[Freeipa-users] Failed installation

Bret Wortman bret.wortman at damascusgrp.com
Wed Oct 17 18:31:03 UTC 2012 

Now it appears that whatever is supposed to be running on port 9445 (looks
like mindarray-ca) isn't running, and I'm not sure how it gets started,
exactly. I ran lsof -i:9445 on this server and on a FreeIPA test box I
first set up, and it's running on the test box but not the new one. Where
should I look next?

On Wed, Oct 17, 2012 at 2:07 PM, Bret Wortman
<bret.wortman at damascusgrp.com>wrote:

> Spot on. It was a fresh install of F17 and I neglected to # yum update
> first. I've done so, rebooted, and am trying again with better results.
>
>
> On Wed, Oct 17, 2012 at 1:45 PM, John Dennis <jdennis at redhat.com> wrote:
>
>> On 10/17/2012 12:40 PM, Bret Wortman wrote:
>>
>>> I recently tried installing freeipa on a new server, but
>>> ipa-server-install had problems around this point:
>>>
>>> Configuring certificate server: Estimated time 3 minutes 30 seconds
>>>    [1/18]: creating certificate server user
>>>    [2/18]: creating pki-ca instance
>>>    [3/18]: configuring certificate server instance
>>> ipa         : CRITICAL failed to configure ca instance Command
>>> '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
>>> fs1.wedgeofli.me <http://fs1.wedgeofli.me> -cs_port 9445
>>>
>>> -client_certdb_dir /tmp/tmp-UvBMbL -client_certdb_pwd XXXXXXXX
>>> -preop_pin HHxKHUz5RRfzQ3OkFMlR -domain_name IPA -admin_user admin
>>> -admin_email root at localhost -admin_XXXXXXXX XXXXXXXX -agent_name
>>> ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
>>> -agent_cert_subject CN=ipa-ca-agent,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME>
>>> -ldap_host fs1.wedgeofli.me <http://fs1.wedgeofli.me> -ldap_port 7389
>>>
>>> -bind_dn cn=Directory Manager -bind_XXXXXXXX XXXXXXXX -base_dn o=ipaca
>>> -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA
>>> -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name
>>> internal -ca_subsystem_cert_subject_**name CN=CA Subsystem,O=
>>> WEDGEOFLI.ME
>>> <http://WEDGEOFLI.ME> -ca_ocsp_cert_subject_name CN=OCSP
>>> Subsystem,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME>
>>> -ca_server_cert_subject_name CN=fs1.wedgeofli.me
>>> <http://fs1.wedgeofli.me>,O=WE**DGEOFLI.ME <http://WEDGEOFLI.ME> <
>>> http://WEDGEOFLI.ME>
>>> -ca_audit_signing_cert_**subject_name CN=CA Audit,O=WEDGEOFLI.ME
>>> <http://WEDGEOFLI.ME> -ca_sign_cert_subject_name CN=Certificate
>>> Authority,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME> -external false -clone
>>>
>>> false' returned non-zero exit status 255
>>> Unexpected error - see ipaserver-install.log for details:
>>>   Configuration of CA failed
>>> [root at fs1 ~]#
>>>
>>> The logfile revealed the following stack trace:
>>>
>>> ##############################**###############
>>> Attempting to connect to: fs1.wedgeofli.me:9445
>>> <http://fs1.wedgeofli.me:9445>
>>>
>>> Exception in LoginPanel(): java.lang.NullPointerException
>>> ERROR: ConfigureCA: LoginPanel() failure
>>> ERROR: unable to create CA
>>>
>>> ##############################**##############################**
>>> ###########
>>>
>>> 2012-10-17T16:24:53Z DEBUG stderr=Exception: Unable to Send
>>> Request:java.net.**ConnectException: Connection refused
>>> java.net.ConnectException: Connection refused
>>> at java.net.PlainSocketImpl.**socketConnect(Native Method)
>>> at
>>> java.net.**AbstractPlainSocketImpl.**doConnect(**
>>> AbstractPlainSocketImpl.java:**339)
>>> at
>>> java.net.**AbstractPlainSocketImpl.**connectToAddress(**
>>> AbstractPlainSocketImpl.java:**200)
>>> at
>>> java.net.**AbstractPlainSocketImpl.**connect(**
>>> AbstractPlainSocketImpl.java:**182)
>>> at java.net.SocksSocketImpl.**connect(SocksSocketImpl.java:**391)
>>> at java.net.Socket.connect(**Socket.java:579)
>>> at java.net.Socket.connect(**Socket.java:528)
>>> at java.net.Socket.<init>(Socket.**java:425)
>>> at java.net.Socket.<init>(Socket.**java:241)
>>> at HTTPClient.sslConnect(**HTTPClient.java:326)
>>> at ConfigureCA.LoginPanel(**ConfigureCA.java:244)
>>> at ConfigureCA.**ConfigureCAInstance(**ConfigureCA.java:1157)
>>> at ConfigureCA.main(ConfigureCA.**java:1672)
>>> java.lang.NullPointerException
>>> at ConfigureCA.LoginPanel(**ConfigureCA.java:245)
>>> at ConfigureCA.**ConfigureCAInstance(**ConfigureCA.java:1157)
>>> at ConfigureCA.main(ConfigureCA.**java:1672)
>>>
>>> Now I seem to be stuck. I tried uninstalling the freeipa-server package
>>> with # yum remove freeipa-server and then reinstalled it the same way,
>>> but ipa-server-install won't run no matter what I attempt.
>>>
>>> Any thoughts? I'm pretty new to IPA.
>>>
>>
>> There is a good chance this is due to a version mismatch between the IPA
>> packages and the dogtag packages. You didn't mention which OS you're using
>> nor the versions of the relevant packages, that would have been helpful. In
>> any event I would make sure all your packages are up to date.
>>
>>
>> --
>> John Dennis <jdennis at redhat.com>
>>
>>
>> Looking to carve out IT costs?
>> www.redhat.com/carveoutcosts/
>>
>
>
>
> --
> Bret Wortman
> The Damascus Group
> Fairfax, VA
> http://bretwortman.com/
> http://twitter.com/BretWortman
>
>


-- 
Bret Wortman
The Damascus Group
Fairfax, VA
http://bretwortman.com/
http://twitter.com/BretWortman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121017/ef317925/attachment.htm>

More information about the Freeipa-users mailing list