<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 04/27/2016 04:36 PM, Gady Notrica
wrote:<br>
</div>
<blockquote
cite="mid:0984AB34E553F54B8705D776686863E70AC033CA@cd-exchange01.CD-PRD.candeal.ca"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Lucida Sans";
panose-1:2 11 6 2 3 5 4 2 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;
mso-fareast-language:EN-US;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;
mso-fareast-language:EN-US;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><b><span style="color:red">No changes</span></b><span
style="color:#1F497D"> to
</span><span style="color:#1F497D">/var/log/dirsrv/slapd-IPA-CANDEAL-CA/errors.
I am tailing the log file and running those commands doesn’t
generate any log, nothing.</span><span style="color:#1F497D"><o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="line-height:125%"><span
style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">[root@cd-p-ipa1
log]# ipactl start<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Starting
Directory Service<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Job
for <a class="moz-txt-link-abbreviated" href="mailto:dirsrv@IPA-CANDEAL-CA.service">dirsrv@IPA-CANDEAL-CA.service</a> failed because the
control process exited with error code. See "systemctl
status <a class="moz-txt-link-abbreviated" href="mailto:dirsrv@IPA-CANDEAL-CA.service">dirsrv@IPA-CANDEAL-CA.service</a>" and "journalctl -xe"
for details.<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Failed
to start Directory Service: Command ''/bin/systemctl'
'start' '<a class="moz-txt-link-abbreviated" href="mailto:dirsrv@IPA-CANDEAL-CA.service">dirsrv@IPA-CANDEAL-CA.service</a>'' returned non-zero
exit status 1<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><b><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Logs
from /var/log/messages<o:p></o:p></span></b></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr
27 10:26:05 cd-p-ipa1 systemd: Starting 389 Directory
Server IPA-CANDEAL-CA....<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr
27 10:26:05 cd-p-ipa1 ns-slapd: [27/Apr/2016:10:26:05
-0400] dse - The configuration file
/etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif was not restored
from backup /etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif.tmp,
error -1<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr
27 10:26:05 cd-p-ipa1 ns-slapd: [27/Apr/2016:10:26:05
-0400] dse - The configuration file
/etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif was not restored
from backup /etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif.bak,
error -1<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr
27 10:26:05 cd-p-ipa1 ns-slapd: [27/Apr/2016:10:26:05
-0400] config - The given config file
/etc/dirsrv/slapd-IPA-CANDEAL-CA/dse.ldif could not be
accessed, Netscape Portable Runtime error -5950 (File not
found.)</span></p>
</div>
</div>
</blockquote>
this is BAD, looks like you completely lost your configuration file
for DS, so it doesn't even know where to log anything. When you lost
your VM and rebooted there must hav ebeen some data loss.<br>
It could be only dse.ldif, but also other files. <br>
<blockquote
cite="mid:0984AB34E553F54B8705D776686863E70AC033CA@cd-exchange01.CD-PRD.candeal.ca"
type="cite">
<div class="WordSection1">
<div>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">[root@cd-p-ipa1
log]# systemctl start <a class="moz-txt-link-abbreviated" href="mailto:dirsrv@IPA-CANDEAL-CA.service">dirsrv@IPA-CANDEAL-CA.service</a><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Job
for <a class="moz-txt-link-abbreviated" href="mailto:dirsrv@IPA-CANDEAL-CA.service">dirsrv@IPA-CANDEAL-CA.service</a> failed because the
control process exited with error code. See "systemctl
status <a class="moz-txt-link-abbreviated" href="mailto:dirsrv@IPA-CANDEAL-CA.service">dirsrv@IPA-CANDEAL-CA.service</a>" and "journalctl -xe"
for details.<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">[root@cd-p-ipa1
log]# systemctl status <a class="moz-txt-link-abbreviated" href="mailto:dirsrv@IPA-CANDEAL-CA.service">dirsrv@IPA-CANDEAL-CA.service</a> -l<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">●
<a class="moz-txt-link-abbreviated" href="mailto:dirsrv@IPA-CANDEAL-CA.service">dirsrv@IPA-CANDEAL-CA.service</a> - 389 Directory Server
IPA-CANDEAL-CA.<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">
Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service;
enabled; vendor preset: disabled)<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">
Active: failed (Result: exit-code) since Wed 2016-04-27
10:26:17 EDT; 3s ago<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">
Process: 9830 ExecStart=/usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-%i -i /var/run/dirsrv/slapd-%i.pid -w
/var/run/dirsrv/slapd-%i.startpid (code=exited,
status=1/FAILURE)<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr
27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]:
[27/Apr/2016:10:26:17 -0400] - valueset_value_syntax_cmp:
slapi_attr_values2keys_sv failed for type attributetypes<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr
27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]:
[27/Apr/2016:10:26:17 -0400] - valueset_value_syntax_cmp:
slapi_attr_values2keys_sv failed for type attributetypes<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr
27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]:
[27/Apr/2016:10:26:17 -0400] - valueset_value_syntax_cmp:
slapi_attr_values2keys_sv failed for type attributetypes<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr
27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]:
[27/Apr/2016:10:26:17 -0400] - valueset_value_syntax_cmp:
slapi_attr_values2keys_sv failed for type attributetypes<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr
27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]:
[27/Apr/2016:10:26:17 -0400] - valueset_value_syntax_cmp:
slapi_attr_values2keys_sv failed for type attributetypes<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr
27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]:
[27/Apr/2016:10:26:17 -0400] - valueset_value_syntax_cmp:
slapi_attr_values2keys_sv failed for type attributetypes<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr
27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]:
[27/Apr/2016:10:26:17 -0400] - valueset_value_syntax_cmp:
slapi_attr_values2keys_sv failed for type attributetypes<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr
27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]:
[27/Apr/2016:10:26:17 -0400] - valueset_value_syntax_cmp:
slapi_attr_values2keys_sv failed for type attributetypes<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr
27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]:
[27/Apr/2016:10:26:17 -0400] dse_read_one_file - The entry
cn=schema in file
/etc/dirsrv/slapd-IPA-CANDEAL-CA/schema/00core.ldif
(lineno: 1) is invalid, error code 21 (Invalid syntax) -
attribute type aci: Unknown attribute syntax OID
"1.3.6.1.4.1.1466.115.121.1.15"<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">Apr
27 10:26:17 cd-p-ipa1.ipa.candeal.ca ns-slapd[9830]:
[27/Apr/2016:10:26:17 -0400] dse - Please edit the file to
correct the reported problems and then restart the server.<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:7.0pt;line-height:125%;color:#1F497D">[root@cd-p-ipa1
log]#</span><span
style="font-size:5.0pt;line-height:125%;color:#1F497D;mso-fareast-language:EN-CA"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:9.0pt;line-height:125%;color:#1F497D;mso-fareast-language:EN-CA"><o:p> </o:p></span></p>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:9.0pt;line-height:125%;font-family:"Lucida
Sans","sans-serif";color:navy;mso-fareast-language:EN-CA">Gady</span><span
style="color:#1F497D;mso-fareast-language:EN-CA"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:EN-CA"
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:EN-CA"
lang="EN-US"> Ludwig Krispenz
[<a class="moz-txt-link-freetext" href="mailto:lkrispen@redhat.com">mailto:lkrispen@redhat.com</a>] <br>
<b>Sent:</b> April 27, 2016 10:06 AM<br>
<b>To:</b> Gady Notrica<br>
<b>Cc:</b> Rob Crittenden; <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] krb5kdc service not
starting<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 04/27/2016 03:48 PM, Gady Notrica
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D">Hello Ludwig,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">I do have
only 1 error logs for the 26<sup>th</sup> in
/var/log/dirsrv/slapd-IPA-CANDEAL-CA/errors. Below is the
only line I have</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">[25/Apr/2016:22:34:51
-0400] NSMMReplicationPlugin - windows sync - failed to
send dirsync search request: 2</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">[<b>26/Apr/2016</b>:00:13:01
-0400] - Entry
"uid=MMOOREDT$,cn=users,cn=accounts,dc=ipa,dc=candeal,dc=ca"
missing attribute "sn" required by object class "person"</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-CA"><img
id="Picture_x0020_3"
src="cid:part1.05050201.06020800@redhat.com" height="31"
width="901"></span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">I don’t know
if that helps.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:EN-CA">no.
And it is weird that there should be no logs, there were
definitely messages logged around 8:50, you provided them
via systemctl status dirsrv... <br>
And at least the startup messages should b there<br>
<br>
Can you try to start dirsrv again. and check what config
settings for errorlog are in your dse.ldif
<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal" style="line-height:125%"><span
style="font-size:9.0pt;line-height:125%">Gady</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:EN-CA"
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:EN-CA"
lang="EN-US"> Ludwig Krispenz [<a moz-do-not-send="true"
href="mailto:lkrispen@redhat.com">mailto:lkrispen@redhat.com</a>]
<br>
<b>Sent:</b> April 27, 2016 3:18 AM<br>
<b>To:</b> Gady Notrica<br>
<b>Cc:</b> Rob Crittenden; <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] krb5kdc service not
starting</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On 04/26/2016 09:09 PM, Gady Notrica
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoPlainText">HERE..<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51
-0400] set_krb5_creds - Could not get initial credentials
for principal [<a moz-do-not-send="true"
href="mailto:ldap/cd-p-ipa1.ipa.domain.local@IPA.DOMAIN.LOCAL">ldap/cd-p-ipa1.ipa.domain.local@IPA.DOMAIN.LOCAL</a>]
in keytab [<a moz-do-not-send="true"
href="FILE:///%5C%5C%5C%5Cetc%5Cdirsrv%5Cds.keytab">FILE:/etc/dirsrv/ds.keytab</a>]:
-1765328228 (Cannot contact any KDC for requested realm)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51
-0400] slapd_ldap_sasl_interactive_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: LDAP
error -2 (Local error) (SASL(-1): generic failure: GSSAPI
Error: Unspecified GSS failure. Minor code may provide
more information (No Kerberos credentials available))
errno 0 (Success)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51
-0400] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism
[GSSAPI]: error -2 (Local error)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51
-0400] NSMMReplicationPlugin -
agmt="cn=meTocd-s-ipa1.ipa.domain.local" (cd-s-ipa1:389):
Replication bind with GSSAPI auth failed: LDAP error -2
(Local error) (SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more
information (No Kerberos credentials available))</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51
-0400] - slapd started. Listening on All Interfaces port
389 for LDAP requests</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51
-0400] - Listening on All Interfaces port 636 for LDAPS
requests</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:51
-0400] - Listening on
/var/run/slapd-IPA-DOMAIN-LOCAL.socket for LDAPI requests</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:11:39:55
-0400] NSMMReplicationPlugin -
agmt="cn=meTocd-s-ipa1.ipa.domain.local" (cd-s-ipa1:389):
Replication bind with GSSAPI auth resumed</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:37:27
-0400] NSMMReplicationPlugin -
agmt="cn=meTocd-s-ipa1.ipa.domain.local" (cd-s-ipa1:389):
Unable to receive the response for a startReplication
extended operation to consumer (Can't contact LDAP
server). Will retry later.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:02
-0400] slapd_ldap_sasl_interactive_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: LDAP
error -1 (Can't contact LDAP server) ((null)) errno 107
(Transport endpoint is not connected)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:02
-0400] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism
[GSSAPI]: error -1 (Can't contact LDAP server)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:02
-0400] slapd_ldap_sasl_interactive_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: LDAP
error -1 (Can't contact LDAP server) ((null)) errno 107
(Transport endpoint is not connected)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:02
-0400] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism
[GSSAPI]: error -1 (Can't contact LDAP server)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:02
-0400] slapd_ldap_sasl_interactive_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: LDAP
error -1 (Can't contact LDAP server) ((null)) errno 107
(Transport endpoint is not connected)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:02
-0400] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism
[GSSAPI]: error -1 (Can't contact LDAP server)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[23/Apr/2016:14:38:13
-0400] NSMMReplicationPlugin -
agmt="cn=meTocd-s-ipa1.ipa.domain.local" (cd-s-ipa1:389):
Replication bind with GSSAPI auth resumed</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:9.0pt">[25/Apr/2016:22:34:51
-0400] NSMMReplicationPlugin - windows sync - failed to
send dirsync search request: 2</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt">these are
old logs, the problem you were reporting was on Apr, 26:<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<pre>Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-IPA-CANDEAL-CA/schema/00core.ldif (lineno: 1) is invalid, error code 21 (Invalid syntax) - attribute type aci: Unknown attribute syntax OID "1.3.6.1.4.1.1466.115.121.1.15"<o:p></o:p></pre>
<pre>Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] dse - Please edit the file to correct the reported problems and then restart the server.<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>we need the logs from that time<o:p></o:p></pre>
<p class="MsoNormal"><span style="font-size:12.0pt"><br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Gady<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-fareast-language:EN-CA"
lang="EN-US">-----Original Message-----<br>
From: Rob Crittenden [<a moz-do-not-send="true"
href="mailto:rcritten@redhat.com">mailto:rcritten@redhat.com</a>]
<br>
Sent: April 26, 2016 2:44 PM<br>
To: Gady Notrica; Ludwig Krispenz; <a
moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
Subject: Re: [Freeipa-users] krb5kdc service not starting</span><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Gady Notrica wrote:<o:p></o:p></p>
<p class="MsoPlainText">> Hey world,<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Any ideas?<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">What about the first part of Ludwig's
question: Is there anything in the 389-ds error log?<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">rob<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Gady<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> From: <a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">
<span style="color:windowtext;text-decoration:none">freeipa-users-bounces@redhat.com</span></a>
<o:p></o:p></p>
<p class="MsoPlainText">> [<a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com"><span
style="color:windowtext;text-decoration:none">mailto:freeipa-users-bounces@redhat.com</span></a>]
On Behalf Of Gady Notrica<o:p></o:p></p>
<p class="MsoPlainText">> Sent: April 26, 2016 10:10 AM<o:p></o:p></p>
<p class="MsoPlainText">> To: Ludwig Krispenz; <a
moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">
<span style="color:windowtext;text-decoration:none">freeipa-users@redhat.com</span></a><o:p></o:p></p>
<p class="MsoPlainText">> Subject: Re: [Freeipa-users]
krb5kdc service not starting<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> No, no changes. Lost connectivity
with my VMs during the night
<o:p></o:p></p>
<p class="MsoPlainText">> (networking issues in datacenter)<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Reboot the server and oups, no IPA
is coming up... The replica (secondary server) is fine though.<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Gady Notrica<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> From: <a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">
<span style="color:windowtext;text-decoration:none">freeipa-users-bounces@redhat.com</span></a>
<o:p></o:p></p>
<p class="MsoPlainText">> [<a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com"><span
style="color:windowtext;text-decoration:none">mailto:freeipa-users-bounces@redhat.com</span></a>]
On Behalf Of Ludwig Krispenz<o:p></o:p></p>
<p class="MsoPlainText">> Sent: April 26, 2016 10:02 AM<o:p></o:p></p>
<p class="MsoPlainText">> To: <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com"><span
style="color:windowtext;text-decoration:none">freeipa-users@redhat.com</span></a><o:p></o:p></p>
<p class="MsoPlainText">> Subject: Re: [Freeipa-users]
krb5kdc service not starting<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> On 04/26/2016 03:26 PM, Gady
Notrica wrote:<o:p></o:p></p>
<p class="MsoPlainText">>> Here...<o:p></o:p></p>
<p class="MsoPlainText">>> <o:p></o:p></p>
<p class="MsoPlainText">>> [root@cd-p-ipa1 log]# ipactl
status<o:p></o:p></p>
<p class="MsoPlainText">>> Directory Service: STOPPED<o:p></o:p></p>
<p class="MsoPlainText">>> Directory Service must be
running in order to obtain status of other
<o:p></o:p></p>
<p class="MsoPlainText">>> services<o:p></o:p></p>
<p class="MsoPlainText">>> ipa: INFO: The ipactl command
was successful<o:p></o:p></p>
<p class="MsoPlainText">>> <o:p></o:p></p>
<p class="MsoPlainText">>> [root@cd-p-ipa1 log]# systemctl
status <a moz-do-not-send="true"
href="mailto:dirsrv@IPA-CANDEAL-CA.service">
<span style="color:windowtext;text-decoration:none">dirsrv@IPA-DOMAIN-LOCAL.service</span></a>
<o:p></o:p></p>
<p class="MsoPlainText">>> -l ● <a moz-do-not-send="true"
href="mailto:dirsrv@IPA-DOMAIN-LOCAL.service">
dirsrv@IPA-DOMAIN-LOCAL.service</a> - 389 Directory Server
IPA-DOMAIN-LOCAL.<o:p></o:p></p>
<p class="MsoPlainText">>> Loaded: loaded (<a
moz-do-not-send="true"
href="mailto:/usr/lib/systemd/system/dirsrv@.service"><span
style="color:windowtext;text-decoration:none">/usr/lib/systemd/system/dirsrv@.service</span></a>;
enabled; vendor preset: disabled)<o:p></o:p></p>
<p class="MsoPlainText">>> Active: failed (Result:
exit-code) since Tue 2016-04-26 08:50:21 EDT; 30min ago<o:p></o:p></p>
<p class="MsoPlainText">>> Process: 6333
ExecStart=/usr/sbin/ns-slapd -D <o:p>
</o:p></p>
<p class="MsoPlainText">>> /etc/dirsrv/slapd-%i -i
/var/run/dirsrv/slapd-%i.pid -w
<o:p></o:p></p>
<p class="MsoPlainText">>>
/var/run/dirsrv/slapd-%i.startpid (code=exited,
status=1/FAILURE)<o:p></o:p></p>
<p class="MsoPlainText">>> <o:p></o:p></p>
<p class="MsoPlainText">>> Apr 26 08:50:21
cd-p-ipa1.ipa.domain.local ns-slapd[6333]:<o:p></o:p></p>
<p class="MsoPlainText">>> [26/Apr/2016:08:50:21 -0400] -
valueset_value_syntax_cmp:<o:p></o:p></p>
<p class="MsoPlainText">>> slapi_attr_values2keys_sv
failed for type attributetypes Apr 26<o:p></o:p></p>
<p class="MsoPlainText">>> 08:50:21
cd-p-ipa1.ipa.domain.local ns-slapd[6333]:<o:p></o:p></p>
<p class="MsoPlainText">>> [26/Apr/2016:08:50:21 -0400] -
valueset_value_syntax_cmp:<o:p></o:p></p>
<p class="MsoPlainText">>> slapi_attr_values2keys_sv
failed for type attributetypes Apr 26<o:p></o:p></p>
<p class="MsoPlainText">>> 08:50:21
cd-p-ipa1.ipa.domain.local ns-slapd[6333]:<o:p></o:p></p>
<p class="MsoPlainText">>> [26/Apr/2016:08:50:21 -0400] -
valueset_value_syntax_cmp:<o:p></o:p></p>
<p class="MsoPlainText">>> slapi_attr_values2keys_sv
failed for type attributetypes Apr 26 08:50:21
cd-p-ipa1.ipa.domain.local ns-slapd[6333]:
[26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp:
slapi_attr_values2keys_sv failed for type attributetypes Apr
26 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]:
[26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp:
slapi_attr_values2keys_sv failed for type attributetypes Apr
26 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]:
[26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp:
slapi_attr_values2keys_sv failed for type attributetypes Apr
26 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]:
[26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp:
slapi_attr_values2keys_sv failed for type attributetypes Apr
26 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]:
[26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp:
slapi_attr_values2keys_sv failed for type attributetypes Apr
26 08:50:21 cd-p-ipa1.ipa.domain.local ns-slapd[6333]:
[26/Apr/2016!<o:p></o:p></p>
<p class="MsoPlainText"> :08:50:21<o:p></o:p></p>
<p class="MsoPlainText">-0400] dse_read_one_file - The entry
cn=schema in file
/etc/dirsrv/slapd-IPA-DOMAIN-LOCAL/schema/00core.ldif (lineno:
1) is invalid, error code 21 (Invalid syntax) - attribute type
aci: Unknown attribute syntax OID
"1.3.6.1.4.1.1466.115.121.1.15"<o:p></o:p></p>
<p class="MsoPlainText">>> Apr 26 08:50:21
cd-p-ipa1.ipa.domain.local ns-slapd[6333]:
[26/Apr/2016:08:50:21 -0400] dse - Please edit the file to
correct the reported problems and then restart the server.<o:p></o:p></p>
<p class="MsoPlainText">> this says the server doesn't know a
syntax oid, but it is a known one.<o:p></o:p></p>
<p class="MsoPlainText">> It could be that the syntax
plugings couldn't be loaded. Thera are more errors before,
could you check where the errors start in
/var/log/dirsrv/slapd-<INSTANCE>/errors ?<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> And, did you do any changes to the
system before this problem started ?<o:p></o:p></p>
<p class="MsoPlainText">>> [root@cd-p-ipa1 log]#<o:p></o:p></p>
<p class="MsoPlainText">>> <o:p></o:p></p>
<p class="MsoPlainText">>> Gady<o:p></o:p></p>
<p class="MsoPlainText">>> <o:p></o:p></p>
<p class="MsoPlainText">>> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">>> From: <a
moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">
<span style="color:windowtext;text-decoration:none">freeipa-users-bounces@redhat.com</span></a>
<o:p></o:p></p>
<p class="MsoPlainText">>> [<a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com"><span
style="color:windowtext;text-decoration:none">mailto:freeipa-users-bounces@redhat.com</span></a>]
On Behalf Of Martin
<o:p></o:p></p>
<p class="MsoPlainText">>> Babinsky<o:p></o:p></p>
<p class="MsoPlainText">>> Sent: April 26, 2016 9:17 AM<o:p></o:p></p>
<p class="MsoPlainText">>> To: <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com"><span
style="color:windowtext;text-decoration:none">freeipa-users@redhat.com</span></a><o:p></o:p></p>
<p class="MsoPlainText">>> Subject: Re: [Freeipa-users]
krb5kdc service not starting<o:p></o:p></p>
<p class="MsoPlainText">>> <o:p></o:p></p>
<p class="MsoPlainText">>> On 04/26/2016 03:13 PM, Gady
Notrica wrote:<o:p></o:p></p>
<p class="MsoPlainText">>>> Hello world,<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> I am having issues this
morning with my primary IPA. See below the
<o:p></o:p></p>
<p class="MsoPlainText">>>> details in the logs and
command result. Basically, krb5kdc service
<o:p></o:p></p>
<p class="MsoPlainText">>>> not starting - krb5kdc:
Server error - while fetching master key.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> DNS is functioning. See
below dig result. I have a trust with Windows AD.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Please help…!<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> [root@cd-ipa1 log]#
systemctl status krb5kdc.service -l<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ● krb5kdc.service -
Kerberos 5 KDC<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Loaded: loaded
(/usr/lib/systemd/system/krb5kdc.service;<o:p></o:p></p>
<p class="MsoPlainText">>>> disabled; vendor preset:
disabled)<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Active: failed
(Result: exit-code) since Tue 2016-04-26
<o:p></o:p></p>
<p class="MsoPlainText">>>> 08:27:52 EDT; 41min ago<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Process: 3694
ExecStart=/usr/sbin/krb5kdc -P <o:p>
</o:p></p>
<p class="MsoPlainText">>>> /var/run/krb5kdc.pid
$KRB5KDC_ARGS (code=exited, status=1/FAILURE)<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:52
cd-ipa1.ipa.domain.localsystemd[1]: Starting
<o:p></o:p></p>
<p class="MsoPlainText">>>> Kerberos<o:p></o:p></p>
<p class="MsoPlainText">>>> 5 KDC...<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:52
cd-ipa1.ipa.domain.localkrb5kdc[3694]: krb5kdc:<o:p></o:p></p>
<p class="MsoPlainText">>>> cannot initialize realm
IPA.DOMAIN.LOCAL- see log file for details<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:52
cd-ipa1.ipa.domain.localsystemd[1]: krb5kdc.service:<o:p></o:p></p>
<p class="MsoPlainText">>>> control process exited,
code=exited status=1<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:52
cd-ipa1.ipa.domain.localsystemd[1]: Failed to start
<o:p></o:p></p>
<p class="MsoPlainText">>>> Kerberos 5 KDC.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:52
cd-ipa1.ipa.domain.localsystemd[1]: Unit
<o:p></o:p></p>
<p class="MsoPlainText">>>> krb5kdc.service entered
failed state.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:52
cd-ipa1.ipa.domain.localsystemd[1]: krb5kdc.service failed.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> [root@cd-ipa1 log]#<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Errors in
/var/log/krb5kdc.log<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> krb5kdc: Server error -
while fetching master key K/M for realm
<o:p></o:p></p>
<p class="MsoPlainText">>>> DOMAIN.LOCAL<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> krb5kdc: Server error -
while fetching master key K/M for realm
<o:p></o:p></p>
<p class="MsoPlainText">>>> DOMAIN.LOCAL<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> krb5kdc: Server error -
while fetching master key K/M for realm
<o:p></o:p></p>
<p class="MsoPlainText">>>> DOMAIN.LOCAL<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> [root@cd-ipa1 log]#
systemctl status httpd -l<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ● httpd.service - The
Apache HTTP Server<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Loaded: loaded
(/etc/systemd/system/httpd.service; disabled;
<o:p></o:p></p>
<p class="MsoPlainText">>>> vendor<o:p></o:p></p>
<p class="MsoPlainText">>>> preset: disabled)<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Active: failed
(Result: exit-code) since Tue 2016-04-26
<o:p></o:p></p>
<p class="MsoPlainText">>>> 08:27:21 EDT; 39min ago<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Docs: <a
moz-do-not-send="true" href="man:httpd%288%29">man:httpd(8)</a><o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <a
moz-do-not-send="true" href="man:apachectl%288%29">man:apachectl(8)</a><o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Process: 3594
ExecStartPre=/usr/libexec/ipa/ipa-httpd-kdcproxy<o:p></o:p></p>
<p class="MsoPlainText">>>> (code=exited,
status=1/FAILURE)<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.localipa-httpd-kdcproxy[3594]:<o:p></o:p></p>
<p class="MsoPlainText">>>> File
"/usr/lib/python2.7/siteackages/ipapython/ipaldap.py", line
<o:p></o:p></p>
<p class="MsoPlainText">>>> 1579, in
__wait_for_connection<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]:<o:p></o:p></p>
<p class="MsoPlainText">>>>
wait_for_open_socket(lurl.hostport, timeout)<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]:<o:p></o:p></p>
<p class="MsoPlainText">>>> File
"/usr/lib/python2.7/siteackages/ipapython/ipautil.py", line
<o:p></o:p></p>
<p class="MsoPlainText">>>> 1200, in
wait_for_open_socket<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]:<o:p></o:p></p>
<p class="MsoPlainText">>>> raise e<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]:<o:p></o:p></p>
<p class="MsoPlainText">>>> error: [Errno 2] No such
file or directory<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]:<o:p></o:p></p>
<p class="MsoPlainText">>>> ipa : ERROR
Unknown error while retrieving setting from<o:p></o:p></p>
<p class="MsoPlainText">>>>
ldapi://%2fvar%2frun%2fslapd-IPA-DOMAIN-LOCAL.socket: [Errno
2] No
<o:p></o:p></p>
<p class="MsoPlainText">>>> such file or directory<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.localsystemd[1]: httpd.service:<o:p></o:p></p>
<p class="MsoPlainText">>>> control process exited,
code=exited status=1<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.localsystemd[1]: Failed to start
<o:p></o:p></p>
<p class="MsoPlainText">>>> The Apache HTTP Server.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.localsystemd[1]: Unit
<o:p></o:p></p>
<p class="MsoPlainText">>>> httpd.service entered
failed state.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Apr 26 08:27:21
cd-ipa1.ipa.domain.localsystemd[1]: httpd.service failed.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> [root@cd-ipa1 log]#<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> DNS Result for dig
redhat.com<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ; <<>> DiG
9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> redhat.com<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; global options: +cmd<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; Got answer:<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; ->>HEADER<<-
opcode: QUERY, status: NOERROR, id: 5414<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; flags: qr rd ra; QUERY:
1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL:
<o:p></o:p></p>
<p class="MsoPlainText">>>> 2<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; OPT PSEUDOSECTION:<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ; EDNS: version: 0, flags:;
udp: 4096<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; QUESTION SECTION:<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>>
;redhat.com. IN A<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; ANSWER SECTION:<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> redhat.com.
60 IN A 209.132.183.105<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; AUTHORITY SECTION:<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS f.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS e.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS k.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS m.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS b.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS g.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS c.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS h.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS l.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS a.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS j.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS i.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> .
849 IN NS d.root-servers.net.<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; ADDITIONAL SECTION:<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> j.root-servers.net.
3246 IN A 192.58.128.30<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; Query time: 79 msec<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; SERVER:
10.20.10.41#53(10.20.10.41)<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; WHEN: Tue Apr 26
09:02:43 EDT 2016<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> ;; MSG SIZE rcvd: 282<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> Gady<o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>>> <o:p></o:p></p>
<p class="MsoPlainText">>> It seems like Directory server
is not running. Can you post result of 'ipactl status' and
'systemctl status
<a moz-do-not-send="true"
href="mailto:dirsrv@IPA-CANDEAL-CA.service"><span
style="color:windowtext;text-decoration:none">dirsrv@IPA-DOMAIN-LOCAL.service</span></a>'?<o:p></o:p></p>
<p class="MsoPlainText">>> <o:p></o:p></p>
<p class="MsoPlainText">>> --<o:p></o:p></p>
<p class="MsoPlainText">>> Martin^3 Babinsky<o:p></o:p></p>
<p class="MsoPlainText">>> <o:p></o:p></p>
<p class="MsoPlainText">>> --<o:p></o:p></p>
<p class="MsoPlainText">>> Manage your subscription for
the Freeipa-users mailing list:<o:p></o:p></p>
<p class="MsoPlainText">>> <a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users">
<span style="color:windowtext;text-decoration:none">https://www.redhat.com/mailman/listinfo/freeipa-users</span></a><o:p></o:p></p>
<p class="MsoPlainText">>> Go to <a
moz-do-not-send="true" href="http://freeipa.org"><span
style="color:windowtext;text-decoration:none">http://freeipa.org</span></a>
for more info on the project<o:p></o:p></p>
<p class="MsoPlainText">>> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> --<o:p></o:p></p>
<p class="MsoPlainText">> Red Hat GmbH, <a
moz-do-not-send="true" href="http://www.de.redhat.com/"><span
style="color:windowtext;text-decoration:none">http://www.de.redhat.com/</span></a>,
Registered seat: Grasbrunn,
<o:p></o:p></p>
<p class="MsoPlainText">> Commercial register: Amtsgericht
Muenchen, HRB 153243, Managing
<o:p></o:p></p>
<p class="MsoPlainText">> Directors: Paul Argiry, Charles
Cachera, Michael Cunningham, Michael
<o:p></o:p></p>
<p class="MsoPlainText">> O'Neill<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> --<o:p></o:p></p>
<p class="MsoPlainText">> Manage your subscription for the
Freeipa-users mailing list:<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users">
<span style="color:windowtext;text-decoration:none">https://www.redhat.com/mailman/listinfo/freeipa-users</span></a><o:p></o:p></p>
<p class="MsoPlainText">> Go to <a moz-do-not-send="true"
href="http://freeipa.org"><span
style="color:windowtext;text-decoration:none">http://freeipa.org</span></a>
for more info on the project<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> --<o:p></o:p></p>
<p class="MsoPlainText">> Manage your subscription for the
Freeipa-users mailing list:<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users">
<span style="color:windowtext;text-decoration:none">https://www.redhat.com/mailman/listinfo/freeipa-users</span></a><o:p></o:p></p>
<p class="MsoPlainText">> Go to <a moz-do-not-send="true"
href="http://freeipa.org"><span
style="color:windowtext;text-decoration:none">http://freeipa.org</span></a>
for more info on the project<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"><br>
<br>
<br>
</span><o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>Red Hat GmbH, <a moz-do-not-send="true" href="http://www.de.redhat.com/">http://www.de.redhat.com/</a>, Registered seat: Grasbrunn, <o:p></o:p></pre>
<pre>Commercial register: Amtsgericht Muenchen, HRB 153243,<o:p></o:p></pre>
<pre>Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill<o:p></o:p></pre>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:EN-CA"><br>
<br>
<o:p></o:p></span></p>
<pre>-- <o:p></o:p></pre>
<pre>Red Hat GmbH, <a moz-do-not-send="true" href="http://www.de.redhat.com/">http://www.de.redhat.com/</a>, Registered seat: Grasbrunn, <o:p></o:p></pre>
<pre>Commercial register: Amtsgericht Muenchen, HRB 153243,<o:p></o:p></pre>
<pre>Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill<o:p></o:p></pre>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Red Hat GmbH, <a class="moz-txt-link-freetext" href="http://www.de.redhat.com/">http://www.de.redhat.com/</a>, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill</pre>
</body>
</html>