<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 09/27/2011 12:34 AM, Dmitri Pal wrote:
<blockquote cite="mid:4E80FDE9.2010504@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
On 09/25/2011 05:49 PM, Sigbjorn Lie wrote:
<blockquote cite="mid:4E7FA1E6.6050409@nixtra.com" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<div style="width: auto; min-height: 54.4px; height: auto;"
class="ui-dialog-content ui-widget-content" id="error_dialog">
<p>Hi,<br>
</p>
<p>I have a host that refuses to be modified or deleted. I get
the same error from the webui and the cli. I am using F15,
FreeIPA 2.1.1 + all updates from the updates repository. I
cannot find any error in any log. I have tried to reboot my
ipa servers. All services seem to be running and have no
issues.<br>
</p>
The error message I receive is:<br>
<ul style="" class="error-container">
<li>Certificate operation cannot be completed: Unable to
communicate with CMS (Not Found)</li>
</ul>
<br>
I have looked in the Dogtag Certificate Manager, and I can see
the certificate. It's still valid, and holds the same serial
number as what is displayed using ipa host-show
<hostname>. <br>
<br>
Any suggestions?<br>
<br>
<br>
</div>
</blockquote>
<br>
Can you please send the sanitized apache logs?<br>
<br>
</blockquote>
<br>
<br>
These are the apache log lines that correspond to # ipa host-disable
<hostname, and # ipa cert-show <serialno>. I have no config
files in my /etc/httpd/conf.d/ directory that contains any reference
to the /ca directory. Also /var/www/html/ca does not exist.<br>
<br>
I notice that the freeipa-server-2.1.1-1.fc15.x86_64 rpm lists a
file /etc/httpd/conf.d/ipa-pki-proxy.conf. However this file does
not exist on any of my 3 IPA servers.<br>
<br>
Should that file contain an alias and proxy rules for /ca/ ?<br>
<br>
<br>
error_log:<br>
[Tue Sep 27 21:44:01 2011] [error] ipa: INFO: <a class="moz-txt-link-abbreviated" href="mailto:admin@IX.TEST.COM:">admin@IX.TEST.COM:</a>
ping(): SUCCESS<br>
[Tue Sep 27 21:44:02 2011] [error] ipa: INFO: sslget
'<a class="moz-txt-link-freetext" href="https://ipasrv01.ix.TEST.com:443/ca/agent/ca/displayBySerial">https://ipasrv01.ix.TEST.com:443/ca/agent/ca/displayBySerial</a>'<br>
[Tue Sep 27 21:44:02 2011] [error] [client 192.168.210.20] File does
not exist: /var/www/html/ca<br>
[Tue Sep 27 21:44:02 2011] [error] ipa: INFO: <a class="moz-txt-link-abbreviated" href="mailto:admin@IX.TEST.COM:">admin@IX.TEST.COM:</a>
host_disable(u'bck01.ix.TEST.com'): CertificateOperationError<br>
[Tue Sep 27 21:44:08 2011] [error] ipa: INFO: <a class="moz-txt-link-abbreviated" href="mailto:admin@IX.TEST.COM:">admin@IX.TEST.COM:</a>
ping(): SUCCESS<br>
[Tue Sep 27 21:44:09 2011] [error] ipa: INFO: sslget
'<a class="moz-txt-link-freetext" href="https://ipasrv01.ix.TEST.com:443/ca/agent/ca/displayBySerial">https://ipasrv01.ix.TEST.com:443/ca/agent/ca/displayBySerial</a>'<br>
[Tue Sep 27 21:44:09 2011] [error] [client 192.168.210.20] File does
not exist: /var/www/html/ca<br>
[Tue Sep 27 21:44:09 2011] [error] ipa: INFO: <a class="moz-txt-link-abbreviated" href="mailto:admin@IX.TEST.COM:">admin@IX.TEST.COM:</a>
cert_show(u'268369923'): CertificateOperationError<br>
<br>
access_log:<br>
192.168.210.20 - <a class="moz-txt-link-abbreviated" href="mailto:admin@IX.TEST.COM">admin@IX.TEST.COM</a> [27/Sep/2011:21:44:00 +0200]
"POST /ipa/xml HTTP/1.1" 200 259<br>
192.168.210.20 - - [27/Sep/2011:21:44:02 +0200] "POST
/ca/agent/ca/displayBySerial HTTP/1.1" 404 314<br>
192.168.210.20 - <a class="moz-txt-link-abbreviated" href="mailto:admin@IX.TEST.COM">admin@IX.TEST.COM</a> [27/Sep/2011:21:44:01 +0200]
"POST /ipa/xml HTTP/1.1" 200 360<br>
192.168.210.20 - <a class="moz-txt-link-abbreviated" href="mailto:admin@IX.TEST.COM">admin@IX.TEST.COM</a> [27/Sep/2011:21:44:07 +0200]
"POST /ipa/xml HTTP/1.1" 200 259<br>
192.168.210.20 - - [27/Sep/2011:21:44:09 +0200] "POST
/ca/agent/ca/displayBySerial HTTP/1.1" 404 314<br>
192.168.210.20 - <a class="moz-txt-link-abbreviated" href="mailto:admin@IX.TEST.COM">admin@IX.TEST.COM</a> [27/Sep/2011:21:44:08 +0200]
"POST /ipa/xml HTTP/1.1" 200 360<br>
<br>
<br>
</body>
</html>