I've tried installing in two different waysfirst as a part of full replica 
install. IE ipa-replica-install --setup-ca --no-forwarders  -p <password> 
replica.gpg this failed on step 8  [8/27]: starting certificate server 
instanceipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart 
the Dogtag instance.See the installation log for details.  [9/27]: creating RA 
agent certificate database  [10/27]: importing CA chain to RA certificate 
database  [error] RuntimeError: Unable to retrieve CA chain: request failed 
with HTTP status 500
I then tried installing just the replica (no --setup-ca option) which succeeded 
and then ipa-ca-install -w -p replica.gpg which again failed with the same error
ca/debug log shows the following when I grep for errors
[22/Aug/2017:17:01:06][http-bio-8443-exec-3]: SystemConfigService: request: 
ConfigurationRequest [pin=XXXX, token=Internal Key Storage Token, 
tokenPassword=XXXX, securityDomainType=existingdomain, 
securityDomainUri=https://server1:443, securityDomainName=null, 
securityDomainUser=admin, securityDomainPassword=XXXX, isClone=true, 
cloneUri=https://server1:443, subsystemName=CA server2 8443, 
p12File=/tmp/ca.p12, p12Password=XXXX, hierarchy=root, dsHost=server2, 
dsPort=389, baseDN=o=ipaca, bindDN=cn=Directory Manager, bindpwd=XXXX, 
database=ipaca, secureConn=false, removeData=true, replicateSchema=false, 
masterReplicationPort=389, cloneReplicationPort=389, replicationSecurity=TLS, 
systemCertsImported=false, 
systemCerts=[com.netscape.certsrv.system.SystemCertData@8ffc78b], 
issuingCA=https://server1:443, backupKeys=true, backupPassword=XXXX, 
backupFile=/etc/pki/pki-tomcat/alias/ca_backup_keys.p12, adminUID=null, 
adminPassword=XXXX, adminEmail=null, adminCertRequest=null, 
adminCertRequestType=null, adminSubjectDN=null, adminName=null, 
adminProfileID=null, adminCert=null, importAdminCert=false, 
generateServerCert=true, external=false, standAlone=false, stepTwo=false, 
authdbBaseDN=null, authdbHost=null, authdbPort=null, authdbSecureConn=null, 
caUri=null, kraUri=null, tksUri=null, enableServerSideKeyGen=null, 
importSharedSecret=null, generateSubsystemCert=null, sharedDB=false, 
sharedDBUserDN=null, createNewDB=true, setupReplication=True, 
subordinateSecurityDomainName=null, reindexData=False, startingCrlNumber=0, 
createSigningCertRecord=true, 
signingCertSerialNumber=1][22/Aug/2017:17:01:07][http-bio-8443-exec-3]: 
updateNumberRange start host=server1 adminPort=443 
eePort=443[22/Aug/2017:17:01:07][http-bio-8443-exec-3]: ConfigurationUtils: 
POST 
https://server1:443/ca/admin/ca/updateNumberRange[22/Aug/2017:17:01:07][http-bio-8443-exec-3]:
 updateNumberRange(): status=0[22/Aug/2017:17:01:07][http-bio-8443-exec-3]: 
updateNumberRange start host=server1 adminPort=443 
eePort=443[22/Aug/2017:17:01:07][http-bio-8443-exec-3]: ConfigurationUtils: 
POST 
https://server1:443/ca/admin/ca/updateNumberRange[22/Aug/2017:17:01:07][http-bio-8443-exec-3]:
 updateNumberRange(): status=0[22/Aug/2017:17:01:07][http-bio-8443-exec-3]: 
updateNumberRange start host=server1 adminPort=443 
eePort=443[22/Aug/2017:17:01:07][http-bio-8443-exec-3]: ConfigurationUtils: 
POST 
https://server1:443/ca/admin/ca/updateNumberRange[22/Aug/2017:17:01:07][http-bio-8443-exec-3]:
 updateNumberRange(): status=0[22/Aug/2017:17:01:09][http-bio-8443-exec-3]: 
init: before makeConnection errorIfDown is 
false[22/Aug/2017:17:01:09][http-bio-8443-exec-3]: makeConnection: errorIfDown 
false[22/Aug/2017:17:01:09][http-bio-8443-exec-3]: init: before makeConnection 
errorIfDown is false[22/Aug/2017:17:01:09][http-bio-8443-exec-3]: 
makeConnection: errorIfDown false[22/Aug/2017:17:02:08][http-bio-8443-exec-3]: 
init: before makeConnection errorIfDown is 
false[22/Aug/2017:17:02:08][http-bio-8443-exec-3]: makeConnection: errorIfDown 
false[22/Aug/2017:17:02:09][http-bio-8443-exec-3]: init: before makeConnection 
errorIfDown is false[22/Aug/2017:17:02:09][http-bio-8443-exec-3]: 
makeConnection: errorIfDown false[22/Aug/2017:17:02:09][http-bio-8443-exec-3]: 
enableReplication: Failed to modify cn=replica,cn="o=ipaca",cn=mapping 
tree,cn=config entry. Exception: netscape.ldap.LDAPException: error result 
(68)[22/Aug/2017:17:02:51][http-bio-8443-exec-3]: init: before makeConnection 
errorIfDown is false[22/Aug/2017:17:02:51][http-bio-8443-exec-3]: 
makeConnection: errorIfDown false[22/Aug/2017:17:02:52][http-bio-8443-exec-3]: 
importLDIFS(): LDAP Errors in importing 
/var/lib/pki/pki-tomcat/ca/conf/manager.ldif[22/Aug/2017:17:02:52][http-bio-8443-exec-3]:
 LDAPUtil:importLDIF: exception in adding entry 
ou=csusers,cn=config:netscape.ldap.LDAPException: error result 
(68)[22/Aug/2017:17:02:52][http-bio-8443-exec-3]: LDAPUtil:importLDIF: 
exception in modifying entry o=ipaca:netscape.ldap.LDAPException: error result 
(20)[22/Aug/2017:17:02:52][http-bio-8443-exec-3]: init: before makeConnection 
errorIfDown is false[22/Aug/2017:17:02:52][http-bio-8443-exec-3]: 
makeConnection: errorIfDown false[22/Aug/2017:17:02:57][http-bio-8443-exec-3]: 
init: before makeConnection errorIfDown is 
true[22/Aug/2017:17:02:57][http-bio-8443-exec-3]: makeConnection: errorIfDown 
true[22/Aug/2017:17:02:57][http-bio-8443-exec-3]: init: before makeConnection 
errorIfDown is false[22/Aug/2017:17:02:57][http-bio-8443-exec-3]: 
makeConnection: errorIfDown false[22/Aug/2017:17:02:57][http-bio-8443-exec-3]: 
init: before makeConnection errorIfDown is 
false[22/Aug/2017:17:02:57][http-bio-8443-exec-3]: makeConnection: errorIfDown 
false[22/Aug/2017:17:02:58][http-bio-8443-exec-3]: init: before makeConnection 
errorIfDown is false[22/Aug/2017:17:02:58][http-bio-8443-exec-3]: 
makeConnection: errorIfDown false[22/Aug/2017:17:03:07][localhost-startStop-1]: 
init: before makeConnection errorIfDown is 
true[22/Aug/2017:17:03:07][localhost-startStop-1]: makeConnection: errorIfDown 
true[22/Aug/2017:17:03:07][localhost-startStop-1]: init: before makeConnection 
errorIfDown is false[22/Aug/2017:17:03:07][localhost-startStop-1]: 
makeConnection: errorIfDown false[22/Aug/2017:17:03:08][localhost-startStop-1]: 
init: before makeConnection errorIfDown is 
false[22/Aug/2017:17:03:08][localhost-startStop-1]: makeConnection: errorIfDown 
false[22/Aug/2017:17:03:08][localhost-startStop-1]: init: before makeConnection 
errorIfDown is false[22/Aug/2017:17:03:08][localhost-startStop-1]: 
makeConnection: errorIfDown false[22/Aug/2017:17:03:08][profileChangeMonitor]: 
Start Profile Creation - caDirUserRenewal caEnrollImpl 
com.netscape.cms.profile.common.CAEnrollProfile[22/Aug/2017:17:03:08][profileChangeMonitor]:
 Done Profile Creation - 
caDirUserRenewal[22/Aug/2017:17:03:08][profileChangeMonitor]: Start Profile 
Creation - IECUserRoles caEnrollImpl 
com.netscape.cms.profile.common.CAEnrollProfile[22/Aug/2017:17:03:08][profileChangeMonitor]:
 Done Profile Creation - 
IECUserRoles[22/Aug/2017:17:03:08][localhost-startStop-1]: init: before 
makeConnection errorIfDown is 
false[22/Aug/2017:17:03:08][localhost-startStop-1]: makeConnection: errorIfDown 
false[22/Aug/2017:17:03:09][localhost-startStop-1]: init: before makeConnection 
errorIfDown is false[22/Aug/2017:17:03:09][localhost-startStop-1]: 
makeConnection: errorIfDown false[22/Aug/2017:17:03:09][localhost-startStop-1]: 
init: before makeConnection errorIfDown is 
false[22/Aug/2017:17:03:09][localhost-startStop-1]: makeConnection: errorIfDown 
false[22/Aug/2017:17:03:09][localhost-startStop-1]: DBSubsystem: getNextRange. 
Unable to provide next range :netscape.ldap.LDAPException: error result 
(68)[22/Aug/2017:17:13:08][SerialNumberUpdateTask]: DBSubsystem: getNextRange. 
Unable to provide next range :netscape.ldap.LDAPException: error result (68)
this has failed on every Centos 7 and Fedora 26 server that we have available 
so doesn't seem like problem with particular versions.
Can someone please suggest as to what the problem might be here. 
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to