[Freeipa-users] IPA Server is not coming backup
Petr Spacek
pspacek at redhat.com
Tue Sep 20 11:21:47 UTC 2016
Hi,
The important line is around
> named-pkcs11[3511]: GSSAPI Error: Unspecified GSS failure. Minor code may
provide more information
Unfortunately the log is truncated so it does not show the actual error.
Please see
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart
I hope it helps.
Petr^2 Spacek
On 20.9.2016 12:45, Deepak Dimri wrote:
> Hi All,
> My IPA Server was working all fine until i tried restarting it using "ipactl restart" and now i am ended with these errors :(
>
>
>
>
>
>
>
>
> [root at ip-172-31-25-165 plugins]# ipactl restartStarting Directory ServiceRestarting krb5kdc ServiceRestarting kadmin ServiceStarting named ServiceJob for named-pkcs11.service failed because the control process exited with error code. See "systemctl status named-pkcs11.service" and "journalctl -xe" for details.Failed to start named ServiceShutting down
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Aborting ipactl
> This is what i get with "systemctl status named-pkcs11.service"
> [root at ip-172-31-25-165 plugins]# systemctl status named-pkcs11.service● named-pkcs11.service - Berkeley Internet Name Domain (DNS) with native PKCS#11 Loaded: loaded (/usr/lib/systemd/system/named-pkcs11.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Tue 2016-09-20 06:28:03 EDT; 1min 2s ago Process: 3281 ExecStart=/usr/sbin/named-pkcs11 -u named $OPTIONS (code=exited, status=1/FAILURE) Process: 3278 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
> Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/US-WEST-2.C...database)Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: LDAP error: Local error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may...er failedSep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: couldn't establish connection in LDAP connection pool: failureSep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: dynamic database 'ipa' configuration failed: failureSep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: loading configuration: failureSep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: exiting (due to fatal error)Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: named-pkcs11.service: control process exited, code=exited status=1Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11.Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Unit named-pkcs11.service entered failed state.Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: named-pkcs11.service failed.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Hint: Some lines were ellipsized, use -l to show in full.
> output from "journalctl -xe" is as below:
> [root at ip-172-31-25-165 ec2-user]# journalctl -xeSep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: option 'serial_autoincrement' is not supported, ignoringSep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: GSSAPI client step 1Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: GSSAPI client step 1Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: LDAP error: Local error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSSep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: couldn't establish connection in LDAP connection pool: failureSep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: dynamic database 'ipa' configuration failed: failureSep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: loading configuration: failureSep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: exiting (due to fatal error)Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: named-pkcs11.service: control process exited, code=exited status=1Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11.-- Subject: Unit named-pkcs11.service has failed-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel-- -- Unit named-pkcs11.service has failed.-- -- The result is failed.Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Unit named-pkcs11.service entered failed state.Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: named-pkcs11.service failed.Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal polkitd[529]: Unregistered Authentication Agent for unix-process:3498:36427945
3 (system bus name :1.Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal polkitd[529]: Registered Authentication Agent for unix-process:3518:364279465 (system bus name :1.96Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Stopping 389 Directory Server US-WEST-2-COMPUTE-AMAZONAWS-COM....-- Subject: Unit dirsrv at US-WEST-2-COMPUTE-AMAZONAWS-COM.service has begun shutting down-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel-- -- Unit dirsrv at US-WEST-2-COMPUTE-AMAZONAWS-COM.service has begun shutting down.Sep 20 06:37:05 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Stopped 389 Directory Server US-WEST-2-COMPUTE-AMAZONAWS-COM..-- Subject: Unit dirsrv at US-WEST-2-COMPUTE-AMAZONAWS-COM.service has finished shutting down-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel-- -- Unit dirsrv at US-WEST-2-COMPUTE-AMAZONAWS-COM.service has finished shutting down.Sep 20 06:37:05 ip-172-31-25-165.us-west-2.compute.internal polkitd[529]: Unregistered Authentication Agent for unix-process:3518:364279465 (system bus name :1.Sep 20 06:37:15 ip-172-31-25-165.us-west-2.compute.internal unix_chkpwd[3531]: password check failed for user (root)Sep 20 06:37:15 ip-172-31-25-165.us-west-2.compute.internal sshd[3530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=Sep 20 06:37:17 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: error: PAM: Authentication failure for root from 221.229.172.103Sep 20 06:37:18 ip-172-31-25-165.us-west-2.compute.internal unix_chkpwd[3533]: password check failed for user (root)Sep 20 06:37:18 ip-172-31-25-165.us-west-2.compute.internal sshd[3532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=Sep 20 06:37:20 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: error: PAM: Authentication failure for root from 221.229.172.103Sep 20 06:37:20 ip-172-31-25-165.us-west-2.compute.internal unix_chkpwd[3535]: pa
ssword check failed for user (root)Sep 20 06:37:20 ip-172-31-25-165.us-west-2.compute.internal sshd[3534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=Sep 20 06:37:23 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: error: PAM: Authentication failure for root from 221.229.172.103
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Sep 20 06:37:23 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: Received disconnect from 221.229.172.103: 11: [preauth]
>
> Would really be thankful if you can get me backup with my IPA Server..
> Many Thanks,Deepak
>
>
>
>
>
>
>
>
>
>
>
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list