<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><br><div><blockquote type="cite">Could you please provide the content of logfile:<br>`/var/log/pki/pki-tomcat/ca/debug', around the time the error<br>occurs?<br><br>Thanks,<br>Fraser<br></blockquote><br></div><div>When the pki-tomcatd service is trying to start, I see this message in /var/log/pki/pki-tomcat/ca/debug</div><br><div>[30/Jun/2015:10:02:13][localhost-startStop-1]: ============================================<br>[30/Jun/2015:10:02:13][localhost-startStop-1]: =====  DEBUG SUBSYSTEM INITIALIZED   =======<br>[30/Jun/2015:10:02:13][localhost-startStop-1]: ============================================<br>[30/Jun/2015:10:02:13][localhost-startStop-1]: CMSEngine: done init id=debug<br>[30/Jun/2015:10:02:13][localhost-startStop-1]: CMSEngine: initialized debug<br>[30/Jun/2015:10:02:13][localhost-startStop-1]: CMSEngine: initSubsystem id=log<br>[30/Jun/2015:10:02:13][localhost-startStop-1]: CMSEngine: ready to init id=log<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: CMSEngine: done init id=log<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: CMSEngine: initialized log<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: CMSEngine: initSubsystem id=jss<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: CMSEngine: ready to init id=jss<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: CMSEngine: done init id=jss<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: CMSEngine: initialized jss<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: CMSEngine: initSubsystem id=dbs<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: CMSEngine: ready to init id=dbs<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: DBSubsystem: init()  mEnableSerialMgmt=true<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: LdapBoundConnFactory: init <br>[30/Jun/2015:10:02:14][localhost-startStop-1]: LdapBoundConnFactory:doCloning true<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: LdapAuthInfo: init()<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: LdapAuthInfo: init begins<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: LdapAuthInfo: init ends<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: init: before makeConnection errorIfDown is true<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: makeConnection: errorIfDown true<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: LdapJssSSLSocket set client auth cert nicknamesubsystemCert cert-pki-ca<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: CMS:Caught EBaseException<br>Internal Database Error encountered: Could not connect to LDAP server host <a href="http://ipa.mydomain.org">ipa.mydomain.org</a> port 636 Error netscape.ldap.LDAPException: IO Error creating JSS SSL Socket (-1)<br><span class="Apple-tab-span" style="white-space:pre">       </span>at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:658)<br><span class="Apple-tab-span" style="white-space:pre">        </span>at com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:934)<br><span class="Apple-tab-span" style="white-space:pre">  </span>at com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:865)<br><span class="Apple-tab-span" style="white-space:pre"> </span>at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:362)<br><span class="Apple-tab-span" style="white-space:pre">   </span>at com.netscape.certsrv.apps.CMS.init(CMS.java:189)<br><span class="Apple-tab-span" style="white-space:pre">       </span>at com.netscape.certsrv.apps.CMS.start(CMS.java:1585)<br><span class="Apple-tab-span" style="white-space:pre">     </span>at com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:96)<br><span class="Apple-tab-span" style="white-space:pre">    </span>at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<br><span class="Apple-tab-span" style="white-space:pre">    </span>at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)<br><span class="Apple-tab-span" style="white-space:pre">  </span>at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)<br><span class="Apple-tab-span" style="white-space:pre">  </span>at java.lang.reflect.Method.invoke(Method.java:606)<br><span class="Apple-tab-span" style="white-space:pre">       </span>at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)<br><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)<br><span class="Apple-tab-span" style="white-space:pre"> </span>at java.security.AccessController.doPrivileged(Native Method)<br><span class="Apple-tab-span" style="white-space:pre">     </span>at javax.security.auth.Subject.doAsPrivileged(Subject.java:536)<br><span class="Apple-tab-span" style="white-space:pre">   </span>at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)<br><span class="Apple-tab-span" style="white-space:pre">       </span>at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:169)<br><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:123)<br><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1272)<br><span class="Apple-tab-span" style="white-space:pre">        </span>at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1197)<br><span class="Apple-tab-span" style="white-space:pre">        </span>at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1087)<br><span class="Apple-tab-span" style="white-space:pre">       </span>at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5210)<br><span class="Apple-tab-span" style="white-space:pre">      </span>at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5493)<br><span class="Apple-tab-span" style="white-space:pre">      </span>at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)<br><span class="Apple-tab-span" style="white-space:pre">   </span>at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)<br><span class="Apple-tab-span" style="white-space:pre">        </span>at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)<br><span class="Apple-tab-span" style="white-space:pre">      </span>at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)<br><span class="Apple-tab-span" style="white-space:pre">  </span>at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)<br><span class="Apple-tab-span" style="white-space:pre">  </span>at java.security.AccessController.doPrivileged(Native Method)<br><span class="Apple-tab-span" style="white-space:pre">     </span>at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)<br><span class="Apple-tab-span" style="white-space:pre">        </span>at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:632)<br><span class="Apple-tab-span" style="white-space:pre">  </span>at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:672)<br><span class="Apple-tab-span" style="white-space:pre">   </span>at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1862)<br><span class="Apple-tab-span" style="white-space:pre">      </span>at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)<br><span class="Apple-tab-span" style="white-space:pre">        </span>at java.util.concurrent.FutureTask.run(FutureTask.java:262)<br><span class="Apple-tab-span" style="white-space:pre">       </span>at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)<br><span class="Apple-tab-span" style="white-space:pre">        </span>at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)<br><span class="Apple-tab-span" style="white-space:pre">        </span>at java.lang.Thread.run(Thread.java:745)<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: CMSEngine.shutdown()<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: LogFile:In log shutdown<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: SignedAuditEventFactory: create() message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success] audit function shutdown<br><br>[30/Jun/2015:10:02:14][localhost-startStop-1]: LogFile:In log shutdown<br>[30/Jun/2015:10:02:14][localhost-startStop-1]: SignedAuditEventFactory: create() message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success] audit function shutdown<br><br>[30/Jun/2015:10:02:15][ajp-bio-127.0.0.1-8009-exec-1]: according to ccMode, authorization for servlet: caGetStatus is LDAP based, not XML {1}, use default authz mgr: {2}.</div><div><br></div><div>I checked that ns-slapd was running on port 636</div><div># netstat -antp|grep 636<br>tcp6       0      0 :::636                  :::*                    LISTEN      22855/ns-slapd</div><div><br></div><div>After a quick search, I found this bug <a href="https://fedorahosted.org/freeipa/ticket/4666">https://fedorahosted.org/freeipa/ticket/4666</a> is quite similar.</div><div>Many workarounds are suggested there but I’m confused about which could be efficient for me.</div><div><br></div><div>Thanks for your help</div></body></html>