Petr, 

        I changed both the host file (actually did that before emailing) and 
now I have changed the DNS manually in LDAP.  I restart ipa and it still fails 
on DNS startup.   It says the following (after I manually start everything 
else) 

May 29 13:16:15 ip- named[9076]: set up managed keys zone for view _default, 
file 'dynamic/managed-keys.bind'
May 29 13:16:15 ip- named[9076]: GSSAPI Error: Unspecified GSS failure.  Minor 
code may provide more information (Server krbtgt/ec2.inter...@example.com not 
found in Kerberos database)
May 29 13:16:15 ip- named[9076]: bind to LDAP server failed: Local error
May 29 13:16:15 ip- named[9076]: loading configuration: failure
May 29 13:16:15 ip- named[9076]: exiting (due to fatal error)  


Thanks, 
_____________________________________________________
John Moyer
Director, IT Operations


On May 29, 2013, at 4:11 AM, Petr Spacek <pspa...@redhat.com> wrote:

> On 29.5.2013 07:42, John Moyer wrote:
>> Yea I replaced both certs, however, in my troubleshooting I've found more 
>> I'll say symptoms or potential problems, which may stem from this or be 
>> independent from it.
>> 
>> 1. Showing this error message on restarting the service:
>>     EXAMPLE-COM...[29/May/2013:05:30:58 +0000] - SSL alert: 
>> CERT_VerifyCertificateNow: verify certificate failed for cert MyIPA of 
>> family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8172 
>> - Peer's certificate issuer has been marked as not trusted by the user.)
>> 
>> 2. This is on an AWS machine, and when I rebooted the internal IP of the 
>> machine changed.  I'm not sure if there are values in the Directory Server 
>> that would have that internal IP in there which would cause a problem.  The 
>> external IP and DNS have stayed the same and I've tried to have all install 
>> values match the external IP or external name for this exact reason.
>> 
>> 3. The named service will no longer start, here are the errors getting put 
>> in the /var/log/messages
>> May 29 05:31:01 ip-10-1-3-5 named[5592]: sizing zone task pool based on 6 
>> zones
>> May 29 05:31:01 ip-10-1-3-5 named[5592]: /etc/named.conf:12: no forwarders 
>> seen; disabling forwarding
>> May 29 05:31:01 ip-10-1-3-5 named[5592]: set up managed keys zone for view 
>> _default, file 'dynamic/managed-keys.bind'
>>  May 29 05:31:19 ip-10-1-3-5 named[5592]: Failed to init credentials (Cannot 
>> contact any KDC for realm 'EXAMPLE.COM')
>>  May 29 05:31:19 ip-10-1-3-5 named[5592]: loading configuration: failure May 
>> 29 05:31:19 ip-10-1-3-5 named[5592]: exiting (due to fatal error)
>> 
>> Any help in a right direction or theory to a right direction would be much 
>> appreciated!
> Problems 2 and 3 might be caused by incorrect IP address in /etc/hosts and 
> IPA DNS. Please correct content of /etc/hosts, start IPA and then correct IP 
> addresses in IPA DNS.
> 
> -- 
> Petr^2 Spacek
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to