<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 09/08/2014 07:29 PM, Olga
Kornievskaia wrote:<br>
</div>
<blockquote
cite="mid:CAN-5tyHa=GUFi3bOTKF8XHwGws+95sG2qA4oaSCSAvcZ6Pptvw@mail.gmail.com"
type="cite">
<div dir="ltr">Thank you very much for your quick reply.
<div><br>
</div>
<div>It is a brand new fedora 20 vm. <br>
</div>
</div>
</blockquote>
<br>
OK good.<br>
Can you send or share the ipa server installation log?<br>
<br>
Are you using a cert from AD and trying to chain to an AD CA?<br>
<br>
<br>
<blockquote
cite="mid:CAN-5tyHa=GUFi3bOTKF8XHwGws+95sG2qA4oaSCSAvcZ6Pptvw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>There is nothing that's running on port 443. </div>
<div><br>
</div>
<div>catalina.out is empty </div>
<div>system file is attached and reports that certificate is not
in pkcs11 format.</div>
<div>pki-ca-spaw.XX.log does not appear to report errors (also
attached)</div>
<div><br>
</div>
<div>Please let me know if I can enable any other debugging into
that might be useful in figuring this out.</div>
<div><br>
</div>
<div>Thank you.</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Sep 8, 2014 at 5:50 PM, Dmitri
Pal <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span class="">
<div>On 09/08/2014 03:49 PM, Olga Kornievskaia wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">Can
somebody help with the following problem(s) I’ve
encountered while trying to install the freeipa
server?</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><br>
</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">Problem
#1:</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">On
fedora 20, I have:</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">1.
using yum install acquired the free-ipa-server
package.</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">2.
ran ipa-server-install </div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">—
that has failed with “CA did not start in 300s”</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><br>
</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">One
thing that’s noticeable in the logs (the snippet
is included below) is that request for <span
style="font-family:Menlo;font-size:11px">request
'<a moz-do-not-send="true"
href="https://ipa1.gateway.2wire.net/ca/admin/ca/getStatus%27"
target="_blank">https://ipa1.gateway.2wire.net:443/ca/admin/ca/getStatus'</a> </span></div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><br>
</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">has
443 as port as for before all the requests for
8443 (e.g.., same (manual) request on port 8443
succeeds). Seems like an install script somewhere
has the wrong port ?</div>
</div>
</blockquote>
<br>
</span> 443 is the right port.<br>
Do you have something already running on the same box on
that port?<br>
That might prevent things from installing and running.<br>
<br>
Please try on a clean machine or VM.<br>
Also more logs will be helpful.<br>
Please see this [1] on how to troubleshoot.<br>
<br>
The second problem is most likely an artifact of the
incomplete install.<br>
<br>
[1] <a moz-do-not-send="true"
href="http://www.freeipa.org/page/Troubleshooting"
target="_blank">http://www.freeipa.org/page/Troubleshooting</a><span
class=""><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><br>
</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">
<p
style="margin:0px;font-size:11px;font-family:Menlo">2014-09-08T19:21:07Z
DEBUG Waiting for CA to start...</p>
<p
style="margin:0px;font-size:11px;font-family:Menlo">2014-09-08T19:21:08Z
DEBUG request '<a moz-do-not-send="true"
href="https://ipa1.gateway.2wire.net:443/ca/admin/ca/getStatus"
target="_blank">https://ipa1.gateway.2wire.net:443/ca/admin/ca/getStatus</a>'</p>
<p
style="margin:0px;font-size:11px;font-family:Menlo">2014-09-08T19:21:08Z
DEBUG request body ''</p>
<p
style="margin:0px;font-size:11px;font-family:Menlo">2014-09-08T19:21:08Z
DEBUG request status 503</p>
<p
style="margin:0px;font-size:11px;font-family:Menlo">2014-09-08T19:21:08Z
DEBUG request reason_phrase u'Service
Unavailable'</p>
<p
style="margin:0px;font-size:11px;font-family:Menlo">2014-09-08T19:21:08Z
DEBUG request headers {'date': 'Mon, 08 Sep 2014
19:21:08 GMT', 'content-length': '299',
'content-type': 'text/html; charset=iso-8859-1',
'connection': 'close', 'server': 'Apache/2.4.10
(Fedora) mod_auth_kerb/5.4 mod_nss/2.4.6
NSS/3.15.3 Basic ECC mod_wsgi/3.5
Python/2.7.5'}2014-09-08T19:21:08Z DEBUG request
body '<!DOCTYPE HTML PUBLIC "-//IETF//DTD
HTML
2.0//EN">\n<html><head>\n<title>503
Service
Unavailable</title>\n</head><body>\n<h1>Service
Unavailable</h1>\n<p>The server is
temporarily unable to service your\nrequest due
to maintenance downtime or capacity\nproblems.
Please try again
later.</p>\n</body></html>\n'</p>
<p
style="margin:0px;font-size:11px;font-family:Menlo">2014-09-08T19:21:08Z
DEBUG The CA status is: Service Unavailable</p>
<div><br>
</div>
</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">Problem
#2:</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">The
next problem I’m encountering and doesn’t seem to
be related to the CA setup is on the next step of
“kinit admin”. It fails with “generic pre
authentication failure while getting initial
credentials"</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><br>
</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">stracing
kinit show that it tried to open file
“/var/lib/sss/pubconf/<a moz-do-not-send="true"
href="http://kdcinfo.gateway.2wire.net/"
target="_blank">kdcinfo.GATEWAY.2WIRE.NET</a>”)
and fails with “no such file” error. “pubconf”
dir only has empty “krb5.include.d”.</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><br>
</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">I
don’t know if this failure is due to the fact that
the setup didn’t run all the way and some
configuration is missing or this is a separate
issue .</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><br>
</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">Are
these bugs that need to be filled with bugzilla or
am I doing something incorrectly?</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><br>
</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">Any
help would be appreciated. </div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><br>
</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">Thank
you.</div>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
<br>
<br>
</span><span class="HOEnZb"><font color="#888888">
<pre cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</font></span></div>
<br>
--<br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go To <a moz-do-not-send="true" href="http://freeipa.org"
target="_blank">http://freeipa.org</a> for more info on
the project<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>