Bret Wortman wrote:

On 04/28/2014 10:21 AM, Bret Wortman wrote:

On 04/28/2014 08:33 AM, Petr Viktorin wrote:

According to the error you're getting, there is a CA instance already
After uninstalling IPA, destroy it with:
    pkidestroy -s CA -i pki-tomcat

I tried, this, but no joy.

# pkidestroy -s CA -i pki-tomcat
Loading deployment configuration from /var/lib/pki/pki-tomcat
Uninstalling CA from /var/lib/pki/pki-tomcat.
pkidestroy : WARNING ....... this 'CA' entry will NOT be deleted from
security domain 'unknown'!
pkidestroy : ERROR   ....... No security domain defined.
If this is an unconfigured instance, then that is OK.
Otherwise, manually delete the entry from the security domain master.

Uninstallation complete.

And then when I tried to run ipa-server-install, I got the same error
again. I may just wipe the box and start over. It might take less time


This, BTW, is on F20 using freeipa 3.3.4-3 and pki-ca 10.1.1-1 (also

From the ipa-server installation output the error looks the same, but the underlying error should be different when there isn't already a PKI instance.

If the PKI installer fails early enough we don't record that it was installed which is why ipa-server-install --uninstall doesn't remove it. We have a ticket open for this.


Freeipa-users mailing list

Reply via email to