Thats a pretty strange error. The ports there are supposed to be reserved for pki_ca_port_t.
Can you do the following for each of the ports? semanage port -l |grep 9443 Its probably best to completely remove the replica. You could try use dogtag specific commands to uninstall and install the ca - but then the rest of the ipa install scripts would be confused. Ade On Wed, 2012-02-29 at 13:44 -0500, Dan Scott wrote: > Anyone have any suggestions for how I can fix this? > > Dan > > On Mon, Feb 27, 2012 at 21:06, Dan Scott <danieljamessc...@gmail.com> wrote: > > Hi, > > > > I'm having another problem with replica installation - just the CA this time > > > > It looks like there's a problem with SELinux and the pki-ca service: > > > > After configuration, the server can be operated by the command: > > > > /bin/systemctl restart pki-cad@pki-ca.service > > > > > > 2012-02-27 20:33:45,729 DEBUG stderr=[error] Failed setting selinux > > context pki_ca_port_t for 9180. Port already defined otherwise. > > [error] Failed setting selinux context pki_ca_port_t for 9701. Port > > already defined otherwise. > > [error] Failed setting selinux context pki_ca_port_t for 9443. Port > > already defined otherwise. > > [error] Failed setting selinux context pki_ca_port_t for 9444. Port > > already defined otherwise. > > [error] Failed setting selinux context pki_ca_port_t for 9446. Port > > already defined otherwise. > > [error] Failed setting selinux context pki_ca_port_t for 9445. Port > > already defined otherwise. > > [error] Failed setting selinux context pki_ca_port_t for 9447. Port > > already defined otherwise. > > [error] FAILED run_command("/bin/systemctl restart > > pki-cad@pki-ca.service"), exit status=1 output="Job failed. See system > > logs and 'systemctl status' for details." > > > > 2012-02-27 20:33:45,729 DEBUG duration: 6 seconds > > 2012-02-27 20:33:45,730 DEBUG [3/11]: configuring certificate server > > instance > > [clip] > > 2012-02-27 20:33:46,159 DEBUG stdout=libpath=/usr/lib64 > > ####################################################################### > > CRYPTO INIT WITH CERTDB:/tmp/tmp-cDdVph > > tokenpwd:XXXXXXXX > > ############################################# > > Attempting to connect to: fileserver3.example.com:9445 > > Exception in LoginPanel(): java.lang.NullPointerException > > ERROR: ConfigureCA: LoginPanel() failure > > ERROR: unable to create CA > > > > ####################################################################### > > > > 2012-02-27 20:33:46,159 DEBUG stderr=Exception: Unable to Send > > Request:java.net.ConnectException: Connection refused > > java.net.ConnectException: Connection refused > > at java.net.PlainSocketImpl.socketConnect(Native Method) > > at > > java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:327) > > at > > java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:193) > > at > > java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:180) > > at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:384) > > at java.net.Socket.connect(Socket.java:546) > > at java.net.Socket.connect(Socket.java:495) > > at java.net.Socket.<init>(Socket.java:392) > > at java.net.Socket.<init>(Socket.java:235) > > at HTTPClient.sslConnect(HTTPClient.java:326) > > at ConfigureCA.LoginPanel(ConfigureCA.java:244) > > at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157) > > at ConfigureCA.main(ConfigureCA.java:1672) > > java.lang.NullPointerException > > at ConfigureCA.LoginPanel(ConfigureCA.java:245) > > at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157) > > at ConfigureCA.main(ConfigureCA.java:1672) > > > > /var/log/messages contains the following: > > > > Feb 27 20:40:45 localhost kpasswd[2198]: Error receiving request (104) > > Connection reset by peer > > Feb 27 20:57:26 localhost pkicontrol[2778]: /usr/bin/runcon: invalid > > context: system_u:system_r:pki_ca_script_t:s0: Invalid argument > > Feb 27 20:57:26 localhost systemd[1]: pki-cad@pki-ca.service: control > > process exited, code=exited status=1 > > Feb 27 20:57:26 localhost systemd[1]: Unit pki-cad@pki-ca.service > > entered failed state. > > > > This is a fresh install of Fedora 16. There are no updates to apply. > > > > Any ideas? > > > > One more thing. Is there a way to remove and reinstall just the CA? Or > > do I have to completely remove and re-install the entire IPA replica? > > i.e. Is there something like ipa-ca-install --uninstall I couldn't see > > the option anywhere. > > > > Thanks, > > > > Dan > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users