[Freeipa-users] IPA Replication failed: Your system may be partly configured. Run ipa-server-install --uninstall to clean up. Configuration of CA failed
Linov Suresh
linov.suresh at gmail.com
Wed Jul 20 17:50:49 UTC 2016
I was trying to replicate our IPA server which is running on CentOS6.4,
FreeIPA 3.0 and I got an error,
*Your system may be partly configured.*
*Run /usr/sbin/ipa-server-install --uninstall to clean up.*
*Configuration of CA failed*
I ran /usr/sbin/ipa-server-install --uninstall couple of times before
installing the replica, but was unsuccessful in creating the replica
server,
[root at neit-lab ~]#* ipa-replica-install --setup-ca --setup-dns
--no-forwarders --skip-conncheck
/var/lib/ipa/replica-info-neit-lab.teloip.net.gpg*
Directory Manager (existing master) password:
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server for the CA (pkids): Estimated time 30 seconds
[1/3]: creating directory server user
[2/3]: creating directory server instance
[3/3]: restarting directory server
Done configuring directory server for the CA (pkids).
Configuring certificate server (pki-cad): Estimated time 3 minutes 30
seconds
[1/17]: creating certificate server user
[2/17]: creating pki-ca instance
[3/17]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
neit-lab.teloip.net -cs_port 9445 -client_certdb_dir /tmp/tmp-QAXI9A
-client_certdb_pwd XXXXXXXX -preop_pin UpMxkDYjV90WLL041tDU -domain_name
IPA -admin_user admin -admin_email root at localhost -admin_password XXXXXXXX
-agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
-agent_cert_subject CN=ipa-ca-agent,O=TELOIP.NET <http://teloip.net/>
-ldap_host neit-lab.teloip.net -ldap_port 7389 -bind_dn cn=Directory
Manager -bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size
2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd
XXXXXXXX -subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=TELOIP.NET
<http://teloip.net/> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=
TELOIP.NET <http://teloip.net/> -ca_ocsp_cert_subject_name CN=OCSP
Subsystem,O=TELOIP.NET <http://teloip.net/> -ca_server_cert_subject_name CN=
neit-lab.teloip.net,O=TELOIP.NET <http://teloip.net/>
-ca_audit_signing_cert_subject_name
CN=CA Audit,O=TELOIP.NET <http://teloip.net/> -ca_sign_cert_subject_name
CN=Certificate Authority,O=TELOIP.NET <http://teloip.net/> -external false
-clone true -clone_p12_file ca.p12 -clone_p12_password XXXXXXXX
-sd_hostname caer.teloip.net -sd_admin_port 443 -sd_admin_name admin
-sd_admin_password XXXXXXXX -clone_start_tls true -clone_uri
https://caer.teloip.net:443 <https://caer.teloip.net/>' returned non-zero
exit status 255
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
Configuration of CA failed
[root at neit-lab ~]#
Could you please help me?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160720/eed51023/attachment.htm>
More information about the Freeipa-users
mailing list