[Freeipa-users] Delete host: Unable to communicate with CMS (Not Found)
Dan Scott
danieljamesscott at gmail.com
Thu Nov 17 15:58:38 UTC 2011
On Wed, Nov 16, 2011 at 14:01, Rob Crittenden <rcritten at redhat.com> wrote:
> Dan Scott wrote:
>>
>> On Wed, Nov 16, 2011 at 10:39, Rob Crittenden<rcritten at redhat.com> wrote:
>>>
>>> Dan Scott wrote:
>>>>
>>>> On Wed, Nov 16, 2011 at 09:23, Rob Crittenden<rcritten at redhat.com>
>>>> wrote:
>>>>>
>>>>> Dan Scott wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I receive the following error when I try to remove a host from IPA:
>>>>>>
>>>>>> djscott at pc35:~$ ipa host-del pc60
>>>>>> ipa: ERROR: Certificate operation cannot be completed: Unable to
>>>>>> communicate with CMS (Not Found)
>>>>>>
>>>>>> I'm running a Fedora 16 (freeipa-server-2.1.3-5.fc16.x86_64) server
>>>>>> replicated with a Fedora 15 (freeipa-server-2.1.3-2.fc15.i686) server.
>>>>>>
>>>>>> I've looked at this:
>>>>>>
>>>>>> https://fedorahosted.org/freeipa/ticket/1889
>>>>>>
>>>>>> But it looks like it was fixed in 2.1.2 or 2.1.3. Any ideas for what I
>>>>>> need to do?
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Dan
>>>>>
>>>>> This would suggest that dogtag isn't running. Is dogtag and its LDAP
>>>>> instance up?
>>>>
>>>> It seems to be, there are 2 entries 'loaded active running' for the
>>>> dirsrv@ instances. I don't see any errors in the
>>>> /var/log/dirsrv/slapd-PKI-IPA/errors file.
>>>>
>>>> Tomcat is running too.
>>>>
>>>> Dan
>>>
>>> Hmm, ok, lets see if we can talk to the cert system at all.
>>>
>>> $ ipa cert-show 1
>>
>> fileserver1 is the IPA server with PKI-IPA running:
>>
>> [root at fileserver1 ~]# ipa cert-show 1
>> ipa: ERROR: Certificate operation cannot be completed: Unable to
>> communicate with CMS (Not Found)
>>
>> SELinux is my normal culprit when things don't work. It may be so in
>> this case. My /var/log/audit/audit.log hasn't changed since 11th
>> November.....
>>
>> Unfortunately, temporarily disabling it doesn't seem to help:
>>
>> [root at fileserver1 ~]# setenforce Permissive
>> [root at fileserver1 ~]# ipa cert-show 1
>> ipa: ERROR: Certificate operation cannot be completed: Unable to
>> communicate with CMS (Not Found)
>>
>> What processes should be running for the certificate server? I have
>> the ns-slapd process and tomcat6 running. The tomcat logs are empty.
>>
>> Dan
>
> It sounds like you have the right processes running.
>
> The dogtag logs are in /var/log/pki-ca. debug is rather verbose and where I
> usually start looking for issues.
The /var/log/pki-ca/debug file hasn't been updated since the 11th
November. I've attached an extract from catalina.out which contains
some pretty severe errors.
To summarise, the errors are:
SEVERE: Error initializing socket factory
java.lang.ClassNotFoundException: org.mozilla.jss.ssl.SSLSocket
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-9443]]
java.io.IOException: Failed to access resource /WEB-INF/lib/osutil.jar
I'd guess that this means I'm missing a package? I'm having trouble
figuring out which one contains the code I'm missing. Maybe I need to
reinstall one?
Thanks,
Dan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: catalina.out
Type: application/octet-stream
Size: 19226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20111117/fcf0af84/attachment.obj>
More information about the Freeipa-users
mailing list