<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Lucida Sans";
panose-1:2 11 6 2 3 5 4 2 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Lucida Sans \, sans-serif";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;
mso-fareast-language:EN-US;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;
mso-fareast-language:EN-US;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle26
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle27
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-CA" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">That worked. The service is up and I can see a bunch of logs on the log I’m tailing… /var/log/dirsrv/slapd-IPA-CANDEAL-CA/errors<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D">[root@cd-p-ipa1 slapd-IPA-CANDEAL-CA]# systemctl start dirsrv@IPA-CANDEAL-CA.service<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D">[root@cd-p-ipa1 slapd-IPA-CANDEAL-CA]# systemctl status dirsrv@IPA-CANDEAL-CA.service -l<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D">● dirsrv@IPA-CANDEAL-CA.service - 389 Directory Server IPA-CANDEAL-CA.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D"> Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; enabled; vendor preset: disabled)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D"> Active: active (running) since Wed 2016-04-27 11:31:04 EDT; 10s ago<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D"> Process: 17300 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i /var/run/dirsrv/slapd-%i.pid -w /var/run/dirsrv/slapd-%i.startpid (code=exited, status=0/SUCCESS)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D">Main PID: 17317 (ns-slapd)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D"> CGroup: /system.slice/system-dirsrv.slice/dirsrv@IPA-CANDEAL-CA.service<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D"> └─17317 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-IPA-CANDEAL-CA -i /var/run/dirsrv/slapd-IPA-CANDEAL-CA.pid -w /var/run/dirsrv/slapd-IPA-CANDEAL-CA.startpid<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D">Apr 27 11:31:05 cd-p-ipa1.ipa.candeal.ca ns-slapd[17300]: [27/Apr/2016:11:31:05 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D">Apr 27 11:31:05 cd-p-ipa1.ipa.candeal.ca ns-slapd[17300]: [27/Apr/2016:11:31:05 -0400] - SSL alert: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D">Apr 27 11:31:05 cd-p-ipa1.ipa.candeal.ca ns-slapd[17300]: [27/Apr/2016:11:31:05 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA: enabled<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D">Apr 27 11:31:05 cd-p-ipa1.ipa.candeal.ca ns-slapd[17300]: [27/Apr/2016:11:31:05 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D">Apr 27 11:31:05 cd-p-ipa1.ipa.candeal.ca ns-slapd[17300]: [27/Apr/2016:11:31:05 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D">Apr 27 11:31:05 cd-p-ipa1.ipa.candeal.ca ns-slapd[17300]: [27/Apr/2016:11:31:05 -0400] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA: enabled<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D">Apr 27 11:31:05 cd-p-ipa1.ipa.candeal.ca ns-slapd[17300]: [27/Apr/2016:11:31:05 -0400] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D">Apr 27 11:31:12 cd-p-ipa1.ipa.candeal.ca ns-slapd[17317]: GSSAPI client step 1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D">Apr 27 11:31:12 cd-p-ipa1.ipa.candeal.ca ns-slapd[17317]: GSSAPI client step 1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D">Apr 27 11:31:12 cd-p-ipa1.ipa.candeal.ca ns-slapd[17317]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D">[root@cd-p-ipa1 slapd-IPA-CANDEAL-CA]#<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:navy;mso-fareast-language:EN-CA">Gady Notrica</span><span style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:#1F497D;mso-fareast-language:EN-CA">
</span><span style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:gray;mso-fareast-language:EN-CA">| IT Systems Analyst | 416.814.7800 Ext. 7921 | Cell. 416.818.4797 |
</span><span lang="FR-CA" style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:#1F497D;mso-fareast-language:EN-CA"><a href="mailto:gnotrica@candeal.com"><span lang="EN-CA">gnotrica@candeal.com</span></a></span><span lang="FR-CA" style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:gray;mso-fareast-language:EN-CA">
</span><span style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:#1F497D;mso-fareast-language:EN-CA"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:navy;mso-fareast-language:EN-CA">CanDeal
</span><span style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:gray;mso-fareast-language:EN-CA">| 152 King St. E, 4th Floor, Toronto ON M5A 1J4 |
</span><span style="color:#1F497D;mso-fareast-language:EN-CA"><a href="http://www.candeal.ca/"><span style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif"">www.candeal.com</span></a></span><span style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif";color:gray;mso-fareast-language:EN-CA">
| Follow us:</span><span lang="EN-GB" style="font-size:9.0pt;line-height:125%;font-family:"Arial","sans-serif";color:#1F497D;mso-fareast-language:EN-CA"> </span><a href="http://www.twitter.com/candeal"><span style="font-size:9.0pt;line-height:125%;font-family:"Arial","sans-serif";mso-fareast-language:EN-CA;text-decoration:none"><img border="0" width="17" height="16" id="_x0000_i1031" src="cid:image001.jpg@01D1A078.C3EA58D0" alt="Description: Description: cid:image003.jpg@01CBD419.622CDF90"></span></a><span style="color:#1F497D;mso-fareast-language:EN-CA"> </span><span style="color:#7F7F7F;mso-fareast-language:EN-CA">
</span><a href="http://www.linkedin.com/profile/view?id=36869324&trk=tab_pro"><b><span style="font-family:"Arial","sans-serif";mso-fareast-language:EN-CA;text-decoration:none"><img border="0" width="16" height="16" id="_x0000_i1030" src="cid:image002.jpg@01D1A078.C3EA58D0" alt="Description: Description: Description: cid:image002.jpg@01CBD419.622CDF90"></span></b></a><span style="color:#1F497D;mso-fareast-language:EN-CA"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:EN-CA">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:EN-CA">
Ludwig Krispenz [mailto:lkrispen@redhat.com] <br>
<b>Sent:</b> April 27, 2016 11:26 AM<br>
<b>To:</b> Gady Notrica<br>
<b>Cc:</b> Rob Crittenden; freeipa-users@redhat.com<br>
<b>Subject:</b> Re: [Freeipa-users] krb5kdc service not starting<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">you can try:<br>
cp <span style="font-size:8.0pt;color:#1F497D">/etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif.startOK /etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif<br>
<br>
and start dirsrv again, </span><o:p></o:p></p>
<div>
<p class="MsoNormal">On 04/27/2016 05:19 PM, Gady Notrica wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">Yes I have few files… see here…:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[root@cd-p-ipa1 log]# ls -l /etc/dirsrv/slapd-IPA-CANDEAL-CA/dse*</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">-rw------- 1 dirsrv root 153365 Jan 15 11:59 /etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif.ipa.2a425e90d7bf6f15</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">-rw------- 1 dirsrv root 187894 Feb 17 11:51 /etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif.ipa.359903482c3cf7aa</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">-rw------- 1 dirsrv root 191405 Apr 14 09:36 /etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif.ipa.37a6887eb1084abe</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">-rw------- 1 dirsrv root 191427 Mar 11 09:40 /etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif.ipa.95bd550f879430c2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">-rw------- 1 dirsrv root 191427 Mar 7 15:17 /etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif.ipa.e21fffebbee53edb</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">-rw-r--r-- 1 dirsrv root 191566 Apr 14 09:37 /etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif.modified.out</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">-rw------- 1 dirsrv dirsrv 191405 Apr 23 11:39 /etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif.startOK</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">-r--r----- 1 dirsrv dirsrv 36003 Jan 15 11:46 /etc/dirsrv/slapd-IPA-CANDEAL-CA/dse_original.ldif</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:9.0pt;line-height:125%">Gady Notrica | IT Systems Analyst | 416.814.7800 Ext. 7921 | Cell. 416.818.4797 |
</span><span lang="FR-CA" style="font-size:9.0pt;line-height:125%"><a href="mailto:gnotrica@candeal.com"><span lang="EN-CA">gnotrica@candeal.com</span></a>
</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:9.0pt;line-height:125%">CanDeal | 152 King St. E, 4th Floor, Toronto ON M5A 1J4 |
</span><span style="color:#1F497D;mso-fareast-language:EN-CA"><a href="http://www.candeal.ca/"><span style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans , sans-serif","serif"">www.candeal.com</span></a></span><span style="font-size:9.0pt;line-height:125%">
| Follow us:</span><span lang="EN-GB" style="font-size:9.0pt;line-height:125%;font-family:"Arial","sans-serif";color:#1F497D;mso-fareast-language:EN-CA"> </span><a href="http://www.twitter.com/candeal"><span style="font-size:9.0pt;line-height:125%;font-family:"Arial","sans-serif";mso-fareast-language:EN-CA;text-decoration:none"><img border="0" width="17" height="16" id="_x0000_i1025" src="cid:image001.jpg@01D1A078.C3EA58D0" alt="Description: Description:
cid:image003.jpg@01CBD419.622CDF90"></span></a><span style="color:#1F497D;mso-fareast-language:EN-CA"> </span><span style="color:#7F7F7F;mso-fareast-language:EN-CA">
</span><a href="http://www.linkedin.com/profile/view?id=36869324&trk=tab_pro"><b><span style="font-family:"Arial","sans-serif";mso-fareast-language:EN-CA;text-decoration:none"><img border="0" width="16" height="16" id="_x0000_i1026" src="cid:image002.jpg@01D1A078.C3EA58D0" alt="Description: Description: Description:
cid:image002.jpg@01CBD419.622CDF90"></span></b></a><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:EN-CA">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:EN-CA">
Ludwig Krispenz [<a href="mailto:lkrispen@redhat.com">mailto:lkrispen@redhat.com</a>]
<br>
<b>Sent:</b> April 27, 2016 11:18 AM<br>
<b>To:</b> Gady Notrica<br>
<b>Cc:</b> Rob Crittenden; <a href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] krb5kdc service not starting</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On 04/27/2016 05:10 PM, Gady Notrica wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D">Oh! No…</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Is there a way I can pull those files from the secondary server and put them on the primary?</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt">do you have any file /etc/dirsrv/slapd-IPA-CANDEAL-CA/dse* ? There might be some older states to try
<br>
If you want to use a dse.ldif from another server, it could only work if the other server is really the same, same backends, indexes,,.... and you would have to do a lot of editing to adapt the file to the local system, eg replication agreements ....<br>
And then it is not sure if something else could be broken<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Or I can run the re-installation ipa-server-install with repair option and copy the data back from the secondary server?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt">I'm not so sure about the IPA reinstall/repair process, maybe soemone else can step in<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:9.0pt;line-height:125%">Gady Notrica | IT Systems Analyst | 416.814.7800 Ext. 7921 | Cell. 416.818.4797 |
</span><span lang="FR-CA" style="font-size:9.0pt;line-height:125%"><a href="mailto:gnotrica@candeal.com"><span lang="EN-CA">gnotrica@candeal.com</span></a>
</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:9.0pt;line-height:125%">CanDeal | 152 King St. E, 4th Floor, Toronto ON M5A 1J4 |
</span><span style="color:#1F497D;mso-fareast-language:EN-CA"><a href="http://www.candeal.ca/"><span style="font-size:9.0pt;line-height:125%;font-family:"Lucida Sans","sans-serif"">www.candeal.com</span></a></span><span style="font-size:9.0pt;line-height:125%">
| Follow us:</span><span lang="EN-GB" style="font-size:9.0pt;line-height:125%;font-family:"Arial","sans-serif";color:#1F497D;mso-fareast-language:EN-CA"> </span><a href="http://www.twitter.com/candeal"><span style="font-size:9.0pt;line-height:125%;font-family:"Arial","sans-serif";mso-fareast-language:EN-CA;text-decoration:none"><img border="0" width="17" height="16" id="_x0000_i1027" src="cid:image001.jpg@01D1A078.C3EA58D0" alt="Description: Description:
cid:image003.jpg@01CBD419.622CDF90"></span></a><span style="color:#1F497D;mso-fareast-language:EN-CA"> </span><span style="color:#7F7F7F;mso-fareast-language:EN-CA">
</span><a href="http://www.linkedin.com/profile/view?id=36869324&trk=tab_pro"><b><span style="font-family:"Arial","sans-serif";mso-fareast-language:EN-CA;text-decoration:none"><img border="0" width="16" height="16" id="Picture_x0020_2" src="cid:image002.jpg@01D1A078.C3EA58D0" alt="Description: Description: Description:
cid:image002.jpg@01CBD419.622CDF90"></span></b></a><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:EN-CA">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:EN-CA">
Ludwig Krispenz [<a href="mailto:lkrispen@redhat.com">mailto:lkrispen@redhat.com</a>]
<br>
<b>Sent:</b> April 27, 2016 10:58 AM<br>
<b>To:</b> Gady Notrica<br>
<b>Cc:</b> Rob Crittenden; <a href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] krb5kdc service not starting</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On 04/27/2016 04:36 PM, Gady Notrica wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><b><span style="color:red">No changes</span></b><span style="color:#1F497D"> to /var/log/dirsrv/slapd-IPA-CANDEAL-CA/errors. I am tailing the log file and running those commands doesn’t generate any log, nothing.</span><o:p></o:p></p>
<div>
<p class="MsoNormal" style="line-height:125%"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">[root@cd-p-ipa1 log]# ipactl start</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Starting Directory Service</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Job for
<a href="mailto:dirsrv@IPA-CANDEAL-CA.service">dirsrv@IPA-CANDEAL-CA.service</a> failed because the control process exited with error code. See "systemctl status
<a href="mailto:dirsrv@IPA-CANDEAL-CA.service">dirsrv@IPA-CANDEAL-CA.service</a>" and "journalctl -xe" for details.</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Failed to start Directory Service: Command ''/bin/systemctl' 'start' '<a href="mailto:dirsrv@IPA-CANDEAL-CA.service">dirsrv@IPA-CANDEAL-CA.service</a>''
returned non-zero exit status 1</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><b><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Logs from /var/log/messages</span></b><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr 27 10:26:05 cd-p-ipa1 systemd: Starting 389 Directory Server IPA-CANDEAL-CA....</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr 27 10:26:05 cd-p-ipa1 ns-slapd: [27/Apr/2016:10:26:05 -0400] dse - The configuration file /etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif was not restored
from backup /etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif.tmp, error -1</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr 27 10:26:05 cd-p-ipa1 ns-slapd: [27/Apr/2016:10:26:05 -0400] dse - The configuration file /etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif was not restored
from backup /etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif.bak, error -1</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr 27 10:26:05 cd-p-ipa1 ns-slapd: [27/Apr/2016:10:26:05 -0400] config - The given config file /etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif could not be
accessed, Netscape Portable Runtime error -5950 (File not found.)</span><o:p></o:p></p>
</div>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt">this is BAD, looks like you completely lost your configuration file for DS, so it doesn't even know where to log anything. When you lost your VM and rebooted there must hav ebeen some data loss.<br>
It could be only dse.ldif, but also other files. <br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<div>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">[root@cd-p-ipa1 log]# systemctl start
<a href="mailto:dirsrv@IPA-CANDEAL-CA.service">dirsrv@IPA-CANDEAL-CA.service</a></span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Job for
<a href="mailto:dirsrv@IPA-CANDEAL-CA.service">dirsrv@IPA-CANDEAL-CA.service</a> failed because the control process exited with error code. See "systemctl status
<a href="mailto:dirsrv@IPA-CANDEAL-CA.service">dirsrv@IPA-CANDEAL-CA.service</a>" and "journalctl -xe" for details.</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">[root@cd-p-ipa1 log]# systemctl status
<a href="mailto:dirsrv@IPA-CANDEAL-CA.service">dirsrv@IPA-CANDEAL-CA.service</a> -l</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">●
<a href="mailto:dirsrv@IPA-CANDEAL-CA.service">dirsrv@IPA-CANDEAL-CA.service</a> - 389 Directory Server IPA-CANDEAL-CA.</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D"> Loaded: loaded (<a href="mailto:/usr/lib/systemd/system/dirsrv@.service">/usr/lib/systemd/system/dirsrv@.service</a>; enabled; vendor preset: disabled)</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D"> Active: failed (Result: exit-code) since Wed 2016-04-27 10:26:17 EDT; 3s ago</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D"> Process: 9830 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i /var/run/dirsrv/slapd-%i.pid -w /var/run/dirsrv/slapd-%i.startpid (code=exited,
status=1/FAILURE)</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr 27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]: [27/Apr/2016:10:26:17 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for
type attributetypes</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr 27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]: [27/Apr/2016:10:26:17 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for
type attributetypes</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr 27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]: [27/Apr/2016:10:26:17 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for
type attributetypes</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr 27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]: [27/Apr/2016:10:26:17 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for
type attributetypes</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr 27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]: [27/Apr/2016:10:26:17 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for
type attributetypes</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr 27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]: [27/Apr/2016:10:26:17 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for
type attributetypes</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr 27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]: [27/Apr/2016:10:26:17 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for
type attributetypes</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr 27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]: [27/Apr/2016:10:26:17 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for
type attributetypes</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr 27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]: [27/Apr/2016:10:26:17 -0400] dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-IPA-CANDEAL-CA/schema/00core.ldif
(lineno: 1) is invalid, error code 21 (Invalid syntax) - attribute type aci: Unknown attribute syntax OID "1.3.6.1.4.1.1466.115.121.1.15"</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr 27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]: [27/Apr/2016:10:26:17 -0400] dse - Please edit the file to correct the reported problems and
then restart the server.</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:7.0pt;line-height:125%;color:#1F497D">[root@cd-p-ipa1 log]#</span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:9.0pt;line-height:125%;color:#1F497D;mso-fareast-language:EN-CA"> </span><o:p></o:p></p>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:9.0pt;line-height:125%">Gady</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:EN-CA">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:EN-CA">
Ludwig Krispenz [<a href="mailto:lkrispen@redhat.com">mailto:lkrispen@redhat.com</a>]
<br>
<b>Sent:</b> April 27, 2016 10:06 AM<br>
<b>To:</b> Gady Notrica<br>
<b>Cc:</b> Rob Crittenden; <a href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] krb5kdc service not starting</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On 04/27/2016 03:48 PM, Gady Notrica wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D">Hello Ludwig,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">I do have only 1 error logs for the 26<sup>th</sup> in /var/log/dirsrv/slapd-IPA-CANDEAL-CA/errors. Below is the only line I have</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">[25/Apr/2016:22:34:51 -0400] NSMMReplicationPlugin - windows sync - failed to send dirsync search request: 2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">[<b>26/Apr/2016</b>:00:13:01 -0400] - Entry "uid=MMOOREDT$,cn=users,cn=accounts,dc=ipa,dc=candeal,dc=ca" missing attribute "sn" required by object class "person"</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-CA"><img border="0" width="901" height="31" id="Picture_x0020_3" src="cid:image003.jpg@01D1A078.C3EA58D0"></span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">I don’t know if that helps.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt">no. And it is weird that there should be no logs, there were definitely messages logged around 8:50, you provided them via systemctl status dirsrv...
<br>
And at least the startup messages should b there<br>
<br>
Can you try to start dirsrv again. and check what config settings for errorlog are in your dse.ldif
<br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal" style="line-height:125%"><span style="font-size:9.0pt;line-height:125%">Gady</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:EN-CA">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:EN-CA">
Ludwig Krispenz [<a href="mailto:lkrispen@redhat.com">mailto:lkrispen@redhat.com</a>]
<br>
<b>Sent:</b> April 27, 2016 3:18 AM<br>
<b>To:</b> Gady Notrica<br>
<b>Cc:</b> Rob Crittenden; <a href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] krb5kdc service not starting</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On 04/26/2016 09:09 PM, Gady Notrica wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoPlainText">HERE..<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51 -0400] set_krb5_creds - Could not get initial credentials for principal [<a href="mailto:ldap/cd-p-ipa1.ipa.domain.local@IPA.DOMAIN.LOCAL">ldap/cd-p-ipa1.ipa.domain.local@IPA.DOMAIN.LOCAL</a>]
in keytab [<a href="FILE:///\\%5C%5C%5C%5C%5C%5C%5C%5Cetc%5Cdirsrv%5Cds.keytab">FILE:/etc/dirsrv/ds.keytab</a>]: -1765328228 (Cannot contact any KDC for requested realm)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51 -0400] NSMMReplicationPlugin - agmt="cn=meTocd-s-ipa1.ipa.domain.local" (cd-s-ipa1:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure:
GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available))</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51 -0400] - Listening on All Interfaces port 636 for LDAPS requests</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51 -0400] - Listening on /var/run/slapd-IPA-DOMAIN-LOCAL.socket for LDAPI requests</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:55 -0400] NSMMReplicationPlugin - agmt="cn=meTocd-s-ipa1.ipa.domain.local" (cd-s-ipa1:389): Replication bind with GSSAPI auth resumed</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:37:27 -0400] NSMMReplicationPlugin - agmt="cn=meTocd-s-ipa1.ipa.domain.local" (cd-s-ipa1:389): Unable to receive the response for a startReplication extended operation to consumer (Can't
contact LDAP server). Will retry later.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:02 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport
endpoint is not connected)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:02 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:02 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport
endpoint is not connected)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:02 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:02 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport
endpoint is not connected)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:02 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:13 -0400] NSMMReplicationPlugin - agmt="cn=meTocd-s-ipa1.ipa.domain.local" (cd-s-ipa1:389): Replication bind with GSSAPI auth resumed</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[25/Apr/2016:22:34:51 -0400] NSMMReplicationPlugin - windows sync - failed to send dirsync search request: 2</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt">these are old logs, the problem you were reporting was on Apr, 26:<br>
<br>
<br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<pre>Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-IPA-CANDEAL-CA/schema/00core.ldif (lineno: 1) is invalid, error code 21 (Invalid syntax) - attribute type aci: Unknown attribute syntax OID "1.3.6.1.4.1.1466.115.121.1.15"<o:p></o:p></pre>
<pre>Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] dse - Please edit the file to correct the reported problems and then restart the server.<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>we need the logs from that time<o:p></o:p></pre>
<p class="MsoNormal"><span style="font-size:12.0pt"><br>
<br>
<br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Gady<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"><span lang="EN-US" style="mso-fareast-language:EN-CA">-----Original Message-----<br>
From: Rob Crittenden [<a href="mailto:rcritten@redhat.com">mailto:rcritten@redhat.com</a>]
<br>
Sent: April 26, 2016 2:44 PM<br>
To: Gady Notrica; Ludwig Krispenz; <a href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
Subject: Re: [Freeipa-users] krb5kdc service not starting</span><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Gady Notrica wrote:<o:p></o:p></p>
<p class="MsoPlainText">> Hey world,<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Any ideas?<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">What about the first part of Ludwig's question: Is there anything in the 389-ds error log?<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">rob<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Gady<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> From: <a href="mailto:freeipa-users-bounces@redhat.com">
<span style="color:windowtext;text-decoration:none">freeipa-users-bounces@redhat.com</span></a>
<o:p></o:p></p>
<p class="MsoPlainText">> [<a href="mailto:freeipa-users-bounces@redhat.com"><span style="color:windowtext;text-decoration:none">mailto:freeipa-users-bounces@redhat.com</span></a>] On Behalf Of Gady Notrica<o:p></o:p></p>
<p class="MsoPlainText">> Sent: April 26, 2016 10:10 AM<o:p></o:p></p>
<p class="MsoPlainText">> To: Ludwig Krispenz; <a href="mailto:freeipa-users@redhat.com">
<span style="color:windowtext;text-decoration:none">freeipa-users@redhat.com</span></a><o:p></o:p></p>
<p class="MsoPlainText">> Subject: Re: [Freeipa-users] krb5kdc service not starting<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> No, no changes. Lost connectivity with my VMs during the night
<o:p></o:p></p>
<p class="MsoPlainText">> (networking issues in datacenter)<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Reboot the server and oups, no IPA is coming up... The replica (secondary server) is fine though.<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Gady Notrica<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> From: <a href="mailto:freeipa-users-bounces@redhat.com">
<span style="color:windowtext;text-decoration:none">freeipa-users-bounces@redhat.com</span></a>
<o:p></o:p></p>
<p class="MsoPlainText">> [<a href="mailto:freeipa-users-bounces@redhat.com"><span style="color:windowtext;text-decoration:none">mailto:freeipa-users-bounces@redhat.com</span></a>] On Behalf Of Ludwig Krispenz<o:p></o:p></p>
<p class="MsoPlainText">> Sent: April 26, 2016 10:02 AM<o:p></o:p></p>
<p class="MsoPlainText">> To: <a href="mailto:freeipa-users@redhat.com"><span style="color:windowtext;text-decoration:none">freeipa-users@redhat.com</span></a><o:p></o:p></p>
<p class="MsoPlainText">> Subject: Re: [Freeipa-users] krb5kdc service not starting<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> On 04/26/2016 03:26 PM, Gady Notrica wrote:<o:p></o:p></p>
<p class="MsoPlainText">>> Here...<o:p></o:p></p>
<p class="MsoPlainText">>> <o:p></o:p></p>
<p class="MsoPlainText">>> [root@cd-p-ipa1 log]# ipactl status<o:p></o:p></p>
<p class="MsoPlainText">>> Directory Service: STOPPED<o:p></o:p></p>
<p class="MsoPlainText">>> Directory Service must be running in order to obtain status of other
<o:p></o:p></p>
<p class="MsoPlainText">>> services<o:p></o:p></p>
<p class="MsoPlainText">>> ipa: INFO: The ipactl command was successful<o:p></o:p></p>
<p class="MsoPlainText">>> <o:p></o:p></p>
<p class="MsoPlainText">>> [root@cd-p-ipa1 log]# systemctl status <a href="mailto:dirsrv@IPA-CANDEAL-CA.service">
<span style="color:windowtext;text-decoration:none">dirsrv@IPA-DOMAIN-LOCAL.service</span></a>
<o:p></o:p></p>
<p class="MsoPlainText">>> -l ● <a href="mailto:dirsrv@IPA-DOMAIN-LOCAL.service">
dirsrv@IPA-DOMAIN-LOCAL.service</a> - 389 Directory Server IPA-DOMAIN-LOCAL.<o:p></o:p></p>
<p class="MsoPlainText">>> Loaded: loaded (<a href="mailto:/usr/lib/systemd/system/dirsrv@.service"><span style="color:windowtext;text-decoration:none">/usr/lib/systemd/system/dirsrv@.service</span></a>; enabled; vendor preset: disabled)<o:p></o:p></p>
<p class="MsoPlainText">>> Active: failed (Result: exit-code) since Tue 2016-04-26 08:50:21 EDT; 30min ago<o:p></o:p></p>
<p class="MsoPlainText">>> Process: 6333 ExecStart=/usr/sbin/ns-slapd -D <o:p>
</o:p></p>
<p class="MsoPlainText">>> /etc/dirsrv/slapd-%i -i /var/run/dirsrv/slapd-%i.pid -w
<o:p></o:p></p>
<p class="MsoPlainText">>> /var/run/dirsrv/slapd-%i.startpid (code=exited, status=1/FAILURE)<o:p></o:p></p>
<p class="MsoPlainText">>> <o:p></o:p></p>
<p class="MsoPlainText">>> Apr 26 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]:<o:p></o:p></p>
<p class="MsoPlainText">>> [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp:<o:p></o:p></p>
<p class="MsoPlainText">>> slapi_attr_values2keys_sv failed for type attributetypes Apr 26<o:p></o:p></p>
<p class="MsoPlainText">>> 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]:<o:p></o:p></p>
<p class="MsoPlainText">>> [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp:<o:p></o:p></p>
<p class="MsoPlainText">>> slapi_attr_values2keys_sv failed for type attributetypes Apr 26<o:p></o:p></p>
<p class="MsoPlainText">>> 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]:<o:p></o:p></p>
<p class="MsoPlainText">>> [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp:<o:p></o:p></p>
<p class="MsoPlainText">>> slapi_attr_values2keys_sv failed for type attributetypes Apr 26 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for type attributetypes
Apr 26 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for type attributetypes Apr 26 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400]
- valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for type attributetypes Apr 26 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for type attributetypes
Apr 26 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for type attributetypes Apr 26 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]: [26/Apr/2016!<o:p></o:p></p>
<p class="MsoPlainText"> :08:50:21<o:p></o:p></p>
<p class="MsoPlainText">-0400] dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-IPA-DOMAIN-LOCAL/schema/00core.ldif (lineno: 1) is invalid, error code 21 (Invalid syntax) - attribute type aci: Unknown attribute syntax OID "1.3.6.1.4.1.1466.115.121.1.15"<o:p></o:p></p>
<p class="MsoPlainText">>> Apr 26 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] dse - Please edit the file to correct the reported problems and then restart the server.<o:p></o:p></p>
<p class="MsoPlainText">> this says the server doesn't know a syntax oid, but it is a known one.<o:p></o:p></p>
<p class="MsoPlainText">> It could be that the syntax plugings couldn't be loaded. Thera are more errors before, could you check where the errors start in /var/log/dirsrv/slapd-<INSTANCE>/errors ?<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> And, did you do any changes to the system before this problem started ?<o:p></o:p></p>
<p class="MsoPlainText">>> [root@cd-p-ipa1 log]#<o:p></o:p></p>
<p class="MsoPlainText">>> <o:p></o:p></p>
<p class="MsoPlainText">>> Gady<o:p></o:p></p>
<p class="MsoPlainText">>> <o:p></o:p></p>
<p class="MsoPlainText">>> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">>> From: <a href="mailto:freeipa-users-bounces@redhat.com">
<span style="color:windowtext;text-decoration:none">freeipa-users-bounces@redhat.com</span></a>
<o:p></o:p></p>
<p class="MsoPlainText">>> [<a href="mailto:freeipa-users-bounces@redhat.com"><span style="color:windowtext;text-decoration:none">mailto:freeipa-users-bounces@redhat.com</span></a>] On Behalf Of Martin
<o:p></o:p></p>
<p class="MsoPlainText">>> Babinsky<o:p></o:p></p>
<p class="MsoPlainText">>> Sent: April 26, 2016 9:17 AM<o:p></o:p></p>
<p class="MsoPlainText">>> To: <a href="mailto:freeipa-users@redhat.com"><span style="color:windowtext;text-decoration:none">freeipa-users@redhat.com</span></a><o:p></o:p></p>
<p class="MsoPlainText">>> Subject: Re: [Freeipa-users] krb5kdc service not starting<o:p></o:p></p>
<p class="MsoPlainText">>> <o:p></o:p></p>
<p class="MsoPlainText">>> On 04/26/2016 03:13 PM, Gady Notrica wrote:<o:p></o:p></p>
<p class="MsoPlainText">>>> Hello world,<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> I am having issues this morning with my primary IPA. See below the
<o:p></o:p></p>
<p class="MsoPlainText">>>> details in the logs and command result. Basically, krb5kdc service
<o:p></o:p></p>
<p class="MsoPlainText">>>> not starting - krb5kdc: Server error - while fetching master key.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> DNS is functioning. See below dig result. I have a trust with Windows AD.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Please help…!<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> [root@cd-ipa1 log]# systemctl status krb5kdc.service -l<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ● krb5kdc.service - Kerberos 5 KDC<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service;<o:p></o:p></p>
<p class="MsoPlainText">>>> disabled; vendor preset: disabled)<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Active: failed (Result: exit-code) since Tue 2016-04-26
<o:p></o:p></p>
<p class="MsoPlainText">>>> 08:27:52 EDT; 41min ago<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Process: 3694 ExecStart=/usr/sbin/krb5kdc -P <o:p>
</o:p></p>
<p class="MsoPlainText">>>> /var/run/krb5kdc.pid $KRB5KDC_ARGS (code=exited, status=1/FAILURE)<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: Starting
<o:p></o:p></p>
<p class="MsoPlainText">>>> Kerberos<o:p></o:p></p>
<p class="MsoPlainText">>>> 5 KDC...<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:52 cd-ipa1.ipa.domain.localkrb5kdc[3694]: krb5kdc:<o:p></o:p></p>
<p class="MsoPlainText">>>> cannot initialize realm IPA.DOMAIN.LOCAL- see log file for details<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: krb5kdc.service:<o:p></o:p></p>
<p class="MsoPlainText">>>> control process exited, code=exited status=1<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: Failed to start
<o:p></o:p></p>
<p class="MsoPlainText">>>> Kerberos 5 KDC.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: Unit
<o:p></o:p></p>
<p class="MsoPlainText">>>> krb5kdc.service entered failed state.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: krb5kdc.service failed.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> [root@cd-ipa1 log]#<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Errors in /var/log/krb5kdc.log<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> krb5kdc: Server error - while fetching master key K/M for realm
<o:p></o:p></p>
<p class="MsoPlainText">>>> DOMAIN.LOCAL<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> krb5kdc: Server error - while fetching master key K/M for realm
<o:p></o:p></p>
<p class="MsoPlainText">>>> DOMAIN.LOCAL<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> krb5kdc: Server error - while fetching master key K/M for realm
<o:p></o:p></p>
<p class="MsoPlainText">>>> DOMAIN.LOCAL<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> [root@cd-ipa1 log]# systemctl status httpd -l<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ● httpd.service - The Apache HTTP Server<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Loaded: loaded (/etc/systemd/system/httpd.service; disabled;
<o:p></o:p></p>
<p class="MsoPlainText">>>> vendor<o:p></o:p></p>
<p class="MsoPlainText">>>> preset: disabled)<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Active: failed (Result: exit-code) since Tue 2016-04-26
<o:p></o:p></p>
<p class="MsoPlainText">>>> 08:27:21 EDT; 39min ago<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Docs: <a href="man:httpd%288%29">man:httpd(8)</a><o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <a href="man:apachectl%288%29">man:apachectl(8)</a><o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Process: 3594 ExecStartPre=/usr/libexec/ipa/ipa-httpd-kdcproxy<o:p></o:p></p>
<p class="MsoPlainText">>>> (code=exited, status=1/FAILURE)<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21 cd-ipa1.ipa.domain.localipa-httpd-kdcproxy[3594]:<o:p></o:p></p>
<p class="MsoPlainText">>>> File "/usr/lib/python2.7/siteackages/ipapython/ipaldap.py", line
<o:p></o:p></p>
<p class="MsoPlainText">>>> 1579, in __wait_for_connection<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]:<o:p></o:p></p>
<p class="MsoPlainText">>>> wait_for_open_socket(lurl.hostport, timeout)<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]:<o:p></o:p></p>
<p class="MsoPlainText">>>> File "/usr/lib/python2.7/siteackages/ipapython/ipautil.py", line
<o:p></o:p></p>
<p class="MsoPlainText">>>> 1200, in wait_for_open_socket<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]:<o:p></o:p></p>
<p class="MsoPlainText">>>> raise e<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]:<o:p></o:p></p>
<p class="MsoPlainText">>>> error: [Errno 2] No such file or directory<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]:<o:p></o:p></p>
<p class="MsoPlainText">>>> ipa : ERROR Unknown error while retrieving setting from<o:p></o:p></p>
<p class="MsoPlainText">>>> ldapi://%2fvar%2frun%2fslapd-IPA-DOMAIN-LOCAL.socket: [Errno 2] No
<o:p></o:p></p>
<p class="MsoPlainText">>>> such file or directory<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21 cd-ipa1.ipa.domain.localsystemd[1]: httpd.service:<o:p></o:p></p>
<p class="MsoPlainText">>>> control process exited, code=exited status=1<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21 cd-ipa1.ipa.domain.localsystemd[1]: Failed to start
<o:p></o:p></p>
<p class="MsoPlainText">>>> The Apache HTTP Server.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21 cd-ipa1.ipa.domain.localsystemd[1]: Unit
<o:p></o:p></p>
<p class="MsoPlainText">>>> httpd.service entered failed state.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21 cd-ipa1.ipa.domain.localsystemd[1]: httpd.service failed.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> [root@cd-ipa1 log]#<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> DNS Result for dig redhat.com<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> redhat.com<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; global options: +cmd<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; Got answer:<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5414<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL:
<o:p></o:p></p>
<p class="MsoPlainText">>>> 2<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; OPT PSEUDOSECTION:<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ; EDNS: version: 0, flags:; udp: 4096<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; QUESTION SECTION:<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;redhat.com. IN A<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; ANSWER SECTION:<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> redhat.com. 60 IN A 209.132.183.105<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; AUTHORITY SECTION:<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> . 849 IN NS f.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> . 849 IN NS e.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> . 849 IN NS k.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> . 849 IN NS m.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> . 849 IN NS b.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> . 849 IN NS g.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> . 849 IN NS c.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> . 849 IN NS h.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> . 849 IN NS l.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> . 849 IN NS a.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> . 849 IN NS j.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> . 849 IN NS i.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> . 849 IN NS d.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; ADDITIONAL SECTION:<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> j.root-servers.net. 3246 IN A 192.58.128.30<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; Query time: 79 msec<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; SERVER: 10.20.10.41#53(10.20.10.41)<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; WHEN: Tue Apr 26 09:02:43 EDT 2016<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; MSG SIZE rcvd: 282<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Gady<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>> It seems like Directory server is not running. Can you post result of 'ipactl status' and 'systemctl status
<a href="mailto:dirsrv@IPA-CANDEAL-CA.service"><span style="color:windowtext;text-decoration:none">dirsrv@IPA-DOMAIN-LOCAL.service</span></a>'?<o:p></o:p></p>
<p class="MsoPlainText">>> <o:p></o:p></p>
<p class="MsoPlainText">>> --<o:p></o:p></p>
<p class="MsoPlainText">>> Martin^3 Babinsky<o:p></o:p></p>
<p class="MsoPlainText">>> <o:p></o:p></p>
<p class="MsoPlainText">>> --<o:p></o:p></p>
<p class="MsoPlainText">>> Manage your subscription for the Freeipa-users mailing list:<o:p></o:p></p>
<p class="MsoPlainText">>> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users">
<span style="color:windowtext;text-decoration:none">https://www.redhat.com/mailman/listinfo/freeipa-users</span></a><o:p></o:p></p>
<p class="MsoPlainText">>> Go to <a href="http://freeipa.org"><span style="color:windowtext;text-decoration:none">http://freeipa.org</span></a> for more info on the project<o:p></o:p></p>
<p class="MsoPlainText">>> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> --<o:p></o:p></p>
<p class="MsoPlainText">> Red Hat GmbH, <a href="http://www.de.redhat.com/"><span style="color:windowtext;text-decoration:none">http://www.de.redhat.com/</span></a>, Registered seat: Grasbrunn,
<o:p></o:p></p>
<p class="MsoPlainText">> Commercial register: Amtsgericht Muenchen, HRB 153243, Managing
<o:p></o:p></p>
<p class="MsoPlainText">> Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael
<o:p></o:p></p>
<p class="MsoPlainText">> O'Neill<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> --<o:p></o:p></p>
<p class="MsoPlainText">> Manage your subscription for the Freeipa-users mailing list:<o:p></o:p></p>
<p class="MsoPlainText">> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users">
<span style="color:windowtext;text-decoration:none">https://www.redhat.com/mailman/listinfo/freeipa-users</span></a><o:p></o:p></p>
<p class="MsoPlainText">> Go to <a href="http://freeipa.org"><span style="color:windowtext;text-decoration:none">http://freeipa.org</span></a> for more info on the project<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> --<o:p></o:p></p>
<p class="MsoPlainText">> Manage your subscription for the Freeipa-users mailing list:<o:p></o:p></p>
<p class="MsoPlainText">> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users">
<span style="color:windowtext;text-decoration:none">https://www.redhat.com/mailman/listinfo/freeipa-users</span></a><o:p></o:p></p>
<p class="MsoPlainText">> Go to <a href="http://freeipa.org"><span style="color:windowtext;text-decoration:none">http://freeipa.org</span></a> for more info on the project<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"><br>
<br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>Red Hat GmbH, <a href="http://www.de.redhat.com/">http://www.de.redhat.com/</a>, Registered seat: Grasbrunn, <o:p></o:p></pre>
<pre>Commercial register: Amtsgericht Muenchen, HRB 153243,<o:p></o:p></pre>
<pre>Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill<o:p></o:p></pre>
<p class="MsoNormal"><span style="font-size:12.0pt"><br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>Red Hat GmbH, <a href="http://www.de.redhat.com/">http://www.de.redhat.com/</a>, Registered seat: Grasbrunn, <o:p></o:p></pre>
<pre>Commercial register: Amtsgericht Muenchen, HRB 153243,<o:p></o:p></pre>
<pre>Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill<o:p></o:p></pre>
<p class="MsoNormal"><span style="font-size:12.0pt"><br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>Red Hat GmbH, <a href="http://www.de.redhat.com/">http://www.de.redhat.com/</a>, Registered seat: Grasbrunn, <o:p></o:p></pre>
<pre>Commercial register: Amtsgericht Muenchen, HRB 153243,<o:p></o:p></pre>
<pre>Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill<o:p></o:p></pre>
<p class="MsoNormal"><span style="font-size:12.0pt"><br>
<br>
<br>
</span><o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>Red Hat GmbH, <a href="http://www.de.redhat.com/">http://www.de.redhat.com/</a>, Registered seat: Grasbrunn, <o:p></o:p></pre>
<pre>Commercial register: Amtsgericht Muenchen, HRB 153243,<o:p></o:p></pre>
<pre>Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill<o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:EN-CA"><br>
<br>
<o:p></o:p></span></p>
<pre>-- <o:p></o:p></pre>
<pre>Red Hat GmbH, <a href="http://www.de.redhat.com/">http://www.de.redhat.com/</a>, Registered seat: Grasbrunn, <o:p></o:p></pre>
<pre>Commercial register: Amtsgericht Muenchen, HRB 153243,<o:p></o:p></pre>
<pre>Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill<o:p></o:p></pre>
</div>
</body>
</html>