<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 04/26/2016 09:09 PM, Gady Notrica
wrote:<br>
</div>
<blockquote
cite="mid:0984AB34E553F54B8705D776686863E70AC0291E@cd-exchange01.CD-PRD.candeal.ca"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
mso-fareast-language:EN-US;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoPlainText">HERE..<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51
-0400] set_krb5_creds - Could not get initial credentials
for principal
[<a class="moz-txt-link-abbreviated" href="mailto:ldap/cd-p-ipa1.ipa.domain.local@IPA.DOMAIN.LOCAL">ldap/cd-p-ipa1.ipa.domain.local@IPA.DOMAIN.LOCAL</a>] in keytab
[<a class="moz-txt-link-freetext" href="FILE:/etc/dirsrv/ds.keytab">FILE:/etc/dirsrv/ds.keytab</a>]: -1765328228 (Cannot contact
any KDC for requested realm)<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51
-0400] slapd_ldap_sasl_interactive_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: LDAP error
-2 (Local error) (SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more
information (No Kerberos credentials available)) errno 0
(Success)<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51
-0400] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism
[GSSAPI]: error -2 (Local error)<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51
-0400] NSMMReplicationPlugin -
agmt="cn=meTocd-s-ipa1.ipa.domain.local" (cd-s-ipa1:389):
Replication bind with GSSAPI auth failed: LDAP error -2
(Local error) (SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more
information (No Kerberos credentials available))<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51
-0400] - slapd started. Listening on All Interfaces port
389 for LDAP requests<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51
-0400] - Listening on All Interfaces port 636 for LDAPS
requests<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51
-0400] - Listening on /var/run/slapd-IPA-DOMAIN-LOCAL.socket
for LDAPI requests<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:55
-0400] NSMMReplicationPlugin -
agmt="cn=meTocd-s-ipa1.ipa.domain.local" (cd-s-ipa1:389):
Replication bind with GSSAPI auth resumed<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:37:27
-0400] NSMMReplicationPlugin -
agmt="cn=meTocd-s-ipa1.ipa.domain.local" (cd-s-ipa1:389):
Unable to receive the response for a startReplication
extended operation to consumer (Can't contact LDAP server).
Will retry later.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:02
-0400] slapd_ldap_sasl_interactive_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: LDAP error
-1 (Can't contact LDAP server) ((null)) errno 107 (Transport
endpoint is not connected)<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:02
-0400] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism
[GSSAPI]: error -1 (Can't contact LDAP server)<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:02
-0400] slapd_ldap_sasl_interactive_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: LDAP error
-1 (Can't contact LDAP server) ((null)) errno 107 (Transport
endpoint is not connected)<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:02
-0400] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism
[GSSAPI]: error -1 (Can't contact LDAP server)<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:02
-0400] slapd_ldap_sasl_interactive_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: LDAP error
-1 (Can't contact LDAP server) ((null)) errno 107 (Transport
endpoint is not connected)<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:02
-0400] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism
[GSSAPI]: error -1 (Can't contact LDAP server)<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:13
-0400] NSMMReplicationPlugin -
agmt="cn=meTocd-s-ipa1.ipa.domain.local" (cd-s-ipa1:389):
Replication bind with GSSAPI auth resumed<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[25/Apr/2016:22:34:51
-0400] NSMMReplicationPlugin - windows sync - failed to send
dirsync search request: 2</span></p>
</div>
</blockquote>
these are old logs, the problem you were reporting was on Apr, 26:<br>
<br>
<pre wrap="">Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-IPA-CANDEAL-CA/schema/00core.ldif (lineno: 1) is invalid, error code 21 (Invalid syntax) - attribute type aci: Unknown attribute syntax OID "1.3.6.1.4.1.1466.115.121.1.15"
Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] dse - Please edit the file to correct the reported problems and then restart the server.
we need the logs from that time
</pre>
<br>
<br>
<blockquote
cite="mid:0984AB34E553F54B8705D776686863E70AC0291E@cd-exchange01.CD-PRD.candeal.ca"
type="cite">
<div class="WordSection1">
<p class="MsoPlainText"><span style="font-size:9.0pt"><o:p></o:p></span></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Gady<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><span style="mso-fareast-language:EN-CA"
lang="EN-US">-----Original Message-----<br>
From: Rob Crittenden [<a class="moz-txt-link-freetext" href="mailto:rcritten@redhat.com">mailto:rcritten@redhat.com</a>] <br>
Sent: April 26, 2016 2:44 PM<br>
To: Gady Notrica; Ludwig Krispenz; <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
Subject: Re: [Freeipa-users] krb5kdc service not starting</span></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Gady Notrica wrote:<o:p></o:p></p>
<p class="MsoPlainText">> Hey world,<o:p></o:p></p>
<p class="MsoPlainText">><o:p> </o:p></p>
<p class="MsoPlainText">> Any ideas?<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">What about the first part of Ludwig's
question: Is there anything in the 389-ds error log?<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">rob<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">><o:p> </o:p></p>
<p class="MsoPlainText">> Gady<o:p></o:p></p>
<p class="MsoPlainText">><o:p> </o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> From: <a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">
<span style="color:windowtext;text-decoration:none">freeipa-users-bounces@redhat.com</span></a>
<o:p></o:p></p>
<p class="MsoPlainText">> [<a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com"><span
style="color:windowtext;text-decoration:none">mailto:freeipa-users-bounces@redhat.com</span></a>]
On Behalf Of Gady Notrica<o:p></o:p></p>
<p class="MsoPlainText">> Sent: April 26, 2016 10:10 AM<o:p></o:p></p>
<p class="MsoPlainText">> To: Ludwig Krispenz; <a
moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">
<span style="color:windowtext;text-decoration:none">freeipa-users@redhat.com</span></a><o:p></o:p></p>
<p class="MsoPlainText">> Subject: Re: [Freeipa-users]
krb5kdc service not starting<o:p></o:p></p>
<p class="MsoPlainText">><o:p> </o:p></p>
<p class="MsoPlainText">> No, no changes. Lost connectivity
with my VMs during the night
<o:p></o:p></p>
<p class="MsoPlainText">> (networking issues in datacenter)<o:p></o:p></p>
<p class="MsoPlainText">><o:p> </o:p></p>
<p class="MsoPlainText">> Reboot the server and oups, no IPA
is coming up... The replica (secondary server) is fine though.<o:p></o:p></p>
<p class="MsoPlainText">><o:p> </o:p></p>
<p class="MsoPlainText">> Gady Notrica<o:p></o:p></p>
<p class="MsoPlainText">><o:p> </o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> From: <a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">
<span style="color:windowtext;text-decoration:none">freeipa-users-bounces@redhat.com</span></a>
<o:p></o:p></p>
<p class="MsoPlainText">> [<a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com"><span
style="color:windowtext;text-decoration:none">mailto:freeipa-users-bounces@redhat.com</span></a>]
On Behalf Of Ludwig Krispenz<o:p></o:p></p>
<p class="MsoPlainText">> Sent: April 26, 2016 10:02 AM<o:p></o:p></p>
<p class="MsoPlainText">> To: <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com"><span
style="color:windowtext;text-decoration:none">freeipa-users@redhat.com</span></a><o:p></o:p></p>
<p class="MsoPlainText">> Subject: Re: [Freeipa-users]
krb5kdc service not starting<o:p></o:p></p>
<p class="MsoPlainText">><o:p> </o:p></p>
<p class="MsoPlainText">><o:p> </o:p></p>
<p class="MsoPlainText">> On 04/26/2016 03:26 PM, Gady
Notrica wrote:<o:p></o:p></p>
<p class="MsoPlainText">>> Here...<o:p></o:p></p>
<p class="MsoPlainText">>><o:p> </o:p></p>
<p class="MsoPlainText">>> [root@cd-p-ipa1 log]# ipactl
status<o:p></o:p></p>
<p class="MsoPlainText">>> Directory Service: STOPPED<o:p></o:p></p>
<p class="MsoPlainText">>> Directory Service must be
running in order to obtain status of other
<o:p></o:p></p>
<p class="MsoPlainText">>> services<o:p></o:p></p>
<p class="MsoPlainText">>> ipa: INFO: The ipactl command
was successful<o:p></o:p></p>
<p class="MsoPlainText">>><o:p> </o:p></p>
<p class="MsoPlainText">>> [root@cd-p-ipa1 log]# systemctl
status <a moz-do-not-send="true"
href="mailto:dirsrv@IPA-CANDEAL-CA.service">
<span style="color:windowtext;text-decoration:none">dirsrv@IPA-DOMAIN-LOCAL.service</span></a>
<o:p></o:p></p>
<p class="MsoPlainText">>> -l ●
<a class="moz-txt-link-abbreviated" href="mailto:dirsrv@IPA-DOMAIN-LOCAL.service">dirsrv@IPA-DOMAIN-LOCAL.service</a> - 389 Directory Server
IPA-DOMAIN-LOCAL.<o:p></o:p></p>
<p class="MsoPlainText">>> Loaded: loaded (<a
moz-do-not-send="true"
href="mailto:/usr/lib/systemd/system/dirsrv@.service"><span
style="color:windowtext;text-decoration:none">/usr/lib/systemd/system/dirsrv@.service</span></a>;
enabled; vendor preset: disabled)<o:p></o:p></p>
<p class="MsoPlainText">>> Active: failed (Result:
exit-code) since Tue 2016-04-26 08:50:21 EDT; 30min ago<o:p></o:p></p>
<p class="MsoPlainText">>> Process: 6333
ExecStart=/usr/sbin/ns-slapd -D <o:p>
</o:p></p>
<p class="MsoPlainText">>> /etc/dirsrv/slapd-%i -i
/var/run/dirsrv/slapd-%i.pid -w
<o:p></o:p></p>
<p class="MsoPlainText">>>
/var/run/dirsrv/slapd-%i.startpid (code=exited,
status=1/FAILURE)<o:p></o:p></p>
<p class="MsoPlainText">>><o:p> </o:p></p>
<p class="MsoPlainText">>> Apr 26 08:50:21
cd-p-ipa1.ipa.domain.local ns-slapd[6333]:<o:p></o:p></p>
<p class="MsoPlainText">>> [26/Apr/2016:08:50:21 -0400] -
valueset_value_syntax_cmp:<o:p></o:p></p>
<p class="MsoPlainText">>> slapi_attr_values2keys_sv
failed for type attributetypes Apr 26<o:p></o:p></p>
<p class="MsoPlainText">>> 08:50:21
cd-p-ipa1.ipa.domain.local ns-slapd[6333]:<o:p></o:p></p>
<p class="MsoPlainText">>> [26/Apr/2016:08:50:21 -0400] -
valueset_value_syntax_cmp:<o:p></o:p></p>
<p class="MsoPlainText">>> slapi_attr_values2keys_sv
failed for type attributetypes Apr 26<o:p></o:p></p>
<p class="MsoPlainText">>> 08:50:21
cd-p-ipa1.ipa.domain.local ns-slapd[6333]:<o:p></o:p></p>
<p class="MsoPlainText">>> [26/Apr/2016:08:50:21 -0400] -
valueset_value_syntax_cmp:<o:p></o:p></p>
<p class="MsoPlainText">>> slapi_attr_values2keys_sv
failed for type attributetypes Apr 26 08:50:21
cd-p-ipa1.ipa.domain.local ns-slapd[6333]:
[26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp:
slapi_attr_values2keys_sv failed for type attributetypes Apr
26 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]:
[26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp:
slapi_attr_values2keys_sv failed for type attributetypes Apr
26 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]:
[26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp:
slapi_attr_values2keys_sv failed for type attributetypes Apr
26 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]:
[26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp:
slapi_attr_values2keys_sv failed for type attributetypes Apr
26 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]:
[26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp:
slapi_attr_values2keys_sv failed for type attributetypes Apr
26 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]:
[26/Apr/2016!<o:p></o:p></p>
<p class="MsoPlainText"><o:p></o:p></p>
<p class="MsoPlainText"> :08:50:21<o:p></o:p></p>
<p class="MsoPlainText">-0400] dse_read_one_file - The entry
cn=schema in file
/etc/dirsrv/slapd-IPA-DOMAIN-LOCAL/schema/00core.ldif (lineno:
1) is invalid, error code 21 (Invalid syntax) - attribute type
aci: Unknown attribute syntax OID
"1.3.6.1.4.1.1466.115.121.1.15"<o:p></o:p></p>
<p class="MsoPlainText">>> Apr 26 08:50:21
cd-p-ipa1.ipa.domain.local ns-slapd[6333]:
[26/Apr/2016:08:50:21 -0400] dse - Please edit the file to
correct the reported problems and then restart the server.<o:p></o:p></p>
<p class="MsoPlainText">> this says the server doesn't know a
syntax oid, but it is a known one.<o:p></o:p></p>
<p class="MsoPlainText">> It could be that the syntax
plugings couldn't be loaded. Thera are more errors before,
could you check where the errors start in
/var/log/dirsrv/slapd-<INSTANCE>/errors ?<o:p></o:p></p>
<p class="MsoPlainText">><o:p> </o:p></p>
<p class="MsoPlainText">> And, did you do any changes to the
system before this problem started ?<o:p></o:p></p>
<p class="MsoPlainText">>> [root@cd-p-ipa1 log]#<o:p></o:p></p>
<p class="MsoPlainText">>><o:p> </o:p></p>
<p class="MsoPlainText">>> Gady<o:p></o:p></p>
<p class="MsoPlainText">>><o:p> </o:p></p>
<p class="MsoPlainText">>> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">>> From: <a
moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">
<span style="color:windowtext;text-decoration:none">freeipa-users-bounces@redhat.com</span></a>
<o:p></o:p></p>
<p class="MsoPlainText">>> [<a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com"><span
style="color:windowtext;text-decoration:none">mailto:freeipa-users-bounces@redhat.com</span></a>]
On Behalf Of Martin
<o:p></o:p></p>
<p class="MsoPlainText">>> Babinsky<o:p></o:p></p>
<p class="MsoPlainText">>> Sent: April 26, 2016 9:17 AM<o:p></o:p></p>
<p class="MsoPlainText">>> To: <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com"><span
style="color:windowtext;text-decoration:none">freeipa-users@redhat.com</span></a><o:p></o:p></p>
<p class="MsoPlainText">>> Subject: Re: [Freeipa-users]
krb5kdc service not starting<o:p></o:p></p>
<p class="MsoPlainText">>><o:p> </o:p></p>
<p class="MsoPlainText">>> On 04/26/2016 03:13 PM, Gady
Notrica wrote:<o:p></o:p></p>
<p class="MsoPlainText">>>> Hello world,<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> I am having issues this
morning with my primary IPA. See below the
<o:p></o:p></p>
<p class="MsoPlainText">>>> details in the logs and
command result. Basically, krb5kdc service
<o:p></o:p></p>
<p class="MsoPlainText">>>> not starting - krb5kdc:
Server error - while fetching master key.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> DNS is functioning. See
below dig result. I have a trust with Windows AD.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Please help…!<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> [root@cd-ipa1 log]#
systemctl status krb5kdc.service -l<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> ● krb5kdc.service -
Kerberos 5 KDC<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Loaded: loaded
(/usr/lib/systemd/system/krb5kdc.service;<o:p></o:p></p>
<p class="MsoPlainText">>>> disabled; vendor preset:
disabled)<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Active: failed
(Result: exit-code) since Tue 2016-04-26
<o:p></o:p></p>
<p class="MsoPlainText">>>> 08:27:52 EDT; 41min ago<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Process: 3694
ExecStart=/usr/sbin/krb5kdc -P <o:p>
</o:p></p>
<p class="MsoPlainText">>>> /var/run/krb5kdc.pid
$KRB5KDC_ARGS (code=exited, status=1/FAILURE)<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:52
cd-ipa1.ipa.domain.localsystemd[1]: Starting
<o:p></o:p></p>
<p class="MsoPlainText">>>> Kerberos<o:p></o:p></p>
<p class="MsoPlainText">>>> 5 KDC...<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:52
cd-ipa1.ipa.domain.localkrb5kdc[3694]: krb5kdc:<o:p></o:p></p>
<p class="MsoPlainText">>>> cannot initialize realm
IPA.DOMAIN.LOCAL- see log file for details<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:52
cd-ipa1.ipa.domain.localsystemd[1]: krb5kdc.service:<o:p></o:p></p>
<p class="MsoPlainText">>>> control process exited,
code=exited status=1<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:52
cd-ipa1.ipa.domain.localsystemd[1]: Failed to start
<o:p></o:p></p>
<p class="MsoPlainText">>>> Kerberos 5 KDC.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:52
cd-ipa1.ipa.domain.localsystemd[1]: Unit
<o:p></o:p></p>
<p class="MsoPlainText">>>> krb5kdc.service entered
failed state.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:52
cd-ipa1.ipa.domain.localsystemd[1]: krb5kdc.service failed.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> [root@cd-ipa1 log]#<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Errors in
/var/log/krb5kdc.log<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> krb5kdc: Server error -
while fetching master key K/M for realm
<o:p></o:p></p>
<p class="MsoPlainText">>>> DOMAIN.LOCAL<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> krb5kdc: Server error -
while fetching master key K/M for realm
<o:p></o:p></p>
<p class="MsoPlainText">>>> DOMAIN.LOCAL<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> krb5kdc: Server error -
while fetching master key K/M for realm
<o:p></o:p></p>
<p class="MsoPlainText">>>> DOMAIN.LOCAL<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> [root@cd-ipa1 log]#
systemctl status httpd -l<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> ● httpd.service - The
Apache HTTP Server<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Loaded: loaded
(/etc/systemd/system/httpd.service; disabled;
<o:p></o:p></p>
<p class="MsoPlainText">>>> vendor<o:p></o:p></p>
<p class="MsoPlainText">>>> preset: disabled)<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Active: failed
(Result: exit-code) since Tue 2016-04-26
<o:p></o:p></p>
<p class="MsoPlainText">>>> 08:27:21 EDT; 39min ago<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Docs: <a class="moz-txt-link-freetext" href="man:httpd(8)">man:httpd(8)</a><o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>>
<a class="moz-txt-link-freetext" href="man:apachectl(8)">man:apachectl(8)</a><o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Process: 3594
ExecStartPre=/usr/libexec/ipa/ipa-httpd-kdcproxy<o:p></o:p></p>
<p class="MsoPlainText">>>> (code=exited,
status=1/FAILURE)<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.localipa-httpd-kdcproxy[3594]:<o:p></o:p></p>
<p class="MsoPlainText">>>> File
"/usr/lib/python2.7/siteackages/ipapython/ipaldap.py", line
<o:p></o:p></p>
<p class="MsoPlainText">>>> 1579, in
__wait_for_connection<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]:<o:p></o:p></p>
<p class="MsoPlainText">>>>
wait_for_open_socket(lurl.hostport, timeout)<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]:<o:p></o:p></p>
<p class="MsoPlainText">>>> File
"/usr/lib/python2.7/siteackages/ipapython/ipautil.py", line
<o:p></o:p></p>
<p class="MsoPlainText">>>> 1200, in
wait_for_open_socket<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]:<o:p></o:p></p>
<p class="MsoPlainText">>>> raise e<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]:<o:p></o:p></p>
<p class="MsoPlainText">>>> error: [Errno 2] No such
file or directory<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]:<o:p></o:p></p>
<p class="MsoPlainText">>>> ipa : ERROR
Unknown error while retrieving setting from<o:p></o:p></p>
<p class="MsoPlainText">>>>
ldapi://%2fvar%2frun%2fslapd-IPA-DOMAIN-LOCAL.socket: [Errno
2] No
<o:p></o:p></p>
<p class="MsoPlainText">>>> such file or directory<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.localsystemd[1]: httpd.service:<o:p></o:p></p>
<p class="MsoPlainText">>>> control process exited,
code=exited status=1<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.localsystemd[1]: Failed to start
<o:p></o:p></p>
<p class="MsoPlainText">>>> The Apache HTTP Server.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.localsystemd[1]: Unit
<o:p></o:p></p>
<p class="MsoPlainText">>>> httpd.service entered
failed state.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.localsystemd[1]: httpd.service failed.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> [root@cd-ipa1 log]#<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> DNS Result for dig
redhat.com<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> ; <<>> DiG
9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> redhat.com<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> ;; global options: +cmd<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> ;; Got answer:<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> ;; ->>HEADER<<-
opcode: QUERY, status: NOERROR, id: 5414<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> ;; flags: qr rd ra; QUERY:
1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL:
<o:p></o:p></p>
<p class="MsoPlainText">>>> 2<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> ;; OPT PSEUDOSECTION:<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> ; EDNS: version: 0, flags:;
udp: 4096<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> ;; QUESTION SECTION:<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>>
;redhat.com. IN A<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> ;; ANSWER SECTION:<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> redhat.com.
60 IN A 209.132.183.105<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> ;; AUTHORITY SECTION:<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS f.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS e.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS k.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS m.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS b.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS g.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS c.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS h.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS l.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS a.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS j.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS i.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS d.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> ;; ADDITIONAL SECTION:<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> j.root-servers.net.
3246 IN A 192.58.128.30<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> ;; Query time: 79 msec<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> ;; SERVER:
10.20.10.41#53(10.20.10.41)<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> ;; WHEN: Tue Apr 26
09:02:43 EDT 2016<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> ;; MSG SIZE rcvd: 282<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>> Gady<o:p></o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>>><o:p> </o:p></p>
<p class="MsoPlainText">>> It seems like Directory server
is not running. Can you post result of 'ipactl status' and
'systemctl status
<a moz-do-not-send="true"
href="mailto:dirsrv@IPA-CANDEAL-CA.service"><span
style="color:windowtext;text-decoration:none">dirsrv@IPA-DOMAIN-LOCAL.service</span></a>'?<o:p></o:p></p>
<p class="MsoPlainText">>><o:p> </o:p></p>
<p class="MsoPlainText">>> --<o:p></o:p></p>
<p class="MsoPlainText">>> Martin^3 Babinsky<o:p></o:p></p>
<p class="MsoPlainText">>><o:p> </o:p></p>
<p class="MsoPlainText">>> --<o:p></o:p></p>
<p class="MsoPlainText">>> Manage your subscription for
the Freeipa-users mailing list:<o:p></o:p></p>
<p class="MsoPlainText">>> <a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users">
<span style="color:windowtext;text-decoration:none">https://www.redhat.com/mailman/listinfo/freeipa-users</span></a><o:p></o:p></p>
<p class="MsoPlainText">>> Go to <a
moz-do-not-send="true" href="http://freeipa.org"><span
style="color:windowtext;text-decoration:none">http://freeipa.org</span></a>
for more info on the project<o:p></o:p></p>
<p class="MsoPlainText">>><o:p> </o:p></p>
<p class="MsoPlainText">><o:p> </o:p></p>
<p class="MsoPlainText">> --<o:p></o:p></p>
<p class="MsoPlainText">> Red Hat GmbH, <a
moz-do-not-send="true" href="http://www.de.redhat.com/"><span
style="color:windowtext;text-decoration:none">http://www.de.redhat.com/</span></a>,
Registered seat: Grasbrunn,
<o:p></o:p></p>
<p class="MsoPlainText">> Commercial register: Amtsgericht
Muenchen, HRB 153243, Managing
<o:p></o:p></p>
<p class="MsoPlainText">> Directors: Paul Argiry, Charles
Cachera, Michael Cunningham, Michael
<o:p></o:p></p>
<p class="MsoPlainText">> O'Neill<o:p></o:p></p>
<p class="MsoPlainText">><o:p> </o:p></p>
<p class="MsoPlainText">> --<o:p></o:p></p>
<p class="MsoPlainText">> Manage your subscription for the
Freeipa-users mailing list:<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users">
<span style="color:windowtext;text-decoration:none">https://www.redhat.com/mailman/listinfo/freeipa-users</span></a><o:p></o:p></p>
<p class="MsoPlainText">> Go to <a moz-do-not-send="true"
href="http://freeipa.org"><span
style="color:windowtext;text-decoration:none">http://freeipa.org</span></a>
for more info on the project<o:p></o:p></p>
<p class="MsoPlainText">><o:p> </o:p></p>
<p class="MsoPlainText">> --<o:p></o:p></p>
<p class="MsoPlainText">> Manage your subscription for the
Freeipa-users mailing list:<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users">
<span style="color:windowtext;text-decoration:none">https://www.redhat.com/mailman/listinfo/freeipa-users</span></a><o:p></o:p></p>
<p class="MsoPlainText">> Go to <a moz-do-not-send="true"
href="http://freeipa.org"><span
style="color:windowtext;text-decoration:none">http://freeipa.org</span></a>
for more info on the project<o:p></o:p></p>
<p class="MsoPlainText">><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Red Hat GmbH, <a class="moz-txt-link-freetext" href="http://www.de.redhat.com/">http://www.de.redhat.com/</a>, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill</pre>
</body>
</html>