[Freeipa-users] pki-tomcatd stopped responding? Won't restart?

Janelle janellenicole80 at gmail.com
Tue Mar 17 19:41:57 UTC 2015 

On 3/17/15 12:14 PM, Dmitri Pal wrote:
> On 03/17/2015 12:12 PM, Janelle wrote:
>> On 3/17/15 9:06 AM, Martin Kosek wrote:
>>> On 03/17/2015 04:35 PM, Janelle wrote:
>>>> Hello,
>>>>
>>>> I have a server - a master (has CA) - and it does not want to 
>>>> restart after it
>>>> has been running sometime. pki-tomcatd keeps failing. It starts up 
>>>> with these
>>>> errors, then adds a lot more. Maybe this might point you to 
>>>> something that is
>>>> know or a place I can start looking?
>>>>
>>>> Any ideas?
>>>> ~J
>>>>
>>>> Mar 17, 2015 8:21:03 AM 
>>>> org.apache.catalina.startup.SetAllPropertiesRule begin
>>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting 
>>>> property
>>>> 'enableOCSP' to 'false' did not find a matching property.
>>>>
>>>> Mar 17, 2015 8:21:03 AM 
>>>> org.apache.catalina.startup.SetAllPropertiesRule begin
>>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting 
>>>> property
>>>> 'ocspResponderURL' to 'http://ipa-server.example.com:9080/ca/ocsp' 
>>>> did not find
>>>> a matching property.
>>>>
>>>> Mar 17, 2015 8:21:03 AM 
>>>> org.apache.catalina.startup.SetAllPropertiesRule begin
>>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting 
>>>> property
>>>> 'ocspResponderCertNickname' to 'ocspSigningCert cert-pki-ca' did 
>>>> not find a
>>>> matching property.
>>>>
>>>> Mar 17, 2015 8:21:03 AM 
>>>> org.apache.catalina.startup.SetAllPropertiesRule begin
>>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting 
>>>> property
>>>> 'ocspCacheSize' to '1000' did not find a matching property.
>>>>
>>>> Mar 17, 2015 8:21:03 AM 
>>>> org.apache.catalina.startup.SetAllPropertiesRule begin
>>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting 
>>>> property
>>>> 'ocspMinCacheEntryDuration' to '60' did not find a matching property.
>>>>
>>>> Mar 17, 2015 8:21:03 AM 
>>>> org.apache.catalina.startup.SetAllPropertiesRule begin
>>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting 
>>>> property
>>>> 'ocspMaxCacheEntryDuration' to '120' did not find a matching property.
>>>>
>>>> Mar 17, 2015 8:21:03 AM 
>>>> org.apache.catalina.startup.SetAllPropertiesRule begin
>>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting 
>>>> property
>>>> 'ocspTimeout' to '10' did not find a matching property.
>>>>
>>>> Mar 17, 2015 8:21:03 AM 
>>>> org.apache.catalina.startup.SetAllPropertiesRule begin
>>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting 
>>>> property
>>>> 'strictCiphers' to 'true' did not find a matching property.
>>>> Mar 17, 2015 8:21:03 AM 
>>>> org.apache.catalina.startup.SetAllPropertiesRule begin
>>>>
>>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting 
>>>> property
>>>> 'sslOptions' to 'ssl2=true,ssl3=true,tls=true' did not find a 
>>>> matching property.
>>>>
>>> CCing folks from Dogtag team to know about this issue. However, I 
>>> think you
>>> will need to provide more information before we continue with issues 
>>> - like
>>> version of FreeIPA, pki-ca packages, what system you are running it on
>>> (Fedora/RHEL/CentOS/...) and maybe whole logs pasted somewhere 
>>> (system and
>>> catalina.out logs are usually most interesting ones).
>> My bad --
>>
>> CentOS 7
>> FreeIPA 4.1.3 from mosek
>>
>> The strange thing is -- 12 other servers - 3 of which are CA masters 
>> and no issues,
>>
>> ~J
>>
> Just some areas to check:
> - versions of dogtag package
> - versions of nss package
>
pki-tools-10.1.2-7.1.el7.centos.x86_64
dogtag-pki-server-theme-10.1.1-1.el7.centos.noarch
pki-server-10.1.2-7.1.el7.centos.noarch
krb5-pkinit-1.12.2-9.el7.centos.x86_64
pki-base-10.1.2-7.1.el7.centos.noarch
pki-ca-10.1.2-7.1.el7.centos.noarch

mod_nss-1.0.8-32.el7.x86_64
nss-sysinit-3.16.2.3-2.el7_0.x86_64
python-nss-0.15.0-1.el7.centos.x86_64
nss-softokn-3.16.2.3-1.el7_0.x86_64
nss-softokn-freebl-3.16.2.3-1.el7_0.x86_64
nss-tools-3.16.2.3-2.el7_0.x86_64
nss-util-3.16.2.3-1.el7_0.x86_64
nss-3.16.2.3-2.el7_0.x86_64

Anything? All the servers are identical.

~J

More information about the Freeipa-users mailing list