[Freeipa-users] ipa host-del

Rob Crittenden rcritten at redhat.com
Wed Sep 5 01:49:14 UTC 2012 

george he wrote:
> both of the commands "service dirsrv restart" and "service pki-cad
> restart" reported:
> stopping ... OK
> starting ... OK
> but host-del still has the same error.
> More suggestions?

Check the logs again. The service starting does not mean it kept running.

rob

> Thanks,
> George
>
>     ------------------------------------------------------------------------
>     *From:* Rob Crittenden <rcritten at redhat.com>
>     *To:* george he <george_he7 at yahoo.com>
>     *Cc:* John Dennis <jdennis at redhat.com>; "freeipa-users at redhat.com"
>     <freeipa-users at redhat.com>
>     *Sent:* Tuesday, September 4, 2012 4:20 PM
>     *Subject:* Re: [Freeipa-users] ipa host-del
>
>     george he wrote:
>      > I'm running centos 6.3
>      > # uname -r
>      > 2.6.32-279.5.2.el6.x86_64
>      >
>      > pki-ca: unrecognized service
>      >
>      > There are tons of errors in /var/log/pki-ca/*, some of them are:
>      > /var/log/pki-ca/system:11605.main - [30/Aug/2012:16:34:56 EDT]
>     [3] [3]
>      > Cannot build CA chain. Error java.security.cert.CertificateException:
>      > Certificate is not a PKCS #11 certificate
>      > /var/log/pki-ca/system:11605.main - [30/Aug/2012:16:34:56 EDT]
>     [13] [3]
>      > authz instance DirAclAuthz initialization failed and skipped,
>      > error=Property internaldb.ldapconn.port missing value
>      > /var/log/pki-ca/system:11605.http-9445-1 - [30/Aug/2012:16:35:01 EDT]
>      > [3] [3] Cannot build CA chain. Error
>      > java.security.cert.CertificateException: Certificate is not a
>     PKCS #11
>      > certificate
>      > /var/log/pki-ca/system:11605.http-9445-1 - [30/Aug/2012:16:35:10 EDT]
>      > [3] [3] CASigningUnit: Object certificate not found. Error
>      > org.mozilla.jss.crypto.ObjectNotFoundException
>      > /var/log/pki-ca/system:3281.main - [31/Aug/2012:17:54:28 EDT] [8]
>     [3] In
>      > Ldap (bound) connection pool to host cushing.psych.yale.edu port
>     7389,
>      > Cannot connect to LDAP server. Error: netscape.ldap.LDAPException:
>      > failed to connect to server ldap://cushing.psych.yale.edu:7389 (91)
>      >
>      > /var/log/pki-ca/catalina.2012-09-03.log:SEVERE: Error initializing
>      > socket factory
>      >
>     /var/log/pki-ca/catalina.2012-09-03.log:java.lang.ClassNotFoundException:
>     Error
>      > loading SSL Implementation
>      > org.apache.tomcat.util.net.jss.JSSImplementation
>      > :java.lang.ClassNotFoundException: org.mozilla.jss.ssl.SSLSocket
>      > /var/log/pki-ca/catalina.2012-09-03.log:LifecycleException:  Protocol
>      > handler initialization failed: java.lang.ClassNotFoundException:
>     Error
>      > loading SSL Implementation
>      > org.apache.tomcat.util.net.jss.JSSImplementation
>      > :java.lang.ClassNotFoundException: org.mozilla.jss.ssl.SSLSocket
>      > /var/log/pki-ca/catalina.2012-09-03.log:SEVERE: Error deploying web
>      > application directory ca
>
>     The problem looks to be that the dogtag 389-ds instance is not started.
>     I'd try: service dirsrv restart PKI-IPA
>
>     Then service pki-cad restart
>
>     rob
>
>
>
>

More information about the Freeipa-users mailing list