zimbra-conf fails with ERROR: account.AUTH_FAILED (Solved)

Alex Rhys-Hurn's picture

EDIT: This topic is being moved here from an email dialogue:

 I have a problem that when I execute the following in the zimbra appliance as root:
 /usrlocal/bin/zimbra-conf Passw0rd
 That the script runs but terminates with the following output (last few
 lines for brevity):
 * Changed mysql root user password root@localhost
 * Changed zimbra mysql user password
 /opt/zimbra/bin/logmysqladmin -u root
 --password=o9rS2clYUs8Eapx.vvYTCI1J5szs5Ab password
 * Changed mysql root user password
 * Changed mysql root user password root@localhost
 * Changed zimbra mysql user password
 ERROR: account.AUTH_FAILED (authentication failed for zimbra)
 I have opened the script with nano, but cannot see any place that may be
 causing this AUTH_FAILED error.
 After this the entire Zimbra install is broken and I must re-install
 from scratch.
 I hope you may be able to assist me to resolve this.
 All the best,

Alon Has responded as follows:

I have not come across the issue you describe in my testing, so I have a
couple of questions:

    - is the issue reproducible?
    - was zimbra-conf the first thing you did after installing?
        - did you stop/start any other services?
    - did zimbra successfully start before running zimbra-conf?
    - are you using the VM, ISO or EC2 instance?
    - did you setup the DNS records?
    - is networking configured correctly?

I am not sure about this, but it might be caused by the providing the
FQDN instead of, as the script assumes
the FQDN will become mail.DOMAIN_YOU_PROVIDE.

We will probably change this in future, as we should not assume
anything. Anyway, you can change this in the script if you require
zimbra.itworx instead of mail.itworx, but lets first get everything

It would be great if you could try the following:

    - fresh install                 # or live while testing
    - /etc/init.d/zimbra stop       # should not be required though
    - zimbra-conf Passw0rd

If you are still having problems, I'll try reproduce the issue myself
and get to the bottom of it.

Alex Rhys-Hurn's picture

Thank you for the response Alon,

The details I have in response to your questions are as follows:

1: Yes, I can reproduce this every time.
2: I am setting this up as a demo on a subdomain, so is the correct mail domain. The Hostname is and it is pingable and resolvable to
3: I am already running a mail server for its my main one, and should this trial go ok, Zimbra might move there.
4: I am running the turnkey appliance as a virtual machine on Vmare ESXi. I have taken a snapshot of the machine immediately after the install, when only the IP address has been set statically. I revert to this as a clean install.
5: I am using the iso 2009.10 instance.
6: I have tried to zimbra-conf both before even logging in to zimbra as well as after checking to see that I could log in to the admin area with the default turnkey credentials and also checked the user end too. All webmin and other services are running fine.
7: I agree that you should not assume the mail.FQDN, some people like the choice.
8: I have stopped the Zimbra service as you suggest and then run zimbra-conf Passw0rd and I get the same error. Note that I did this both with the and domains. Same problem.

This is a bit of a challenge as the domain resolution will always fail for and so prevent zimbra from processing mail well unless we change this.

I hope you can help me find an answer.

Thanks folks,



Alon Swartz's picture

I will have to test this locally and try reproduce it.
BTW, with regards to to DNS resolution, zimbra-conf updates /etc/hosts to work around that, so it shouldn't be a problem.
Alex Rhys-Hurn's picture

Has anyone else out there been able to reproduce this or had any experience that can help Alon?

Its beyond my skills now.



Alon Swartz's picture

Firstly Alex, thanks for reporting this issue. I am still not sure how it got passed our Q&A, as everything worked as expected during testing.

I successfully confirmed the above described problem. To workaround this issue please add the following lines (bold) before # initialize documents (notebook wiki):

# restart zimbra services for changes to take effect
$ZM_SUDO "$ZM_BIN/zmcontrol stop"
$ZM_SUDO "$ZM_BIN/zmcontrol start"

# initialize documents (notebook wiki)

With regards to using a subdomain different to the default mail, the following change should work:

FQDN=mail.${DOMAIN}         # before
FQDN=groupware.${DOMAIN}    # after

Please report back whether the above helps.

Ken's picture


I am demo'ing the Zimbra applaince for my employer, but cannot get this appliance to use a valid FQDN.

what file are you editing to provide this fix?


Is there a step-by-step somewhere for setting this up with anything other than If I directly edit the /etc/hosts file, it just kills everything. ( server starts, but splapd dies)


I appreciate that there is a lot of work into this appliance, but if is as much work to re-configure it to play nice as it is to do a scratch-build, I am not seeing the point.




Ken's picture

never mind...I'll just slap the stupid out of myself for you...xP

The problem I now see is I ran the script the first time, I got the error noted, so I edited as shown in your article.


Now I get

ERROR: account.NO_SUCH_DOMAIN (no such domain:


Is this an error I need to worry about, or can it be ignored?





Ken's picture

OK, I decided on a clean-sheet here. I did a fresh vm from the ISO. 

Set everything up default. made sure services working; logged in with, logged out

Edited the zimbra-conf file & added the lines above.

ran /usr/local/bin/zimbra-conf MypaSsword

eveything flowed nice UNTIL:




* Changed zimbra mysql user password

-su: ZM_BIN/zmcontrol: no such file or directory

hoped it was minor, but after reboot, I get NOTHING...arrgh!

I though appliances were supposed to be easier than scratch installs!!:(


I have had this exact same appliance up & running with the default domain 4 or 5 times now, and able to send out emails - the only arrgh here is trying to used my own FQDN.

Liraz Siri's picture

Don't give up just yet. From the error message you are getting it seems you didn't apply the workaround correctly.

There's a difference between $ZM_BIN and ZB_BIN. One is interpreted by the script as a variable and the other is interpreted as a string literal.

Hope that solves your problem.

Liraz Siri's picture

Just guessing from the error message you're getting did you perhaps forget to setup the DNS records (e.g., for
Ken's picture


Thanks for getting back to me

I am using a FQDN that is already tested ( &  MX record resolves to with an IP of I set the ip static on the interface, and can ssh using either the ip or the domain name.

As I was typing this, I saw a fresh message pop-up ( I am re-installing the appliance at the moment) During the copying data to disk phase is see: "t17 ./dev/log: socket ignored"

I was also very meticulous about the spelling of the commands that I was first in my browser this page was making the "M's" look like "H's", so I was double-checking every entry

The fresh install is finished, and will just set the IP again & BRB



Liraz Siri's picture

As we just found out with Ken it's too easy to misapply this workaround. To very frustrating effect. Let's remember Murphy's law - anything that can go wrong will go wrong. We can try to minimize the possibility for human error by providing cut and paste instructions.

For example, instead of telling them to update a particular file at so and so position, it would have been better to create a cut and paste command:

sed -i '/^# initialize documents/ a\
# restart zimbra services for changes to take effect\
$ZM_SUDO "$ZM_BIN/zmcontrol stop"\
$ZM_SUDO "$ZM_BIN/zmcontrol start"\n' /usr/local/bin/zimbra-conf
All the user needs to do is paste that into the command line. Granted creating a sed command like that might be a bit cumbersome. Maybe it's best to create a patch.

Ken's picture

Thank you very much Liraz

I went through the whole thing step-by-step again, and also found that my desktop PC NIC will flake out at odd times.

I Did double-check my spelling and grammer for the zimbra-conf script, and it was correct, but I now have a sneaking suspicion that my NIC garbled the reception of data, so when I was trying to connect to the login pages, i was only get blank screens. What confused me was that I had streaming internet radio that was operating glitch-free, and I could jump among many web pages I had open, but could not make any NEW connections.

best regards, and sorry for the confusion.



Guest's picture

I know this is the old domain for the appliance but I can't seem to get pass this. I have applied the patch you suggested, thank you BTW, but can't seem to resolve this. Why is zimbra not updating the domain name and still trying to resolve

Alex Rhys-Hurn's picture

Hi Alon,

Thank you for a quick response and solution.

Both parts of your workaround worked exactly as intended. I am now very happy with my appliance and have mails flowing there already.

Can I suggest adding the hint about how to set the hostname for the domain to the main turkey appliance page? Or maybe as a switch to the zimbra-conf command?

All the best and thanks for your help,


Alon Swartz's picture

Glad to hear everything is working. I have updated the appliance page to refer to this thread. When we release a new version it will include this fix, as well as an option to specify a hostname.

If you have any other issues or ideas on how to improve the appliance, drop us a line.
Abdul's picture

Hi, imported the appliance to virtual box. followed the instructions above except for the subdomain. I ran

/usr/local/bin/zimbra-conf certified.local xxxxx

everything ran fine but when I tried to log in as admin and password xxxxx, it hangs. I tried loging in using the default password it does the same thing.

Can you help?

thanks Abdul


Alon Swartz's picture

As mentioned on the appliance page, the login name should include the domain name. So, in your case it would be admin@certified.local
Abdul's picture


Thanks you for the replay, it was lame of me not to include @domain name.  I added 2 users but zimbra is not sending emails among them. any idea

Abdul's picture

Thanks I got it to work. It has to do with DNS in my firewall. 

Thank you for the great work. keep it up

Alex Rhys-Hurn's picture

Dear All,

The work around provided by ALon works perfectly everytime bth on virtual machines as well as physical hardware. So please make sure your file edits are perfect.

I have however moved on from this appliance for the following reasons:

1: No Multidisk support for software raid (md and mdadm) in the manual partitioning at setup of the disks. A MAJOR issue for me.

2: Not Zimbra 6

3: Not flexible enough if you want to go down the path of multiple server deployments (cluster etc..)

Having said all that though for small deployments in a virtualised environment it does what it says on the can.

Ken has a point though that if you have to tweak an install too much you might as well make a custom install, and the procedure found on the ZImbra wiki for Ubuntu 8.04 install is really easy.


Liraz Siri's picture

Zimbra 6 was still in testing when we were developing the Zimbra appliance so we went with Zimbra 5 instead. Some users prefer their software to be cutting edge but usually you pay a price for the latest and greatest. Note however that the next version of the appliance we release will be based on Zimbra 6.

We'll look into adding support for software raid into di-live. If we can add those kind of advanced features without making installation more difficult I think it will be a good idea. For those users who are using virtualization it might be a better idea to setup RAID on the host machine, rather than inside the guest. Also, if your hardware/BIOS supports it, you might be better off with hardware RAID.

Regarding clustering, that's another thing we'd like to add support for in future versions. Meanwhile you might want to consider using the current appliance as a starting point and just patching in the changes you need made. That way you at least benefit from the standard TurnKey features (e.g., webmin, the ajax webshell, automatic security updates, etc.). If you do it would be great if you could share your experience about it so the community benefits.

Anyhow, thanks for the feedback and good luck!

frefool's picture

adding new entry ",cn=servers,cn=zimbra"
Reinitializing the mta config...done.
Reinitializing snmp config...creating /opt/zimbra/conf/swatchrc
Killing slapd with pid 24799 done.
Started slapd: pid 25234
Thu Dec 31 00:09:19 2009 Rewrote: /opt/zimbra/mailboxd/etc/
Thu Dec 31 00:09:19 2009 Rewrote: /opt/zimbra/conf/
Thu Dec 31 00:09:19 2009 Rewrote: /opt/zimbra/mailboxd/etc/jetty.xml
Starting zmmtaconfig...done.
Starting mysqld...done.
Starting mailboxd...done.
ERROR: account.NO_SUCH_DOMAIN (no such domain:

Hi what went wrong at my projekt ?
Liraz Siri's picture

Please apply the patch as discussed in the above comment.
Bob Radvanovsky's picture

I went ahead and changed the "/etc/hosts" file to reflect the correct hostname, etc.

(1)  Changed the entry within the "/etc/hostname" from "zimbra" to "xmail".

(2)  Modified the "/etc/hosts" file:

root@xmail:/etc# more hosts       localhost       zimbra   srvrxxx  xmail 

Rebooted several times, and finally got it to take the effects.  Now, I've got an increasing number of "Deferred" emails.  Again, I CAN send email OK, just not receive it.

Also, an annoying little @&*$^@ involving the "/etc/resolv.conf" file.  Need to add additional nameservers.  Current nameserver is nameserver for "".  Need to add the 3 nameservers for "".  Any suggestions?

Last, if I have the Zimbra admin port (7071) NAt'd to something else, say "666" (meaning, external port is "666", internal port within DMZ is "7071"), it doesn't seem to work; however, if I keep the ports the same on both external AND internal, it works fine.  Just to be safe, I am adding IP address and MAC restriction ACLs.  This is a POWERFUL utility.

Any help would be mucho appreciato...



Bob Radvanovsky's picture

After reviewing what happened, I can't figure out which step I messed up on.'s 'da deal...I've got everything firewalled to a DMZ.  The DMZ has its own DNS (and yes, I checked the entry for the local DMZ IP address).  DMZ does a passthru on DNS as part of the aliasing and port forwarding...



Liraz Siri's picture

A few questions: Can the clients who are sending you mail resolve the MX record to your domain? And does it resolve to Zimbra appliance's address? And did you verify that they can connect to that address and you don't have any routing/firewalling issues?
Bob Radvanovsky's picture

OK, here's 'da deal with the setup.  I will try and provide a configuration of my network:

Internet                                                            DMZ

ext IP           int IP

ext NM       int NM

ext GW        int GW
             (router)                         (firewall, which is

ext DNS       int DNS

Current MX records on external DNS is:

MX 0
MX 1

new address will be "", replacing "" -- eventually; "" is secondary mail server, and will remain a secondary mail server, and will not be replaced.

Typically, servers utilize the internal DMZ DNS.  So for this server, it is "", external DNS entry was "".  The internal DMZ DNS server is another server (not Zimbra server).

Resolving externally?  Yes.  I was able to access a SSH account from an offsight lcoation, and it corresponded to "".

I don't know what else to say, except that I am familiar with the SuSE/CentOS/Red Hat environment.  This configuration has me all confused.


Second question, what do I do about the "/etc/network/interfaces", the "/etc/resolv.conf", and the "/etc/motd" files reverting back to whatever the server *thinks* it should be (this implies that there is a configuration somewhere else that is overriding the current configuration files).  This is all well and good, but makes for some interesting times, adding to the confusion.  Any ideas as to how to fix this?

Third, when I took a look at the "/etc/hosts" file after the initial build, it read something to the effect of:     localhost     zimbra

Typically, I would place a few entries within the "/etc/hosts" file to show this.  On the current "" server, my "/etc/hosts" file is reflected this way:     localhost     mail1a   mail1a

The "" server is runing "sendmail", and is on the lateest and greater version.  This might be that "split DNS" configuration that Zimbra was discussing on their troubleshooting page. 


I think the combination of not knowing how the Zimbra configuration interacts with everyone else, along with a Debian-like environment (as compared to a Red Hat-ish like environment) has caused some confusion.  I've had to revert back to my previous DNS settings (removing "" as the primary MX/MTA, and replacing it back with ""), and will try again reloading the turnkey solution and redoing the whole thing from scratch, but this time, testing it out first with "" as the terrtiary mail server, and going from there.

Did any of this help?

Thanks for all your help.


P.S. The firewall is IPCOP.

Bob Radvanovsky's picture

Remember that annoying little feature that I said about the "/etc/resolv.conf", "/etc/network/interfaces" and "/etc/motd" files reverting back to a preconfigured version?  Well..I found out what's causing this...

I am an *OLD* UNIX dude (been working with UNIX since 1978 -- BEFORE the Internet, kiddies...  ;)

I am used to doing things manually and via CLI (called "command-line interface"; non-graphical method, using a serial connection and keyboard, no mouse...ugh).  This is what us "old farts" used back in the days of modems...  ;P

Anywho...the product is called "NetworkManager".  It is an annoyance.  I have sent some seething emails to the Ubuntu development team about this (ahem) "feature".  Nonetheless, here's the scoop on this package:

To turn it OFF, simply type:  /etc/init.d/NetworkManager stop

I'd find methods of ensuring that this forkin' thing doesn't startup, and there are plenty 'o methods from preventing it from starting up...  ;P

Neil Aggarwal's picture

Does the Zimbra appliance have chkconfig?  That is how I usually tell services not to start.

I guess if it does not, you can remove the startup files for it.  They should be like /etc/rc3.d/S08NetworkManager, etc.

Bob Radvanovsky's picture

I have to make due with what I can find, and most applications seem to want to use Java. The problem (IMHO) with Java is that, with a 3 MB application file, you get a 1 GB library suite, requiring a tremendous amount of overhead. Obviously, the trick here is to provide "convenience" over "efficiency", and I suspect that many of these folks have never heard of COBOL or assembler, except us "old farts" (like me).

After trying to dink around with Zimbra, I came the conclusion that there was something better, and that even though it was free...(1) having to wait to sign in for ONE user for up to 10 seconds just to see the login screen, (2) pre-built configurations that I knew nothing about (Ubuntu-isms?), and (3) inconsistent issues with either sending or receiving (and in some weird cases, both sending and receiving) emails, I came to the conclusion what so many have stated in the past: give up.

For those who are looking for a cost-effective way to put together a small SOHO email server, that will RUN on 512 MB of RAM on a 700-800 MHz single-core processor, and require only 10 GB of disk, there ARE "alternatives" to Zimbra.
Neil Aggarwal's picture

512 MB of RAM on a 700-800 MHz single-core processor, and require only 10 GB of disk, there ARE "alternatives" to Zimbra

Yes.  I use sendmail.  It is not sexy, but works perfectly.

Guest's picture

Running zimbra-conf does not change change certificates.  It keeps certificate with

Guest's picture

I'm close I know I am, but having an issue, can't figuring out what I'm missing. I have made the edit to the conf script as spell out above. Receiving the error that the domain is shutdown. I have created the domain on my NS. Ping resolves, nslookup provides correct infomation both forward and reverse and dig gives me info. So my question is there something in the zimbraconf script that caches the domain info? If thats the case then will a fresh install and run of the conf script fix my issue or can i just edit a file or clear a pid?

Marlon's picture


when i install zimbra v 6.0.5 in SO Red Hat v5, i have a error failed Initializing Documents. This do what zimbra no start. Please your help.

Alexey's picture


I'm trying to change zimbra server name from to :

zmsetservername -d -o -n

bash window returning :

zimbra@zimbra:/root$ zmsetservername -d -o -n
bash: zmsetservername: command not found

thank you in advance.

Alexey's picture

I found  that domain name can be changed for zim5 :

zmprov -l rd

but how's to rename server from to ? 

Alexey's picture


Guest's picture

I have zimbra 6 running. I can retrieve email from my own account using a windows ultimate running the zimbra desktop. The problem I have is when I add a user I can't get the zimbra desktop to accept the user. Only my account works I even tried the admin account and it won't setup either

the message is:

Account.INVALID_ATTR_VALUE: zimbraPrefForwardIncludeOriginalText must be one of: includeAsAttachment,includeBody,includeBodyWithPrefix,includeBodyAndHeadersWithPrefi


any help would be greatly appreciated

Thank You

Guest's picture


I've the same isssue as above on Zimbra Deskstop. Whenever i'm tring to add new user using Zimbra account type , i've below error message

account.INVALID_ATTR_VALUE: zimbraPrefForwardIncludeOriginalText must be one of: includeAsAttachment,includeBody,includeBodyWithPrefix,includeBodyAndHeadersWithPrefix

Anyway when i creater account using IMAP , gmail etc .. it would work . Appreciate any clue here.



ejecthunter's picture

i have been asking this qustion for like 4 days now on zimbra forum and no reply, can someone please please guidee me thru how to change this, i am new to linux and have been previosuly using another opensource windows based mail server for my mail...but the size of the existing .pst is just making it extremely difficult for me to use the windows so wanna experiment with zimbra..

again, only need help with changing the host server from to so i can start receiving some emails...

please help!



zzj0770's picture

Is this an error I need to worry about, or can it be ignored?

vuong dinh chioeu`'s picture

I have error, please you show to me that resolution it.

Jeremy Davis's picture

Have you tried researching your problem? This is where I'd start:

Failing that, I'd suggest you post on the Zimbra forums!? Also you will probably be more successful if you explain a little more about what is actually happening, rather than just posting a screenshot.

If you have no luck with either of those and need assistance really badly perhaps consider purchasing support (either direct from Zimbra - or from somewhere else).

Post new comment