Chris Tobey wrote:
Hi Rob,

Thanks for taking the time to look at this.

I have services in /etc/init.d/ named tomcat6 and pki-cad.

I tried the following:
-
     [Thu Jun 04 14:38:16:/etc/init.d]$ service tomcat6 status
     tomcat6 is stopped                                         [  OK  ]
     [Thu Jun 04 14:38:23:/etc/init.d]$ service tomcat6 start
     Starting tomcat6:                                          [  OK  ]
     [Thu Jun 04 14:38:29:/etc/init.d]$ service tomcat6 status
     tomcat6 (pid 10853) is running...                          [  OK  ]
     [Thu Jun 04 14:38:40:/etc/init.d]$ service pki-cad status
     pki-ca (pid 1793) is running...                            [  OK  ]
         Unsecure Port       = http://chimera.server.com:9180/ca/ee/ca
         Secure Agent Port   = https://chimera.server.com:9443/ca/agent/ca
         Secure EE Port      = https://chimera.server.com:9444/ca/ee/ca
         Secure Admin Port   = https://chimera.server.com:9445/ca/services
         EE Client Auth Port = https://chimera.server.com:9446/ca/eeca/ca
         PKI Console Port    = pkiconsole https://chimera.server.com:9445/ca
         Tomcat Port         = 9701 (for shutdown)

         PKI Instance Name:   pki-ca

         PKI Subsystem Type:  Root CA (Security Domain)

         Registered PKI Security Domain Information:

==========================================================================
         Name:  IPA
         URL:   https://chimera.server.com:443

==========================================================================

Ok, you didn't specify a version so I took a stab in the dark on the service name. So I gather you're running 3.0.0?

You'll need to dive into the catalina.log and debug logs in /var/log/pki-ca. This means that tomcat started but the webapp didn't. This is usually the audit subsystem kicking in but recently someone else had this issue and a simple ipactl restart fixed it for him.

rob

-

After this I am able to create new hosts on my Foreman server!

There are now a few questions:
1. I am not sure why the tomcat6 service was stopped, if it is required to
be running.
2. I am not sure why a reboot of the server did not auto-start tomcat6.
3. When navigating the web GUI for FreeIPA and clicking on a host, I still
see the popup message in the subject of this thread.

I have not yet tried rebooting the FreeIPA (chimera) and Puppet/Foreman
(puppetmaster) servers yet. When I have some downtime I will try that and
see what happens in regards to questions 2 and 3.

Thanks,
-Chris Tobey

-----Original Message-----
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: June-04-15 10:35 AM
To: Chris Tobey; 'Martin Kosek'; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] IPA Error 4301: Certificate operation cannot be
completed: Unable to communicate with CMS (Not Found)

Apache proxies to dogtag, so a Not Found means that dogtag either isn't
running or its webapp wasn't loaded.

I'd start by restarting pki-tomcatd@pki-tomcat.service and see if that
helps.

Otherwise you'll need to poke around in the debug long in
/var/lib/pki-ca/<something>

rob


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to