<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Hello, I am  trying to migrate and upgrade my main freeipa
    installation, so I decided to replicate it and phase it out of our
    intranet. <br>
    I manage to get over some obstacles as I had to recreate my
    cacert.p12 file, but now I am facing an issue that prevents me from
    setting up CA on the replicated server. <br>
    Both of my servers are fully updated. I have tried some solutions
    and found similar other threads but nothing worked. <br>
    Without CA the replication finalizes without issues but I do not
    want that. Is there any other way to perform the migration?<br>
    <b><br>
      Similar issues:</b><br>
    <a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/5581">https://fedorahosted.org/freeipa/ticket/5581</a><br>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/archives/freeipa-users/2016-February/msg00183.html">https://www.redhat.com/archives/freeipa-users/2016-February/msg00183.html</a><br>
    <br>
    <b>Master Server has:</b><br>
    CentOS release 6.8 (Final)<br>
    ipa-server.x86_64  3.0.0-50<br>
    pki-util.noarch 9.0.3-50<br>
    <br>
    <b>Replication Server has:</b><br>
    CentOS Linux release 7.2.1511 (Core) <br>
    ipa 4.2.0<br>
    <br>
    <br>
    <b>ERROR LOG</b><br>
    <br>
    ipa         : DEBUG    Starting external process<br>
    ipa         : DEBUG    args='/usr/sbin/pkispawn' '-s' 'CA' '-f'
    '/tmp/tmpuuJbGt'<br>
    ipa         : DEBUG    Process finished, return code=1<br>
    ipa         : DEBUG    stdout=Log file:
    /var/log/pki/pki-ca-spawn.20160908092308.log<br>
    Loading deployment configuration from /tmp/tmpuuJbGt.<br>
    Installing CA into /var/lib/pki/pki-tomcat.<br>
    Storing deployment configuration into
    /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.<br>
    <br>
    Installation failed.<br>
    <br>
    <br>
    <b>ipa         : DEBUG   
      stderr=/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769:
      InsecureRequestWarning: Unverified HTTPS request is being made.
      Adding certificate verification is strongly advised. See:
      <a class="moz-txt-link-freetext" href="https://urllib3.readthedocs.org/en/latest/security.html">https://urllib3.readthedocs.org/en/latest/security.html</a></b><b><br>
    </b><b>  InsecureRequestWarning)</b><b><br>
    </b><b>pkispawn    : WARNING  ....... unable to validate security
      domain user/password through REST interface. Interface not
      available</b><b><br>
    </b><b>pkispawn    : ERROR    ....... Exception from Java
      Configuration Servlet: 500 Server Error: Internal Server Error</b><b><br>
    </b><b>pkispawn    : ERROR    ....... ParseError: not well-formed
      (invalid token): line 1, column 0:
{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.PKIException","Code":500,"Message":"Failed
      to obtain installation token from security domain"} </b><br>
    <br>
    ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
    configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f'
    '/tmp/tmpuuJbGt'' returned non-zero exit status 1<br>
    ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the
    installation logs and the following files/directories for more
    information:<br>
    ipa.ipaserver.install.cainstance.CAInstance: CRITICAL  
    /var/log/pki-ca-install.log<br>
    ipa.ipaserver.install.cainstance.CAInstance: CRITICAL  
    /var/log/pki/pki-tomcat<br>
    ipa         : DEBUG    Traceback (most recent call last):<br>
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
    line 418, in start_creation<br>
        run_step(full_msg, method)<br>
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
    line 408, in run_step<br>
        method()<br>
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
    line 622, in __spawn_instance<br>
        DogtagInstance.spawn_instance(self, cfg_file)<br>
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
    line 201, in spawn_instance<br>
        self.handle_setup_error(e)<br>
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
    line 465, in handle_setup_error<br>
        raise RuntimeError("%s configuration failed." % self.subsystem)<br>
    RuntimeError: CA configuration failed.<br>
    <br>
    ipa         : DEBUG      [error] RuntimeError: CA configuration
    failed.<br>
      [error] RuntimeError: CA configuration failed.<br>
    Your system may be partly configured.<br>
    Run /usr/sbin/ipa-server-install --uninstall to clean up.<br>
    <br>
    ipa.ipapython.install.cli.install_tool(Replica): DEBUG      File
    "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171,
    in execute<br>
        return_value = self.run()<br>
      File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py",
    line 311, in run<br>
        cfgr.run()<br>
      File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
    line 281, in run<br>
        self.execute()<br>
      File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
    line 303, in execute<br>
        for nothing in self._executor():<br>
      File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
    line 343, in __runner<br>
        self._handle_exception(exc_info)<br>
      File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
    line 365, in _handle_exception<br>
        util.raise_exc_info(exc_info)<br>
      File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
    line 333, in __runner<br>
        step()<br>
      File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
    line 87, in run_generator_with_yield_from<br>
        raise_exc_info(exc_info)<br>
      File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
    line 65, in run_generator_with_yield_from<br>
        value = gen.send(prev_value)<br>
      File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
    line 539, in _configure<br>
        executor.next()<br>
      File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
    line 343, in __runner<br>
        self._handle_exception(exc_info)<br>
      File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
    line 421, in _handle_exception<br>
        self.__parent._handle_exception(exc_info)<br>
      File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
    line 365, in _handle_exception<br>
        util.raise_exc_info(exc_info)<br>
      File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
    line 418, in _handle_exception<br>
        super(ComponentBase, self)._handle_exception(exc_info)<br>
      File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
    line 365, in _handle_exception<br>
        util.raise_exc_info(exc_info)<br>
      File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
    line 333, in __runner<br>
        step()<br>
      File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
    line 87, in run_generator_with_yield_from<br>
        raise_exc_info(exc_info)<br>
      File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
    line 65, in run_generator_with_yield_from<br>
        value = gen.send(prev_value)<br>
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line
    63, in _install<br>
        for nothing in self._installer(self.parent):<br>
      File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
    line 901, in main<br>
        install(self)<br>
      File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
    line 295, in decorated<br>
        func(installer)<br>
      File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
    line 616, in install<br>
        ca.install(False, config, options)<br>
      File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py",
    line 114, in install<br>
        install_step_0(standalone, replica_config, options)<br>
      File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py",
    line 138, in install_step_0<br>
        ra_p12=getattr(options, 'ra_p12', None))<br>
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
    line 1545, in install_replica_ca<br>
        subject_base=config.subject_base)<br>
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
    line 488, in configure_instance<br>
        self.start_creation(runtime=210)<br>
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
    line 418, in start_creation<br>
        run_step(full_msg, method)<br>
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
    line 408, in run_step<br>
        method()<br>
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
    line 622, in __spawn_instance<br>
        DogtagInstance.spawn_instance(self, cfg_file)<br>
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
    line 201, in spawn_instance<br>
        self.handle_setup_error(e)<br>
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
    line 465, in handle_setup_error<br>
        raise RuntimeError("%s configuration failed." % self.subsystem)<br>
    <br>
    ipa.ipapython.install.cli.install_tool(Replica): DEBUG    The
    ipa-replica-install command failed, exception: RuntimeError: CA
    configuration failed.<br>
    ipa.ipapython.install.cli.install_tool(Replica): ERROR    CA
    configuration failed.<br>
    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </body>
</html>