[Freeipa-users] Errors upgrading 4.0.1 to 4.1

Michael Lasevich mlasevich at gmail.com
Fri Oct 24 03:17:30 UTC 2014

While upgrading from 4.0.1. to 4.1 on fedora 20 got following on one of the
two boxes:

Upgrade failed with attribute "allowWeakCipher" not allowed
IPA upgrade failed.
Unexpected error
DuplicateEntry: This entry already exists

It seems the ipa no longer starts up after this. The replica server seems
to have had same error,but it runs just fine.

>From digging around, it appears that there are a number of GSS errors in
dirsrv and bind fails with something like:

named-pkcs11[2212]: ObjectStore.cpp(74): Failed to open token
named-pkcs11[2212]: sha1.c:92: fatal error:
named-pkcs11[2212]: RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST,
isc_boolean_true, isc_boolean_false, isc_boolean_false, ((void *)0), 0) ==
0) failed

Any help would be appreciated

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141023/6fcf6e4c/attachment.htm>

More information about the Freeipa-users mailing list