Running zextra restore - STARTTLS errors in logs and problems
Results 1 to 3 of 3

Thread: Running zextra restore - STARTTLS errors in logs and problems

  1. #1
    Member
    Join Date
    Nov 2012
    Posts
    26

    Running zextra restore - STARTTLS errors in logs and problems

    I ran zxsuite backup doExternalRestore /backup/source following the directions for incremental migration. I had started it over a month ago and got pulled away. I decided to finish the project but decided to start fresher since a fair number of account changes had happened. I deleted all the accounts, COS, DLs I had already imported, took a fresh backup and started a new restore. There seems to be multiple issues but the one that concerns me is /var/log mail.log is spewing

    Jan 18 10:32:29 zimbra-primary postfix/proxymap[18290]: error: dict_ldap_connect: Unable to set STARTTLS: -1: Can't contact LDAP server
    Jan 18 10:32:29 zimbra-primary postfix/proxymap[18290]: fatal: too many errors - program terminated
    and
    Jan 18 10:33:01 zimbra-primary postfix/cleanup[15966]: warning: 25B63440169: sender_canonical_maps map lookup problem for zimbra@zimbra-primary.azure.local

    I found this Error (MTA): Unable to set STARTTLS - Zimbra :: Wiki and looking in /opt/zimbra/conf/ca I have
    total 40
    drwxr-xr-x 2 zimbra zimbra 4096 Jan 13 17:44 .
    drwxr-xr-x 14 zimbra zimbra 4096 Jan 18 06:50 ..
    lrwxrwxrwx 1 root root 19 Jan 13 17:44 167f35e6.0 -> commercial_ca_2.pem
    lrwxrwxrwx 1 root root 19 Jan 13 17:44 2c543cd1.0 -> commercial_ca_1.pem
    lrwxrwxrwx 1 root root 17 Jan 13 17:44 2c543cd1.1 -> commercial_ca.pem
    lrwxrwxrwx 1 root root 19 Jan 13 17:44 2d4c58f9.0 -> commercial_ca_4.pem
    lrwxrwxrwx 1 root root 6 Jan 13 17:44 ba6b238f.0 -> ca.pem
    -rw-r----- 1 zimbra zimbra 916 Jan 13 17:44 ca.key
    -rw-r----- 1 zimbra zimbra 1350 Jan 13 17:44 ca.pem
    -rw-r--r-- 1 zimbra zimbra 1216 Jan 13 17:44 commercial_ca_1.pem
    -rw-r--r-- 1 zimbra zimbra 1769 Jan 13 17:44 commercial_ca_2.pem
    -rw-r--r-- 1 zimbra zimbra 1391 Jan 13 17:44 commercial_ca_3.pem
    -rw-r--r-- 1 zimbra zimbra 926 Jan 13 17:44 commercial_ca_4.pem
    -rw-r--r-- 1 zimbra zimbra 5302 Jan 13 17:44 commercial_ca.pem
    lrwxrwxrwx 1 root root 19 Jan 13 17:44 f131b364.0 -> commercial_ca_3.pem

    which looks suspicious. So, my question is, did zextras add additional cert files that are redundant and or problematic? Any insight would be helpful. I have more digging to do but thought I would get it out on the forums for others that might see what I am seeing. Oh, and mail obviously doesn't work on the target server.

    Also, one of my accounts with lots of mounted shares from other accounts isn't showing any of them. The restore is still running but I thought account structure stuff was restored first.

    Thanks,
    Stephen

  2. #2
    Member
    Join Date
    Nov 2012
    Posts
    26
    It seems to be getting worse. I think I am going to just re-install Zimbra and do the import again.

    The /opt/zimbra/conf/ca is just about the same on the source server.

    Stephen

  3. #3
    ZeXtras Community Manager ZeXtras Employee Cine's Avatar
    Join Date
    Apr 2011
    Posts
    2,356
    Hello Stephen J!

    ZeXtras Suite doesn't interact in any way with Zimbra's SSL Certificates, which in fact are neither exported/backed up nor imported by ZeXtras Backup.

    Should you start your import again on a new server, my suggestion would be not to move cert files straight from the old server but to manually import those using the guides available in the Zimbra Wiki (I don't know how you moved your certs to the new server, this is just the first tip that comes to my mind).

    Have a nice day,
    Cine
    the ZeXtras Team
    Last edited by Cine; 01-20-2014 at 11:00 AM.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •