<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif">Martin,<br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">I've re-tested the replica with a freshly-installed CentOS 7 (1511).<br></div><div class="gmail_default" style="font-family:verdana,sans-serif">Installation still fails (damn!) and the log is a bit more verbose. I suppose it has something to do with certificate in my master server proably due to incremental updates did in the past.<br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif"><span style="font-family:monospace,monospace">2016-02-11T11:09:21Z DEBUG Starting external process<br>2016-02-11T11:09:21Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpRHosRn'<br>2016-02-11T11:10:58Z DEBUG Process finished, return code=1<br>2016-02-11T11:10:58Z DEBUG stdout=Log file: /var/log/pki/pki-ca-spawn.20160211120921.log<br>Loading deployment configuration from /tmp/tmpRHosRn.<br>Installing CA into /var/lib/pki/pki-tomcat.<br>Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.<br><br>Installation failed.<br><br><br>2016-02-11T11:10:58Z DEBUG stderr=/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: <a href="https://urllib3.readthedocs.org/en/latest/security.html">https://urllib3.readthedocs.org/en/latest/security.html</a><br>  InsecureRequestWarning)<br>pkispawn    : WARNING  ....... unable to validate security domain user/password through REST interface. Interface not available<br>pkispawn    : ERROR    ....... Exception from Java Configuration Servlet: 500 Server Error: Internal Server Error<br>pkispawn    : ERROR    ....... ParseError: not well-formed (invalid token): line 1, column 0: {"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.PKIException","Code":500,"Message":"Error while updating security domain: java.io.IOException: 2"} <br><br>2016-02-11T11:10:58Z CRITICAL Failed to configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpRHosRn'' returned non-zero exit status 1<br>2016-02-11T11:10:58Z CRITICAL See the installation logs and the following files/directories for more information:<br>2016-02-11T11:10:58Z CRITICAL   /var/log/pki-ca-install.log<br>2016-02-11T11:10:58Z CRITICAL   /var/log/pki/pki-tomcat<br>2016-02-11T11:10:58Z DEBUG Traceback (most recent call last):<br>  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 418, in start_creation<br>    run_step(full_msg, method)<br>  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 408, in run_step<br>    method()<br>  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 620, in __spawn_instance<br>    DogtagInstance.spawn_instance(self, cfg_file)<br>  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 201, in spawn_instance<br>    self.handle_setup_error(e)<br>  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 465, in handle_setup_error<br>    raise RuntimeError("%s configuration failed." % self.subsystem)<br>RuntimeError: CA configuration failed.</span><br><br><div class="gmail_default" style="font-family:verdana,sans-serif">I'm attaching the 3 log files, as usual:<br></div><br><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 11, 2016 at 11:28 AM, Quasar <span dir="ltr"><<a href="mailto:quasar7@gmail.com" target="_blank">quasar7@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif">Hi Martin,<br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">first of all thanks for taking some time to read and provide feedback, much appreciated.<br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">I firstly tried with CentOS 7.x (build 1511) but got the same errore during CA configuration. Then I supposed I had to upgrade step-by-step, from 3.0 to 3.3 (instead of 3.0 to 4.x) and used Fedora 23, 20, 19 and 18 but with no luck.<br></div><div class="gmail_default" style="font-family:verdana,sans-serif">If you need the exact log from CentOS 7.x migration I can provide them to you.<br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">About the debug log file, it was attached and these are the final lines containing the error:<br><br>[09/Feb/2016:15:31:42][http-bio-8443-exec-3]: getDomainXML: domainInfo=<?xml version="1.0" encoding="UTF-8" standalone="no"?><DomainInfo><Name>IPA</Name><CAList><CA><Host>ipaserver.it.fx.lan</Host><SecurePort>443</SecurePort><SecureAgentPort>443</SecureAgentPort><SecureAdminPort>443</SecureAdminPort><SecureEEClientAuthPort>443</SecureEEClientAuthPort><UnSecurePort>80</UnSecurePort><Clone>FALSE</Clone><SubsystemName>pki-cad</SubsystemName><DomainManager>TRUE</DomainManager></CA><CA><Host>ipaserver-ha.it.fx.lan</Host><SecurePort>443</SecurePort><SecureAgentPort>443</SecureAgentPort><SecureAdminPort>443</SecureAdminPort><UnSecurePort>80</UnSecurePort><SecureEEClientAuthPort>443</SecureEEClientAuthPort><DomainManager>TRUE</DomainManager><Clone>TRUE</Clone><SubsystemName>pki-cad</SubsystemName></CA><SubsystemCount>2</SubsystemCount></CAList><OCSPList><SubsystemCount>0</SubsystemCount></OCSPList><KRAList><SubsystemCount>0</SubsystemCount></KRAList><RAList><SubsystemCount>0</SubsystemCount></RAList><TKSList><SubsystemCount>0</SubsystemCount></TKSList><TPSList><SubsystemCount>0</SubsystemCount></TPSList></DomainInfo><br>[09/Feb/2016:15:31:42][http-bio-8443-exec-3]: Cloning a domain master<br>[09/Feb/2016:15:31:42][http-bio-8443-exec-3]: WizardPanelBase updateDomainXML start hostname=ipaserver.it.fx.lan port=443<br>[09/Feb/2016:15:31:42][http-bio-8443-exec-3]: updateSecurityDomain: failed to update security domain using admin port 443: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 50; White spaces are required between publicId and systemId.<br>[09/Feb/2016:15:31:42][http-bio-8443-exec-3]: updateSecurityDomain: now trying agent port with client auth<br>[09/Feb/2016:15:31:42][http-bio-8443-exec-3]: WizardPanelBase updateDomainXML start hostname=ipaserver.it.fx.lan port=443<br>[09/Feb/2016:15:31:42][http-bio-8443-exec-3]: updateDomainXML() nickname=subsystemCert cert-pki-ca<br>[09/Feb/2016:15:31:43][http-bio-8443-exec-3]: WizardPanelBase updateDomainXML: status=1<span class="HOEnZb"><font color="#888888"><br></font></span></div><span class="HOEnZb"><font color="#888888"><div class="gmail_extra"><br><br clear="all"><br>-- <br><div><div dir="ltr"><span style="font-family:verdana,sans-serif">Giuseppe Calignano</span><br></div></div>
</div></font></span></div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><span style="font-family:verdana,sans-serif">Giuseppe Calignano</span><br></div></div>
</div>