[Freeipa-users] pki-tomcatd not starting

Mon, 11 Mar 2024 16:17:56 -0700 

Hello,

I came back from vacation and noticed that the pki-tomcatd was not running.  
All other services are running fine, I can kinit admin and search for users, I 
can also log into the UI and see everything.  When I try to start the service I 
see the following errors:
Mar 11 20:44:44 ldap01.app.uaap.maxar.com ipa-pki-wait-running[7903]: 
ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error:  for url: 
http://ldap01.app.uaap.maxar.com:8080/ca/admin/ca/getStat>
Mar 11 20:44:44 ldap01.app.uaap.maxar.com systemd[1]: 
pki-tomcatd@pki-tomcat.service: Start-post operation timed out. Stopping.

I have checked all the certs and everything is in order:
$ getcert list | grep expire
        expires: 2025-01-22 14:07:35 UTC
        expires: 2025-01-22 14:06:46 UTC
        expires: 2025-01-22 14:06:45 UTC
        expires: 2025-01-22 14:06:45 UTC
        expires: 2043-02-02 14:06:44 UTC
        expires: 2025-01-22 14:06:45 UTC
        expires: 2025-02-02 14:08:10 UTC

I also have checked this:
$ klist -ekt /etc/dirsrv/ds.keytab
Keytab name: FILE:/etc/dirsrv/ds.keytab
KVNO Timestamp           Principal
---- ------------------- ------------------------------------------------------
   2 02/02/2023 14:06:06 ldap/ldap01.app.uaap.maxar....@app.uaap.maxar.com 
(aes256-cts-hmac-sha1-96)
   2 02/02/2023 14:06:06 ldap/ldap01.app.uaap.maxar....@app.uaap.maxar.com 
(aes128-cts-hmac-sha1-96)
   2 02/02/2023 14:06:06 ldap/ldap01.app.uaap.maxar....@app.uaap.maxar.com 
(aes128-cts-hmac-sha256-128)
   2 02/02/2023 14:06:06 ldap/ldap01.app.uaap.maxar....@app.uaap.maxar.com 
(aes256-cts-hmac-sha384-192)
   2 02/02/2023 14:06:06 ldap/ldap01.app.uaap.maxar....@app.uaap.maxar.com 
(camellia128-cts-cmac)
   2 02/02/2023 14:06:06 ldap/ldap01.app.uaap.maxar....@app.uaap.maxar.com 
(camellia256-cts-cmac)

not sure if that's correct or not.  Please help, I don't see why pki-tomcatd 
would just die on me for no reason.  I haven't run any updates / upgrades on 
the system and it was working fine before I left.  Thanks
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to