Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Upgrade to 7.1.3 gone seriously wrong and looking for advice

  1. #1
    Junior Member
    Join Date
    Jan 2013
    Posts
    23

    Upgrade to 7.1.3 gone seriously wrong and looking for advice

    Hi, I am running a Centos 6 system with Zadmin and Zarafa and have had this working successfully for several years. Today, I allowed yum to install upgrades to zadmin 1.5.0-4.el6 and zarafa 7.1.13-51032.

    After the upgrade I could not get zarafa-server, zarafa-ical and zarafa-gateway to run they all complained about a key ssl_enable_v2 no longer being recognised. I commented out the corresponding entry in gateway.cfg, ical.cfg and server.cfg, but could still not get zarafa-server to run. Upon looking at the server.log file from zadmin it appeared to have lost the mysql database password, which I re-entered and managed to get zarafa-server running.

    Having got all the services running I tried to login from Outlook and then webaccess/ webapp. In all cases the existing username / password combinations were rejected. I then looked at the orphaned stores in zadmin and see that my three users all have orphaned stores circa 500 MB each, but I have no users listed in zadmin, but can still see all the users from LDAP. I tried adding a new user but it complained about an SID being allocated to an existing user despite this user not being visible and with the data shown as orphaned.

    I am very nervous of losing the mailbox data (now orphaned) and hoping for some advice on the best next steps.

    Thanks

  2. #2
    Senior Member
    Join Date
    Dec 2012
    Posts
    267
    Hi,

    I'm sorry to hear that you've got such problems with the upgrade. I will look into fixing the ssl_enable_v2 thing in an automatic way.
    Now that you've removed ssl_enable_v2, you should probably set the new option with a similar meaning in order to retain the previous behavour:



    Regarding your other issues, I really wonder how they could have happened. Did you replace any other configs? I have not seen such behaviour in any of our previous upgrade tests.

    Your ldap data still looks correct, right? I remember a RedHat/CentOS bug which removed the whole LDAP tree upon ldap upgrades in typical Z-Admin setups.

    If the Z-Admin interface does not show the "old" users, getent passwd will probably also fail to show them. With "Local authentication", nss will use ldap to access the user list. If LDAP still contains the data, I suspect that nss_ldap has problems accessing your LDAP tree.

    As long as the stores are visible as orphaned stores, the data is still there and re-assigning it to the proper users should not be too hard with "only" 3 users. If you do not have any recent backups, now would be a good time to create some before continuing fixing the problems.

    Can you check the file modification times of /etc/ldap.* and compare them with the time of upgrade?
    What was the zadmin version before the upgrade? Did you install any other (non-zadmin and non-Zarafa) updates at the same time? Was there anything else you did besides running yum upgrade?

    Kind regards,

    Christian

  3. #3
    Junior Member
    Join Date
    Jan 2013
    Posts
    23
    Thanks for prompt response Christian.

    My LDAP tree looks fine, as it did before the upgrade.

    Z-Admin was not showing any users, but I went into Accounts>Authentication Server>Select Authentication and selected Local Authentication (as it was before) and this brought all the users back to Z-Admin, except the users are now shown as Zarafa contacts and not Zarafa users and they can’t be modified.

    I have a backup from the evening before the upgrade and I have also taken a post upgrade backup.

    I have openldap installed and the contents of /etc/openldap is as follows:

    drwxr-xr-x. 2 root root 4096 Feb 2 2013 cacerts
    drwxr-xr-x. 2 root root 4096 Oct 15 2014 certs
    -rw-r--r--. 1 root root 426 Feb 2 2013 ldap.conf
    -rw-r--r--. 1 root root 280 Jun 22 2012 ldap.conf.yaffassave
    drwxr-xr-x. 2 root root 4096 Feb 24 06:22 schema
    -rw-r-----. 1 root ldap 4575 Feb 2 2013 slapd.conf
    drwxr-x---. 3 ldap ldap 4096 Oct 15 2014 slapd.d

    Prior to the upgrade I had zadmin-1.4.0-1.el6.noarch with zarafa 7.1.12

    I am not aware of any other packages being installed; but I do recall 62 packages being identified by yum. Apart from this, nothing else unusual.

    Best Regards,

    Martin

    ---------- Post added ----------

    Just noticed you asked me for files in /etc and not /etc/openldap, but these have not been modified since 2013

    -r--r-----. 1 root ldapread 468 Feb 2 2013 ldap.conf
    -rw-r-----. 1 root ldapread 10 Feb 2 2013 ldap.secret
    -rw-r-----. 1 root ldapread 180 Feb 2 2013 ldap.settings

  4. #4
    Senior Member
    Join Date
    Dec 2012
    Posts
    267
    Ok, so nss_ldap should be ok again.

    I guess the users are listed with an store .

    This may now be the chance to reassign the orphaned stores to their users. Can you try that using the orphaned store module in the Zarafa category in Z-Admin?

  5. #5
    Junior Member
    Join Date
    Jan 2013
    Posts
    23
    That is correct the users are listed as blue icons with the red cross. I tried to reassign and this does list all these inactive store icon users, but when I select the Hook button, nothing happens

  6. #6
    Senior Member
    Join Date
    Dec 2012
    Posts
    267
    No idea what's going wrong there. I would suggest trying to re-hook on the command line. This should either work or lead to a useful error messages.

    Use zarafa-admin --list-orphans and --hook-store as described in .

  7. #7
    Junior Member
    Join Date
    Jan 2013
    Posts
    23
    Results from above as follows:

    [[email protected] ~]# zarafa-admin --list-orphans
    Stores without users:
    Store guid Guessed username Last login Store size Store type
    --------------------------------------------------------------------------------------------------------------------------
    4076605176C74AC5899E16AC089A39BD martin.main 07/29/2015 04:52:17 AM 431.31 MB private
    55ADA0B041D8437FB174B60A61FC793D joanna.main 07/29/2015 03:55:05 AM 330.06 MB private
    B290BFA49CB64065AF1DE6814BB444AF hadyn.main 07/29/2015 04:47:49 AM 473.51 MB private
    [[email protected] ~]# zarafa-admin --hook-store 4076605176C74AC5899E16AC089A39BD -u martin.main
    Unable to find user, martin.main not found

  8. #8
    Senior Member
    Join Date
    Dec 2012
    Posts
    267
    Are your users listed with zarafa-admin -L?
    If not, have you restarted zarafa-server after doing any config changes?

    Maybe something is still wrong with your zarafa config. Are there any .rpmsave backups in /etc/zarafa? Then maybe taking these as an inspiration (diff...) for fixing the current configs may be an idea.
    If you have easy access to your backup (i.e. it's some kind of archive and not an image), then comparing the old, working configs from there would also be a good idea.

    Still, I don't know what caused this...

    ---------- Post added ----------

    As far as I remember, 1.4.0 had ZCP-7.1.10 and we did not ship 7.1.12 there. Unless this is a typo, I assume you updated the Zarafa packages yourself? Or did you get Zarafa from anywhere else?
    Official Zarafa Open-Source packages? Zarafa Home packages (proprietary)? Or maybe somewhere else?

    Just trying to find out what caused the trouble...

  9. #9
    Junior Member
    Join Date
    Jan 2013
    Posts
    23
    Christian,

    I only ever downloaded using yum from the yaffas repository, hence this must have been 7.1.10

    Comparison between the files as follows, noting that only the three files mentioned above were altered

    server.cfg
    Key Old Value New Value
    attachment_path /data/zarafa/attachments /var/lib/zarafa/attachments
    client_update_path /opt/software/zarafa /var/lib/zarafa/client
    coredump_enabled <no key> yes
    disabled_features imap pop3
    enable_sql_procedures <no key> no
    local_admin_users vmail root
    server_ssl_ca_file /opt/yaffas/ssl/certs/zarafa-server /etc/zarafa/ssl/cacert.pem
    server_ssl_enabled yes no
    server_ssl_key_file /opt/yaffas/ssl/certs/zarafa-server /etc/zarafa/ssl/server.pem
    server_ssl_key_pass <no key> replace-with-server-cert-password
    server_ssl_protocols <no key> !SSLv2
    sslkeys_path <no key> /etc/zarafa/sslkeys
    user_plugin ldap db

    gateway.cfg
    Key Old Value New Value
    server_hostname <no key>
    server_hostname_greeting <no key> no
    pop3s_enable yes no
    imaps_enable yes no
    imap_max_messagesize <no key> 128M
    imap_generate_utf8 <no key> no
    imap_expunge_on_delete <no key> no
    imap_store_rfc822 <no key> yes
    ssl_private_key_file /opt/yaffas/etc/ssl/certs/zarafa-gateway.key /etc/zarafa/gateway/privkey.pem
    ssl_certificate_file /opt/yaffas/etc/ssl/certs/zarafa-gateway.crt /etc/zarafa/gateway/cert.pem

    icl.cfg
    Key Old Value New Value
    icals_enable yes no
    ssl_private_key_file /opt/yaffas/etc/ssl/certs/zarafa-ical.key /etc/zarafa/ical/privkey.pem
    ssl_certificate_file /opt/yaffas/etc/ssl/certs/zarafa-ical.crt /etc/zarafa/ical/cert.pem
    server_timezone Europe/Berlin Europe.Amsterdam
    enable_ical_get <no key> yes

  10. #10
    Senior Member
    Join Date
    Dec 2012
    Posts
    267
    Hi,

    this certainly looks like your config has been overwritten by some fresh config file. Try using the old config files (those with the yaffas paths), but keep (or re-add) the server_ssl_protocols entry. The critical item probably is "user_plugin db", which explains why Zarafa does not know your users.

    Kind regards,

    Christian

Page 1 of 2 12 LastLast

Similar Threads

  1. advice on upgrade to new server
    By thctlo in forum Installation, Configuration and Maintenance
    Replies: 0
    Last Post: 15-07-2013, 12:51 PM
  2. upgrade 6.3 standaard to new server 7.0 advice
    By thctlo in forum Installation, Configuration and Maintenance
    Replies: 0
    Last Post: 03-04-2012, 03:16 PM
  3. Wrong Version After Upgrade
    By web4you in forum Installation and Configuration Archives
    Replies: 2
    Last Post: 16-07-2010, 09:22 AM
  4. Quite a large NAS/SAN... RAID Advice.. please?
    By stephen in forum Installation and Configuration Archives
    Replies: 1
    Last Post: 28-06-2010, 11:48 AM
  5. advice needed.
    By thctlo in forum Z-Merge Development Archives
    Replies: 1
    Last Post: 06-11-2009, 01:55 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •