This is F14, guess you missed the hostnames...


From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Martin Kosek [mko...@redhat.com]
Sent: Tuesday, 29 March 2011 9:09 p.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] replica install failure....

On Mon, 2011-03-28 at 23:45 +0000, Steven Jones wrote:
> Just tried to make a replica and the install failed with,
>   [4/11]: configuring certificate server instance
> root        : CRITICAL failed to configure ca instance Command '/usr/bin/perl 
> /usr/bin/pkisilent ConfigureCA -cs_hostname fed14-64-ipam002.ipa.ac.nz 
> -cs_port 9445 -client_certdb_dir /tmp/tmp-r_2iHV -client_certdb_pwd 
> 'XXXXXXXX' -preop_pin nnARxLnIWvR9Aw1RYjRn -domain_name IPA -admin_user admin 
> -admin_email root@localhost -admin_password 'XXXXXXXX' -agent_name 
> ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject 
> "CN=ipa-ca-agent,O=IPA.AC.NZ" -ldap_host fed14-64-ipam002.ipa.ac.nz 
> -ldap_port 7389 -bind_dn "cn=Directory Manager" -bind_password 'XXXXXXXX' 
> -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm 
> SHA256withRSA -save_p12 true -backup_pwd 'XXXXXXXX' -subsystem_name pki-cad 
> -token_name internal -ca_subsystem_cert_subject_name "CN=CA 
> Subsystem,O=IPA.AC.NZ" -ca_ocsp_cert_subject_name "CN=OCSP 
> Subsystem,O=IPA.AC.NZ" -ca_server_cert_subject_name 
> "CN=fed14-64-ipam002.ipa.ac.nz,O=IPA.AC.NZ" 
> -ca_audit_signing_cert_subject_name "CN=CA!
>  udit,O=IPA.AC.NZ" -ca_sign_cert_subject_name "CN=Certificate 
> Authority,O=IPA.AC.NZ" -external false -clone true -clone_p12_file ca.p12 
> -clone_p12_password 'XXXXXXXX' -sd_hostname fed14-64-ipam001.ipa.ac.nz 
> -sd_admin_port 9445 -sd_admin_name admin -sd_admin_password 'XXXXXXXX' 
> -clone_start_tls true -clone_uri https://fed14-64-ipam001.ipa.ac.nz:9444' 
> returned non-zero exit status 255
> creation of replica failed: Configuration of CA failed
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> [root@fed14-64-ipam002 jonesst1]#

Hello Steven,

can you please send me a version of tomcat6 server on your Fedora 15
with IPA replica?

This is most probably a known issue which was stated in Freeipa v2

[Freeipa-devel] Announcing FreeIPA v2 Server

Known Issues

  * The latest tomcat6 package has not been pushed to updates-testing.
You need tomcat6-6-0.30-5 or higher. The packages can be retrieved from
koji at http://koji.fedoraproject.org/koji/buildinfo?buildID=231410 .
The installation will fail restarting the CA with the current tomcat6
package in Fedora 15.

If this is your case, you may want to install the RPMs from koji or just
install them from rawhide repository.


Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to