On 10/17/2012 12:40 PM, Bret Wortman wrote: > I recently tried installing freeipa on a new server, but > ipa-server-install had problems around this point: > > Configuring certificate server: Estimated time 3 minutes 30 seconds > [1/18]: creating certificate server user > [2/18]: creating pki-ca instance > [3/18]: configuring certificate server instance > ipa : CRITICAL failed to configure ca instance Command > '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname > fs1.wedgeofli.me <http://fs1.wedgeofli.me> -cs_port 9445 > -client_certdb_dir /tmp/tmp-UvBMbL -client_certdb_pwd XXXXXXXX > -preop_pin HHxKHUz5RRfzQ3OkFMlR -domain_name IPA -admin_user admin > -admin_email root@localhost -admin_XXXXXXXX XXXXXXXX -agent_name > ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa > -agent_cert_subject CN=ipa-ca-agent,O=WEDGEOFLI.ME > <http://WEDGEOFLI.ME> -ldap_host fs1.wedgeofli.me > <http://fs1.wedgeofli.me> -ldap_port 7389 -bind_dn cn=Directory > Manager -bind_XXXXXXXX XXXXXXXX -base_dn o=ipaca -db_name ipaca > -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 > true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal > -ca_subsystem_cert_subject_name CN=CA Subsystem,O=WEDGEOFLI.ME > <http://WEDGEOFLI.ME> -ca_ocsp_cert_subject_name CN=OCSP > Subsystem,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME> > -ca_server_cert_subject_name CN=fs1.wedgeofli.me > <http://fs1.wedgeofli.me>,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME> > -ca_audit_signing_cert_subject_name CN=CA Audit,O=WEDGEOFLI.ME > <http://WEDGEOFLI.ME> -ca_sign_cert_subject_name CN=Certificate > Authority,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME> -external false -clone > false' returned non-zero exit status 255 > Unexpected error - see ipaserver-install.log for details: > Configuration of CA failed > [root@fs1 ~]# > > The logfile revealed the following stack trace: > > ############################################# > Attempting to connect to: fs1.wedgeofli.me:9445 > <http://fs1.wedgeofli.me:9445> > Exception in LoginPanel(): java.lang.NullPointerException > ERROR: ConfigureCA: LoginPanel() failure > ERROR: unable to create CA > > ####################################################################### > > 2012-10-17T16:24:53Z DEBUG stderr=Exception: Unable to Send > Request:java.net.ConnectException: Connection refused > java.net.ConnectException: Connection refused > at java.net.PlainSocketImpl.socketConnect(Native Method) > at > java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339) > at > java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200) > at > java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182) > at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391) > at java.net.Socket.connect(Socket.java:579) > at java.net.Socket.connect(Socket.java:528) > at java.net.Socket.<init>(Socket.java:425) > at java.net.Socket.<init>(Socket.java:241) > at HTTPClient.sslConnect(HTTPClient.java:326) > at ConfigureCA.LoginPanel(ConfigureCA.java:244) > at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157) > at ConfigureCA.main(ConfigureCA.java:1672) > java.lang.NullPointerException > at ConfigureCA.LoginPanel(ConfigureCA.java:245) > at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157) > at ConfigureCA.main(ConfigureCA.java:1672) > > Now I seem to be stuck. I tried uninstalling the freeipa-server > package with # yum remove freeipa-server and then reinstalled it the > same way, but ipa-server-install won't run no matter what I attempt. > > Any thoughts? I'm pretty new to IPA. >
Make sure you have packages installed Run the uninstall command several times (5 for example) ipa-server-install --uninstall -U In case of failed installation and other steps you made the installtion might be in the corrupted state. Running severl times might help as it might detect and remove/unconfigure different things at different moments. Before trying to reinstall again make sure you have latest SELinux policies. If it explodes again let us know. > Thanks! > > > -- > Bret Wortman > The Damascus Group > Fairfax, VA > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
