On Wed, Nov 16, 2011 at 14:01, Rob Crittenden <[email protected]> wrote: > Dan Scott wrote: >> >> On Wed, Nov 16, 2011 at 10:39, Rob Crittenden<[email protected]> wrote: >>> >>> Dan Scott wrote: >>>> >>>> On Wed, Nov 16, 2011 at 09:23, Rob Crittenden<[email protected]> >>>> wrote: >>>>> >>>>> Dan Scott wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> I receive the following error when I try to remove a host from IPA: >>>>>> >>>>>> djscott@pc35:~$ ipa host-del pc60 >>>>>> ipa: ERROR: Certificate operation cannot be completed: Unable to >>>>>> communicate with CMS (Not Found) >>>>>> >>>>>> I'm running a Fedora 16 (freeipa-server-2.1.3-5.fc16.x86_64) server >>>>>> replicated with a Fedora 15 (freeipa-server-2.1.3-2.fc15.i686) server. >>>>>> >>>>>> I've looked at this: >>>>>> >>>>>> https://fedorahosted.org/freeipa/ticket/1889 >>>>>> >>>>>> But it looks like it was fixed in 2.1.2 or 2.1.3. Any ideas for what I >>>>>> need to do? >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Dan >>>>> >>>>> This would suggest that dogtag isn't running. Is dogtag and its LDAP >>>>> instance up? >>>> >>>> It seems to be, there are 2 entries 'loaded active running' for the >>>> dirsrv@ instances. I don't see any errors in the >>>> /var/log/dirsrv/slapd-PKI-IPA/errors file. >>>> >>>> Tomcat is running too. >>>> >>>> Dan >>> >>> Hmm, ok, lets see if we can talk to the cert system at all. >>> >>> $ ipa cert-show 1 >> >> fileserver1 is the IPA server with PKI-IPA running: >> >> [root@fileserver1 ~]# ipa cert-show 1 >> ipa: ERROR: Certificate operation cannot be completed: Unable to >> communicate with CMS (Not Found) >> >> SELinux is my normal culprit when things don't work. It may be so in >> this case. My /var/log/audit/audit.log hasn't changed since 11th >> November..... >> >> Unfortunately, temporarily disabling it doesn't seem to help: >> >> [root@fileserver1 ~]# setenforce Permissive >> [root@fileserver1 ~]# ipa cert-show 1 >> ipa: ERROR: Certificate operation cannot be completed: Unable to >> communicate with CMS (Not Found) >> >> What processes should be running for the certificate server? I have >> the ns-slapd process and tomcat6 running. The tomcat logs are empty. >> >> Dan > > It sounds like you have the right processes running. > > The dogtag logs are in /var/log/pki-ca. debug is rather verbose and where I > usually start looking for issues.
The /var/log/pki-ca/debug file hasn't been updated since the 11th November. I've attached an extract from catalina.out which contains some pretty severe errors. To summarise, the errors are: SEVERE: Error initializing socket factory java.lang.ClassNotFoundException: org.mozilla.jss.ssl.SSLSocket SEVERE: Failed to initialize connector [Connector[HTTP/1.1-9443]] java.io.IOException: Failed to access resource /WEB-INF/lib/osutil.jar I'd guess that this means I'm missing a package? I'm having trouble figuring out which one contains the code I'm missing. Maybe I need to reinstall one? Thanks, Dan
catalina.out
Description: Binary data
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
