Sorry, forgot to copy the list.

On Wed, Nov 16, 2011 at 12:17, Dan Scott <danieljamessc...@gmail.com> wrote:
> On Wed, Nov 16, 2011 at 10:39, Rob Crittenden <rcrit...@redhat.com> wrote:
>> Dan Scott wrote:
>>>
>>> On Wed, Nov 16, 2011 at 09:23, Rob Crittenden<rcrit...@redhat.com>  wrote:
>>>>
>>>> Dan Scott wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> I receive the following error when I try to remove a host from IPA:
>>>>>
>>>>> djscott@pc35:~$ ipa host-del pc60
>>>>> ipa: ERROR: Certificate operation cannot be completed: Unable to
>>>>> communicate with CMS (Not Found)
>>>>>
>>>>> I'm running a Fedora 16 (freeipa-server-2.1.3-5.fc16.x86_64) server
>>>>> replicated with a Fedora 15 (freeipa-server-2.1.3-2.fc15.i686) server.
>>>>>
>>>>> I've looked at this:
>>>>>
>>>>> https://fedorahosted.org/freeipa/ticket/1889
>>>>>
>>>>> But it looks like it was fixed in 2.1.2 or 2.1.3. Any ideas for what I
>>>>> need to do?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Dan
>>>>
>>>> This would suggest that dogtag isn't running. Is dogtag and its LDAP
>>>> instance up?
>>>
>>> It seems to be, there are 2 entries 'loaded active running' for the
>>> dirsrv@ instances. I don't see any errors in the
>>> /var/log/dirsrv/slapd-PKI-IPA/errors file.
>>>
>>> Tomcat is running too.
>>>
>>> Dan
>>
>> Hmm, ok, lets see if we can talk to the cert system at all.
>>
>> $ ipa cert-show 1
>
> fileserver1 is the IPA server with PKI-IPA running:
>
> [root@fileserver1 ~]# ipa cert-show 1
> ipa: ERROR: Certificate operation cannot be completed: Unable to
> communicate with CMS (Not Found)
>
> SELinux is my normal culprit when things don't work. It may be so in
> this case. My /var/log/audit/audit.log hasn't changed since 11th
> November.....
>
> Unfortunately, temporarily disabling it doesn't seem to help:
>
> [root@fileserver1 ~]# setenforce Permissive
> [root@fileserver1 ~]# ipa cert-show 1
> ipa: ERROR: Certificate operation cannot be completed: Unable to
> communicate with CMS (Not Found)
>
> What processes should be running for the certificate server? I have
> the ns-slapd process and tomcat6 running. The tomcat logs are empty.

Huh, also found the following:

[root@fileserver1 ~]# package-cleanup --orphans
dogtag-pki-ca-theme-9.0.9-1.fc15.noarch
dogtag-pki-common-theme-9.0.9-1.fc15.noarch

Dan

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to