On 3/17/15 12:14 PM, Dmitri Pal wrote:
On 03/17/2015 12:12 PM, Janelle wrote:
On 3/17/15 9:06 AM, Martin Kosek wrote:
On 03/17/2015 04:35 PM, Janelle wrote:
Hello,

I have a server - a master (has CA) - and it does not want to restart after it has been running sometime. pki-tomcatd keeps failing. It starts up with these errors, then adds a lot more. Maybe this might point you to something that is
know or a place I can start looking?

Any ideas?
~J

Mar 17, 2015 8:21:03 AM org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'enableOCSP' to 'false' did not find a matching property.

Mar 17, 2015 8:21:03 AM org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspResponderURL' to 'http://ipa-server.example.com:9080/ca/ocsp' did not find
a matching property.

Mar 17, 2015 8:21:03 AM org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspResponderCertNickname' to 'ocspSigningCert cert-pki-ca' did not find a
matching property.

Mar 17, 2015 8:21:03 AM org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspCacheSize' to '1000' did not find a matching property.

Mar 17, 2015 8:21:03 AM org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMinCacheEntryDuration' to '60' did not find a matching property.

Mar 17, 2015 8:21:03 AM org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMaxCacheEntryDuration' to '120' did not find a matching property.

Mar 17, 2015 8:21:03 AM org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspTimeout' to '10' did not find a matching property.

Mar 17, 2015 8:21:03 AM org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'strictCiphers' to 'true' did not find a matching property.
Mar 17, 2015 8:21:03 AM org.apache.catalina.startup.SetAllPropertiesRule begin

WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'sslOptions' to 'ssl2=true,ssl3=true,tls=true' did not find a matching property.

CCing folks from Dogtag team to know about this issue. However, I think you will need to provide more information before we continue with issues - like
version of FreeIPA, pki-ca packages, what system you are running it on
(Fedora/RHEL/CentOS/...) and maybe whole logs pasted somewhere (system and
catalina.out logs are usually most interesting ones).
My bad --

CentOS 7
FreeIPA 4.1.3 from mosek

The strange thing is -- 12 other servers - 3 of which are CA masters and no issues,

~J

Just some areas to check:
- versions of dogtag package
- versions of nss package

pki-tools-10.1.2-7.1.el7.centos.x86_64
dogtag-pki-server-theme-10.1.1-1.el7.centos.noarch
pki-server-10.1.2-7.1.el7.centos.noarch
krb5-pkinit-1.12.2-9.el7.centos.x86_64
pki-base-10.1.2-7.1.el7.centos.noarch
pki-ca-10.1.2-7.1.el7.centos.noarch

mod_nss-1.0.8-32.el7.x86_64
nss-sysinit-3.16.2.3-2.el7_0.x86_64
python-nss-0.15.0-1.el7.centos.x86_64
nss-softokn-3.16.2.3-1.el7_0.x86_64
nss-softokn-freebl-3.16.2.3-1.el7_0.x86_64
nss-tools-3.16.2.3-2.el7_0.x86_64
nss-util-3.16.2.3-1.el7_0.x86_64
nss-3.16.2.3-2.el7_0.x86_64

Anything? All the servers are identical.

~J

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to