<div id="reply-content"> I think I have SELinux turned off but will double-check in the morning. And reply to the list.... </div><div id="reply-content"><br></div> <div id="D0157A8F87374888947D1E44705C7652"><div><br></div>-- <br>Bret Wortman<br>http://bretwortman.com/<br>http://twitter.com/bretwortman<div><br></div></div> <p style="color: #A0A0A8;">On Wednesday, October 17, 2012 at 3:17 PM, Rob Crittenden wrote:</p> <blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;"> <div id="quoted-message-content"><div><div>Bret Wortman wrote:</div><blockquote type="cite"><div><div>Now it appears that whatever is supposed to be running on port 9445</div><div>(looks like mindarray-ca) isn't running, and I'm not sure how it gets</div><div>started, exactly. I ran lsof -i:9445 on this server and on a FreeIPA</div><div>test box I first set up, and it's running on the test box but not the</div><div>new one. Where should I look next?</div></div></blockquote><div><br></div><div>See if there are any SELinux denials: ausearch -m AVC</div><div><br></div><div>It looks like tomcat failed to start. The logs are in /var/log/pki-ca.</div><div><br></div><div>rob</div><div><br></div><blockquote type="cite"><div><div><br></div><div>On Wed, Oct 17, 2012 at 2:07 PM, Bret Wortman</div><div><bret.wortman@damascusgrp.com <mailto:bret.wortman@damascusgrp.com>> wrote:</div><div><br></div><div> Spot on. It was a fresh install of F17 and I neglected to # yum</div><div> update first. I've done so, rebooted, and am trying again with</div><div> better results.</div><div><br></div><div><br></div><div> On Wed, Oct 17, 2012 at 1:45 PM, John Dennis <jdennis@redhat.com</div><div> <mailto:jdennis@redhat.com>> wrote:</div><div><br></div><div> On 10/17/2012 12:40 PM, Bret Wortman wrote:</div><div><br></div><div> I recently tried installing freeipa on a new server, but</div><div> ipa-server-install had problems around this point:</div><div><br></div><div> Configuring certificate server: Estimated time 3 minutes 30</div><div> seconds</div><div> [1/18]: creating certificate server user</div><div> [2/18]: creating pki-ca instance</div><div> [3/18]: configuring certificate server instance</div><div> ipa : CRITICAL failed to configure ca instance Command</div><div> '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname</div><div> fs1.wedgeofli.me <http://fs1.wedgeofli.me></div><div> <http://fs1.wedgeofli.me> -cs_port 9445</div><div><br></div><div> -client_certdb_dir /tmp/tmp-UvBMbL -client_certdb_pwd XXXXXXXX</div><div> -preop_pin HHxKHUz5RRfzQ3OkFMlR -domain_name IPA -admin_user</div><div> admin</div><div> -admin_email root@localhost -admin_XXXXXXXX XXXXXXXX -agent_name</div><div> ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa</div><div> -agent_cert_subject CN=ipa-ca-agent,O=WEDGEOFLI.ME</div><div> <http://WEDGEOFLI.ME> <http://WEDGEOFLI.ME></div><div> -ldap_host fs1.wedgeofli.me <http://fs1.wedgeofli.me></div><div> <http://fs1.wedgeofli.me> -ldap_port 7389</div><div><br></div><div> -bind_dn cn=Directory Manager -bind_XXXXXXXX XXXXXXXX</div><div> -base_dn o=ipaca</div><div> -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm</div><div> SHA256withRSA</div><div> -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad</div><div> -token_name</div><div> internal -ca_subsystem_cert_subject___name CN=CA</div><div> Subsystem,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME></div><div> <http://WEDGEOFLI.ME> -ca_ocsp_cert_subject_name CN=OCSP</div><div> Subsystem,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME></div><div> <http://WEDGEOFLI.ME></div><div> -ca_server_cert_subject_name CN=fs1.wedgeofli.me</div><div> <http://fs1.wedgeofli.me></div><div> <http://fs1.wedgeofli.me>,O=WE__DGEOFLI.ME</div><div> <http://WEDGEOFLI.ME> <http://WEDGEOFLI.ME></div><div> -ca_audit_signing_cert___subject_name CN=CA</div><div> Audit,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME></div><div> <http://WEDGEOFLI.ME> -ca_sign_cert_subject_name CN=Certificate</div><div> Authority,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME></div><div> <http://WEDGEOFLI.ME> -external false -clone</div><div><br></div><div> false' returned non-zero exit status 255</div><div> Unexpected error - see ipaserver-install.log for details:</div><div> Configuration of CA failed</div><div> [root@fs1 ~]#</div><div><br></div><div> The logfile revealed the following stack trace:</div><div><br></div><div> ##############################__###############</div><div> Attempting to connect to: fs1.wedgeofli.me:9445</div><div> <http://fs1.wedgeofli.me:9445></div><div> <http://fs1.wedgeofli.me:9445></div><div><br></div><div> Exception in LoginPanel(): java.lang.NullPointerException</div><div> ERROR: ConfigureCA: LoginPanel() failure</div><div> ERROR: unable to create CA</div><div><br></div><div> ##############################__##############################__###########</div><div><br></div><div> 2012-10-17T16:24:53Z DEBUG stderr=Exception: Unable to Send</div><div> Request:java.net <http://java.net>.__ConnectException:</div><div> Connection refused</div><div> java.net.ConnectException: Connection refused</div><div> at java.net.PlainSocketImpl.__socketConnect(Native Method)</div><div> at</div><div> java.net</div><div> <http://java.net>.__AbstractPlainSocketImpl.__doConnect(__AbstractPlainSocketImpl.java:__339)</div><div> at</div><div> java.net</div><div> <http://java.net>.__AbstractPlainSocketImpl.__connectToAddress(__AbstractPlainSocketImpl.java:__200)</div><div> at</div><div> java.net</div><div> <http://java.net>.__AbstractPlainSocketImpl.__connect(__AbstractPlainSocketImpl.java:__182)</div><div> at</div><div> java.net.SocksSocketImpl.__connect(SocksSocketImpl.java:__391)</div><div> at java.net.Socket.connect(__Socket.java:579)</div><div> at java.net.Socket.connect(__Socket.java:528)</div><div> at java.net.Socket.<init>(Socket.__java:425)</div><div> at java.net.Socket.<init>(Socket.__java:241)</div><div> at HTTPClient.sslConnect(__HTTPClient.java:326)</div><div> at ConfigureCA.LoginPanel(__ConfigureCA.java:244)</div><div> at ConfigureCA.__ConfigureCAInstance(__ConfigureCA.java:1157)</div><div> at ConfigureCA.main(ConfigureCA.__java:1672)</div><div> java.lang.NullPointerException</div><div> at ConfigureCA.LoginPanel(__ConfigureCA.java:245)</div><div> at ConfigureCA.__ConfigureCAInstance(__ConfigureCA.java:1157)</div><div> at ConfigureCA.main(ConfigureCA.__java:1672)</div><div><br></div><div> Now I seem to be stuck. I tried uninstalling the</div><div> freeipa-server package</div><div> with # yum remove freeipa-server and then reinstalled it the</div><div> same way,</div><div> but ipa-server-install won't run no matter what I attempt.</div><div><br></div><div> Any thoughts? I'm pretty new to IPA.</div><div><br></div><div><br></div><div> There is a good chance this is due to a version mismatch between</div><div> the IPA packages and the dogtag packages. You didn't mention</div><div> which OS you're using nor the versions of the relevant packages,</div><div> that would have been helpful. In any event I would make sure all</div><div> your packages are up to date.</div><div><br></div><div><br></div><div> --</div><div> John Dennis <jdennis@redhat.com <mailto:jdennis@redhat.com>></div><div><br></div><div><br></div><div> Looking to carve out IT costs?</div><div> www.redhat.com/carveoutcosts/ <http://www.redhat.com/carveoutcosts/></div><div><br></div><div><br></div><div><br></div><div><br></div><div> --</div><div> Bret Wortman</div><div> The Damascus Group</div><div> Fairfax, VA</div><div> http://bretwortman.com/</div><div> http://twitter.com/BretWortman</div><div><br></div><div><br></div><div><br></div><div><br></div><div>--</div><div>Bret Wortman</div><div>The Damascus Group</div><div>Fairfax, VA</div><div>http://bretwortman.com/</div><div>http://twitter.com/BretWortman</div><div><br></div><div><br></div><div><br></div><div>_______________________________________________</div><div>Freeipa-users mailing list</div><div>Freeipa-users@redhat.com</div><div>https://www.redhat.com/mailman/listinfo/freeipa-users</div></div></blockquote></div></div> </blockquote> <div> <br> </div>