When I recently updated one of my IPA servers (it reports
4.5.0-21.el7_4.1.2 in yum), the result was that it could not start back up
because pki-tomcatd kept failing.  I was able to get it running for now by
ignoring the failure of that one service, but I haven't been able to to
determine the cause.  The logs are pretty quiet on this one.  They show the
failure itself, but not information that helps me fix the problem.  It also
appears to be causing some weird UI issues.  Without the certificate stuff
working I can't add any new replicas as CAs because it can't send the
needed info to the new server.

I have talked a little bit with Rob Crittenden about this but always run
into an impasse hen trying to find the debug logs.

On Thu, Oct 26, 2017 at 10:25 AM, Florence Blanc-Renaud <f...@redhat.com>
wrote:

> On 10/26/2017 04:58 PM, Kristian Petersen via FreeIPA-users wrote:
>
>> I am having problems with the server that currently is my main CA and was
>> considering trying to switch that function to a different server.  I have
>> tried some of the stuff I found online but the CA role can't be enabled on
>> another server because it is broken on the one that has it right now.
>> Hence the operation fails.  Any other ideas on how to resolve this?  It is
>> OK if I have to abandon my old certificates and generate entirely new one
>> on the new CA server.
>>
>> --
>> Kristian Petersen
>> System Administrator
>> Dept. of Chemistry and Biochemistry
>>
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-le...@lists.fedo
>> rahosted.org
>>
>> Hi,
>
> which issues do you currently have with the CA? Maybe we can help fix the
> CA first.
>
> Flo
>



-- 
Kristian Petersen
System Administrator
Dept. of Chemistry and Biochemistry
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to