<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 13, 2016 at 2:10 PM, Natxo Asenjo <span dir="ltr"><<a href="mailto:natxo.asenjo@gmail.com" target="_blank">natxo.asenjo@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>hi,<br><br></div>when trying to add a replica to the Idm environment of a host running centos 7 (fully patched) to an existing centos 6.8 realm I get this error:<br clear="all"></div></blockquote><div><br></div><div>ok, some progress. I found this:<br><br><a href="https://fedorahosted.org/389/ticket/470">https://fedorahosted.org/389/ticket/470</a><br><br></div><div>So I went ahead and rebooted the master 6.8 kdc I was replicating from and then it failed in the certificate server instance:<br><br><br> </div></div>ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpyHV1BW'' returned non-zero exit status 1<br>ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation logs and the following files/directories for more information:<br>ipa.ipaserver.install.cainstance.CAInstance: CRITICAL /var/log/pki-ca-install.log<br>ipa.ipaserver.install.cainstance.CAInstance: CRITICAL /var/log/pki/pki-tomcat<br> [error] RuntimeError: CA configuration failed.<br>Your system may be partly configured.<br>Run /usr/sbin/ipa-server-install --uninstall to clean up.<br><br>ipa.ipapython.install.cli.install_tool(Replica): ERROR CA configuration failed.<br><br><br></div><div class="gmail_extra">But there is no /var/log/pki-ca-install.log :<br><br># ls -ltr /var/log/<br>total 1708<br>drwx------. 2 root root 6 Jun 10 2014 ppp<br>drwxr-xr-x. 2 ntp ntp 6 May 31 12:29 ntpstats<br>drwx------. 2 root root 6 Jul 18 17:30 httpd<br>drwxr-x---. 2 sssd sssd 6 Aug 2 18:58 sssd<br>-rw-------. 1 root root 0 Sep 13 13:19 tallylog<br>drwx------. 3 root root 16 Sep 13 13:19 samba<br>-rw-------. 1 root root 0 Sep 13 13:20 spooler<br>drwxr-xr-x. 2 root root 4096 Sep 13 13:23 anaconda<br>drwxr-x---. 2 root root 22 Sep 13 13:23 audit<br>drwxr-xr-x. 2 root root 22 Sep 13 13:23 tuned<br>drwxrwx---. 2 tomcat root 25 Sep 13 13:31 tomcat<br>-rw-------. 1 root root 15126 Sep 13 13:31 yum.log<br>-rw-------. 1 root root 8786 Sep 13 13:31 ipaupgrade.log<br>-rw-r--r--. 1 root root 94862 Sep 13 13:59 dmesg.old<br>-rw-------. 1 root root 18112 Sep 13 14:29 ipaclient-install.log<br>-rw-------. 1 root root 40193 Sep 13 14:29 ipaclient-uninstall.log<br>-rw-------. 1 root root 35796 Sep 13 14:29 ipaserver-uninstall.log<br>-rw-r--r--. 1 root root 94862 Sep 13 14:30 dmesg<br>-rw-r--r--. 1 root root 8591 Sep 13 14:30 boot.log<br>-rw-------. 1 root root 2587 Sep 13 14:30 cron<br>-rw-r--r--. 1 root root 200 Sep 13 14:30 wpa_supplicant.log<br>-rw-------. 1 root root 958 Sep 13 14:30 maillog<br>-rw-------. 1 root utmp 768 Sep 13 14:30 btmp<br>-rw-rw-r--. 1 root utmp 13056 Sep 13 14:30 wtmp<br>-rw-r--r--. 1 root root 291416 Sep 13 14:30 lastlog<br>-rw-------. 1 root root 7318 Sep 13 14:31 ipareplica-conncheck.log<br>drwxr-xr-x. 3 root root 35 Sep 13 14:31 dirsrv<br>drwxr-xr-x. 4 root root 4096 Sep 13 14:32 pki<br>-rw-------. 1 root root 87106 Sep 13 14:32 secure<br>-rw-------. 1 root root 742436 Sep 13 14:32 messages<br>-rw-------. 1 root root 202169 Sep 13 14:33 ipareplica-install.log<br><br></div><div class="gmail_extra">In the ipa-replica-install.log , though, I find this:<br><br>pkispawn : ERROR ....... Exception from Java Configuration Servlet: 500 Server Error: Internal Server Error<br>pkispawn : ERROR ....... ParseError: not well-formed (invalid token): line 1, column 0: {"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.PKIException","Code":500,"Message":"Clone does not have all the required certificates"}<br><br></div><div class="gmail_extra">Any clue?<br></div><div class="gmail_extra"><br><br clear="all"></div><div class="gmail_extra"><br>-- <br><div class="gmail_signature">--<br>Groeten,<br>natxo</div> </div></div>