Unable to login due to NullPointerException.
Unable to login due to NullPointerException in mailbox.log file
Problem
Unable to login and getting "an unknown error has occurred" in webmail and "java.lang.NullPointerException" warning in mailbox.log after disabling Zimbra two-factor authentication for an account.
Mailbox.log:
2021-09-29 16:00:49,850 WARN [qtp2076287037-586://localhost:8080/service/soap/BatchRequest] [name=user@example.com;oip=192.168.0.2;ua=zclient/8.8.15_GA_4059;soapId=3361a71a;] SoapEngine - handler exception java.lang.NullPointerException at com.zimbra.cs.twofactor.app.ZimbraAppSpecificPasswords.getAndRefreshPasswords(ZimbraAppSpecificPasswords.java:59) at com.zimbra.cs.twofactor.app.ZimbraAppSpecificPasswords.loadAppPasswords(ZimbraAppSpecificPasswords.java:43) at com.zimbra.cs.twofactor.app.ZimbraAppSpecificPasswords.<init>(ZimbraAppSpecificPasswords.java:39) at com.zimbra.cs.twofactor.app.ZimbraAppSpecificPasswords.<init>(ZimbraAppSpecificPasswords.java:33) at com.zimbra.cs.twofactor.ZimbraTwoFactorAuth.<init>(ZimbraTwoFactorAuth.java:69) at com.zimbra.cs.twofactor.ZimbraTwoFactorAuth.<init>(ZimbraTwoFactorAuth.java:64) at com.zimbra.cs.twofactor.ZimbraTwoFactorAuth$AuthFactory.getTwoFactorAuth(ZimbraTwoFactorAuth.java:82) at com.zimbra.cs.service.account.Auth.handle(Auth.java:301) at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:646) at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:471) at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:278) at com.zimbra.soap.SoapServlet.doWork(SoapServlet.java:308) at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:217) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:214) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1623) at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:214) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at com.zimbra.cs.servlet.CsrfFilter.doFilter(CsrfFilter.java:175) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at com.zimbra.cs.servlet.RequestStringFilter.doFilter(RequestStringFilter.java:54) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(SetHeaderFilter.java:59) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at com.zimbra.cs.servlet.ETagHeaderFilter.doFilter(ETagHeaderFilter.java:47) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at com.zimbra.cs.servlet.ContextPathBasedThreadPoolBalancerFilter.doFilter(ContextPathBasedThreadPoolBalancerFilter.java:107) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at com.zimbra.cs.servlet.ZimbraQoSFilter.doFilter(ZimbraQoSFilter.java:116) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at com.zimbra.cs.servlet.ZimbraInvalidLoginFilter.doFilter(ZimbraInvalidLoginFilter.java:131) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:482) at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:327) at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:297) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1700) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1667) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:152) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335) at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:753) at org.eclipse.jetty.server.handler.DebugHandler.handle(DebugHandler.java:83) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:505) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:698) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:804) at java.base/java.lang.Thread.run(Thread.java:830)
Solution
To fix this issue,set "zimbraAppSpecificPasswordDuration" for one mintue.
Run as Zimbra user:
$ zmprov ma user@domain.com zimbraAppSpecificPasswordDuration 1m $ zmprov fc -a all
Above attribute will expire AppSpecific password after one minute. The default value of this attribute is 0(never expired).
Note: zimbraAppSpecificPassword should remove once disabled the Zimbra two-factor authentication but in this case the password not removed. You can't remove or reset this password because it's saved in encrypted format in LDAP. Only way to set password expiry duration.
$zmprov desc -a zimbraAppSpecificPasswordDuration zimbraAppSpecificPasswordDuration lifetime of app-specific passwords, or 0 for no expiry. Must be in valid duration format: {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m - minutes, s - seconds, d - days, ms - milliseconds. If time unit is not specified, the default is s(seconds). type : duration value : callback : immutable : false cardinality : single requiredIn : optionalIn : account,cos flags : accountInherited defaults : 0 min : 0 max : id : 1839 requiresRestart : since : 8.7.0,9.0.0 deprecatedSince :