Dan Scott wrote:
On Wed, Nov 16, 2011 at 09:23, Rob Crittenden<rcrit...@redhat.com>  wrote:
Dan Scott wrote:


Hi,

I receive the following error when I try to remove a host from IPA:

djscott@pc35:~$ ipa host-del pc60
ipa: ERROR: Certificate operation cannot be completed: Unable to
communicate with CMS (Not Found)

I'm running a Fedora 16 (freeipa-server-2.1.3-5.fc16.x86_64) server
replicated with a Fedora 15 (freeipa-server-2.1.3-2.fc15.i686) server.

I've looked at this:

https://fedorahosted.org/freeipa/ticket/1889

But it looks like it was fixed in 2.1.2 or 2.1.3. Any ideas for what I
need to do?

Thanks,

Dan

This would suggest that dogtag isn't running. Is dogtag and its LDAP
instance up?

It seems to be, there are 2 entries 'loaded active running' for the
dirsrv@ instances. I don't see any errors in the
/var/log/dirsrv/slapd-PKI-IPA/errors file.

Tomcat is running too.

Dan

Hmm, ok, lets see if we can talk to the cert system at all.

$ ipa cert-show 1

I picked the serial number out of blue sky but for a default install it should be ok. You can also use openssl to dump /etc/ipa/ca.crt to get that serial number to be sure you are getting one that exists.

If this works it means we can communicate with CMS. Then I'd do:

$ ipa host-show pc60

Note the serial number and try showing it directly with cert-show.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to