On 3/17/15 12:14 PM, Dmitri Pal wrote:
On 03/17/2015 12:12 PM, Janelle wrote:
On 3/17/15 9:06 AM, Martin Kosek wrote:
On 03/17/2015 04:35 PM, Janelle wrote:
Hello,
I have a server - a master (has CA) - and it does not want to
restart after it
has been running sometime. pki-tomcatd keeps failing. It starts up
with these
errors, then adds a lot more. Maybe this might point you to
something that is
know or a place I can start looking?
Any ideas?
~J
Mar 17, 2015 8:21:03 AM
org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property
'enableOCSP' to 'false' did not find a matching property.
Mar 17, 2015 8:21:03 AM
org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property
'ocspResponderURL' to 'http://ipa-server.example.com:9080/ca/ocsp'
did not find
a matching property.
Mar 17, 2015 8:21:03 AM
org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property
'ocspResponderCertNickname' to 'ocspSigningCert cert-pki-ca' did
not find a
matching property.
Mar 17, 2015 8:21:03 AM
org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property
'ocspCacheSize' to '1000' did not find a matching property.
Mar 17, 2015 8:21:03 AM
org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property
'ocspMinCacheEntryDuration' to '60' did not find a matching property.
Mar 17, 2015 8:21:03 AM
org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property
'ocspMaxCacheEntryDuration' to '120' did not find a matching property.
Mar 17, 2015 8:21:03 AM
org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property
'ocspTimeout' to '10' did not find a matching property.
Mar 17, 2015 8:21:03 AM
org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property
'strictCiphers' to 'true' did not find a matching property.
Mar 17, 2015 8:21:03 AM
org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property
'sslOptions' to 'ssl2=true,ssl3=true,tls=true' did not find a
matching property.
CCing folks from Dogtag team to know about this issue. However, I
think you
will need to provide more information before we continue with issues
- like
version of FreeIPA, pki-ca packages, what system you are running it on
(Fedora/RHEL/CentOS/...) and maybe whole logs pasted somewhere
(system and
catalina.out logs are usually most interesting ones).
My bad --
CentOS 7
FreeIPA 4.1.3 from mosek
The strange thing is -- 12 other servers - 3 of which are CA masters
and no issues,
~J
Just some areas to check:
- versions of dogtag package
- versions of nss package
pki-tools-10.1.2-7.1.el7.centos.x86_64
dogtag-pki-server-theme-10.1.1-1.el7.centos.noarch
pki-server-10.1.2-7.1.el7.centos.noarch
krb5-pkinit-1.12.2-9.el7.centos.x86_64
pki-base-10.1.2-7.1.el7.centos.noarch
pki-ca-10.1.2-7.1.el7.centos.noarch
mod_nss-1.0.8-32.el7.x86_64
nss-sysinit-3.16.2.3-2.el7_0.x86_64
python-nss-0.15.0-1.el7.centos.x86_64
nss-softokn-3.16.2.3-1.el7_0.x86_64
nss-softokn-freebl-3.16.2.3-1.el7_0.x86_64
nss-tools-3.16.2.3-2.el7_0.x86_64
nss-util-3.16.2.3-1.el7_0.x86_64
nss-3.16.2.3-2.el7_0.x86_64
Anything? All the servers are identical.
~J
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
