[Freeipa-users] Upgrade failed -- how to recover?
Rob Crittenden
rcritten at redhat.com
Tue Aug 13 19:39:19 UTC 2013
Bret Wortman wrote:
> I tried this, but no joy:
>
> # /usr/sbin/ipa-upgradeconfig --debug
> :
> :
> DEBUG: caSignedLogCert.cfg
> <http://bl-1.com/click/load/VWRaa1w-b0221U28CYQNlAT4-b0231> profile
> validity range is 720
> INFO: [Certificate renewal should stop the CA]
> ERROR: Unable to find certmonger request ID for auditSigning Cert
> INFO: The ipa-upgradeconfig command was successful
> #
Run getcert list and sift through the output and see if you have a
request tracking for nickname auditSigningCert cert-pki-ca (or similar).
> But I still can't connect to http://ipamaster/ipa/ui/; I get a 903 error
> every time, and /var/log/httpd/error_log shows, in part:
>
> [Tue Aug 13 13:07:20.786566 2013] [:error] [pid 5890] KeyError: 'ipadnszone'
> [Tue Aug 13 13:07:20.786717 2013] [:error] [pid 5890] ipa: INFO:
> bretw at FOO.NET <mailto:bretw at FOO.NET>: json_metadata(None, None,
> object=u'all'): KeyError
> [Tue Aug 13 13:07:21.001525 2013] [:error] [pid 5890] ipa: INFO:
> bretw at FOO.NET <mailto:bretw at FOO.NET>: json_metadata(None, None,
> command=u'all'): SUCCESS
>
> DNS resolution, authentication and authorization all /appear/ to be
> working fine.
The DNS schema was not updated properly. I'd run:
# ipa-ldap-updater --upgrade
rob
More information about the Freeipa-users
mailing list