Dan Scott wrote:
On Wed, Nov 16, 2011 at 09:23, Rob Crittenden<rcrit...@redhat.com> wrote:
Dan Scott wrote:
Hi,
I receive the following error when I try to remove a host from IPA:
djscott@pc35:~$ ipa host-del pc60
ipa: ERROR: Certificate operation cannot be completed: Unable to
communicate with CMS (Not Found)
I'm running a Fedora 16 (freeipa-server-2.1.3-5.fc16.x86_64) server
replicated with a Fedora 15 (freeipa-server-2.1.3-2.fc15.i686) server.
I've looked at this:
https://fedorahosted.org/freeipa/ticket/1889
But it looks like it was fixed in 2.1.2 or 2.1.3. Any ideas for what I
need to do?
Thanks,
Dan
This would suggest that dogtag isn't running. Is dogtag and its LDAP
instance up?
It seems to be, there are 2 entries 'loaded active running' for the
dirsrv@ instances. I don't see any errors in the
/var/log/dirsrv/slapd-PKI-IPA/errors file.
Tomcat is running too.
Dan
Hmm, ok, lets see if we can talk to the cert system at all.
$ ipa cert-show 1
I picked the serial number out of blue sky but for a default install it
should be ok. You can also use openssl to dump /etc/ipa/ca.crt to get
that serial number to be sure you are getting one that exists.
If this works it means we can communicate with CMS. Then I'd do:
$ ipa host-show pc60
Note the serial number and try showing it directly with cert-show.
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
