Steven Jones wrote:

This is F14, guess you missed the hostnames...

It is not safe to assume based on hostname which is why I also asked.

Your problem is this:

Unable to Send No route to host No route to host

It looks to be resolving to a very strange reverse, :-1?

Posting Query =
RESPONSE STATUS:  HTTP/1.1 302 Moved Temporarily
RESPONSE HEADER:  Server: Apache-Coyote/1.1
RESPONSE HEADER:  Location: https://:-1/

Can you double-check that /etc/hosts is set up correctly?




From: [] on 
behalf of Martin Kosek []
Sent: Tuesday, 29 March 2011 9:09 p.m.
Subject: Re: [Freeipa-users] replica install failure....

On Mon, 2011-03-28 at 23:45 +0000, Steven Jones wrote:
Just tried to make a replica and the install failed with,

   [4/11]: configuring certificate server instance
root        : CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname -cs_port 9445 -client_certdb_dir /tmp/tmp-r_2iHV -client_certdb_pwd 'XXXXXXXX' -preop_pin 
nnARxLnIWvR9Aw1RYjRn -domain_name IPA -admin_user admin -admin_email root@localhost -admin_password 'XXXXXXXX' -agent_name 
ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject "CN=ipa-ca-agent,O=IPA.AC.NZ" -ldap_host -ldap_port 7389 -bind_dn "cn=Directory Manager" -bind_password 'XXXXXXXX' -base_dn o=ipaca 
-db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd 'XXXXXXXX' -subsystem_name pki-cad 
-token_name internal -ca_subsystem_cert_subject_name "CN=CA Subsystem,O=IPA.AC.NZ" -ca_ocsp_cert_subject_name "CN=OCSP 
Subsystem,O=IPA.AC.NZ" -ca_server_cert_subject_name ",O=IPA.AC.NZ" 
-ca_audit_signing_cert_subject_name "CN=CA
  udit,O=IPA.AC.NZ" -ca_sign_cert_subject_name "CN=Certificate 
Authority,O=IPA.AC.NZ" -external false -clone true -clone_p12_file ca.p12 
-clone_p12_password 'XXXXXXXX' -sd_hostname -sd_admin_port 9445 
-sd_admin_name admin -sd_admin_password 'XXXXXXXX' -clone_start_tls true -clone_uri' returned non-zero exit status 255
creation of replica failed: Configuration of CA failed

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
[root@fed14-64-ipam002 jonesst1]#

Hello Steven,

can you please send me a version of tomcat6 server on your Fedora 15
with IPA replica?

This is most probably a known issue which was stated in Freeipa v2

[Freeipa-devel] Announcing FreeIPA v2 Server

Known Issues

   * The latest tomcat6 package has not been pushed to updates-testing.
You need tomcat6-6-0.30-5 or higher. The packages can be retrieved from
koji at .
The installation will fail restarting the CA with the current tomcat6
package in Fedora 15.

If this is your case, you may want to install the RPMs from koji or just
install them from rawhide repository.


Freeipa-users mailing list

Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to