<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> On 10/17/2012 12:40 PM, Bret Wortman wrote: <blockquote cite="mid:CACWq_ZnTmK7AJtqugrUNCsvJfYh7Bjgss2XcTidE2Yru4omQaQ@mail.gmail.com" type="cite">I recently tried installing freeipa on a new server, but ipa-server-install had problems around this point: <div><br> </div> <div> <div> <div><font face="courier new, monospace">Configuring certificate server: Estimated time 3 minutes 30 seconds</font></div> <div><font face="courier new, monospace"> [1/18]: creating certificate server user</font></div> <div><font face="courier new, monospace"> [2/18]: creating pki-ca instance</font></div> <div><font face="courier new, monospace"> [3/18]: configuring certificate server instance</font></div> <div><font face="courier new, monospace">ipa : CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname <a moz-do-not-send="true" href="http://fs1.wedgeofli.me">fs1.wedgeofli.me</a> -cs_port 9445 -client_certdb_dir /tmp/tmp-UvBMbL -client_certdb_pwd XXXXXXXX -preop_pin HHxKHUz5RRfzQ3OkFMlR -domain_name IPA -admin_user admin -admin_email root@localhost -admin_XXXXXXXX XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=<a moz-do-not-send="true" href="http://WEDGEOFLI.ME">WEDGEOFLI.ME</a> -ldap_host <a moz-do-not-send="true" href="http://fs1.wedgeofli.me">fs1.wedgeofli.me</a> -ldap_port 7389 -bind_dn cn=Directory Manager -bind_XXXXXXXX XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=<a moz-do-not-send="true" href="http://WEDGEOFLI.ME">WEDGEOFLI.ME</a> -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=<a moz-do-not-send="true" href="http://WEDGEOFLI.ME">WEDGEOFLI.ME</a> -ca_server_cert_subject_name CN=<a moz-do-not-send="true" href="http://fs1.wedgeofli.me">fs1.wedgeofli.me</a>,O=<a moz-do-not-send="true" href="http://WEDGEOFLI.ME">WEDGEOFLI.ME</a> -ca_audit_signing_cert_subject_name CN=CA Audit,O=<a moz-do-not-send="true" href="http://WEDGEOFLI.ME">WEDGEOFLI.ME</a> -ca_sign_cert_subject_name CN=Certificate Authority,O=<a moz-do-not-send="true" href="http://WEDGEOFLI.ME">WEDGEOFLI.ME</a> -external false -clone false' returned non-zero exit status 255</font></div> <div><font face="courier new, monospace">Unexpected error - see ipaserver-install.log for details:</font></div> <div><font face="courier new, monospace"> Configuration of CA failed</font></div> <div><font face="courier new, monospace">[root@fs1 ~]# </font></div> </div> <div><font face="courier new, monospace"><br> </font></div> <div><font face="arial, helvetica, sans-serif">The logfile revealed the following stack trace:</font></div> <div><font face="courier new, monospace"><br> </font></div> <div><font face="courier new, monospace"> <div>#############################################</div> <div>Attempting to connect to: <a moz-do-not-send="true" href="http://fs1.wedgeofli.me:9445">fs1.wedgeofli.me:9445</a></div> <div>Exception in LoginPanel(): java.lang.NullPointerException</div> <div>ERROR: ConfigureCA: LoginPanel() failure</div> <div>ERROR: unable to create CA</div> <div><br> </div> <div>#######################################################################</div> <div><br> </div> <div>2012-10-17T16:24:53Z DEBUG stderr=Exception: Unable to Send Request:java.net.ConnectException: Connection refused</div> <div>java.net.ConnectException: Connection refused</div> <div><span class="Apple-tab-span" style="white-space:pre"> </span>at java.net.PlainSocketImpl.socketConnect(Native Method)</div> <div><span class="Apple-tab-span" style="white-space:pre"> </span>at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)</div> <div><span class="Apple-tab-span" style="white-space:pre"> </span>at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)</div> <div><span class="Apple-tab-span" style="white-space:pre"> </span>at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)</div> <div><span class="Apple-tab-span" style="white-space:pre"> </span>at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)</div> <div><span class="Apple-tab-span" style="white-space:pre"> </span>at java.net.Socket.connect(Socket.java:579)</div> <div><span class="Apple-tab-span" style="white-space:pre"> </span>at java.net.Socket.connect(Socket.java:528)</div> <div><span class="Apple-tab-span" style="white-space:pre"> </span>at java.net.Socket.<init>(Socket.java:425)</div> <div><span class="Apple-tab-span" style="white-space:pre"> </span>at java.net.Socket.<init>(Socket.java:241)</div> <div><span class="Apple-tab-span" style="white-space:pre"> </span>at HTTPClient.sslConnect(HTTPClient.java:326)</div> <div><span class="Apple-tab-span" style="white-space:pre"> </span>at ConfigureCA.LoginPanel(ConfigureCA.java:244)</div> <div><span class="Apple-tab-span" style="white-space:pre"> </span>at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)</div> <div><span class="Apple-tab-span" style="white-space:pre"> </span>at ConfigureCA.main(ConfigureCA.java:1672)</div> <div>java.lang.NullPointerException</div> <div><span class="Apple-tab-span" style="white-space:pre"> </span>at ConfigureCA.LoginPanel(ConfigureCA.java:245)</div> <div><span class="Apple-tab-span" style="white-space:pre"> </span>at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)</div> <div><span class="Apple-tab-span" style="white-space:pre"> </span>at ConfigureCA.main(ConfigureCA.java:1672)</div> <div><br> </div> </font></div> <div>Now I seem to be stuck. I tried uninstalling the freeipa-server package with # yum remove freeipa-server and then reinstalled it the same way, but ipa-server-install won't run no matter what I attempt.</div> <div><br> </div> <div>Any thoughts? I'm pretty new to IPA.</div> <div><br> </div> </div> </blockquote> <br> Make sure you have packages installed<br> Run the uninstall command several times (5 for example)<br> <pre class="screen"> ipa-server-install --uninstall -U In case of failed installation and other steps you made the installtion might be in the corrupted state. Running severl times might help as it might detect and remove/unconfigure different things at different moments. Before trying to reinstall again make sure you have latest SELinux policies. If it explodes again let us know. </pre> <br> <br> <blockquote cite="mid:CACWq_ZnTmK7AJtqugrUNCsvJfYh7Bjgss2XcTidE2Yru4omQaQ@mail.gmail.com" type="cite"> <div> <div>Thanks!</div> <div><br> </div> <div><br> </div> -- <br> <div>Bret Wortman</div> <div>The Damascus Group</div> <div>Fairfax, VA</div> <div><br> </div> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> <br> <br> <pre class="moz-signature" cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a> </pre> </body> </html>