<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-2022-jp">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Lucida Sans";
panose-1:2 11 6 2 3 5 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
mso-fareast-language:EN-US;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-CA" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hello world,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I am having issues this morning with my primary IPA. See below the details in the logs and command result. Basically, krb5kdc service not starting - krb5kdc: Server error - while fetching master key.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">DNS is functioning. See below dig result. I have a trust with Windows AD.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Please help…!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">[root@cd-ipa1 log]# systemctl status krb5kdc.service -l<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">● krb5kdc.service - Kerberos 5 KDC<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt"> Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service; disabled; vendor preset: disabled)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt"> Active: failed (Result: exit-code) since Tue 2016-04-26 08:27:52 EDT; 41min ago<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt"> Process: 3694 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5kdc.pid $KRB5KDC_ARGS (code=exited, status=1/FAILURE)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: Starting Kerberos 5 KDC...<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Apr 26 08:27:52 cd-ipa1.ipa.domain.localkrb5kdc[3694]: krb5kdc: cannot initialize realm IPA.DOMAIN.LOCAL- see log file for details<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: krb5kdc.service: control process exited, code=exited status=1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: Failed to start Kerberos 5 KDC.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: Unit krb5kdc.service entered failed state.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: krb5kdc.service failed.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:9.0pt">[root@cd-ipa1 log]#<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:9.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">Errors in /var/log/krb5kdc.log<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">krb5kdc: Server error - while fetching master key K/M for realm DOMAIN.LOCAL<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">krb5kdc: Server error - while fetching master key K/M for realm DOMAIN.LOCAL<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">krb5kdc: Server error - while fetching master key K/M for realm DOMAIN.LOCAL<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">[root@cd-ipa1 log]# systemctl status httpd -l<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">● httpd.service - The Apache HTTP Server<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt"> Loaded: loaded (/etc/systemd/system/httpd.service; disabled; vendor preset: disabled)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt"> Active: failed (Result: exit-code) since Tue 2016-04-26 08:27:21 EDT; 39min ago<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt"> Docs: man:httpd(8)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt"> man:apachectl(8)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt"> Process: 3594 ExecStartPre=/usr/libexec/ipa/ipa-httpd-kdcproxy (code=exited, status=1/FAILURE)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Apr 26 08:27:21 cd-ipa1.ipa.domain.localipa-httpd-kdcproxy[3594]: File "/usr/lib/python2.7/siteackages/ipapython/ipaldap.py", line 1579, in __wait_for_connection<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]: wait_for_open_socket(lurl.hostport, timeout)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]: File "/usr/lib/python2.7/siteackages/ipapython/ipautil.py", line 1200, in wait_for_open_socket<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:9.0pt">Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]: raise e<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]: error: [Errno 2] No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]: ipa : ERROR Unknown error while retrieving setting from ldapi://%2fvar%2frun%2fslapd-IPA-CANDEAL-CA.socket: [Errno 2] No such file
or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Apr 26 08:27:21 cd-ipa1.ipa.domain.localsystemd[1]: httpd.service: control process exited, code=exited status=1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Apr 26 08:27:21 cd-ipa1.ipa.domain.localsystemd[1]: Failed to start The Apache HTTP Server.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Apr 26 08:27:21 cd-ipa1.ipa.domain.localsystemd[1]: Unit httpd.service entered failed state.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Apr 26 08:27:21 cd-ipa1.ipa.domain.localsystemd[1]: httpd.service failed.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:9.0pt">[root@cd-ipa1 log]#<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:9.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:9.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">DNS Result for dig redhat.com<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> redhat.com<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">;; global options: +cmd<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">;; Got answer:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5414<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:9.0pt">;; OPT PSEUDOSECTION:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:9.0pt">; EDNS: version: 0, flags:; udp: 4096<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">;; QUESTION SECTION:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">;redhat.com. IN A<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">;; ANSWER SECTION:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">redhat.com. 60 IN A 209.132.183.105<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">;; AUTHORITY SECTION:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">. 849 IN NS f.root-servers.net.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">. 849 IN NS e.root-servers.net.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">. 849 IN NS k.root-servers.net.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">. 849 IN NS m.root-servers.net.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">. 849 IN NS b.root-servers.net.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">. 849 IN NS g.root-servers.net.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">. 849 IN NS c.root-servers.net.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">. 849 IN NS h.root-servers.net.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">. 849 IN NS l.root-servers.net.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">. 849 IN NS a.root-servers.net.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">. 849 IN NS j.root-servers.net.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">. 849 IN NS i.root-servers.net.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">. 849 IN NS d.root-servers.net.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">;; ADDITIONAL SECTION:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">j.root-servers.net. 3246 IN A 192.58.128.30<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">;; Query time: 79 msec<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">;; SERVER: 10.20.10.41#53(10.20.10.41)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">;; WHEN: Tue Apr 26 09:02:43 EDT 2016<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">;; MSG SIZE rcvd: 282<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:navy;mso-fareast-language:EN-CA">Gady Notrica</span><span style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:#1F497D;mso-fareast-language:EN-CA">
</span><span style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:gray;mso-fareast-language:EN-CA">| IT Systems Analyst | 416.814.7800 Ext. 7921 | Cell. 416.818.4797 |
</span><span lang="FR-CA" style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:#1F497D;mso-fareast-language:EN-CA"><a href="mailto:gnotrica@candeal.com"><span lang="EN-CA" style="color:blue">gnotrica@candeal.com</span></a></span><span lang="FR-CA" style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:gray;mso-fareast-language:EN-CA">
</span><span style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:#1F497D;mso-fareast-language:EN-CA"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:navy;mso-fareast-language:EN-CA">CanDeal
</span><span style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:gray;mso-fareast-language:EN-CA">| 152 King St. E, 4th Floor, Toronto ON M5A 1J4 |
</span><span style="color:#1F497D;mso-fareast-language:EN-CA"><a href="http://www.candeal.ca/"><span style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:blue">www.candeal.com</span></a></span><span style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:gray;mso-fareast-language:EN-CA">
| Follow us:</span><span lang="EN-GB" style="font-size:9.0pt;line-height:125%;font-family:"Arial","sans-serif";color:#1F497D;mso-fareast-language:EN-CA"> </span><a href="http://www.twitter.com/candeal"><span style="font-size:9.0pt;line-height:125%;font-family:"Arial","sans-serif";color:blue;mso-fareast-language:EN-CA;text-decoration:none"><img border="0" width="17" height="16" id="Picture_x0020_3" src="cid:image001.jpg@01D19F99.D356AA60" alt="Description: Description: cid:image003.jpg@01CBD419.622CDF90"></span></a><span style="color:#1F497D;mso-fareast-language:EN-CA"> </span><span style="color:#7F7F7F;mso-fareast-language:EN-CA">
</span><a href="http://www.linkedin.com/profile/view?id=36869324&trk=tab_pro"><b><span style="font-family:"Arial","sans-serif";color:blue;mso-fareast-language:EN-CA;text-decoration:none"><img border="0" width="16" height="16" id="Picture_x0020_2" src="cid:image002.jpg@01D19F99.D356AA60" alt="Description: Description: Description: cid:image002.jpg@01CBD419.622CDF90"></span></b></a><span style="mso-fareast-language:EN-CA"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>