<div dir="ltr"><div>Rob,</div><div>The only message that seems remotely relevant is:</div><div><br></div><div>ProfileSubmitServlet: for renewal, original authenticator not found</div><div><br></div><div>But everything else looks completely fine until the "AUTH_FAIL" message. </div><div>I started seeing</div><div><br></div><div>csngen_new_csn - Warning: too much time skew (-xxx secs). Current seqnum=1</div><div><br></div><div>So I searched for that and found a few articles...but most of them deal with replication. I don't have any replication agreements right now, and I updated nsslapd-ignore-time-skew to on, but that didn't fix it either.</div><div><br></div><div>Any ideas?</div><div><br></div><div>Thanks</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Aug 1, 2016 at 3:29 PM, Rob Crittenden <span dir="ltr"><<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>Adam Lewis wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
Yup. I'm currently still sitting back in time. But any time I try to<br>
resubmit either the ipaCert or the subsystemCert it errors out.<br>
<br>
getcert list shows :<br>
ca-error: Server at<br>
"<a href="https://ipa.local.domain:9443/ca/agent/ca/profileProcess" target="_blank" rel="noreferrer">https://ipa.local.domain:9443/ca/agent/ca/profileProcess</a>" replied: 1:<br>
Authentication Error<br>
<br>
And the debug log shows:<br>
SignedAuditEventFactory: create()<br>
message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=certUserDBAuthMgr][AttemptedCred=CN=IPA<br>
RA,O=MISS.ION] authentication failure<br>
ReviewReqServlet: Invalid Credential.<br>
</blockquote>
<br></span>
I'd look at the lines above that for clues, and check the 389-ds access log. I assume it is finding an entry for uid=ipara, right?<br>
<br>
The way the auth works as I understand it is dogtag first compares the serial number, issuer and subject of the provided certificate with the description attribute in the entry it finds in LDAP. Then it compares the full certificate. If things match up then you are authenticated. It then does some authorization work.<br>
<br>
For reference, mine looks like:<br>
<br>
dn: uid=ipara,ou=people,o=ipaca<br>
objectClass: top<br>
objectClass: person<br>
objectClass: organizationalPerson<br>
objectClass: inetOrgPerson<br>
objectClass: cmsuser<br>
uid: ipara<br>
sn: ipara<br>
cn: ipara<br>
usertype: agentType<br>
userstate: 1<br>
userCertificate:: MIIDbTCCAlWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtH<br>
[snip]<br>
o0i1CCw1v++2tgvHiiZEEeeuOEMGEdXZfv4Xw=<br>
description: 2;7;CN=Certificate Authority,O=<a href="http://EXAMPLE.COM" target="_blank" rel="noreferrer">EXAMPLE.COM</a>;CN=IPA RA,O=<a href="http://EXAMPLE.COM" target="_blank" rel="noreferrer">EXAMPLE.COM</a><span><br>
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
Those appear to be the most significant messages. I'm disconnected so<br>
getting the full log info is difficult. If it's the only way let me know<br>
and I'll see what I can do. Worst case it'll just take me a while to<br>
re-type it.<br>
</blockquote>
<br></span>
Understood.<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid"><span>
<br>
Thanks<br>
<br>
<br>
On Mon, Aug 1, 2016 at 3:11 PM, Rob Crittenden <<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a><br></span><span>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>>> wrote:<br>
<br>
Adam Lewis wrote:<br>
<br>
Yup, It's just the text string. I don't know how much this<br>
matters but<br>
when I ran the start-tracking for the ipaCert it didn't generate<br>
a new<br>
certificate. I'm still working off of serial number 7, which is what<br>
it's been since we installed IPA. Is there some way/reason for me to<br>
generate a whole new ipaCert?<br>
<br>
<br>
certmonger will take care of that when renewal happens.<br>
<br>
Did you go back in time to when this cert was valid?<br>
<br>
rob<br>
<br>
<br>
Thanks<br>
<br>
On Mon, Aug 1, 2016 at 3:00 PM, Rob Crittenden<br>
<<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>><br></span><span>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>>>> wrote:<br>
<br>
Adam Lewis wrote:<br>
<br>
If you mean the usercertificate value from the ldapsearch<br>
command, then<br>
yes. That value matches the value from the certutil output.<br>
<br>
<br>
The usercertificate in LDAP had the BEGIN/END stripped, right?<br>
<br>
I'll cc a couple of the dogtag developers to see what they<br>
think.<br>
<br>
rob<br>
<br>
<br>
Thanks<br>
<br>
On Mon, Aug 1, 2016 at 11:18 AM, Rob Crittenden<br>
<<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>><br>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>>><br></span><span>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a><br>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>> <mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a><br>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>>>>> wrote:<br>
<br></span><div><div class="h5">
Adam Lewis wrote:<br>
<br>
A quick update. We did some digging on the<br>
segfault<br>
problem and<br>
I think<br>
it was due to having to update the trusts on<br>
the CA<br>
cert. So we<br>
updated<br>
the certmonger package and certmonger now<br>
starts again.<br>
However we're kind of back to square one where<br>
we are still<br>
getting the<br>
AUTH_FAIL messages in the debug log.<br>
I have verified that the ipara entry's serial<br>
number<br>
and cert<br>
match the<br>
serial number and cert from the one in<br>
/etc/httpd/alias.<br>
<br>
<br>
How about the certificate PEM? Does it match the<br>
usercertificate in<br>
the dogtag LDAP server?<br>
<br>
rob<br>
<br>
<br>
Any other ideas?<br>
<br>
Thanks!<br>
<br>
On Mon, Aug 1, 2016 at 9:17 AM, Adam Lewis<br>
<<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>>><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>>>><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>>> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>>>>>> wrote:<br>
<br>
Rob,<br>
Thanks for pointing me in the right<br>
direction.<br>
However after<br>
following the instructions in the above<br>
mentioned<br>
doc I<br>
noticed a<br>
few things that are odd and have a new<br>
problem.<br>
The first<br>
odd thing<br>
I noticed is that when I run service<br>
pki-cad status it<br>
shows that my<br>
PKI Subsystem Type is "CA Clone (Security<br>
Domain)"<br>
Shouldn't that say something like "CA<br>
Master"?<br>
Second, when I ran the "ipa-getcert<br>
resubmit -I [ID]"<br>
commands they<br>
all produced the same AUTH_FAIL message<br>
in the<br>
debug log.<br>
<br>
Now the new problem...after pressing on and<br>
restarting things<br>
certmonger fails to start with a segfault.<br>
Starting certmonger: /bin/bash: line 1: 64935<br>
Segmentation<br>
fault /usr/sbin/certmonger -S -p<br>
/var/run<br>
certmonger.pid<br>
<br>
Thanks!<br>
<br>
On Thu, Jul 28, 2016 at 3:36 PM, Rob<br>
Crittenden<br>
<<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a><br>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>> <mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a><br>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>>><br>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a><br>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>> <mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a><br>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>>>><br>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a><br>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>><br>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a><br>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>>> <mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a><br>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>><br>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a><br>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>>>>>><br>
<br>
wrote:<br>
<br>
Lewis, Adam M CIV NSWCDD, H11 wrote:<br>
<br>
We are currently dead in the<br>
water. Our<br>
OCSP, CA<br>
Audit, CA<br>
Subsystem, and IPA RA certs<br>
expired as of<br>
7/23/16.<br>
I found<br>
and followed the instructions to<br>
the letter<br>
<br>
<br>
<br>
(<a href="http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#Procedure_in_FreeIPA_.3C_4.0" target="_blank" rel="noreferrer">http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#Procedure_in_FreeIPA_.3C_4.0</a>)<br>
however the CA Subsystem and IPA<br>
RA certs<br>
will not<br>
renew.<br>
I've backdated the server to make<br>
sure the<br>
system<br>
was within<br>
the renewal window, but that has<br>
not help.<br>
<br>
<br>
Those are the wrong instructions.<br>
<br>
You want this instead,<br>
<a href="https://access.redhat.com/solutions/643753" target="_blank" rel="noreferrer">https://access.redhat.com/solutions/643753</a><br>
<br>
A bunch of it is for 2.2 but it isn't<br>
exactly<br>
noted<br>
which parts.<br>
A general rule is that you<br>
don't/shouldn't<br>
need to directly<br>
tweak the dogtag configuration or do<br>
any of the<br>
start-tracking<br>
work (though you may want to verify<br>
that what/if<br>
anything you<br>
changed from that wrong doc).<br>
<br>
When I run getcert list it reports:<br>
Ca-error: Sever at<br>
<br>
"https://<fqdn>:9443/ca/agent/ca/profileProcess"<br>
replied: 1:<br>
Authentication Error<br>
for both the IPA RA and CA<br>
Subsystem certs<br>
<br>
The debug log shows:<br>
SignedAuditEventFactory: create()<br>
<br>
<br>
<br>
message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=certUserDBAuthMgr][AttemptedCred=CN=IPA<br>
RA,O=MISS.ION] authentication failure<br>
ReviewReqServlet: Invalid Credential.<br>
<br>
<br>
The place to start is to get the<br>
serial # of<br>
the ipaCert:<br>
<br>
# certutil -L -d /etc/httpd/alias -n<br>
ipaCert<br>
|grep Serial<br>
<br>
Now get the user from the dogtag LDAP<br>
server:<br>
<br>
# ldapsearch -h `hostname` -p 7389 -x -D<br>
'cn=directory<br>
manager'<br>
-W -b uid=ipara,ou=People,o=ipaca<br>
description<br>
<br>
The format is 2;<serial number>;<issuer<br>
subject>;<subject><br>
<br>
See if the serial # matches ipaCert. I'm<br>
guessing it won't.<br>
Follow the instructions on the page I<br>
cited to<br>
update<br>
the entry<br>
with the current certificate and serial #<br>
values. That<br>
should<br>
get you going.<br>
<br>
rob<br>
<br>
<br>
<br>
We are kind of in deep doo-doo<br>
until this gets<br>
resolved.<br>
<br>
We are running<br>
ipa-server-3.0.0-47.el6_7.2<br>
on RHEL 6.5<br>
<br>
Any thoughts?<br>
<br>
Thanks!<br>
<br>
Adam M. Lewis<br>
<br>
<br>
<br>
<br>
--<br>
Manage your subscription for the<br>
Freeipa-users<br>
mailing<br>
list:<br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank" rel="noreferrer">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go to <a href="http://freeipa.org" target="_blank" rel="noreferrer">http://freeipa.org</a> for more<br>
info on the<br>
project<br>
<br>
<br>
<br>
<br>
--<br>
Adam M. Lewis<br>
<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>>><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>>>><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>>> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>><br></div></div>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>>>>><span><br>
10807 Allie Place<br>
Fredericksburg, VA 22408<br>
<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a> <tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a>> <tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a><br>
<tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a>>> <tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a> <tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a>><br>
<tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a> <tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a>>>><br>
<tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a> <tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a>> <tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a><br>
<tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a>>><br>
<tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a> <tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a>><br>
<tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a> <tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a>>>>><br>
<br>
<br>
<br>
<br>
<br>
--<br>
Adam M. Lewis<br>
<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>>><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>>>><br></span><span>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>>> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>><br></span>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>>>>><div><div class="h5"><br>
10807 Allie Place<br>
Fredericksburg, VA 22408<br>
<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a> <tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a>> <tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a><br>
<tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a>>> <tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a> <tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a>><br>
<tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a> <tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a>>>><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
--<br>
Adam M. Lewis<br>
<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>>><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>>>><br>
10807 Allie Place<br>
Fredericksburg, VA 22408<br>
<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a> <tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a>> <tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a><br>
<tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a>>><br>
<br>
<br>
<br>
<br>
<br>
<br>
--<br>
Adam M. Lewis<br>
<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>><br>
<mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>>><br>
10807 Allie Place<br>
Fredericksburg, VA 22408<br>
<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a> <tel:<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a>><br>
<br>
<br>
<br>
<br>
<br>
<br>
--<br>
Adam M. Lewis<br>
<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a> <mailto:<a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a>><br>
10807 Allie Place<br>
Fredericksburg, VA 22408<br>
<a href="tel:540-412-8643" target="_blank" value="+15404128643">540-412-8643</a><br>
<br>
<br>
</div></div></blockquote>
<br>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">Adam M. Lewis<br><a href="mailto:alewis422@gmail.com" target="_blank">alewis422@gmail.com</a><br>10807 Allie Place<br>Fredericksburg, VA 22408<br>540-412-8643<br><br><br></div>
</div>