Is this related? https://pagure.io/freeipa/issue/9041
Sent from my iPhone On 22 Dec 2021, at 15:35, Dungan, Scott A. via FreeIPA-users <[email protected]> wrote: Prior to running yum update on one of our IPA servers running RHEL8 version 4.9.6-6, ipa-healthcheck showed no errors. After running the update to 4.9.6-10, healthcheck threw “non-2xx response from CA REST API: 403” errors: [root@ipa1 ~]# ipa-healthcheck --failures-only ra.get_certificate(): Request failed with status 403: Non-2xx response from CA REST API: 403. (403) ra.get_certificate(): Request failed with status 403: Non-2xx response from CA REST API: 403. (403) ra.get_certificate(): Request failed with status 403: Non-2xx response from CA REST API: 403. (403) ra.get_certificate(): Request failed with status 403: Non-2xx response from CA REST API: 403. (403) ra.get_certificate(): Request failed with status 403: Non-2xx response from CA REST API: 403. (403) ra.get_certificate(): Request failed with status 403: Non-2xx response from CA REST API: 403. (403) ra.get_certificate(): Request failed with status 403: Non-2xx response from CA REST API: 403. (403) ra.get_certificate(): Request failed with status 403: Non-2xx response from CA REST API: 403. (403) ra.get_certificate(): Request failed with status 403: Non-2xx response from CA REST API: 403. (403) ra.get_certificate(): Request failed with status 403: Non-2xx response from CA REST API: 403. (403) [ { "source": "ipahealthcheck.dogtag.ca", "check": "DogtagCertsConnectivityCheck", "result": "ERROR", "uuid": "0fcf1f94-16d3-4f33-aabc-446403a8190f", "when": "20211222175722Z", "duration": "0.715360", "kw": { "msg": "Request for certificate failed, Certificate operation cannot be completed: Request failed with status 403: Non-2xx response from CA REST API: 403. (403)" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertRevocation", "result": "ERROR", "uuid": "969b76e2-bda7-4d47-a76b-fa48b59e469f", "when": "20211222175735Z", "duration": "1.208329", "kw": { "key": "20210406003327", "serial": 7, "error": "Certificate operation cannot be completed: Request failed with status 403: Non-2xx response from CA REST API: 403. (403)", "msg": "Request for certificate serial number {serial} in request {key} failed: {error}" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertRevocation", "result": "ERROR", "uuid": "696f34d9-e965-4d23-8a60-192811cedd51", "when": "20211222175735Z", "duration": "1.479161", "kw": { "key": "20210406003320", "serial": 5, "error": "Certificate operation cannot be completed: Request failed with status 403: Non-2xx response from CA REST API: 403. (403)", "msg": "Request for certificate serial number {serial} in request {key} failed: {error}" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertRevocation", "result": "ERROR", "uuid": "bd716c75-de8b-4893-9e6e-f474dcf898a6", "when": "20211222175735Z", "duration": "1.747070", "kw": { "key": "20210406003321", "serial": 2, "error": "Certificate operation cannot be completed: Request failed with status 403: Non-2xx response from CA REST API: 403. (403)", "msg": "Request for certificate serial number {serial} in request {key} failed: {error}" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertRevocation", "result": "ERROR", "uuid": "59815cd0-e48c-47bf-965f-c089bcf0f2dd", "when": "20211222175736Z", "duration": "2.021750", "kw": { "key": "20210406003322", "serial": 4, "error": "Certificate operation cannot be completed: Request failed with status 403: Non-2xx response from CA REST API: 403. (403)", "msg": "Request for certificate serial number {serial} in request {key} failed: {error}" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertRevocation", "result": "ERROR", "uuid": "ea34c649-7823-4c35-b54d-7b3aaf8677c8", "when": "20211222175736Z", "duration": "2.291332", "kw": { "key": "20210406003323", "serial": 1, "error": "Certificate operation cannot be completed: Request failed with status 403: Non-2xx response from CA REST API: 403. (403)", "msg": "Request for certificate serial number {serial} in request {key} failed: {error}" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertRevocation", "result": "ERROR", "uuid": "8ed4da7b-dec9-4dc5-ad05-ac7064181481", "when": "20211222175736Z", "duration": "2.567577", "kw": { "key": "20210406003326", "serial": 3, "error": "Certificate operation cannot be completed: Request failed with status 403: Non-2xx response from CA REST API: 403. (403)", "msg": "Request for certificate serial number {serial} in request {key} failed: {error}" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertRevocation", "result": "ERROR", "uuid": "faf9b70b-333e-4e08-a211-bd887c346d13", "when": "20211222175736Z", "duration": "2.723022", "kw": { "key": "20211130180109", "serial": 20, "error": "Certificate operation cannot be completed: Request failed with status 403: Non-2xx response from CA REST API: 403. (403)", "msg": "Request for certificate serial number {serial} in request {key} failed: {error}" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertRevocation", "result": "ERROR", "uuid": "6f4097a7-c62a-4771-9019-90c3fa8d0e80", "when": "20211222175737Z", "duration": "2.985982", "kw": { "key": "20210406003328", "serial": 8, "error": "Certificate operation cannot be completed: Request failed with status 403: Non-2xx response from CA REST API: 403. (403)", "msg": "Request for certificate serial number {serial} in request {key} failed: {error}" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertRevocation", "result": "ERROR", "uuid": "1e7bfdc0-6dbf-4d0c-a102-86b312c8181e", "when": "20211222175737Z", "duration": "3.136052", "kw": { "key": "20201110192416", "serial": 10, "error": "Certificate operation cannot be completed: Request failed with status 403: Non-2xx response from CA REST API: 403. (403)", "msg": "Request for certificate serial number {serial} in request {key} failed: {error}" } } ] Logging into web ui works, but when clicking through to the Authentication tab, the following error pops: IPA Error 4301: CertificateOperationError Certificate operation cannot be completed: Unable to communicate with CMS (403) About three weeks ago, we had replication issues with this particular server but resolved them with Rob’s help. See the thread here: https://lists.fedorahosted.org/archives/list/[email protected]/message/NXOVGLHLZWU7GQJTPNLSWYYNLHZVF6UT/ Any help would be appreciated. Thanks, Scott _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
