[Freeipa-users] ipa host-del
Rob Crittenden
rcritten at redhat.com
Tue Sep 4 14:26:30 UTC 2012
george he wrote:
> First of all, i don't see any java process after ipactl stop.
>
> Then I turned on debug and this is what I get on terminal:
> # ipa host-del hnl09.psych.yale.edu
> ......
> ipa: DEBUG: approved_usage = SSLServer intended_usage = SSLServer
> ipa: DEBUG: cert valid True for "CN=cushing.psych.yale.edu,O=PSYCH.YALE.EDU"
> ipa: DEBUG: handshake complete, peer = 130.132.167.68:443
> ipa: DEBUG: Caught fault 4301 from server
> http://cushing.psych.yale.edu/ipa/xml: Certificate operation cannot be
> completed: Unable to communicate with CMS (Service Temporarily Unavailable)
> ipa: DEBUG: Destroyed connection context.xmlclient
> ipa: ERROR: Certificate operation cannot be completed: Unable to
> communicate with CMS (Service Temporarily Unavailable)
>
> So there's a "fault 4301" being caught.
> And this is at the end of /var/log/httpd/error_log:
> [Tue Sep 04 10:17:05 2012] [error] ipa: DEBUG: approved_usage =
> SSLServer intended_usage = SSLServer
> [Tue Sep 04 10:17:05 2012] [error] ipa: DEBUG: cert valid True for
> "CN=cushing.psych.yale.edu,O=PSYCH.YALE.EDU"
> [Tue Sep 04 10:17:05 2012] [error] ipa: DEBUG: handshake complete, peer
> = 130.132.167.68:443
> [Tue Sep 04 10:17:05 2012] [error] (111)Connection refused: proxy: AJP:
> attempt to connect to 127.0.0.1:9447 (localhost) failed
> [Tue Sep 04 10:17:05 2012] [error] ap_proxy_connect_backend disabling
> worker for (localhost)
> [Tue Sep 04 10:17:05 2012] [error] proxy: AJP: failed to make connection
> to backend: localhost
> [Tue Sep 04 10:17:05 2012] [error] ipa: INFO: admin at PSYCH.YALE.EDU:
> host_del((u'hnl09.psych.yale.edu',), updatedns=False):
> CertificateOperationError
> [Tue Sep 04 10:17:05 2012] [error] ipa: DEBUG: response:
> CertificateOperationError: Certificate operation cannot be completed:
> Unable to communicate with CMS (Service Temporarily Unavailable)
> [Tue Sep 04 10:17:05 2012] [error] ipa: DEBUG: Destroyed connection
> context.ldap2
dogtag does not appear to be running. I'd suggest looking at
/var/log/pki-ca/catalina.out or debug to see if it has any hints as what
the problem is.
What distribution is this?
rob
More information about the Freeipa-users
mailing list