<div dir="ltr"><div><div><div>Is there a reason the ipactl status command shows pki stopped even though the systemctl shows it as running? Here is the example output:<br><br>[root@id-management-1 log]# systemctl status pki-tomcatd@pki-tomcat<br>● pki-tomcatd@pki-tomcat.service - PKI Tomcat Server pki-tomcat<br>   Loaded: loaded (/lib/systemd/system/pki-tomcatd@.service; enabled; vendor preset: disabled)<br>   Active: active (running) since Sat 2016-10-01 00:07:50 EDT; 33min ago<br>  Process: 22425 ExecStop=/usr/libexec/tomcat/server stop (code=exited, status=0/SUCCESS)<br>  Process: 22469 ExecStartPre=/usr/bin/pkidaemon start %i (code=exited, status=0/SUCCESS)<br> Main PID: 22582 (java)<br>   CGroup: /system.slice/system-pki\x2dtomcatd.slice/pki-tomcatd@pki-tomcat.service<br>           └─22582 /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -DRESTEASY_LIB=/usr/share/java/resteasy-base -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.j...<br><br>Oct 01 00:07:54 <a href="http://id-management-1.internal.emerlyn.com">id-management-1.internal.emerlyn.com</a> server[22582]: Oct 01, 2016 12:07:54 AM org.apache.catalina.startup.HostConfig deployDescriptor<br>Oct 01 00:07:54 <a href="http://id-management-1.internal.emerlyn.com">id-management-1.internal.emerlyn.com</a> server[22582]: INFO: Deployment of configuration descriptor /etc/pki/pki-tomcat/Catalina/localhost/pki#js.xml has finished in 993 ms<br>Oct 01 00:07:54 <a href="http://id-management-1.internal.emerlyn.com">id-management-1.internal.emerlyn.com</a> server[22582]: Oct 01, 2016 12:07:54 AM org.apache.coyote.AbstractProtocol start<br>Oct 01 00:07:54 <a href="http://id-management-1.internal.emerlyn.com">id-management-1.internal.emerlyn.com</a> server[22582]: INFO: Starting ProtocolHandler ["http-bio-8080"]<br>Oct 01 00:07:54 <a href="http://id-management-1.internal.emerlyn.com">id-management-1.internal.emerlyn.com</a> server[22582]: Oct 01, 2016 12:07:54 AM org.apache.coyote.AbstractProtocol start<br>Oct 01 00:07:54 <a href="http://id-management-1.internal.emerlyn.com">id-management-1.internal.emerlyn.com</a> server[22582]: INFO: Starting ProtocolHandler ["http-bio-8443"]<br>Oct 01 00:07:54 <a href="http://id-management-1.internal.emerlyn.com">id-management-1.internal.emerlyn.com</a> server[22582]: Oct 01, 2016 12:07:54 AM org.apache.coyote.AbstractProtocol start<br>Oct 01 00:07:54 <a href="http://id-management-1.internal.emerlyn.com">id-management-1.internal.emerlyn.com</a> server[22582]: INFO: Starting ProtocolHandler ["ajp-bio-127.0.0.1-8009"]<br>Oct 01 00:07:54 <a href="http://id-management-1.internal.emerlyn.com">id-management-1.internal.emerlyn.com</a> server[22582]: Oct 01, 2016 12:07:54 AM org.apache.catalina.startup.Catalina start<br>Oct 01 00:07:54 <a href="http://id-management-1.internal.emerlyn.com">id-management-1.internal.emerlyn.com</a> server[22582]: INFO: Server startup in 3313 ms<br>[root@id-management-1 log]# ipactl status<br>Directory Service: RUNNING<br>krb5kdc Service: RUNNING<br>kadmin Service: RUNNING<br>named Service: RUNNING<br>ipa_memcached Service: RUNNING<br>httpd Service: RUNNING<br>pki-tomcatd Service: STOPPED<br>smb Service: RUNNING<br>winbind Service: RUNNING<br>ipa-otpd Service: RUNNING<br>ipa-dnskeysyncd Service: RUNNING<br>ipa: INFO: The ipactl command was successful<br>[root@id-management-1 log]#<br><br></div>The system clock has been set to the past in an attempt to renew expired certificates. I keep getting CA_UNREACHABLE status messages when trying to renew the certs and I don't know if this is related or not.<br><br></div>Thanks,<br><br></div>Jeff<br><div><div><div><br clear="all"><div><div><div><div><div><br><br>
</div></div></div></div></div></div></div></div></div>