[Freeipa-users] IPA Master Issue - Not starting

Fri Aug 15 01:52:12 UTC 2014

Hi All,

Have been thrown in the deep end with a Master Instance not starting. Not very familiar with IPA so hoping someone here is able to steer me in the right direction.

Below is output from restarting and /var/log/messages

[root at host~]# sudo ipactl restart

Restarting Directory Service

Shutting down dirsrv:

    DOMAIN-COM... server already stopped            [FAILED]

    PKI-IPA... server already stopped                      [FAILED]

  *** Error: 2 instance(s) unsuccessfully stopped          [FAILED]

Starting dirsrv:

    DOMAIN-COM...                                   [  OK  ]

    PKI-IPA...                                             [  OK  ]

Restarting KDC Service

Stopping Kerberos 5 KDC:                                   [FAILED]

Starting Kerberos 5 KDC:                                   [  OK  ]

Restarting KPASSWD Service

Stopping Kerberos 5 Admin Server:                          [FAILED]

Starting Kerberos 5 Admin Server:                          [  OK  ]

Restarting DNS Service

Stopping named:                                            [  OK  ]

Starting named:                                            [FAILED]

Failed to restart DNS Service

Shutting down

Stopping Kerberos 5 KDC:                                   [  OK  ]

Stopping Kerberos 5 Admin Server:                          [  OK  ]

Stopping named:                                            [  OK  ]

Stopping httpd:                                            [FAILED]

Stopping pki-ca:                                           [  OK  ]

Shutting down dirsrv:

    DOMAIN-COM...                                   [  OK  ]

    PKI-IPA...                                             [  OK  ]

Aborting ipactl

[root at host ~]#

2014-08-15T11:43:44.010180+10:00 hostname ns-slapd: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_493' not found)

2014-08-15T11:43:46.323908+10:00 hostname named[6470]: starting BIND 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 -u named

2014-08-15T11:43:46.324391+10:00 hostname named[6470]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'

2014-08-15T11:43:46.324459+10:00 host named[6470]: ----------------------------------------------------

2014-08-15T11:43:46.324513+10:00 host named[6470]: BIND 9 is maintained by Internet Systems Consortium,

2014-08-15T11:43:46.324568+10:00 host named[6470]: Inc. (ISC), a non-profit 501(c)(3) public-benefit

2014-08-15T11:43:46.324621+10:00 host named[6470]: corporation.  Support and training for BIND 9 are

2014-08-15T11:43:46.324673+10:00 host named[6470]: available at https://www.isc.org/support

2014-08-15T11:43:46.324719+10:00 host named[6470]: ----------------------------------------------------

2014-08-15T11:43:46.324788+10:00 host named[6470]: adjusted limit on open files from 62000 to 1048576

2014-08-15T11:43:46.324852+10:00 host named[6470]: found 1 CPU, using 1 worker thread

2014-08-15T11:43:46.325227+10:00 host named[6470]: using up to 4096 sockets

2014-08-15T11:43:46.328360+10:00 host named[6470]: loading configuration from '/etc/named.conf'

2014-08-15T11:43:46.329001+10:00 host named[6470]: using default UDP/IPv4 port range: [1024, 65535]

2014-08-15T11:43:46.329275+10:00 host named[6470]: using default UDP/IPv6 port range: [1024, 65535]

2014-08-15T11:43:46.330699+10:00 host named[6470]: listening on IPv6 interfaces, port 53

2014-08-15T11:43:46.332657+10:00 host named[6470]: listening on IPv4 interface lo, 127.0.0.1#53

2014-08-15T11:43:46.333038+10:00 host named[6470]: listening on IPv4 interface eth0, 10.3.11.16#53

2014-08-15T11:43:46.333960+10:00 host named[6470]: generating session key for dynamic DNS

2014-08-15T11:43:46.334216+10:00 host named[6470]: sizing zone task pool based on 9 zones

2014-08-15T11:43:46.336307+10:00 host named[6470]: set up managed keys zone for view _default, file 'dynamic/managed-keys.bind'

2014-08-15T11:43:46.434383+10:00 host named[6470]: Failed to init credentials (Decrypt integrity check failed)

2014-08-15T11:43:46.434884+10:00 host named[6470]: loading configuration: failure

2014-08-15T11:43:46.434991+10:00 host named[6470]: exiting (due to fatal error)

2014-08-15T11:43:47.435187+10:00 host ns-slapd: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Cannot contact any KDC for realm ‘DOMAIN.COM')

Thanks for any help anyone is able to provide.

Peter.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140815/409233e0/attachment.htm>