[Freeipa-users] IPA Server is not coming backup

Deepak Dimri deepak_dimri at hotmail.com
Tue Sep 20 11:28:27 UTC 2016 

Hi All,
My IPA Server was working all fine until i tried restarting it using "ipactl restart"  and now i am ended with these errors :( 








[root at ip-172-31-25-165 plugins]# ipactl restartStarting Directory ServiceRestarting krb5kdc ServiceRestarting kadmin ServiceStarting named ServiceJob for named-pkcs11.service failed because the control process exited with error code. See "systemctl status named-pkcs11.service" and "journalctl -xe" for details.Failed to start named ServiceShutting down















Aborting ipactl
This is what i get with  "systemctl status named-pkcs11.service"
[root at ip-172-31-25-165 plugins]# systemctl status named-pkcs11.service● named-pkcs11.service - Berkeley Internet Name Domain (DNS) with native PKCS#11   Loaded: loaded (/usr/lib/systemd/system/named-pkcs11.service; disabled; vendor preset: disabled)   Active: failed (Result: exit-code) since Tue 2016-09-20 06:28:03 EDT; 1min 2s ago  Process: 3281 ExecStart=/usr/sbin/named-pkcs11 -u named $OPTIONS (code=exited, status=1/FAILURE)  Process: 3278 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server krbtgt/US-WEST-2.C...database)Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: LDAP error: Local error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may...er failedSep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: couldn't establish connection in LDAP connection pool: failureSep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: dynamic database 'ipa' configuration failed: failureSep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: loading configuration: failureSep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: exiting (due to fatal error)Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: named-pkcs11.service: control process exited, code=exited status=1Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11.Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Unit named-pkcs11.service entered failed state.Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: named-pkcs11.service failed.
























Hint: Some lines were ellipsized, use -l to show in full.
output from "journalctl -xe" is as below:
[root at ip-172-31-25-165 ec2-user]# journalctl -xeSep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: option 'serial_autoincrement' is not supported, ignoringSep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: GSSAPI client step 1Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: GSSAPI client step 1Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: LDAP error: Local error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSSep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: couldn't establish connection in LDAP connection pool: failureSep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: dynamic database 'ipa' configuration failed: failureSep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: loading configuration: failureSep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: exiting (due to fatal error)Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: named-pkcs11.service: control process exited, code=exited status=1Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11.-- Subject: Unit named-pkcs11.service has failed-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel-- -- Unit named-pkcs11.service has failed.-- -- The result is failed.Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Unit named-pkcs11.service entered failed state.Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: named-pkcs11.service failed.Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal polkitd[529]: Unregistered Authentication Agent for unix-process:3498:364279453 (system bus name :1.Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal polkitd[529]: Registered Authentication Agent for unix-process:3518:364279465 (system bus name :1.96Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Stopping 389 Directory Server US-WEST-2-COMPUTE-AMAZONAWS-COM....-- Subject: Unit dirsrv at US-WEST-2-COMPUTE-AMAZONAWS-COM.service has begun shutting down-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel-- -- Unit dirsrv at US-WEST-2-COMPUTE-AMAZONAWS-COM.service has begun shutting down.Sep 20 06:37:05 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Stopped 389 Directory Server US-WEST-2-COMPUTE-AMAZONAWS-COM..-- Subject: Unit dirsrv at US-WEST-2-COMPUTE-AMAZONAWS-COM.service has finished shutting down-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel-- -- Unit dirsrv at US-WEST-2-COMPUTE-AMAZONAWS-COM.service has finished shutting down.Sep 20 06:37:05 ip-172-31-25-165.us-west-2.compute.internal polkitd[529]: Unregistered Authentication Agent for unix-process:3518:364279465 (system bus name :1.Sep 20 06:37:15 ip-172-31-25-165.us-west-2.compute.internal unix_chkpwd[3531]: password check failed for user (root)Sep 20 06:37:15 ip-172-31-25-165.us-west-2.compute.internal sshd[3530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=Sep 20 06:37:17 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: error: PAM: Authentication failure for root from 221.229.172.103Sep 20 06:37:18 ip-172-31-25-165.us-west-2.compute.internal unix_chkpwd[3533]: password check failed for user (root)Sep 20 06:37:18 ip-172-31-25-165.us-west-2.compute.internal sshd[3532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=Sep 20 06:37:20 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: error: PAM: Authentication failure for root from 221.229.172.103Sep 20 06:37:20 ip-172-31-25-165.us-west-2.compute.internal unix_chkpwd[3535]: password check failed for user (root)Sep 20 06:37:20 ip-172-31-25-165.us-west-2.compute.internal sshd[3534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=Sep 20 06:37:23 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: error: PAM: Authentication failure for root from 221.229.172.103




















































Sep 20 06:37:23 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: Received disconnect from 221.229.172.103: 11:  [preauth]

Would really be thankful if you can get me backup with my IPA Server.. 
Many Thanks,Deepak







 		 	   		   		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160920/f91d94a3/attachment.htm>

More information about the Freeipa-users mailing list