Today, our ZCM server started producing this error exception. The LDAP
server is up and the cert is valid. I can connect securely with an LDAP
address book and search. Any ideas why it stopped working today when it
work for the last several weeks without problem?

Win2k3 R2 32-bit
ZCM version 10.0.1

The IP Address was replaced with xxx.xxx.xxx.xxx for the safety and
security of all involved.

31 Jan 2008 13:50:40 ============== Exception (begin)
===========================
31 Jan 2008 13:50:40 Exception occured
com.novell.zenworks.datamodel.exceptions.Untrusted CertificateException:
javax.naming.CommunicationException: simple bind failed:
xxx.xxx.xxx.xxx:636 [Root exception is
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderE xception: unable to
find valid certification path to requested target]
at
com.novell.zenworks.datamodel.utils.ldap.LDAPUtil. handleAuthenticationException(LDAPUtil.java:731)
at
com.novell.zenworks.datamodel.utils.ldap.LDAPUtil. getLDAPConnectionInfo(LDAPUtil.java:313)
at
com.novell.zenworks.datamodel.utils.ldap.LDAPUtil. getLDAPConnectionInfo(LDAPUtil.java:230)
at
com.novell.zenworks.datamodel.utils.ldap.LDAPUtil. getLDAPConnectionInfo(LDAPUtil.java:182)
at
com.novell.zenworks.datamodel.utils.ldap.LDAPUtil. getLDAPConnectionInfo(LDAPUtil.java:166)
at
com.novell.zenworks.datamodel.utils.ldap.LDAPUtil. getLDAPConnectionInfo(LDAPUtil.java:157)
at
com.novell.zenworks.admin.extensions.ajax.UserSour ceStatusAJAX.getImageData(UserSourceStatusAJAX.jav a:62)
at com.novell.web.ajax.ImageAJAX.service(ImageAJAX.ja va:38)
at com.novell.web.ajax.AJAXDataHandler.service(AJAXDa taHandler.java:40)
at com.novell.web.ajax.AjaxServlet.service(AjaxServle t.java:79)
at
com.novell.zenworks.admin.ZENworksAjaxServlet.serv ice(ZENworksAjaxServlet.java:55)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:803)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:269)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:188)
at
org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:210)
at
org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:174)
at
org.apache.catalina.authenticator.AuthenticatorBas e.invoke(AuthenticatorBase.java:433)
at
org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:117)
at
org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:108)
at
com.novell.zenworks.tomcat.ZENRequestValve.invoke( ZENRequestValve.java:1090)
at
org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:151)
at
org.apache.coyote.http11.Http11Processor.process(H ttp11Processor.java:870)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11 ConnectionHandler.processConnection(Http11BaseProt ocol.java:665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.process Socket(PoolTcpEndpoint.java:528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThr ead.runIt(LeaderFollowerWorkerThread.java:81)
at
org.apache.tomcat.util.threads.ThreadPool$ControlR unnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:595)
Caused by: javax.naming.CommunicationException: simple bind failed:
xxx.xxx.xxx.xxx:636 [Root exception is
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderE xception: unable to
find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClie nt.java:197)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:263 7)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapC txFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Ldap CtxFactory.java:193)
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstanc e(LdapCtxFactory.java:136)
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext (LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(N amingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(Init ialContext.java:247)
at javax.naming.InitialContext.init(InitialContext.ja va:223)
at javax.naming.ldap.InitialLdapContext.<init>(Initia lLdapContext.java:134)
at
com.novell.zenworks.datamodel.utils.ldap.LDAPUtil. getLDAPConnectionInfo(LDAPUtil.java:292)
... 26 more
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderE xception: unable to
find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:150)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(S SLSocketImpl.java:1518)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:174)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:168)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:848)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.proc essMessage(ClientHandshaker.java:106)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoo p(Handshaker.java:495)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_re cord(Handshaker.java:433)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:818)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1030)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRe cord(SSLSocketImpl.java:622)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write (AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedO utputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputS tream.java:123)
at com.sun.jndi.ldap.Connection.writeRequest(Connecti on.java:390)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.j ava:334)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClie nt.java:192)
... 37 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderE xception:
unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXV alidator.java:221)
at
sun.security.validator.PKIXValidator.engineValidat e(PKIXValidator.java:145)
at sun.security.validator.Validator.validate(Validato r.java:203)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl. checkServerTrusted(X509TrustManagerImpl.java:172)
at
com.novell.zenworks.datamodel.services.Certificate ManagerImpl$MyTrustManager.checkServerTrusted(Cert ificateManagerImpl.java:439)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager. checkServerTrusted(SSLContextImpl.java:320)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:841)
... 49 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderE xception:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder. engineBuild(SunCertPathBuilder.java:236)
at java.security.cert.CertPathBuilder.build(CertPathB uilder.java:194)
at sun.security.validator.PKIXValidator.doBuild(PKIXV alidator.java:216)
... 55 more
31 Jan 2008 13:50:40
Exception Info:
31 Jan 2008 13:50:40 Class.......
com.novell.zenworks.datamodel.exceptions.Untrusted CertificateException
31 Jan 2008 13:50:40 Message.....
javax.naming.CommunicationException: simple bind failed:
xxx.xxx.xxx.xxx:636 [Root exception is
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderE xception: unable to
find valid certification path to requested target]
31 Jan 2008 13:50:40 Logged at... UserSourceStatusAJA..77
31 Jan 2008 13:50:40 ============== Exception (end)
=============================

Thanks,

Peter