<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 10/17/2012 12:40 PM, Bret Wortman wrote:
<blockquote
cite="mid:CACWq_ZnTmK7AJtqugrUNCsvJfYh7Bjgss2XcTidE2Yru4omQaQ@mail.gmail.com"
type="cite">I recently tried installing freeipa on a new server,
but ipa-server-install had problems around this point:
<div><br>
</div>
<div>
<div>
<div><font face="courier new, monospace">Configuring
certificate server: Estimated time 3 minutes 30 seconds</font></div>
<div><font face="courier new, monospace"> [1/18]: creating
certificate server user</font></div>
<div><font face="courier new, monospace"> [2/18]: creating
pki-ca instance</font></div>
<div><font face="courier new, monospace"> [3/18]: configuring
certificate server instance</font></div>
<div><font face="courier new, monospace">ipa :
CRITICAL failed to configure ca instance Command
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
<a moz-do-not-send="true" href="http://fs1.wedgeofli.me">fs1.wedgeofli.me</a>
-cs_port 9445 -client_certdb_dir /tmp/tmp-UvBMbL
-client_certdb_pwd XXXXXXXX -preop_pin
HHxKHUz5RRfzQ3OkFMlR -domain_name IPA -admin_user admin
-admin_email root@localhost -admin_XXXXXXXX XXXXXXXX
-agent_name ipa-ca-agent -agent_key_size 2048
-agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=<a
moz-do-not-send="true" href="http://WEDGEOFLI.ME">WEDGEOFLI.ME</a>
-ldap_host <a moz-do-not-send="true"
href="http://fs1.wedgeofli.me">fs1.wedgeofli.me</a>
-ldap_port 7389 -bind_dn cn=Directory Manager
-bind_XXXXXXXX XXXXXXXX -base_dn o=ipaca -db_name ipaca
-key_size 2048 -key_type rsa -key_algorithm SHA256withRSA
-save_p12 true -backup_pwd XXXXXXXX -subsystem_name
pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=<a
moz-do-not-send="true" href="http://WEDGEOFLI.ME">WEDGEOFLI.ME</a>
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=<a
moz-do-not-send="true" href="http://WEDGEOFLI.ME">WEDGEOFLI.ME</a>
-ca_server_cert_subject_name CN=<a moz-do-not-send="true"
href="http://fs1.wedgeofli.me">fs1.wedgeofli.me</a>,O=<a
moz-do-not-send="true" href="http://WEDGEOFLI.ME">WEDGEOFLI.ME</a>
-ca_audit_signing_cert_subject_name CN=CA Audit,O=<a
moz-do-not-send="true" href="http://WEDGEOFLI.ME">WEDGEOFLI.ME</a>
-ca_sign_cert_subject_name CN=Certificate Authority,O=<a
moz-do-not-send="true" href="http://WEDGEOFLI.ME">WEDGEOFLI.ME</a>
-external false -clone false' returned non-zero exit
status 255</font></div>
<div><font face="courier new, monospace">Unexpected error -
see ipaserver-install.log for details:</font></div>
<div><font face="courier new, monospace"> Configuration of CA
failed</font></div>
<div><font face="courier new, monospace">[root@fs1 ~]# </font></div>
</div>
<div><font face="courier new, monospace"><br>
</font></div>
<div><font face="arial, helvetica, sans-serif">The logfile
revealed the following stack trace:</font></div>
<div><font face="courier new, monospace"><br>
</font></div>
<div><font face="courier new, monospace">
<div>#############################################</div>
<div>Attempting to connect to: <a moz-do-not-send="true"
href="http://fs1.wedgeofli.me:9445">fs1.wedgeofli.me:9445</a></div>
<div>Exception in LoginPanel():
java.lang.NullPointerException</div>
<div>ERROR: ConfigureCA: LoginPanel() failure</div>
<div>ERROR: unable to create CA</div>
<div><br>
</div>
<div>#######################################################################</div>
<div><br>
</div>
<div>2012-10-17T16:24:53Z DEBUG stderr=Exception: Unable to
Send Request:java.net.ConnectException: Connection refused</div>
<div>java.net.ConnectException: Connection refused</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>at
java.net.PlainSocketImpl.socketConnect(Native Method)</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>at
java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>at
java.net.Socket.connect(Socket.java:579)</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>at
java.net.Socket.connect(Socket.java:528)</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>at
java.net.Socket.<init>(Socket.java:425)</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>at
java.net.Socket.<init>(Socket.java:241)</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>at
HTTPClient.sslConnect(HTTPClient.java:326)</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>at
ConfigureCA.LoginPanel(ConfigureCA.java:244)</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>at
ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>at
ConfigureCA.main(ConfigureCA.java:1672)</div>
<div>java.lang.NullPointerException</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>at
ConfigureCA.LoginPanel(ConfigureCA.java:245)</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>at
ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>at
ConfigureCA.main(ConfigureCA.java:1672)</div>
<div><br>
</div>
</font></div>
<div>Now I seem to be stuck. I tried uninstalling the
freeipa-server package with # yum remove freeipa-server and
then reinstalled it the same way, but ipa-server-install won't
run no matter what I attempt.</div>
<div><br>
</div>
<div>Any thoughts? I'm pretty new to IPA.</div>
<div><br>
</div>
</div>
</blockquote>
<br>
Make sure you have packages installed<br>
Run the uninstall command several times (5 for example)<br>
<pre class="screen"> ipa-server-install --uninstall -U
In case of failed installation and other steps you made the installtion might be in the corrupted state.
Running severl times might help as it might detect and remove/unconfigure different things at different moments.
Before trying to reinstall again make sure you have latest SELinux policies.
If it explodes again let us know.
</pre>
<br>
<br>
<blockquote
cite="mid:CACWq_ZnTmK7AJtqugrUNCsvJfYh7Bjgss2XcTidE2Yru4omQaQ@mail.gmail.com"
type="cite">
<div>
<div>Thanks!</div>
<div><br>
</div>
<div><br>
</div>
-- <br>
<div>Bret Wortman</div>
<div>The Damascus Group</div>
<div>Fairfax, VA</div>
<div><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>