I am having a very difficult time getting the ipa server installed on our test server.
CentOS release 6.6 (Final) Linux test1-vm.example.com 2.6.32-504.3.3.el6.x86_64 #1 SMP Wed Dec 17 01:55:02 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux ipa-server-3.0.0-42.el6.centos.x86_64 I tried to reinstall pki-selinux, reboot, relabel and that didn't help yum reinstall pki-selinux I reviewed a number of threads and didn't seem to see my issue of Request:java.net.ConnectException: Connection refused at step 2/20 https://www.redhat.com/archives/freeipa-users/2014-April/msg00278.html Any suggestions would be greatly appreciated. I used: ipa-server-install --no-ntp Continue to configure the system with these values? [no]: yes The following operations may take some minutes to complete. Please wait until the prompt is returned. Configuring directory server for the CA (pkids): Estimated time 30 seconds [1/3]: creating directory server user [2/3]: creating directory server instance [3/3]: restarting directory server Done configuring directory server for the CA (pkids). Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds [1/20]: creating certificate server user [2/20]: configuring certificate server instance ipa : CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname test1-vm.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-WQ28_w -client_certdb_pwd XXXXXXXX -preop_pin MvLsuha0GPxvJSnYoL5u -domain_name IPA -admin_user admin -admin_email root@localhost -admin_XXXXXXXX XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host test1-vm.example.com -ldap_port 7389 -bind_dn cn=Directory Manager -bind_XXXXXXXX XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM -ca_server_cert_subject_name CN=test1-vm.example.com,O=EXAMPLE.COM -ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM -ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM -external false -clone false' returned non-zero exit status 255 Configuration of CA failed install log: [root@test1-vm log]# cat ipaserver-install.log 2015-01-13T19:47:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2015-01-13T19:47:59Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2015-01-13T19:47:59Z DEBUG httpd is not configured 2015-01-13T19:47:59Z DEBUG kadmin is not configured 2015-01-13T19:47:59Z DEBUG dirsrv is not configured 2015-01-13T19:47:59Z DEBUG pki-cad is not configured 2015-01-13T19:47:59Z DEBUG pki-tomcatd is not configured 2015-01-13T19:47:59Z DEBUG pkids is not configured 2015-01-13T19:47:59Z DEBUG install is not configured 2015-01-13T19:47:59Z DEBUG krb5kdc is not configured 2015-01-13T19:47:59Z DEBUG ntpd is not configured 2015-01-13T19:47:59Z DEBUG named is not configured 2015-01-13T19:47:59Z DEBUG ipa_memcached is not configured 2015-01-13T19:47:59Z DEBUG filestore is tracking no files 2015-01-13T19:47:59Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-01-13T19:47:59Z DEBUG /usr/sbin/ipa-server-install was invoked with options: {'zone_refresh': 0, 'reverse_zone': None, 'realm_name': None, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': False, 'subject': None, 'no_forwarders': False, 'persistent_search': True, 'ui_redirect': True, 'domain_name': None, 'idmax': 0, 'hbac_allow': False, 'no_reverse': False, 'dirsrv_pkcs12': None, 'unattended': False, 'selfsign': False, 'trust_sshfp': False, 'external_ca_file': None, 'no_host_dns': False, 'http_pkcs12': None, 'zone_notif': False, 'forwarders': None, 'idstart': 1844800000, 'external_ca': False, 'ip_address': None, 'conf_ssh': True, 'serial_autoincrement': True, 'zonemgr': None, 'setup_dns': False, 'host_name': None, 'debug': False, 'external_cert_file': None, 'uninstall': False} 2015-01-13T19:47:59Z DEBUG missing options might be asked for interactively later 2015-01-13T19:47:59Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2015-01-13T19:47:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2015-01-13T19:47:59Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS 2015-01-13T19:47:59Z DEBUG stdout=VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: _default_:8443 test1-vm.example.com (/etc/httpd/conf.d/nss.conf:84) 2015-01-13T19:47:59Z DEBUG stderr=Syntax OK 2015-01-13T19:48:02Z DEBUG Check if test1-vm.example.com is a primary hostname for localhost 2015-01-13T19:48:02Z DEBUG Primary hostname for localhost: test1-vm.example.com 2015-01-13T19:48:02Z DEBUG Search DNS for test1-vm.example.com 2015-01-13T19:48:02Z DEBUG Check if test1-vm.example.com. is not a CNAME 2015-01-13T19:48:02Z DEBUG Check reverse address of 123.12.12.166 2015-01-13T19:48:02Z DEBUG Found reverse name: test1-vm.example.com 2015-01-13T19:48:02Z DEBUG will use host_name: test1-vm.example.com 2015-01-13T19:48:03Z DEBUG read domain_name: example.com 2015-01-13T19:48:03Z DEBUG args=/sbin/ip -family inet -oneline address show 2015-01-13T19:48:03Z DEBUG stdout=1: lo inet 127.0.0.1/8 scope host lo 2: eth0 inet 123.12.12.166/25 brd 123.12.12.255 scope global eth0 2015-01-13T19:48:03Z DEBUG stderr= 2015-01-13T19:48:03Z DEBUG read realm_name: EXAMPLE.COM 2015-01-13T19:48:11Z DEBUG will use dns_forwarders: () 2015-01-13T19:48:14Z DEBUG importing all plugin modules in '/usr/lib/python2.6/site-packages/ipalib/plugins'... 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/idrange.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py' 2015-01-13T19:48:14Z DEBUG args=klist -V 2015-01-13T19:48:14Z DEBUG stdout=Kerberos 5 version 1.10.3 2015-01-13T19:48:14Z DEBUG stderr= 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/role.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/trust.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/user.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py' 2015-01-13T19:48:14Z DEBUG importing all plugin modules in '/usr/lib/python2.6/site-packages/ipaserver/install/plugins'... 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/adtrust.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/baseupdate.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/dns.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/fix_replica_agreements.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/rename_managed.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/update_anonymous_aci.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/update_services.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/updateclient.py' 2015-01-13T19:48:14Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/upload_cacrt.py' 2015-01-13T19:48:15Z DEBUG ds group dirsrv exists 2015-01-13T19:48:15Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2015-01-13T19:48:15Z DEBUG Configuring directory server for the CA (pkids): Estimated time 30 seconds 2015-01-13T19:48:15Z DEBUG [1/3]: creating directory server user 2015-01-13T19:48:15Z DEBUG ds user pkisrv exists 2015-01-13T19:48:15Z DEBUG duration: 0 seconds 2015-01-13T19:48:15Z DEBUG [2/3]: creating directory server instance 2015-01-13T19:48:15Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2015-01-13T19:48:15Z DEBUG writing inf template 2015-01-13T19:48:15Z DEBUG [General] FullMachineName= test1-vm.example.com SuiteSpotUserID= pkisrv SuiteSpotGroup= dirsrv ServerRoot= /usr/lib64/dirsrv [slapd] ServerPort= 7389 ServerIdentifier= PKI-IPA Suffix= dc=example,dc=com RootDN= cn=Directory Manager ConfigFile = /usr/share/pki/ca/conf/database.ldif 2015-01-13T19:48:15Z DEBUG calling setup-ds.pl 2015-01-13T19:48:31Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmp33xewh 2015-01-13T19:48:31Z DEBUG stdout=[15/01/13:14:48:31] - [Setup] Info Your new DS instance 'PKI-IPA' was successfully created. Your new DS instance 'PKI-IPA' was successfully created. [15/01/13:14:48:31] - [Setup] Success Exiting . . . Log file is '-' Exiting . . . Log file is '-' 2015-01-13T19:48:31Z DEBUG stderr= 2015-01-13T19:48:31Z DEBUG completed creating ds instance 2015-01-13T19:48:31Z DEBUG duration: 15 seconds 2015-01-13T19:48:31Z DEBUG [3/3]: restarting directory server 2015-01-13T19:48:34Z DEBUG args=/sbin/service dirsrv restart PKI-IPA 2015-01-13T19:48:34Z DEBUG stdout=Shutting down dirsrv: PKI-IPA... [ OK ] Starting dirsrv: PKI-IPA... [ OK ] 2015-01-13T19:48:34Z DEBUG stderr= 2015-01-13T19:48:34Z DEBUG args=/sbin/service dirsrv status PKI-IPA 2015-01-13T19:48:34Z DEBUG stdout=dirsrv PKI-IPA (pid 2126) is running... 2015-01-13T19:48:34Z DEBUG stderr= 2015-01-13T19:48:34Z DEBUG wait_for_open_ports: localhost [7389] timeout 300 2015-01-13T19:48:34Z DEBUG args=/sbin/service dirsrv status PKI-IPA 2015-01-13T19:48:34Z DEBUG stdout=dirsrv PKI-IPA (pid 2126) is running... 2015-01-13T19:48:34Z DEBUG stderr= 2015-01-13T19:48:34Z DEBUG duration: 3 seconds 2015-01-13T19:48:34Z DEBUG Done configuring directory server for the CA (pkids). 2015-01-13T19:48:34Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2015-01-13T19:48:34Z DEBUG Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds 2015-01-13T19:48:34Z DEBUG [1/20]: creating certificate server user 2015-01-13T19:48:34Z DEBUG ca user pkiuser exists 2015-01-13T19:48:34Z DEBUG duration: 0 seconds 2015-01-13T19:48:34Z DEBUG [2/20]: configuring certificate server instance 2015-01-13T19:48:37Z DEBUG args=/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname test1-vm.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-WQ28_w -client_certdb_pwd XXXXXXXX -preop_pin MvLsuha0GPxvJSnYoL5u -domain_name IPA -admin_user admin -admin_email root@localhost -admin_XXXXXXXX XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host test1-vm.example.com -ldap_port 7389 -bind_dn cn=Directory Manager -bind_XXXXXXXX XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM -ca_server_cert_subject_name CN=test1-vm.example.com,O=EXAMPLE.COM -ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM -ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM -external false -clone false 2015-01-13T19:48:37Z DEBUG stdout=libpath=/usr/lib64 ####################################################################### CRYPTO INIT WITH CERTDB:/tmp/tmp-WQ28_w tokenpwd:XXXXXXXX ############################################# Attempting to connect to: test1-vm.example.com:9445 Exception in LoginPanel(): java.lang.NullPointerException ERROR: ConfigureCA: LoginPanel() failure ERROR: unable to create CA ####################################################################### 2015-01-13T19:48:37Z DEBUG stderr=Exception: Unable to Send Request:java.net.ConnectException: Connection refused java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:579) at java.net.Socket.connect(Socket.java:528) at java.net.Socket.<init>(Socket.java:425) at java.net.Socket.<init>(Socket.java:241) at HTTPClient.sslConnect(HTTPClient.java:326) at ConfigureCA.LoginPanel(ConfigureCA.java:244) at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157) at ConfigureCA.main(ConfigureCA.java:1672) java.lang.NullPointerException at ConfigureCA.LoginPanel(ConfigureCA.java:245) at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157) at ConfigureCA.main(ConfigureCA.java:1672) 2015-01-13T19:48:37Z CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname test1-vm.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-WQ28_w -client_certdb_pwd XXXXXXXX -preop_pin MvLsuha0GPxvJSnYoL5u -domain_name IPA -admin_user admin -admin_email root@localhost -admin_XXXXXXXX XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host test1-vm.example.com -ldap_port 7389 -bind_dn cn=Directory Manager -bind_XXXXXXXX XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM -ca_server_cert_subject_name CN=test1-vm.example.com,O=EXAMPLE.COM -ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM -ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM -external false -clone false' returned non-zero exit status 255 2015-01-13T19:48:37Z INFO File "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 614, in run_script return_value = main_function() File "/usr/sbin/ipa-server-install", line 942, in main subject_base=options.subject) File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 626, in configure_instance self.start_creation(runtime=210) File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 358, in start_creation method() File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 888, in __configure_instance raise RuntimeError('Configuration of CA failed') 2015-01-13T19:48:37Z INFO The ipa-server-install command failed, exception: RuntimeError: Configuration of CA failed [root@test1-vm log]# -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project