Hi, This is F14, guess you missed the hostnames...
regards ________________________________________ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Martin Kosek [mko...@redhat.com] Sent: Tuesday, 29 March 2011 9:09 p.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] replica install failure.... On Mon, 2011-03-28 at 23:45 +0000, Steven Jones wrote: > Just tried to make a replica and the install failed with, > > [4/11]: configuring certificate server instance > root : CRITICAL failed to configure ca instance Command '/usr/bin/perl > /usr/bin/pkisilent ConfigureCA -cs_hostname fed14-64-ipam002.ipa.ac.nz > -cs_port 9445 -client_certdb_dir /tmp/tmp-r_2iHV -client_certdb_pwd > 'XXXXXXXX' -preop_pin nnARxLnIWvR9Aw1RYjRn -domain_name IPA -admin_user admin > -admin_email root@localhost -admin_password 'XXXXXXXX' -agent_name > ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject > "CN=ipa-ca-agent,O=IPA.AC.NZ" -ldap_host fed14-64-ipam002.ipa.ac.nz > -ldap_port 7389 -bind_dn "cn=Directory Manager" -bind_password 'XXXXXXXX' > -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm > SHA256withRSA -save_p12 true -backup_pwd 'XXXXXXXX' -subsystem_name pki-cad > -token_name internal -ca_subsystem_cert_subject_name "CN=CA > Subsystem,O=IPA.AC.NZ" -ca_ocsp_cert_subject_name "CN=OCSP > Subsystem,O=IPA.AC.NZ" -ca_server_cert_subject_name > "CN=fed14-64-ipam002.ipa.ac.nz,O=IPA.AC.NZ" > -ca_audit_signing_cert_subject_name "CN=CA! A! > udit,O=IPA.AC.NZ" -ca_sign_cert_subject_name "CN=Certificate > Authority,O=IPA.AC.NZ" -external false -clone true -clone_p12_file ca.p12 > -clone_p12_password 'XXXXXXXX' -sd_hostname fed14-64-ipam001.ipa.ac.nz > -sd_admin_port 9445 -sd_admin_name admin -sd_admin_password 'XXXXXXXX' > -clone_start_tls true -clone_uri https://fed14-64-ipam001.ipa.ac.nz:9444' > returned non-zero exit status 255 > creation of replica failed: Configuration of CA failed > > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > [root@fed14-64-ipam002 jonesst1]# > Hello Steven, can you please send me a version of tomcat6 server on your Fedora 15 with IPA replica? This is most probably a known issue which was stated in Freeipa v2 announcement: [Freeipa-devel] Announcing FreeIPA v2 Server [snip] Known Issues * The latest tomcat6 package has not been pushed to updates-testing. You need tomcat6-6-0.30-5 or higher. The packages can be retrieved from koji at http://koji.fedoraproject.org/koji/buildinfo?buildID=231410 . The installation will fail restarting the CA with the current tomcat6 package in Fedora 15. [snip] If this is your case, you may want to install the RPMs from koji or just install them from rawhide repository. Regards, Martin _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users