CentOS7.1 with IPA server 4.1. "ipa-replica-install --setup-ca --setup-dns ..." fails with this error message: ----- [2/22]: configuring certificate server instance ipa : CRITICAL failed to configure ca instance Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpaUGoKX'' returned non-zero exit status 1 [error] RuntimeError: Configuration of CA failed -----
ipareplica-install.log shows this: ----- 2015-04-29T13:40:11Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2015-04-29T13:40:11Z DEBUG Starting external process 2015-04-29T13:40:11Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpaUGoKX' 2015-04-29T13:40:51Z DEBUG Process finished, return code=1 2015-04-29T13:40:51Z DEBUG stdout=Loading deployment configuration from /tmp/tmpaUGoKX. Installing CA into /var/lib/pki/pki-tomcat. Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg. Installation failed. 2015-04-29T13:40:51Z DEBUG stderr=pkispawn : ERROR ....... Exception from Java Configuration Servlet: Error in populating database: Could not connect to LDAP server host mrip a2.mr.ric port 389 Error netscape.ldap.LDAPException: failed to connect to server ldap://mripa2.mr.ric:389 (91) 2015-04-29T13:40:51Z CRITICAL failed to configure ca instance Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpaUGoKX'' returned non-zero exit status 1 2015-04-29T13:40:51Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 382, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 372, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 673, in __spawn_instance raise RuntimeError('Configuration of CA failed') RuntimeError: Configuration of CA failed ----- I hope this is enough information. Thanks in advance, Qing Chang
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project