<div dir="ltr">ipareplica-install is big, folowing starts at around step 34/35 for directory server config (see<br>red lines), and then CA steup sopped at second step. Relaevnt logs in error and access are<br>attched too. It appears at the time when CA setup eed access to dirsrv, it was down?<br>----- ipareplica-install log -----<br>2015-04-29T13:40:03Z DEBUG Final value after applying updates<br>2015-04-29T13:40:03Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config<br>2015-04-29T13:40:03Z DEBUG schema-compat-entry-attribute:<br>2015-04-29T13:40:03Z DEBUG     objectclass=posixGroup<br>2015-04-29T13:40:03Z DEBUG     gidNumber=%{gidNumber}<br>2015-04-29T13:40:03Z DEBUG     memberUid=%{memberUid}<br>2015-04-29T13:40:03Z DEBUG     memberUid=%deref_r("member","uid")<br>2015-04-29T13:40:03Z DEBUG     %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")<br>2015-04-29T13:40:03Z DEBUG     %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:mr.ric:%{ipauniqueid}","")<br>2015-04-29T13:40:03Z DEBUG     ipaanchoruuid=%{ipaanchoruuid}<br>2015-04-29T13:40:03Z DEBUG     %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")<br>2015-04-29T13:40:03Z DEBUG cn:<br>2015-04-29T13:40:03Z DEBUG     groups<br>2015-04-29T13:40:03Z DEBUG objectClass:<br>2015-04-29T13:40:03Z DEBUG     top<br>2015-04-29T13:40:03Z DEBUG     extensibleObject<br>2015-04-29T13:40:03Z DEBUG schema-compat-search-filter:<br>2015-04-29T13:40:03Z DEBUG     objectclass=posixGroup<br>2015-04-29T13:40:03Z DEBUG schema-compat-container-rdn:<br>2015-04-29T13:40:03Z DEBUG     cn=groups<br>2015-04-29T13:40:03Z DEBUG schema-compat-entry-rdn:<br>2015-04-29T13:40:03Z DEBUG     cn=%{cn}<br>2015-04-29T13:40:03Z DEBUG schema-compat-search-base:<br>2015-04-29T13:40:03Z DEBUG     cn=groups, cn=accounts, dc=mr,dc=ric<br>2015-04-29T13:40:03Z DEBUG schema-compat-container-group:<br>2015-04-29T13:40:03Z DEBUG     cn=compat, dc=mr,dc=ric<br>2015-04-29T13:40:03Z DEBUG   duration: 1 seconds<br><span style="color:rgb(255,0,0)">2015-04-29T13:40:03Z DEBUG   [34/35]: tuning directory server</span><br>2015-04-29T13:40:04Z DEBUG Starting external process<br>2015-04-29T13:40:04Z DEBUG args='/usr/sbin/selinuxenabled'<br>2015-04-29T13:40:04Z DEBUG Process finished, return code=0<br>2015-04-29T13:40:04Z DEBUG stdout=<br>2015-04-29T13:40:04Z DEBUG stderr=<br>2015-04-29T13:40:04Z DEBUG Starting external process<br>2015-04-29T13:40:04Z DEBUG args='/sbin/restorecon' '/etc/sysconfig/dirsrv.systemd'<br>2015-04-29T13:40:04Z DEBUG Process finished, return code=0<br>2015-04-29T13:40:04Z DEBUG stdout=<br>2015-04-29T13:40:04Z DEBUG stderr=<br>2015-04-29T13:40:04Z DEBUG Starting external process<br>2015-04-29T13:40:04Z DEBUG args='/bin/systemctl' '--system' 'daemon-reload'<br>2015-04-29T13:40:04Z DEBUG Process finished, return code=0<br>2015-04-29T13:40:04Z DEBUG stdout=<br>2015-04-29T13:40:04Z DEBUG stderr=<br>2015-04-29T13:40:04Z DEBUG Starting external process<br>2015-04-29T13:40:04Z DEBUG args='/bin/systemctl' 'restart' 'dirsrv@MR-RIC.service'<br>2015-04-29T13:40:06Z DEBUG Process finished, return code=0<br>2015-04-29T13:40:06Z DEBUG stdout=<br>2015-04-29T13:40:06Z DEBUG stderr=<br>2015-04-29T13:40:06Z DEBUG Starting external process<br>2015-04-29T13:40:06Z DEBUG args='/bin/systemctl' 'is-active' 'dirsrv@MR-RIC.service'<br>2015-04-29T13:40:06Z DEBUG Process finished, return code=0<br>2015-04-29T13:40:06Z DEBUG stdout=active<br><br>2015-04-29T13:40:06Z DEBUG stderr=<br>2015-04-29T13:40:06Z DEBUG wait_for_open_ports: localhost [389] timeout 300<br>2015-04-29T13:40:10Z DEBUG Starting external process<br>2015-04-29T13:40:10Z DEBUG args='/bin/systemctl' 'is-active' 'dirsrv@MR-RIC.service'<br>2015-04-29T13:40:10Z DEBUG Process finished, return code=0<br>2015-04-29T13:40:10Z DEBUG stdout=active<br><br>2015-04-29T13:40:10Z DEBUG stderr=<br>2015-04-29T13:40:10Z DEBUG Starting external process<br>2015-04-29T13:40:10Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpH_pfpG' '-H' 'ldap://mripa2.mr.ric:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpqvAwmY'<br>2015-04-29T13:40:10Z DEBUG Process finished, return code=0<br>2015-04-29T13:40:10Z DEBUG stdout=replace nsslapd-maxdescriptors:<br>    8192<br>replace nsslapd-reservedescriptors:<br>    64<br>modifying entry "cn=config"<br>modify complete<br><br><br>2015-04-29T13:40:10Z DEBUG stderr=ldap_initialize( ldap://mripa2.mr.ric:389/??base )<br><br>2015-04-29T13:40:10Z DEBUG   duration: 6 seconds<br><span style="color:rgb(255,0,0)">2015-04-29T13:40:10Z DEBUG   [35/35]: configuring directory to start on boot<br><span style="color:rgb(0,0,0)">2015-04-29T13:40:10Z DEBUG Starting external process</span></span><br>2015-04-29T13:40:10Z DEBUG args='/bin/systemctl' 'is-enabled' 'dirsrv@MR-RIC.service'<br>2015-04-29T13:40:10Z DEBUG Process finished, return code=0<br>2015-04-29T13:40:10Z DEBUG stdout=enabled<br><br>2015-04-29T13:40:10Z DEBUG stderr=<br>2015-04-29T13:40:10Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'<br>2015-04-29T13:40:10Z DEBUG Starting external process<br>2015-04-29T13:40:10Z DEBUG args='/bin/systemctl' 'disable' 'dirsrv@MR-RIC.service'<br>2015-04-29T13:40:11Z DEBUG Process finished, return code=0<br>2015-04-29T13:40:11Z DEBUG stdout=<br>2015-04-29T13:40:11Z DEBUG stderr=rm '/etc/systemd/system/dirsrv.target.wants/dirsrv@MR-RIC.service'<br><br>2015-04-29T13:40:11Z DEBUG   duration: 0 seconds<br>2015-04-29T13:40:11Z DEBUG Done configuring directory server (dirsrv).<br>2015-04-29T13:40:11Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'<br>2015-04-29T13:40:11Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'<br>2015-04-29T13:40:11Z DEBUG Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds<br>2015-04-29T13:40:11Z DEBUG   [1/22]: creating certificate server user<br>2015-04-29T13:40:11Z DEBUG group pkiuser exists<br>2015-04-29T13:40:11Z DEBUG user pkiuser exists<br>2015-04-29T13:40:11Z DEBUG   duration: 0 seconds<br>2015-04-29T13:40:11Z DEBUG   [2/22]: configuring certificate server instance<br>2015-04-29T13:40:11Z DEBUG Contents of pkispawn configuration file (/tmp/tmpaUGoKX):<br>[CA]<br>pki_security_domain_name = IPA<br>pki_enable_proxy = True<br>pki_restart_configured_instance = False<br>pki_backup_keys = True<br>pki_backup_password = XXXXXXXX<br>pki_client_database_dir = /tmp/tmp-RwhQYk<br>pki_client_database_password = XXXXXXXX<br>pki_client_database_purge = False<br>pki_client_pkcs12_password = XXXXXXXX<br>pki_admin_name = admin<br>pki_admin_uid = admin<br>pki_admin_email = root@localhost<br>pki_admin_password = XXXXXXXX<br>pki_admin_nickname = ipa-ca-agent<br>pki_admin_subject_dn = cn=ipa-ca-agent,O=MR.RIC<br>pki_client_admin_cert_p12 = /root/ca-agent.p12<br>pki_ds_ldap_port = 389<br>pki_ds_password = XXXXXXXX<br>pki_ds_base_dn = o=ipaca<br>pki_ds_database = ipaca<br>pki_subsystem_subject_dn = cn=CA Subsystem,O=MR.RIC<br>pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=MR.RIC<br>pki_ssl_server_subject_dn = cn=mripa2.mr.ric,O=MR.RIC<br>pki_audit_signing_subject_dn = cn=CA Audit,O=MR.RIC<br>pki_ca_signing_subject_dn = cn=Certificate Authority,O=MR.RIC<br>pki_subsystem_nickname = subsystemCert cert-pki-ca<br>pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca<br>pki_ssl_server_nickname = Server-Cert cert-pki-ca<br>pki_audit_signing_nickname = auditSigningCert cert-pki-ca<br>pki_ca_signing_nickname = caSigningCert cert-pki-ca<br>pki_ca_signing_key_algorithm = SHA256withRSA<br>pki_security_domain_hostname = mripa1.mr.ric<br>pki_security_domain_https_port = 443<br>pki_security_domain_user = admin<br>pki_security_domain_password = XXXXXXXX<br>pki_clone = True<br>pki_clone_pkcs12_path = /tmp/ca.p12<br>pki_clone_pkcs12_password = XXXXXXXX<br>pki_clone_replication_security = TLS<br>pki_clone_replication_master_port = 389<br>pki_clone_replication_clone_port = 389<br>pki_clone_replicate_schema = False<br>pki_clone_uri = <a href="https://mripa1.mr.ric:443">https://mripa1.mr.ric:443</a><br><br><br>2015-04-29T13:40:11Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'<br>2015-04-29T13:40:11Z DEBUG Starting external process<br>2015-04-29T13:40:11Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpaUGoKX'<br>2015-04-29T13:40:51Z DEBUG Process finished, return code=1<br>2015-04-29T13:40:51Z DEBUG stdout=Loading deployment configuration from /tmp/tmpaUGoKX.<br>Installing CA into /var/lib/pki/pki-tomcat.<br>Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.<br><br>Installation failed.<br><br><br>2015-04-29T13:40:51Z DEBUG stderr=pkispawn    : ERROR    ....... Exception from Java Configuration Servlet: Error in populating database: Could not connect to LDAP server host mrip<br>a2.mr.ric port 389 Error netscape.ldap.LDAPException: failed to connect to server ldap://mripa2.mr.ric:389 (91)<br><br>2015-04-29T13:40:51Z CRITICAL failed to configure ca instance Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpaUGoKX'' returned non-zero exit status 1<br>2015-04-29T13:40:51Z DEBUG Traceback (most recent call last):<br>  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 382, in start_creation<br>    run_step(full_msg, method)<br>  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 372, in run_step<br>    method()<br>  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 673, in __spawn_instance<br>    raise RuntimeError('Configuration of CA failed')<br>RuntimeError: Configuration of CA failed<br><br>2015-04-29T13:40:51Z DEBUG   [error] RuntimeError: Configuration of CA failed<br>2015-04-29T13:40:51Z DEBUG   File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 646, in run_script<br>    return_value = main_function()<br><br>  File "/usr/sbin/ipa-replica-install", line 703, in main<br>    CA = cainstance.install_replica_ca(config)<br><br>  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 1869, in install_replica_ca<br>    subject_base=config.subject_base)<br><br>  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 520, in configure_instance<br>    self.start_creation(runtime=210)<br><br>  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 382, in start_creation<br>    run_step(full_msg, method)<br><br>  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 372, in run_step<br>    method()<br><br>  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 673, in __spawn_instance<br>    raise RuntimeError('Configuration of CA failed')<br><br>2015-04-29T13:40:51Z DEBUG The ipa-replica-install command failed, exception: RuntimeError: Configuration of CA failed<br>-----<br>----- error log -----<br>[29/Apr/2015:09:39:26 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database<br>[29/Apr/2015:09:39:26 -0400] - check_and_set_import_cache: pagesize: 4096, pages: 471119, procpages: 54357<br>[29/Apr/2015:09:39:26 -0400] - Import allocates 753788KB import cache.<br>[29/Apr/2015:09:39:27 -0400] - import userRoot: Beginning import job...<br>[29/Apr/2015:09:39:27 -0400] - import userRoot: Index buffering enabled with bucket size 100<br>[29/Apr/2015:09:39:28 -0400] - import userRoot: Processing file "/var/lib/dirsrv/boot.ldif"<br>[29/Apr/2015:09:39:28 -0400] - import userRoot: Finished scanning file "/var/lib/dirsrv/boot.ldif" (1 entries)<br>[29/Apr/2015:09:39:28 -0400] - import userRoot: Workers finished; cleaning up...<br>[29/Apr/2015:09:39:28 -0400] - import userRoot: Workers cleaned up.<br>[29/Apr/2015:09:39:28 -0400] - import userRoot: Cleaning up producer thread...<br>[29/Apr/2015:09:39:29 -0400] - import userRoot: Indexing complete.  Post-processing...<br>[29/Apr/2015:09:39:29 -0400] - import userRoot: Generating numsubordinates (this may take several minutes to complete)...<br>[29/Apr/2015:09:39:29 -0400] - import userRoot: Generating numSubordinates complete.<br>[29/Apr/2015:09:39:29 -0400] - import userRoot: Gathering ancestorid non-leaf IDs...<br>[29/Apr/2015:09:39:29 -0400] - import userRoot: Finished gathering ancestorid non-leaf IDs.<br>[29/Apr/2015:09:39:29 -0400] - Nothing to do to build ancestorid index<br>[29/Apr/2015:09:39:29 -0400] - import userRoot: Created ancestorid index (new idl).<br>[29/Apr/2015:09:39:29 -0400] - import userRoot: Flushing caches...<br>[29/Apr/2015:09:39:29 -0400] - import userRoot: Closing files...<br>[29/Apr/2015:09:39:29 -0400] - All database threads now stopped<br>[29/Apr/2015:09:39:29 -0400] - import userRoot: Import complete.  Processed 1 entries in 2 seconds. (0.50 entries/sec)<br>[29/Apr/2015:09:39:31 -0400] - 389-Directory/<a href="http://1.3.3.1">1.3.3.1</a> B2015.118.1941 starting up<br>[29/Apr/2015:09:39:31 -0400] - 389-Directory/<a href="http://1.3.3.1">1.3.3.1</a> B2015.118.1941 starting up<br>[29/Apr/2015:09:39:31 -0400] - Db home directory is not set. Possibly nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the config file.<br>[29/Apr/2015:09:39:31 -0400] - I'm resizing my cache now...cache was 771878912 and is now 6400000<br>[29/Apr/2015:09:39:32 -0400] - slapd started.  Listening on All Interfaces port 389 for LDAP requests<br>[29/Apr/2015:09:39:33 -0400] - The change of nsslapd-ldapilisten will not take effect until the server is restarted<br>[29/Apr/2015:09:39:36 -0400] - Warning: Adding configuration attribute "nsslapd-security"<br>[29/Apr/2015:09:39:37 -0400] - slapd shutting down - signaling operation threads - op stack size 2 max work q size 1 max work q stack size 1<br>[29/Apr/2015:09:39:37 -0400] - slapd shutting down - waiting for 29 threads to terminate<br>[29/Apr/2015:09:39:37 -0400] - slapd shutting down - closing down internal subsystems and plugins<br>[29/Apr/2015:09:39:37 -0400] - Waiting for 4 database threads to stop<br>[29/Apr/2015:09:39:38 -0400] - All database threads now stopped<br>[29/Apr/2015:09:39:38 -0400] - slapd shutting down - freed 1 work q stack objects - freed 2 op stack objects<br>[29/Apr/2015:09:39:38 -0400] - slapd stopped.<br>[29/Apr/2015:09:39:40 -0400] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2<br>[29/Apr/2015:09:39:40 -0400] - SSL alert: Configured NSS Ciphers<br>[29/Apr/2015:09:39:40 -0400] - SSL alert:     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled<br>[29/Apr/2015:09:39:40 -0400] - SSL alert:     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled<br>[29/Apr/2015:09:39:40 -0400] - SSL alert:     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:40 -0400] - SSL alert:     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:40 -0400] - SSL alert:     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:40 -0400] - SSL alert:     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled<br>[29/Apr/2015:09:39:40 -0400] - SSL alert:     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled<br>[29/Apr/2015:09:39:40 -0400] - SSL alert:     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:40 -0400] - SSL alert:     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled<br>[29/Apr/2015:09:39:40 -0400] - SSL alert:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:40 -0400] - SSL alert:     TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:40 -0400] - SSL alert:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled<br>[29/Apr/2015:09:39:40 -0400] - SSL alert:     TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:41 -0400] - SSL alert:     TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:41 -0400] - SSL alert:     TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:41 -0400] - SSL alert:     TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:41 -0400] - SSL alert:     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled<br>[29/Apr/2015:09:39:41 -0400] - SSL alert:     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:41 -0400] - SSL alert:     TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:41 -0400] - SSL alert:     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:41 -0400] - SSL alert:     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:41 -0400] - SSL alert:     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:41 -0400] - SSL alert:     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:41 -0400] - SSL alert:     TLS_RSA_WITH_AES_128_GCM_SHA256: enabled<br>[29/Apr/2015:09:39:41 -0400] - SSL alert:     TLS_RSA_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:41 -0400] - SSL alert:     TLS_RSA_WITH_AES_128_CBC_SHA256: enabled<br>[29/Apr/2015:09:39:41 -0400] - SSL alert:     TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:41 -0400] - SSL alert:     TLS_RSA_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:41 -0400] - SSL alert:     TLS_RSA_WITH_AES_256_CBC_SHA256: enabled<br>[29/Apr/2015:09:39:41 -0400] - SSL alert:     TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:41 -0400] - SSL alert:     TLS_RSA_WITH_SEED_CBC_SHA: enabled<br>[29/Apr/2015:09:39:41 -0400] - 389-Directory/<a href="http://1.3.3.1">1.3.3.1</a> B2015.118.1941 starting up<br>[29/Apr/2015:09:39:41 -0400] - I'm resizing my cache now...cache was 6400000 and is now 5120000<br>[29/Apr/2015:09:39:42 -0400] attrcrypt - No symmetric key found for cipher AES in backend userRoot, attempting to create one...<br>[29/Apr/2015:09:39:42 -0400] attrcrypt - Key for cipher AES successfully generated and stored<br>[29/Apr/2015:09:39:42 -0400] attrcrypt - No symmetric key found for cipher 3DES in backend userRoot, attempting to create one...<br>[29/Apr/2015:09:39:42 -0400] attrcrypt - Key for cipher 3DES successfully generated and stored<br>[29/Apr/2015:09:39:42 -0400] ipalockout_get_global_config - [file ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)<br>[29/Apr/2015:09:39:42 -0400] ipaenrollment_start - [file ipa_enrollment.c, line 393]: Failed to get default realm?!<br>[29/Apr/2015:09:39:43 -0400] - slapd started.  Listening on All Interfaces port 389 for LDAP requests<br>[29/Apr/2015:09:39:43 -0400] - Listening on All Interfaces port 636 for LDAPS requests<br>[29/Apr/2015:09:39:43 -0400] - Listening on /var/run/slapd-MR-RIC.socket for LDAPI requests<br>[29/Apr/2015:09:39:44 -0400] - slapd shutting down - signaling operation threads - op stack size 1 max work q size 1 max work q stack size 1<br>[29/Apr/2015:09:39:44 -0400] - slapd shutting down - waiting for 27 threads to terminate<br>[29/Apr/2015:09:39:44 -0400] - slapd shutting down - closing down internal subsystems and plugins<br>[29/Apr/2015:09:39:44 -0400] - Waiting for 4 database threads to stop<br>[29/Apr/2015:09:39:45 -0400] - All database threads now stopped<br>[29/Apr/2015:09:39:45 -0400] - slapd shutting down - freed 1 work q stack objects - freed 1 op stack objects<br>[29/Apr/2015:09:39:45 -0400] - slapd stopped.<br>[29/Apr/2015:09:39:46 -0400] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2<br>[29/Apr/2015:09:39:46 -0400] - SSL alert: Configured NSS Ciphers<br>[29/Apr/2015:09:39:46 -0400] - SSL alert:     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled<br>[29/Apr/2015:09:39:46 -0400] - SSL alert:     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled<br>[29/Apr/2015:09:39:46 -0400] - SSL alert:     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:46 -0400] - SSL alert:     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:46 -0400] - SSL alert:     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:46 -0400] - SSL alert:     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_RSA_WITH_AES_128_GCM_SHA256: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_RSA_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_RSA_WITH_AES_128_CBC_SHA256: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_RSA_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:47 -0400] - SSL alert:     TLS_RSA_WITH_AES_256_CBC_SHA256: enabled<br>[29/Apr/2015:09:39:48 -0400] - SSL alert:     TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled<br>[29/Apr/2015:09:39:48 -0400] - SSL alert:     TLS_RSA_WITH_SEED_CBC_SHA: enabled<br>[29/Apr/2015:09:39:48 -0400] - 389-Directory/<a href="http://1.3.3.1">1.3.3.1</a> B2015.118.1941 starting up<br>[29/Apr/2015:09:39:48 -0400] - I'm resizing my cache now...cache was 5120000 and is now 4096000<br>[29/Apr/2015:09:39:48 -0400] ipalockout_get_global_config - [file ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)<br>[29/Apr/2015:09:39:48 -0400] ipaenrollment_start - [file ipa_enrollment.c, line 393]: Failed to get default realm?!<br>[29/Apr/2015:09:39:48 -0400] - slapd started.  Listening on All Interfaces port 389 for LDAP requests<br>[29/Apr/2015:09:39:48 -0400] - Listening on All Interfaces port 636 for LDAPS requests<br>[29/Apr/2015:09:39:48 -0400] - Listening on /var/run/slapd-MR-RIC.socket for LDAPI requests<br>[29/Apr/2015:09:39:50 -0400] NSMMReplicationPlugin - agmt="cn=meTomripa1.mr.ric" (mripa1:389): The remote replica has a different database generation ID than the local database.  Y<br>ou may have to reinitialize the remote replica, or the local replica.<br>[29/Apr/2015:09:39:51 -0400] NSMMReplicationPlugin - multimaster_be_state_change: replica dc=mr,dc=ric is going offline; disabling replication<br>[29/Apr/2015:09:39:52 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database<br>[29/Apr/2015:09:39:55 -0400] - import userRoot: Workers finished; cleaning up...<br>[29/Apr/2015:09:39:55 -0400] - import userRoot: Workers cleaned up.<br>[29/Apr/2015:09:39:55 -0400] - import userRoot: Indexing complete.  Post-processing...<br>[29/Apr/2015:09:39:55 -0400] - import userRoot: Generating numsubordinates (this may take several minutes to complete)...<br>[29/Apr/2015:09:39:55 -0400] - import userRoot: Generating numSubordinates complete.<br>[29/Apr/2015:09:39:55 -0400] - import userRoot: Gathering ancestorid non-leaf IDs...<br>[29/Apr/2015:09:39:55 -0400] - import userRoot: Finished gathering ancestorid non-leaf IDs.<br>[29/Apr/2015:09:39:55 -0400] - import userRoot: Creating ancestorid index (new idl)...<br>[29/Apr/2015:09:39:56 -0400] - import userRoot: Created ancestorid index (new idl).<br>[29/Apr/2015:09:39:56 -0400] - import userRoot: Flushing caches...<br>[29/Apr/2015:09:39:56 -0400] - import userRoot: Closing files...<br>[29/Apr/2015:09:39:57 -0400] - import userRoot: Import complete.  Processed 422 entries in 5 seconds. (84.40 entries/sec)<br>[29/Apr/2015:09:39:57 -0400] NSMMReplicationPlugin - multimaster_be_state_change: replica dc=mr,dc=ric is coming online; enabling replication<br>[29/Apr/2015:09:39:57 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=mr,dc=ric--no CoS Templates found, which should be added before the CoS Definition.<br>[29/Apr/2015:09:39:57 -0400] NSACLPlugin - The ACL target cn=keys,cn=sec,cn=dns,dc=mr,dc=ric does not exist<br>[29/Apr/2015:09:39:58 -0400] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=mr,dc=ric does not exist<br>[29/Apr/2015:09:39:58 -0400] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=mr,dc=ric does not exist<br>[29/Apr/2015:09:39:58 -0400] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=mr,dc=ric does not exist<br>[29/Apr/2015:09:39:58 -0400] NSACLPlugin - The ACL target ou=sudoers,dc=mr,dc=ric does not exist<br>[29/Apr/2015:09:39:58 -0400] NSACLPlugin - The ACL target cn=users,cn=compat,dc=mr,dc=ric does not exist<br>[29/Apr/2015:09:39:58 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=mr,dc=ric does not exist<br>[29/Apr/2015:09:39:58 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=mr,dc=ric does not exist<br>[29/Apr/2015:09:40:03 -0400] - slapd shutting down - signaling operation threads - op stack size 3 max work q size 1 max work q stack size 1<br>[29/Apr/2015:09:40:03 -0400] - slapd shutting down - waiting for 22 threads to terminate<br>[29/Apr/2015:09:40:03 -0400] - slapd shutting down - closing down internal subsystems and plugins<br>[29/Apr/2015:09:40:04 -0400] NSMMReplicationPlugin - agmt="cn=meTomripa1.mr.ric" (mripa1:389): Warning: Attempting to release replica, but unable to receive endReplication extended<br> operation response from the replica. Error -5 (Timed out)<br>[29/Apr/2015:09:40:04 -0400] - Waiting for 4 database threads to stop<br>[29/Apr/2015:09:40:04 -0400] - All database threads now stopped<br>[29/Apr/2015:09:40:04 -0400] - slapd shutting down - freed 1 work q stack objects - freed 3 op stack objects<br>[29/Apr/2015:09:40:04 -0400] - slapd stopped.<br>[29/Apr/2015:09:40:06 -0400] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2<br>[29/Apr/2015:09:40:06 -0400] - SSL alert: Configured NSS Ciphers<br>[29/Apr/2015:09:40:06 -0400] - SSL alert:     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled<br>[29/Apr/2015:09:40:06 -0400] - SSL alert:     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled<br>[29/Apr/2015:09:40:06 -0400] - SSL alert:     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_RSA_WITH_AES_128_GCM_SHA256: enabled<br>[29/Apr/2015:09:40:07 -0400] - SSL alert:     TLS_RSA_WITH_AES_128_CBC_SHA: enabled<br>[29/Apr/2015:09:40:08 -0400] - SSL alert:     TLS_RSA_WITH_AES_128_CBC_SHA256: enabled<br>[29/Apr/2015:09:40:08 -0400] - SSL alert:     TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled<br>[29/Apr/2015:09:40:08 -0400] - SSL alert:     TLS_RSA_WITH_AES_256_CBC_SHA: enabled<br>[29/Apr/2015:09:40:08 -0400] - SSL alert:     TLS_RSA_WITH_AES_256_CBC_SHA256: enabled<br>[29/Apr/2015:09:40:08 -0400] - SSL alert:     TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled<br>[29/Apr/2015:09:40:08 -0400] - SSL alert:     TLS_RSA_WITH_SEED_CBC_SHA: enabled<br>[29/Apr/2015:09:40:08 -0400] - 389-Directory/<a href="http://1.3.3.1">1.3.3.1</a> B2015.118.1941 starting up<br>[29/Apr/2015:09:40:08 -0400] - I'm resizing my cache now...cache was 10240000 and is now 3276800<br>[29/Apr/2015:09:40:09 -0400] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=mr,dc=ric<br>[29/Apr/2015:09:40:09 -0400] schema-compat-plugin - no RDN for ipauniqueid=f0186aa0-eab1-11e4-b498-000c29fa12eb,cn=sudorules,cn=sudo,dc=mr,dc=ric, unsetting domain/map/id "ou=sudoe<br>rs,dc=mr,dc=ric"/""/("ipauniqueid=f0186aa0-eab1-11e4-b498-000c29fa12eb,cn=sudorules,cn=sudo,dc=mr,dc=ric")<br>[29/Apr/2015:09:40:09 -0400] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=mr,dc=ric<br>[29/Apr/2015:09:40:09 -0400] NSACLPlugin - The ACL target cn=keys,cn=sec,cn=dns,dc=mr,dc=ric does not exist<br>[29/Apr/2015:09:40:09 -0400] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=mr,dc=ric does not exist<br>[29/Apr/2015:09:40:09 -0400] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=mr,dc=ric does not exist<br>[29/Apr/2015:09:40:09 -0400] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=mr,dc=ric does not exist<br>[29/Apr/2015:09:40:09 -0400] NSACLPlugin - The ACL target ou=sudoers,dc=mr,dc=ric does not exist<br>[29/Apr/2015:09:40:09 -0400] NSACLPlugin - The ACL target cn=users,cn=compat,dc=mr,dc=ric does not exist<br>[29/Apr/2015:09:40:09 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=mr,dc=ric does not exist<br>[29/Apr/2015:09:40:09 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=mr,dc=ric does not exist<br>[29/Apr/2015:09:40:09 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=mr,dc=ric--no CoS Templates found, which should be added before the CoS Definition.<br>[29/Apr/2015:09:40:09 -0400] ipalockout_get_global_config - [file ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)<br>[29/Apr/2015:09:40:09 -0400] ipaenrollment_start - [file ipa_enrollment.c, line 393]: Failed to get default realm?!<br>[29/Apr/2015:09:40:10 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=mr,dc=ric--no CoS Templates found, which should be added before the CoS Definition.<br>[29/Apr/2015:09:40:10 -0400] - slapd started.  Listening on All Interfaces port 389 for LDAP requests<br>[29/Apr/2015:09:40:10 -0400] - Listening on All Interfaces port 636 for LDAPS requests<br>[29/Apr/2015:09:40:10 -0400] - Listening on /var/run/slapd-MR-RIC.socket for LDAPI requests<br>[29/Apr/2015:09:40:10 -0400] - The change of nsslapd-maxdescriptors will not take effect until the server is restarted<br>-----<br><div>----- access log ---- <br><div>[29/Apr/2015:09:40:11 -0400] conn=3 fd=64 slot=64 connection from 172.25.12.161 to 172.25.12.161<br>[29/Apr/2015:09:40:11 -0400] conn=3 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs=ALL<br>[29/Apr/2015:09:40:11 -0400] conn=3 op=0 RESULT err=0 tag=101 nentries=1 etime=0<br>[29/Apr/2015:09:40:11 -0400] conn=3 op=1 BIND dn="cn=Directory Manager" method=128 version=3<br>[29/Apr/2015:09:40:11 -0400] conn=3 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"<br>[29/Apr/2015:09:40:11 -0400] conn=3 op=2 SRCH base="o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL<br>[29/Apr/2015:09:40:11 -0400] conn=3 op=2 RESULT err=32 tag=101 nentries=0 etime=0<br>[29/Apr/2015:09:40:11 -0400] conn=3 op=3 UNBIND<br>[29/Apr/2015:09:40:11 -0400] conn=3 op=3 fd=64 closed - U1<br>-----<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Apr 29, 2015 at 12:14 PM, Rob Crittenden <span dir="ltr"><<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="">Qing Chang wrote:<br>
> mripa2.mr.ric is the server to be setup as replica. I wonder if the ldap<br>
> service was available at all at installation stage.<br>
<br>
</span>I think we'd need to see the full ipareplica-install.log.<br>
<br>
You might also want to see if a ns-slapd process is running and check<br>
/var/log/dirsrv/slapd-REALM/errors for anything interesting.<br>
<span class=""><font color="#888888"><br>
rob<br>
</font></span><span class="im"><br>
><br>
> Thanks,<br>
> Qing<br>
><br>
> On Wed, Apr 29, 2015 at 10:29 AM, Qing Chang <<a href="mailto:tmpchq@gmail.com">tmpchq@gmail.com</a><br>
</span><div class=""><div class="h5">> <mailto:<a href="mailto:tmpchq@gmail.com">tmpchq@gmail.com</a>>> wrote:<br>
><br>
>     CentOS7.1 with IPA server 4.1.<br>
><br>
>     "ipa-replica-install --setup-ca --setup-dns ..." fails with this<br>
>     error message:<br>
>     -----<br>
>       [2/22]: configuring certificate server instance<br>
>     ipa         : CRITICAL failed to configure ca instance Command<br>
>     ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpaUGoKX'' returned<br>
>     non-zero exit status 1<br>
>       [error] RuntimeError: Configuration of CA failed<br>
>     -----<br>
><br>
>     ipareplica-install.log shows this:<br>
>     -----<br>
>     2015-04-29T13:40:11Z DEBUG Saving StateFile to<br>
>     '/var/lib/ipa/sysrestore/sysrestore.state'<br>
>     2015-04-29T13:40:11Z DEBUG Starting external process<br>
>     2015-04-29T13:40:11Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f'<br>
>     '/tmp/tmpaUGoKX'<br>
>     2015-04-29T13:40:51Z DEBUG Process finished, return code=1<br>
>     2015-04-29T13:40:51Z DEBUG stdout=Loading deployment configuration<br>
>     from /tmp/tmpaUGoKX.<br>
>     Installing CA into /var/lib/pki/pki-tomcat.<br>
>     Storing deployment configuration into<br>
>     /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.<br>
><br>
>     Installation failed.<br>
><br>
><br>
>     2015-04-29T13:40:51Z DEBUG stderr=pkispawn    : ERROR    .......<br>
>     Exception from Java Configuration Servlet: Error in populating<br>
>     database: Could not connect to LDAP server host mrip<br>
>     a2.mr.ric port 389 Error netscape.ldap.LDAPException: failed to<br>
>     connect to server ldap://mripa2.mr.ric:389 (91)<br>
><br>
>     2015-04-29T13:40:51Z CRITICAL failed to configure ca instance<br>
>     Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpaUGoKX''<br>
>     returned non-zero exit status 1<br>
>     2015-04-29T13:40:51Z DEBUG Traceback (most recent call last):<br>
>       File<br>
>     "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",<br>
>     line 382, in start_creation<br>
>         run_step(full_msg, method)<br>
>       File<br>
>     "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",<br>
>     line 372, in run_step<br>
>         method()<br>
>       File<br>
>     "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",<br>
>     line 673, in __spawn_instance<br>
>         raise RuntimeError('Configuration of CA failed')<br>
>     RuntimeError: Configuration of CA failed<br>
>     -----<br>
><br>
>     I hope this is enough information.<br>
><br>
>     Thanks in advance,<br>
><br>
>     Qing Chang<br>
><br>
><br>
><br>
><br>
<br>
</div></div></blockquote></div><br></div></div>