John Obaterspok via FreeIPA-users wrote: > Den fre 22 jan. 2021 kl 09:54 skrev John Obaterspok > <[email protected]>: >> >> Hi, >> >> I'm stuck since about a week when I updated to latest ipa-server. It >> seems to be the same problem as Ian had ("FreeIPA centos8 update >> Failed to authenticate to CA REST API"). He seem to resolve this using >> a replicate which I dont have. >> > [... snip ...] > >> [Migrating certificate profiles to LDAP] >> IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run >> command ipa-server-upgrade manually. >> Unexpected error - see /var/log/ipaupgrade.log for details: >> RemoteRetrieveError: Failed to authenticate to CA REST API >> ... >> > ... >> CA subsystem unavailable. Check CA debug >> log.\n\tcom.netscape.cms.tomcat.ProxyRealm.validateRealm(ProxyRealm.java:81)\n\tcom.netscape.cms.tomcat.ProxyRealm.findSecurityConstraints(ProxyRealm.java:149)\n\torg.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:530)\... > > Strange enough, it's working just fine now after the server was > restarted after dnf-automatic update and scheduled reboot. Only thing > I did prior to this was to replace old ipa server name from > sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg + > /etc/pki/pki-tomcat/ca/CS.cfg > > The old server name was when I did a fedora xx to centos 8 migration > using replica. I believe I followed the > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/migrate-7-to-8_migrating > guide
Do you remember what values you changed? rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
