On Wed, Feb 20, 2013 at 8:40 AM, Simo Sorce <s...@redhat.com> wrote:
> On Wed, 2013-02-20 at 08:08 -0500, Bret Wortman wrote:
> > Digging further into my logs this morning, I've discovered that
> > there's no new entries in /var/log/dirsrv/slapd-PKI-IPA since Feb 5
> > either. How can I tell why this isn't
> > running? /var/log/dirsrv/slapd-MY-COM is getting updated and logged
> > to, it's just the PKI piece that seems to be dead.
> > Nothing in /etc/pki-ca has changed since last year, and the last
> > updates to /var/lib/dirsrv/slapd-PKI-IPA/db or changelogs occurred on
> > Feb 5. I just can't tell what that change was....
> What error do you get if you try to start it ?
[root@oldmaster]# pkicontrol start ca PKI-IPA
PKI-IPA is an invalid 'pki-ca' instance
Is there another, preferred way to start it?
> > Would a key change or certificate change have affected this?
> An expired CA cert might cause the server to stop, but then you would
> see expired certs all over and also the main IPA instance would not
> > Worst case, if I do something like this:
> > # ipa-server-install -U --uninstall
> > # ipa-server-install
> You will completely obliterate all your data.
> > will I lose the hosts, policies & users I already have configured?
> > Does this stand a chance of getting me back up to where I can clone
> > this box and get healthy again?
> Healthy will be, but with no data, don't do it. (and I suggest you make
> a full backup just in case)
> Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list