<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><div><div dir="ltr">Hi All,<div><br></div><div>My IPA Server was working all fine until i tried restarting it using "<span style="font-size:12pt;">ipactl restart"  and now i am ended with these errors :( </span></div><div><span style="font-size:12pt;"><br></span></div><div>







<p class="ecxp1"><span class="ecxs1">[root@ip-172-31-25-165 plugins]# ipactl restart</span></p><p class="ecxp1"><span class="ecxs1">Starting Directory Service</span></p><p class="ecxp1"><span class="ecxs1">Restarting krb5kdc Service</span></p><p class="ecxp1"><span class="ecxs1">Restarting kadmin Service</span></p><p class="ecxp1"><span class="ecxs1">Starting named Service</span></p><p class="ecxp1"><span class="ecxs1">Job for named-pkcs11.service failed because the control process exited with error code. See "systemctl status named-pkcs11.service" and "journalctl -xe" for details.</span></p><p class="ecxp1"><span class="ecxs1">Failed to start named Service</span></p><p class="ecxp1"><span class="ecxs1">Shutting down</span></p><p class="ecxp1">















</p><p class="ecxp1"><span class="ecxs1">Aborting ipactl</span></p><p class="ecxp1"><span class="ecxs1"><br></span></p><p class="ecxp1"><span class="ecxs1" style="background-color:rgb(153, 204, 255);">This is what i get with  "systemctl status named-pkcs11.service"</span></p><p class="ecxp1"><span class="ecxs1"><br></span></p><p class="ecxp1"><span class="ecxs1">[root@ip-172-31-25-165 plugins]# systemctl status named-pkcs11.service</span></p><p class="ecxp1"><span class="ecxs2"><b>●</b></span><span class="ecxs1"> named-pkcs11.service - Berkeley Internet Name Domain (DNS) with native PKCS#11</span></p><p class="ecxp1"><span class="ecxs1">   Loaded: loaded (/usr/lib/systemd/system/named-pkcs11.service; disabled; vendor preset: disabled)</span></p><p class="ecxp1"><span class="ecxs1">   Active: </span><span class="ecxs2"><b>failed</b></span><span class="ecxs1"> (Result: exit-code) since Tue 2016-09-20 06:28:03 EDT; 1min 2s ago</span></p><p class="ecxp1"><span class="ecxs1">  Process: 3281 ExecStart=/usr/sbin/named-pkcs11 -u named $OPTIONS </span><span class="ecxs2"><b>(code=exited, status=1/FAILURE)</b></span></p><p class="ecxp1"><span class="ecxs1">  Process: 3278 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)</span></p><p class="ecxp2"><span class="ecxs1"></span><br></p><p class="ecxp3"><span class="ecxs3">Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: </span><span class="ecxs1"><b>GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server krbtgt/US-WEST-2.C...database)</b></span></p><p class="ecxp4"><span class="ecxs3">Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: </span><span class="ecxs1"><b>LDAP error: Local error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may...er failed</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: </span><span class="ecxs2"><b>couldn't establish connection in LDAP connection pool: failure</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: </span><span class="ecxs2"><b>dynamic database 'ipa' configuration failed: failure</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: </span><span class="ecxs2"><b>loading configuration: failure</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: </span><span class="ecxs2"><b>exiting (due to fatal error)</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: </span><span class="ecxs4"><b>named-pkcs11.service: control process exited, code=exited status=1</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: </span><span class="ecxs2"><b>Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11.</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: </span><span class="ecxs4"><b>Unit named-pkcs11.service entered failed state.</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: </span><span class="ecxs4"><b>named-pkcs11.service failed.</b></span></p><p class="ecxp1"><span class="ecxs1">
























</span></p><p class="ecxp1"><span class="ecxs1">Hint: Some lines were ellipsized, use -l to show in full.</span></p><p class="ecxp1"><span class="ecxs1"><br></span></p><p class="ecxp1"><span class="ecxs1" style="background-color:rgb(153, 204, 255);"><b>output from "journalctl -xe" is as below:</b></span></p><p class="ecxp1"><span class="ecxs1"><br></span></p><p class="ecxp1"><span class="ecxs1">[root@ip-172-31-25-165 ec2-user]# journalctl -xe</span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: </span><span class="ecxs2"><b>option 'serial_autoincrement' is not supported, ignoring</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: GSSAPI client step 1</span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: GSSAPI client step 1</span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: </span><span class="ecxs3"><b>GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information </b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: </span><span class="ecxs2"><b>LDAP error: Local error: SASL(-1): generic failure: GSSAPI Error: Unspecified GS</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: </span><span class="ecxs2"><b>couldn't establish connection in LDAP connection pool: failure</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: </span><span class="ecxs2"><b>dynamic database 'ipa' configuration failed: failure</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: </span><span class="ecxs2"><b>loading configuration: failure</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: </span><span class="ecxs2"><b>exiting (due to fatal error)</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: </span><span class="ecxs3"><b>named-pkcs11.service: control process exited, code=exited status=1</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: </span><span class="ecxs2"><b>Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11.</b></span></p><p class="ecxp1"><span class="ecxs1">-- Subject: Unit named-pkcs11.service has failed</span></p><p class="ecxp1"><span class="ecxs1">-- Defined-By: systemd</span></p><p class="ecxp1"><span class="ecxs1">-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel</span></p><p class="ecxp1"><span class="ecxs1">-- </span></p><p class="ecxp1"><span class="ecxs1">-- Unit named-pkcs11.service has failed.</span></p><p class="ecxp1"><span class="ecxs1">-- </span></p><p class="ecxp1"><span class="ecxs1">-- The result is failed.</span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: </span><span class="ecxs3"><b>Unit named-pkcs11.service entered failed state.</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: </span><span class="ecxs3"><b>named-pkcs11.service failed.</b></span></p><p class="ecxp2"><span class="ecxs4">Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal polkitd[529]: </span><span class="ecxs1"><b>Unregistered Authentication Agent for unix-process:3498:364279453 (system bus name :1.</b></span></p><p class="ecxp2"><span class="ecxs4">Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal polkitd[529]: </span><span class="ecxs1"><b>Registered Authentication Agent for unix-process:3518:364279465 (system bus name :1.96</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Stopping 389 Directory Server US-WEST-2-COMPUTE-AMAZONAWS-COM....</span></p><p class="ecxp1"><span class="ecxs1">-- Subject: Unit dirsrv@US-WEST-2-COMPUTE-AMAZONAWS-COM.service has begun shutting down</span></p><p class="ecxp1"><span class="ecxs1">-- Defined-By: systemd</span></p><p class="ecxp1"><span class="ecxs1">-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel</span></p><p class="ecxp1"><span class="ecxs1">-- </span></p><p class="ecxp1"><span class="ecxs1">-- Unit dirsrv@US-WEST-2-COMPUTE-AMAZONAWS-COM.service has begun shutting down.</span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:05 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Stopped 389 Directory Server US-WEST-2-COMPUTE-AMAZONAWS-COM..</span></p><p class="ecxp1"><span class="ecxs1">-- Subject: Unit dirsrv@US-WEST-2-COMPUTE-AMAZONAWS-COM.service has finished shutting down</span></p><p class="ecxp1"><span class="ecxs1">-- Defined-By: systemd</span></p><p class="ecxp1"><span class="ecxs1">-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel</span></p><p class="ecxp1"><span class="ecxs1">-- </span></p><p class="ecxp1"><span class="ecxs1">-- Unit dirsrv@US-WEST-2-COMPUTE-AMAZONAWS-COM.service has finished shutting down.</span></p><p class="ecxp2"><span class="ecxs4">Sep 20 06:37:05 ip-172-31-25-165.us-west-2.compute.internal polkitd[529]: </span><span class="ecxs1"><b>Unregistered Authentication Agent for unix-process:3518:364279465 (system bus name :1.</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:15 ip-172-31-25-165.us-west-2.compute.internal unix_chkpwd[3531]: </span><span class="ecxs3"><b>password check failed for user (root)</b></span></p><p class="ecxp2"><span class="ecxs4">Sep 20 06:37:15 ip-172-31-25-165.us-west-2.compute.internal sshd[3530]: </span><span class="ecxs1"><b>pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:17 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: </span><span class="ecxs2"><b>error: PAM: Authentication failure for root from 221.229.172.103</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:18 ip-172-31-25-165.us-west-2.compute.internal unix_chkpwd[3533]: </span><span class="ecxs3"><b>password check failed for user (root)</b></span></p><p class="ecxp2"><span class="ecxs4">Sep 20 06:37:18 ip-172-31-25-165.us-west-2.compute.internal sshd[3532]: </span><span class="ecxs1"><b>pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:20 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: </span><span class="ecxs2"><b>error: PAM: Authentication failure for root from 221.229.172.103</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:20 ip-172-31-25-165.us-west-2.compute.internal unix_chkpwd[3535]: </span><span class="ecxs3"><b>password check failed for user (root)</b></span></p><p class="ecxp2"><span class="ecxs4">Sep 20 06:37:20 ip-172-31-25-165.us-west-2.compute.internal sshd[3534]: </span><span class="ecxs1"><b>pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=</b></span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:23 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: </span><span class="ecxs2"><b>error: PAM: Authentication failure for root from 221.229.172.103</b></span></p><p class="ecxp1"><span class="ecxs1">




















































</span></p><p class="ecxp1"><span class="ecxs1">Sep 20 06:37:23 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: Received disconnect from 221.229.172.103: 11:  [preauth]</span></p><p class="ecxp1"><span class="ecxs1"><br></span></p><p class="ecxp1"><span class="ecxs1"><br></span></p><p class="ecxp1"><span class="ecxs1">Would really be thankful if you can get me backup with my IPA Server.. </span></p><p class="ecxp1"><span class="ecxs1"><br></span></p><p class="ecxp1"><span class="ecxs1">Many Thanks,</span></p><p class="ecxp1"><span class="ecxs1">Deepak</span></p></div>







                                          </div></div><style><!--
.ExternalClass .ecxhmmessage P {
padding:0px;
}

.ExternalClass body.ecxhmmessage {
font-size:12pt;
font-family:Calibri;
}

--></style>                                      </div></body>
</html>