Ricardo Mendes via FreeIPA-users wrote: > Hi Rob thank you for your reply and I'm sorry for the missing information. > Everything is up to date latest available > > # cat /etc/os-release > NAME="Red Hat Enterprise Linux" > VERSION="8.5 (Ootpa)" > ID="rhel" > ID_LIKE="fedora" > VERSION_ID="8.5" > PLATFORM_ID="platform:el8" > PRETTY_NAME="Red Hat Enterprise Linux 8.5 (Ootpa)" > CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos" > > # ipa --version > VERSION: 4.9.6, API_VERSION: 2.245 > > # rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base > pki-ca krb5-server > package freeipa-server is not installed > package freeipa-client is not installed > ipa-server-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64 > ipa-client-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64 > 389-ds-base-1.4.3.23-12.module+el8.5.0+13329+4096c77a.x86_64 > pki-ca-10.11.2-2.module+el8.5.0+12735+8eb38ccc.noarch > krb5-server-1.18.2-14.el8.x86_64 > > The command ipa-healthcheck returns the following: > (I've removed the last entries which were log file permissions and there's a > "No DNA range defined" entry which believe is unrelated. > > Internal server error 403 Client Error: 403 for url: > http://ns1.domain.io:80/ca/rest/securityDomain/domainInfo > ra.get_certificate(): Request failed with status 403: Non-2xx response from > CA REST API: 403. (403) > ra.get_certificate(): Request failed with status 403: Non-2xx response from > CA REST API: 403. (403) > ra.get_certificate(): Request failed with status 403: Non-2xx response from > CA REST API: 403. (403) > ra.get_certificate(): Request failed with status 403: Non-2xx response from > CA REST API: 403. (403) > ra.get_certificate(): Request failed with status 403: Non-2xx response from > CA REST API: 403. (403) > ra.get_certificate(): Request failed with status 403: Non-2xx response from > CA REST API: 403. (403) > ra.get_certificate(): Request failed with status 403: Non-2xx response from > CA REST API: 403. (403) > ra.get_certificate(): Request failed with status 403: Non-2xx response from > CA REST API: 403. (403) > ra.get_certificate(): Request failed with status 403: Non-2xx response from > CA REST API: 403. (403) > ra.get_certificate(): Request failed with status 403: Non-2xx response from > CA REST API: 403. (403) > [ > { > "source": "ipahealthcheck.dogtag.ca", > "check": "DogtagCertsConnectivityCheck", > "result": "ERROR", > "uuid": "648ef311-52bf-4537-8f60-5b1d4c64341b", > "when": "20220202164733Z", > "duration": "0.138717", > "kw": { > "msg": "Request for certificate failed, Certificate operation cannot be > completed: Request failed with status 403: Non-2xx response from CA REST API: > 403. (403)" > } > }, > { > "source": "ipahealthcheck.ds.replication", > "check": "ReplicationCheck", > "result": "WARNING", > "uuid": "4182e071-91f6-458f-b0ce-4cc7b2bd3933", > "when": "20220202164733Z", > "duration": "0.363773", > "kw": { > "key": "DSREPLLE0002", > "items": [ > "Replication", > "Conflict Entries" > ], > "msg": "There were 4 conflict entries found under the replication > suffix \"dc=domain,dc=io\"." > } > }, > { > "source": "ipahealthcheck.ipa.certs", > "check": "IPACertRevocation", > "result": "ERROR", > "uuid": "4de75bf5-0854-463f-987c-43c9e8669387", > "when": "20220202164736Z", > "duration": "0.248189", > "kw": { > "key": "20210512184547", > "serial": 7, > "error": "Certificate operation cannot be completed: Request failed > with status 403: Non-2xx response from CA REST API: 403. (403)", > "msg": "Request for certificate serial number {serial} in request {key} > failed: {error}" > } > }, > { > "source": "ipahealthcheck.ipa.certs", > "check": "IPACertRevocation", > "result": "ERROR", > "uuid": "b3d2365c-13b4-4012-9cff-d935b4b2e8d8", > "when": "20220202164736Z", > "duration": "0.321017", > "kw": { > "key": "20210513163837", > "serial": 5, > "error": "Certificate operation cannot be completed: Request failed > with status 403: Non-2xx response from CA REST API: 403. (403)", > "msg": "Request for certificate serial number {serial} in request {key} > failed: {error}" > } > }, > { > "source": "ipahealthcheck.ipa.certs", > "check": "IPACertRevocation", > "result": "ERROR", > "uuid": "dc3a9a99-03d5-41c3-83fa-103b39888eb1", > "when": "20220202164736Z", > "duration": "0.382765", > "kw": { > "key": "20210513163838", > "serial": 2, > "error": "Certificate operation cannot be completed: Request failed > with status 403: Non-2xx response from CA REST API: 403. (403)", > "msg": "Request for certificate serial number {serial} in request {key} > failed: {error}" > } > }, > { > "source": "ipahealthcheck.ipa.certs", > "check": "IPACertRevocation", > "result": "ERROR", > "uuid": "ed4dc29a-4270-47f0-9609-1399ceee62f0", > "when": "20220202164736Z", > "duration": "0.444604", > "kw": { > "key": "20210513163839", > "serial": 4, > "error": "Certificate operation cannot be completed: Request failed > with status 403: Non-2xx response from CA REST API: 403. (403)", > "msg": "Request for certificate serial number {serial} in request {key} > failed: {error}" > } > }, > { > "source": "ipahealthcheck.ipa.certs", > "check": "IPACertRevocation", > "result": "ERROR", > "uuid": "a955cb2e-768c-4e7a-bf05-7f05dd3325d9", > "when": "20220202164736Z", > "duration": "0.510748", > "kw": { > "key": "20210513163840", > "serial": 1, > "error": "Certificate operation cannot be completed: Request failed > with status 403: Non-2xx response from CA REST API: 403. (403)", > "msg": "Request for certificate serial number {serial} in request {key} > failed: {error}" > } > }, > { > "source": "ipahealthcheck.ipa.certs", > "check": "IPACertRevocation", > "result": "ERROR", > "uuid": "9616fc66-a023-4c8c-b81b-b710cf99aa22", > "when": "20220202164736Z", > "duration": "0.572515", > "kw": { > "key": "20210513163841", > "serial": 25, > "error": "Certificate operation cannot be completed: Request failed > with status 403: Non-2xx response from CA REST API: 403. (403)", > "msg": "Request for certificate serial number {serial} in request {key} > failed: {error}" > } > }, > { > "source": "ipahealthcheck.ipa.certs", > "check": "IPACertRevocation", > "result": "ERROR", > "uuid": "41a531ad-4632-4159-90a3-9d895fa75c7c", > "when": "20220202164736Z", > "duration": "0.609499", > "kw": { > "key": "20210512184513", > "serial": 12, > "error": "Certificate operation cannot be completed: Request failed > with status 403: Non-2xx response from CA REST API: 403. (403)", > "msg": "Request for certificate serial number {serial} in request {key} > failed: {error}" > } > }, > { > "source": "ipahealthcheck.ipa.certs", > "check": "IPACertRevocation", > "result": "ERROR", > "uuid": "663b4075-b1d8-4a0a-9390-d772b917e07a", > "when": "20220202164737Z", > "duration": "0.669512", > "kw": { > "key": "20210512184457", > "serial": 11, > "error": "Certificate operation cannot be completed: Request failed > with status 403: Non-2xx response from CA REST API: 403. (403)", > "msg": "Request for certificate serial number {serial} in request {key} > failed: {error}" > } > }, > { > "source": "ipahealthcheck.ipa.certs", > "check": "IPACertRevocation", > "result": "ERROR", > "uuid": "2515f70a-6688-4d07-9812-8f24e02fa572", > "when": "20220202164737Z", > "duration": "0.705058", > "kw": { > "key": "20210512184548", > "serial": 13, > "error": "Certificate operation cannot be completed: Request failed > with status 403: Non-2xx response from CA REST API: 403. (403)", > "msg": "Request for certificate serial number {serial} in request {key} > failed: {error}" > } > },
Right. Look for duplicate secret/requiredSecret values in server.xml as referenced in the thread I referred to. This is likely the culprit. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
