Sorry, forgot to copy the list. On Wed, Nov 16, 2011 at 12:17, Dan Scott <[email protected]> wrote: > On Wed, Nov 16, 2011 at 10:39, Rob Crittenden <[email protected]> wrote: >> Dan Scott wrote: >>> >>> On Wed, Nov 16, 2011 at 09:23, Rob Crittenden<[email protected]> wrote: >>>> >>>> Dan Scott wrote: >>>>> >>>>> Hi, >>>>> >>>>> I receive the following error when I try to remove a host from IPA: >>>>> >>>>> djscott@pc35:~$ ipa host-del pc60 >>>>> ipa: ERROR: Certificate operation cannot be completed: Unable to >>>>> communicate with CMS (Not Found) >>>>> >>>>> I'm running a Fedora 16 (freeipa-server-2.1.3-5.fc16.x86_64) server >>>>> replicated with a Fedora 15 (freeipa-server-2.1.3-2.fc15.i686) server. >>>>> >>>>> I've looked at this: >>>>> >>>>> https://fedorahosted.org/freeipa/ticket/1889 >>>>> >>>>> But it looks like it was fixed in 2.1.2 or 2.1.3. Any ideas for what I >>>>> need to do? >>>>> >>>>> Thanks, >>>>> >>>>> Dan >>>> >>>> This would suggest that dogtag isn't running. Is dogtag and its LDAP >>>> instance up? >>> >>> It seems to be, there are 2 entries 'loaded active running' for the >>> dirsrv@ instances. I don't see any errors in the >>> /var/log/dirsrv/slapd-PKI-IPA/errors file. >>> >>> Tomcat is running too. >>> >>> Dan >> >> Hmm, ok, lets see if we can talk to the cert system at all. >> >> $ ipa cert-show 1 > > fileserver1 is the IPA server with PKI-IPA running: > > [root@fileserver1 ~]# ipa cert-show 1 > ipa: ERROR: Certificate operation cannot be completed: Unable to > communicate with CMS (Not Found) > > SELinux is my normal culprit when things don't work. It may be so in > this case. My /var/log/audit/audit.log hasn't changed since 11th > November..... > > Unfortunately, temporarily disabling it doesn't seem to help: > > [root@fileserver1 ~]# setenforce Permissive > [root@fileserver1 ~]# ipa cert-show 1 > ipa: ERROR: Certificate operation cannot be completed: Unable to > communicate with CMS (Not Found) > > What processes should be running for the certificate server? I have > the ns-slapd process and tomcat6 running. The tomcat logs are empty.
Huh, also found the following: [root@fileserver1 ~]# package-cleanup --orphans dogtag-pki-ca-theme-9.0.9-1.fc15.noarch dogtag-pki-common-theme-9.0.9-1.fc15.noarch Dan _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
