt


After this you need to restart zmcontrol.

The second solution is regenerating self-signed certificate.

[zimbra@host]$ su – zimbra -c ‘zmcontrol stop’
[zimbra@host]$ rm -rf /opt/zimbra/ssl/*
[zimbra@host]$ rm -rf /opt/zimbra/ssl/.rnd
[zimbra@host]$ /opt/zimbra/java/bin/keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
[zimbra@host]$ /opt/zimbra/java/bin/keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `su – zimbra -c ‘zmlocalconfig -s -m nokey mailboxd_keystore_password’`

Then you need to edit  /opt/zimbra/bin/zmcertmgr file ( you can use ‘vi’ )

Find validation_days=365 and change to validation_days=3650

And save /opt/zimbra/bin/zmcertmgr

[zimbra@host]$ /opt/zimbra/bin/zmcertmgr deployca -localonly
[zimbra@host]$ /opt/zimbra/bin/zmcertmgr createcrt self -new
[zimbra@host]$ /opt/zimbra/bin/zmcertmgr deploycrt self

[zimbra@host]$ su – zimbra -c ‘zmcontrol start’

[zimbra@host]$ /opt/zimbra/bin/zmcertmgr deploycrt self
[zimbra@host]$ /opt/zimbra/bin/zmcertmgr deployca

[zimbra@host]$ su – zimbra -c ‘zmupdateauthkeys’
[zimbra@host]$ /opt/zimbra/bin/zmcertmgr viewdeployedcrt

Reference : (Zimbra Mail Server) Unable to determine enabled services from LDAP

No comments:

Post a Comment

You might also like:

Popular Posts