[Freeipa-users] Delete host: Unable to communicate with CMS (Not Found)
Rob Crittenden
rcritten at redhat.com
Wed Nov 16 15:39:53 UTC 2011
Dan Scott wrote:
> On Wed, Nov 16, 2011 at 09:23, Rob Crittenden<rcritten at redhat.com> wrote:
>> Dan Scott wrote:
>>>
>>> Hi,
>>>
>>> I receive the following error when I try to remove a host from IPA:
>>>
>>> djscott at pc35:~$ ipa host-del pc60
>>> ipa: ERROR: Certificate operation cannot be completed: Unable to
>>> communicate with CMS (Not Found)
>>>
>>> I'm running a Fedora 16 (freeipa-server-2.1.3-5.fc16.x86_64) server
>>> replicated with a Fedora 15 (freeipa-server-2.1.3-2.fc15.i686) server.
>>>
>>> I've looked at this:
>>>
>>> https://fedorahosted.org/freeipa/ticket/1889
>>>
>>> But it looks like it was fixed in 2.1.2 or 2.1.3. Any ideas for what I
>>> need to do?
>>>
>>> Thanks,
>>>
>>> Dan
>>
>> This would suggest that dogtag isn't running. Is dogtag and its LDAP
>> instance up?
>
> It seems to be, there are 2 entries 'loaded active running' for the
> dirsrv@ instances. I don't see any errors in the
> /var/log/dirsrv/slapd-PKI-IPA/errors file.
>
> Tomcat is running too.
>
> Dan
Hmm, ok, lets see if we can talk to the cert system at all.
$ ipa cert-show 1
I picked the serial number out of blue sky but for a default install it
should be ok. You can also use openssl to dump /etc/ipa/ca.crt to get
that serial number to be sure you are getting one that exists.
If this works it means we can communicate with CMS. Then I'd do:
$ ipa host-show pc60
Note the serial number and try showing it directly with cert-show.
rob
More information about the Freeipa-users
mailing list