Hi Rob, Sorry, my original message had the information: FreeIPA server running on CentOS 6.6 server. (ipa-server-3.0.0-42.el6.centos.x86_64 and ipa-client-3.0.0-42.el6.centos.x86_64)
Once again your advice is perfect. I did the "ipactl restart" and now everything in the web page appears to be working without error. I will let you know if I see anything else, but it looks like this is solved. Thank you for all your help. -Chris Tobey -----Original Message----- From: Rob Crittenden [mailto:[email protected]] Sent: June-04-15 3:20 PM To: Chris Tobey; 'Martin Kosek'; [email protected] Subject: Re: [Freeipa-users] IPA Error 4301: Certificate operation cannot be completed: Unable to communicate with CMS (Not Found) Chris Tobey wrote: > Hi Rob, > > Thanks for taking the time to look at this. > > I have services in /etc/init.d/ named tomcat6 and pki-cad. > > I tried the following: > - > [Thu Jun 04 14:38:16:/etc/init.d]$ service tomcat6 status > tomcat6 is stopped [ OK ] > [Thu Jun 04 14:38:23:/etc/init.d]$ service tomcat6 start > Starting tomcat6: [ OK ] > [Thu Jun 04 14:38:29:/etc/init.d]$ service tomcat6 status > tomcat6 (pid 10853) is running... [ OK ] > [Thu Jun 04 14:38:40:/etc/init.d]$ service pki-cad status > pki-ca (pid 1793) is running... [ OK ] > Unsecure Port = http://chimera.server.com:9180/ca/ee/ca > Secure Agent Port = https://chimera.server.com:9443/ca/agent/ca > Secure EE Port = https://chimera.server.com:9444/ca/ee/ca > Secure Admin Port = https://chimera.server.com:9445/ca/services > EE Client Auth Port = https://chimera.server.com:9446/ca/eeca/ca > PKI Console Port = pkiconsole https://chimera.server.com:9445/ca > Tomcat Port = 9701 (for shutdown) > > PKI Instance Name: pki-ca > > PKI Subsystem Type: Root CA (Security Domain) > > Registered PKI Security Domain Information: > > ========================================================================== > Name: IPA > URL: https://chimera.server.com:443 > > ====================================================================== > ==== Ok, you didn't specify a version so I took a stab in the dark on the service name. So I gather you're running 3.0.0? You'll need to dive into the catalina.log and debug logs in /var/log/pki-ca. This means that tomcat started but the webapp didn't. This is usually the audit subsystem kicking in but recently someone else had this issue and a simple ipactl restart fixed it for him. rob > - > > After this I am able to create new hosts on my Foreman server! > > There are now a few questions: > 1. I am not sure why the tomcat6 service was stopped, if it is > required to be running. > 2. I am not sure why a reboot of the server did not auto-start tomcat6. > 3. When navigating the web GUI for FreeIPA and clicking on a host, I > still see the popup message in the subject of this thread. > > I have not yet tried rebooting the FreeIPA (chimera) and > Puppet/Foreman > (puppetmaster) servers yet. When I have some downtime I will try that > and see what happens in regards to questions 2 and 3. > > Thanks, > -Chris Tobey > > -----Original Message----- > From: Rob Crittenden [mailto:[email protected]] > Sent: June-04-15 10:35 AM > To: Chris Tobey; 'Martin Kosek'; [email protected] > Subject: Re: [Freeipa-users] IPA Error 4301: Certificate operation > cannot be > completed: Unable to communicate with CMS (Not Found) > > Apache proxies to dogtag, so a Not Found means that dogtag either > isn't running or its webapp wasn't loaded. > > I'd start by restarting [email protected] and see if that > helps. > > Otherwise you'll need to poke around in the debug long in > /var/lib/pki-ca/<something> > > rob > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
