Note: I originally posted this on a different website, but have since re-purposed that site, and having had this post help me out twice I figure it was worth keeping ;-)
Update: Bug 41683 is now showing as fixed in 6.0.4
So last night was the chosen time to upgrade the Zimbra install at work, all offices were shut, most people shouldn’t be working and if they were then an hour without email shouldn’t be too much to have to cope with.
With offices in San Francsico and also Dubai the time when server changes that impact everyone can be made is from midnight Friday through to 05:00 on Sunday morning (Dubai has Friday and Saturday as its weekend)
All seemed to go fine with the upgrade until I checked the installed certificate, this had reverted to an earlier, now expired cert. Using the admin interface to attempt a reinstall with newer server certificate failed with:
Message: invalid request: missing required attribute: server Error code: service.INVALID_REQUEST Method: GetCertRequest Details:soap:Sender
So a quick hunt around the support forums, a bit of googling later and with no obvious answer found (and an impending deadline) it was time to log a support ticket.
Shortly the landline rang and it was time to give over access of the mail server to Zimbra support to have a look and fix the problem. 10 Minutes later and all was sorted. It was a known bug (42216 / 41683) which is due to be fixed in 6.0.4
However the interim solution is to redeploy the commercial cert.
/opt/zimbra/bin/zmcertmgr verifycrt comm ./commercial.key ./commercial.crt ./commercial_ca.crt
Then if all looks good:
/opt/zimbra/bin/zmcertmgr deploycrt comm ./commercial.crt ./commercial_ca.crt
And you’re back up and running with the correctly installed commercial certificate.
Hopefully this is useful to someone, will probably need this again for the 6.0.3 upgrade
So I finally managed to spend some time over the last few days on sorting out the 7 VMWare servers we have in the London (Main) office and more specifically get a free server available so that I could retire a VMWare server that couldn’t be upgraded to the latest version of VSPhere.
Course of action was simple.
– Install a new management server as a physical machine
– Move all existing VMWare servers under the control of the new management server
Not quite that simple, until I had upgraded a server to VSPhere it couldn’t be managed by the new VCenter Server as it didn’t have the old 3.5x license server running.
So it took a bit of moving instances around the various servers and gradually upgrading all servers to VSPhere.
Once I’d worked out the correct order to move all of the servers around without killing anything it was time to get started, I moved all of the already upgraded servers under the control of the new VCenter Server, and then migrated the BDC and PDC from VMWare servers that needed upgrading, this meant I was left with two 3.5x boxes to upgrade one of which was running the old VCenter Server with the 3.5 license manager.
I shut down the old VCenter Server and migrated into on to an already upgraded VMWare Server then set to work upgrading the last two servers.
All very simple, just required a bit of planning to ensure I didn’t end up with a 3.5x server that I couldn’t do anything with as the license server wasn’t available (I’ve got around this issue before using an emergency local license but it is a problem best avoided.)
So I now have 7 VMWare servers all running the latest version of VSPhere (well 3 of them will be auto updating using the update manager over the weekend) and a physical install of the Virtual Center Server.
I’m happier that the main management machine is a physical box as it makes life easier doing updates.
Now to set about getting in the extra kit to go HA ;-)