Hi Rob, Thanks for taking the time to look at this.
I have services in /etc/init.d/ named tomcat6 and pki-cad. I tried the following: - [Thu Jun 04 14:38:16:/etc/init.d]$ service tomcat6 status tomcat6 is stopped [ OK ] [Thu Jun 04 14:38:23:/etc/init.d]$ service tomcat6 start Starting tomcat6: [ OK ] [Thu Jun 04 14:38:29:/etc/init.d]$ service tomcat6 status tomcat6 (pid 10853) is running... [ OK ] [Thu Jun 04 14:38:40:/etc/init.d]$ service pki-cad status pki-ca (pid 1793) is running... [ OK ] Unsecure Port = http://chimera.server.com:9180/ca/ee/ca Secure Agent Port = https://chimera.server.com:9443/ca/agent/ca Secure EE Port = https://chimera.server.com:9444/ca/ee/ca Secure Admin Port = https://chimera.server.com:9445/ca/services EE Client Auth Port = https://chimera.server.com:9446/ca/eeca/ca PKI Console Port = pkiconsole https://chimera.server.com:9445/ca Tomcat Port = 9701 (for shutdown) PKI Instance Name: pki-ca PKI Subsystem Type: Root CA (Security Domain) Registered PKI Security Domain Information: ========================================================================== Name: IPA URL: https://chimera.server.com:443 ========================================================================== - After this I am able to create new hosts on my Foreman server! There are now a few questions: 1. I am not sure why the tomcat6 service was stopped, if it is required to be running. 2. I am not sure why a reboot of the server did not auto-start tomcat6. 3. When navigating the web GUI for FreeIPA and clicking on a host, I still see the popup message in the subject of this thread. I have not yet tried rebooting the FreeIPA (chimera) and Puppet/Foreman (puppetmaster) servers yet. When I have some downtime I will try that and see what happens in regards to questions 2 and 3. Thanks, -Chris Tobey -----Original Message----- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: June-04-15 10:35 AM To: Chris Tobey; 'Martin Kosek'; freeipa-users@redhat.com Subject: Re: [Freeipa-users] IPA Error 4301: Certificate operation cannot be completed: Unable to communicate with CMS (Not Found) Apache proxies to dogtag, so a Not Found means that dogtag either isn't running or its webapp wasn't loaded. I'd start by restarting pki-tomcatd@pki-tomcat.service and see if that helps. Otherwise you'll need to poke around in the debug long in /var/lib/pki-ca/<something> rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project