Dan Scott wrote:
On Wed, Nov 16, 2011 at 09:23, Rob Crittenden<rcrit...@redhat.com>  wrote:
Dan Scott wrote:


I receive the following error when I try to remove a host from IPA:

djscott@pc35:~$ ipa host-del pc60
ipa: ERROR: Certificate operation cannot be completed: Unable to
communicate with CMS (Not Found)

I'm running a Fedora 16 (freeipa-server-2.1.3-5.fc16.x86_64) server
replicated with a Fedora 15 (freeipa-server-2.1.3-2.fc15.i686) server.

I've looked at this:


But it looks like it was fixed in 2.1.2 or 2.1.3. Any ideas for what I
need to do?



This would suggest that dogtag isn't running. Is dogtag and its LDAP
instance up?

It seems to be, there are 2 entries 'loaded active running' for the
dirsrv@ instances. I don't see any errors in the
/var/log/dirsrv/slapd-PKI-IPA/errors file.

Tomcat is running too.


Hmm, ok, lets see if we can talk to the cert system at all.

$ ipa cert-show 1

I picked the serial number out of blue sky but for a default install it should be ok. You can also use openssl to dump /etc/ipa/ca.crt to get that serial number to be sure you are getting one that exists.

If this works it means we can communicate with CMS. Then I'd do:

$ ipa host-show pc60

Note the serial number and try showing it directly with cert-show.


Freeipa-users mailing list

Reply via email to