On 08/01/2017 01:48 AM, Florence Blanc-Renaud wrote:
On 08/01/2017 01:32 AM, Ian Harding via FreeIPA-users wrote:



On 07/31/2017 11:34 AM, Rob Crittenden wrote:
Ian Harding via FreeIPA-users wrote:
I had an unexpected restart of an IPA server that had apparently had
updates run but had not been restarted.  ipactl says pki-tomcatd would
not start.

Strangely, the actual service appears to be running:


dogtag is an application within tomcat so tomcat can run without dogtag
running.

We need to see more of the dogtag debug log to see what is going on.


It looks like an authentication problem...

[28/Jul/2017:10:08:47][localhost-startStop-1]: SSL handshake happened
Could not connect to LDAP server host seattlenfs.bpt.rocks port 636 Error netscape.ldap.LDAPException: Authentication failed (49)


Hi,

dogtag stores its internal data in the LDAP server and needs to establish a secure LDAP connection. You can check how this connection is configured in /etc/pki/pki-tomcat/ca/CS.cfg, look for the lines:

internaldb.ldapauth.authtype=SslClientAuth
internaldb.ldapauth.bindDN=cn=Directory Manager
internaldb.ldapauth.bindPWPrompt=internaldb
internaldb.ldapauth.clientCertNickname=subsystemCert cert-pki-ca
internaldb.ldapconn.host=vm-...
internaldb.ldapconn.port=636
internaldb.ldapconn.secureConn

authtype can be SslClientAuth (authentication with a ssl certificate) or BasicAuth (authentication with a bind DN and password stored in /var/lib/pki/pki-tomcat/conf/password.conf).

You can use this information to manually check the credentials. For instance with sslclientauth:

export LDAPTLS_CACERTDIR=/etc/pki/pki-tomcat/alias
export LDAPTLS_CERT='subsystemCert cert-pki-ca'

ldapsearch -H ldaps://`hostname`:636 -b "" -s base -Y EXTERNAL
(provide the password from /etc/pki/pki-tomcat/alias/pwdfile.txt)


I found this:

internaldb.ldapauth.authtype=SslClientAuth
internaldb.ldapauth.bindDN=uid=pkidbuser,ou=people,o=ipaca
internaldb.ldapauth.bindPWPrompt=internaldb
internaldb.ldapauth.clientCertNickname=subsystemCert cert-pki-ca
internaldb.ldapconn.cloneReplicationPort=389
...

and when I try the ldapsearch I am presented with a prompt to provide a pin/password

Please enter pin, password, or pass phrase for security token 'ldap(0)':

but there is no password file...

ls -a /etc/pki/pki-tomcat/alias/
.  ..  cert8.db  key3.db  secmod.db

There are "internal" and "replicationdb" values in /var/lib/pki/pki-tomcat/conf/password.conf but they don't work in response to the ldapsearch prompt above.

Thank you so much for your help!

HTH,
Flo.


at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
     at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
     at java.lang.Thread.run(Thread.java:745)
Internal Database Error encountered: Could not connect to LDAP server host seattlenfs.bpt.rocks port 636 Error netscape.ldap.LDAPException: Authentication failed (49)
     at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:676)
at com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1172) at com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1078)
     at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:570)
     at com.netscape.certsrv.apps.CMS.init(CMS.java:188)
     at com.netscape.certsrv.apps.CMS.start(CMS.java:1621)
at com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
     at javax.servlet.GenericServlet.init(GenericServlet.java:158)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
     at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
     at java.security.AccessController.doPrivileged(Native Method)
     at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124) at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
     at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
     at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
     at java.lang.Thread.run(Thread.java:745)
[28/Jul/2017:09:56:24][localhost-startStop-1]: CMSEngine.shutdown()
[28/Jul/2017:10:08:46][localhost-startStop-1]: ============================================ [28/Jul/2017:10:08:46][localhost-startStop-1]: ===== DEBUG SUBSYSTEM INITIALIZED ======= [28/Jul/2017:10:08:46][localhost-startStop-1]: ============================================ [28/Jul/2017:10:08:46][localhost-startStop-1]: CMSEngine: restart at autoShutdown? false [28/Jul/2017:10:08:46][localhost-startStop-1]: CMSEngine: autoShutdown crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb [28/Jul/2017:10:08:46][localhost-startStop-1]: CMSEngine: about to look for cert for auto-shutdown support:auditSigningCert cert-pki-ca [28/Jul/2017:10:08:46][localhost-startStop-1]: CMSEngine: found cert:auditSigningCert cert-pki-ca [28/Jul/2017:10:08:46][localhost-startStop-1]: CMSEngine: done init id=debug [28/Jul/2017:10:08:46][localhost-startStop-1]: CMSEngine: initialized debug [28/Jul/2017:10:08:46][localhost-startStop-1]: CMSEngine: initSubsystem id=log [28/Jul/2017:10:08:46][localhost-startStop-1]: CMSEngine: ready to init id=log [28/Jul/2017:10:08:46][localhost-startStop-1]: Creating RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/signedAudit/ca_audit) [28/Jul/2017:10:08:46][localhost-startStop-1]: Creating RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/system) [28/Jul/2017:10:08:47][localhost-startStop-1]: Creating RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/transactions) [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: restart at autoShutdown? false [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: autoShutdown crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: about to look for cert for auto-shutdown support:auditSigningCert cert-pki-ca [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: found cert:auditSigningCert cert-pki-ca [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: done init id=log
[28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: initialized log
[28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: initSubsystem id=jss [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: ready to init id=jss [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: restart at autoShutdown? false [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: autoShutdown crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: about to look for cert for auto-shutdown support:auditSigningCert cert-pki-ca [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: found cert:auditSigningCert cert-pki-ca [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: done init id=jss
[28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: initialized jss
[28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: initSubsystem id=dbs [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: ready to init id=dbs [28/Jul/2017:10:08:47][localhost-startStop-1]: DBSubsystem: init() mEnableSerialMgmt=true [28/Jul/2017:10:08:47][localhost-startStop-1]: Creating LdapBoundConnFactor(DBSubsystem)
[28/Jul/2017:10:08:47][localhost-startStop-1]: LdapBoundConnFactory: init
[28/Jul/2017:10:08:47][localhost-startStop-1]: LdapBoundConnFactory:doCloning true
[28/Jul/2017:10:08:47][localhost-startStop-1]: LdapAuthInfo: init()
[28/Jul/2017:10:08:47][localhost-startStop-1]: LdapAuthInfo: init begins
[28/Jul/2017:10:08:47][localhost-startStop-1]: LdapAuthInfo: init ends
[28/Jul/2017:10:08:47][localhost-startStop-1]: init: before makeConnection errorIfDown is true [28/Jul/2017:10:08:47][localhost-startStop-1]: makeConnection: errorIfDown true
[28/Jul/2017:10:08:47][localhost-startStop-1]: TCP Keep-Alive: true
[28/Jul/2017:10:08:47][localhost-startStop-1]: SSLClientCertificateSelectionCB: Setting desired cert nickname to: subsystemCert cert-pki-ca [28/Jul/2017:10:08:47][localhost-startStop-1]: LdapJssSSLSocket: set client auth cert nickname subsystemCert cert-pki-ca [28/Jul/2017:10:08:47][localhost-startStop-1]: SSLClientCertificatSelectionCB: Entering! [28/Jul/2017:10:08:47][localhost-startStop-1]: Candidate cert: ocspSigningCert cert-pki-ca [28/Jul/2017:10:08:47][localhost-startStop-1]: Candidate cert: subsystemCert cert-pki-ca [28/Jul/2017:10:08:47][localhost-startStop-1]: SSLClientCertificateSelectionCB: desired cert found in list: subsystemCert cert-pki-ca [28/Jul/2017:10:08:47][localhost-startStop-1]: SSLClientCertificateSelectionCB: returning: subsystemCert cert-pki-ca
[28/Jul/2017:10:08:47][localhost-startStop-1]: SSL handshake happened
Could not connect to LDAP server host seattlenfs.bpt.rocks port 636 Error netscape.ldap.LDAPException: Authentication failed (49) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:205) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:166) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:130)
     at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:654)
at com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1172) at com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1078)
     at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:570)
     at com.netscape.certsrv.apps.CMS.init(CMS.java:188)
     at com.netscape.certsrv.apps.CMS.start(CMS.java:1621)
at com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
     at javax.servlet.GenericServlet.init(GenericServlet.java:158)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
     at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
     at java.security.AccessController.doPrivileged(Native Method)
     at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124) at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
     at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
     at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
     at java.lang.Thread.run(Thread.java:745)
Internal Database Error encountered: Could not connect to LDAP server host seattlenfs.bpt.rocks port 636 Error netscape.ldap.LDAPException: Authentication failed (49)
     at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:676)
at com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1172) at com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1078)
     at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:570)
     at com.netscape.certsrv.apps.CMS.init(CMS.java:188)
     at com.netscape.certsrv.apps.CMS.start(CMS.java:1621)
at com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
     at javax.servlet.GenericServlet.init(GenericServlet.java:158)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
     at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
     at java.security.AccessController.doPrivileged(Native Method)
     at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124) at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
     at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
     at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
     at java.lang.Thread.run(Thread.java:745)
[28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine.shutdown()
[28/Jul/2017:10:13:29][localhost-startStop-2]: ============================================ [28/Jul/2017:10:13:29][localhost-startStop-2]: ===== DEBUG SUBSYSTEM INITIALIZED ======= [28/Jul/2017:10:13:29][localhost-startStop-2]: ============================================ [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: restart at autoShutdown? false [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: autoShutdown crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: about to look for cert for auto-shutdown support:auditSigningCert cert-pki-ca [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: found cert:auditSigningCert cert-pki-ca [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: done init id=debug [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: initialized debug [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: initSubsystem id=log [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: ready to init id=log [28/Jul/2017:10:13:29][localhost-startStop-2]: Creating RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/signedAudit/ca_audit) [28/Jul/2017:10:13:29][localhost-startStop-2]: Creating RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/system) [28/Jul/2017:10:13:29][localhost-startStop-2]: Creating RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/transactions) [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: restart at autoShutdown? false [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: autoShutdown crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: about to look for cert for auto-shutdown support:auditSigningCert cert-pki-ca [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: found cert:auditSigningCert cert-pki-ca [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: done init id=log
[28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: initialized log
[28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: initSubsystem id=jss [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: ready to init id=jss [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: restart at autoShutdown? false [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: autoShutdown crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: about to look for cert for auto-shutdown support:auditSigningCert cert-pki-ca [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: found cert:auditSigningCert cert-pki-ca [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: done init id=jss
[28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: initialized jss
[28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: initSubsystem id=dbs [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: ready to init id=dbs [28/Jul/2017:10:13:29][localhost-startStop-2]: DBSubsystem: init() mEnableSerialMgmt=true [28/Jul/2017:10:13:29][localhost-startStop-2]: Creating LdapBoundConnFactor(DBSubsystem)
[28/Jul/2017:10:13:29][localhost-startStop-2]: LdapBoundConnFactory: init
[28/Jul/2017:10:13:29][localhost-startStop-2]: LdapBoundConnFactory:doCloning true
[28/Jul/2017:10:13:29][localhost-startStop-2]: LdapAuthInfo: init()
[28/Jul/2017:10:13:29][localhost-startStop-2]: LdapAuthInfo: init begins
[28/Jul/2017:10:13:29][localhost-startStop-2]: LdapAuthInfo: init ends
[28/Jul/2017:10:13:29][localhost-startStop-2]: init: before makeConnection errorIfDown is true [28/Jul/2017:10:13:29][localhost-startStop-2]: makeConnection: errorIfDown true
[28/Jul/2017:10:13:29][localhost-startStop-2]: TCP Keep-Alive: true
[28/Jul/2017:10:13:29][localhost-startStop-2]: SSLClientCertificateSelectionCB: Setting desired cert nickname to: subsystemCert cert-pki-ca [28/Jul/2017:10:13:29][localhost-startStop-2]: LdapJssSSLSocket: set client auth cert nickname subsystemCert cert-pki-ca
[28/Jul/2017:10:13:29][localhost-startStop-2]: SSL handshake happened
Could not connect to LDAP server host seattlenfs.bpt.rocks port 636 Error netscape.ldap.LDAPException: Authentication failed (49) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:205) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:166) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:130)
     at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:654)
at com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1172) at com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1078)
     at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:570)
     at com.netscape.certsrv.apps.CMS.init(CMS.java:188)
     at com.netscape.certsrv.apps.CMS.start(CMS.java:1621)
at com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
     at javax.servlet.GenericServlet.init(GenericServlet.java:158)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
     at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
     at java.security.AccessController.doPrivileged(Native Method)
     at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124) at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)


I don't think re-running the upgrade command would help.

rob




--
Ian Harding
IT Director
Brown Paper Tickets
1-800-838-3006 ext 7186
http://www.brownpapertickets.com
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to