Rob,
A big thank you for showing me howto bringthe service back. You are
correct the doesn't resolve the cause. I suspect I'm in a bit of
certificate hades. The first sign of problems start with pki-tomcatd
failing to start. Testing of the https:<server_name> url says the
connection is refused. I haven't been able to track down the cause.
However, I do have other systems exibiting the same problem.
Could not connect to LDAP server host fitch.<domain> port 636 Error
netscape.ldap.LDAPException: Authentication failed (49)
From here, I'm not certain where to look. Is this an issue with
certmonger, pki-tomcatd, or something else?
Any suggestions?
*Michael Rainey*
Network Representative
Naval Research Laboratory, Code 7320
Building 1009, Room C156
Stennis Space Center, MS 39529
On 05/09/2018 02:41 PM, Rob Crittenden via FreeIPA-users wrote:
Michael Rainey (Contractor, Code 7320) via FreeIPA-users wrote:
Greetings community,
I'm having some major issues with my IPA servers and myself
activating the bat signal seeking some help. We recently upgraded
this system to SL7.5 and ran the ipa-server-upgrade command. During
the upgrade the process failed and access to the LDAP service is
nolonger possible. Running the "ipactl restart" command results in:
Failed to get service list from file: Unknown error when retrieving
list of services from file: [Errno 2] No such file or directory:
'/var/run/ipa/services.list'
I have tried running the "ipa-replica-manage re-initialize" command
in an attempt resync the servers to noavail. I have also been
reviewing certificates and no certificates appear to be expired. I
believe the main cause of this problem has been the pki-tomcatd
service would not start.
I'm guessing the first step in this process is to get the LDAP server
running again. Are there any steps that someone could recommend to
revive LDAP? I'm able to start and stop the service mainually, but
the listening port 636 is not active.
Shut down dirsrv then edit dse.ldif and set:
nsslapd-port = 389
nsslapd-security = on
That should get things running but doesn't address the cause of the
upgarde failure.
rob
ERR - slapi_ldap_bind - Error: could not send startTLS request:
error -1 (Can't contact LDAP server) errno 107 (Transport endpoint
is not connected)
Your help is greatly appreciated.
--
*Michael Rainey*
Network Representative
Naval Research Laboratory, Code 7320
Building 1009, Room C156
Stennis Space Center, MS 39529
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
freeipa-users-le...@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
freeipa-users-le...@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org