On Wed, Feb 20, 2013 at 8:40 AM, Simo Sorce <s...@redhat.com> wrote: > On Wed, 2013-02-20 at 08:08 -0500, Bret Wortman wrote: > > Digging further into my logs this morning, I've discovered that > > there's no new entries in /var/log/dirsrv/slapd-PKI-IPA since Feb 5 > > either. How can I tell why this isn't > > running? /var/log/dirsrv/slapd-MY-COM is getting updated and logged > > to, it's just the PKI piece that seems to be dead. > > > > > > Nothing in /etc/pki-ca has changed since last year, and the last > > updates to /var/lib/dirsrv/slapd-PKI-IPA/db or changelogs occurred on > > Feb 5. I just can't tell what that change was.... > > What error do you get if you try to start it ? >
[root@oldmaster]# pkicontrol start ca PKI-IPA PKI-IPA is an invalid 'pki-ca' instance [root@oldmaster]# Is there another, preferred way to start it? > > > > Would a key change or certificate change have affected this? > > An expired CA cert might cause the server to stop, but then you would > see expired certs all over and also the main IPA instance would not > start. > > > > Worst case, if I do something like this: > > > > > > # ipa-server-install -U --uninstall > > # ipa-server-install > > > You will completely obliterate all your data. > > > will I lose the hosts, policies & users I already have configured? > > Does this stand a chance of getting me back up to where I can clone > > this box and get healthy again? > > > Healthy will be, but with no data, don't do it. (and I suggest you make > a full backup just in case) > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users