On 04/15/2016 03:51 PM, Ott, Dennis wrote:
> Looks like we're out of ideas.
> 
> I'll proceed with Plan B.
> 

A possibility is also to check if

Serial number of

certutil -d /etc/pki/pki-tomcat/alias -L -n 'subsystemCert cert-pki-ca'

matches serial number of the cert below (4) and if

uid=CA-$HOST-8443,ou=people,o=ipaca

has actually the same cert in userCertificate attribute

Or maybe to do the same with other PKI users in ou=people,o=ipaca

> -----Original Message-----
> From: Ott, Dennis 
> Sent: Monday, April 11, 2016 12:27 PM
> To: Ott, Dennis; Petr Vobornik; Freeipa-users@redhat.com
> Subject: RE: [Freeipa-users] 7.x replica install from 6.x master fails
> 
> As a test, I attempted to do a replica install on a Fedora 23 machine. It 
> fails with the same error.
> 
> Dennis
> 
> 
> 
> -----Original Message-----
> From: freeipa-users-boun...@redhat.com 
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Ott, Dennis
> Sent: Thursday, April 07, 2016 5:39 PM
> To: Petr Vobornik; Freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] 7.x replica install from 6.x master fails
> 
> It doesn't look like that is my problem. The output of pki-server 
> ca-group-member-find "Subsystem Group" gives:
> 
> 
>   User ID: CA-ptipa1.example.com-9443
>   Common Name: CA-ptipa1.example.com-9443
>   Surname: CA-ptipa1.example.com-9443
>   Type: agentType
>   Description: 2;4;CN=Certificate Authority,O=EXAMPLE.COM;CN=CA 
> Subsystem,O=EXAMPLE.COM
>   E-mail:
> 
> All the certs seem valid:
> 
> # getcert list | grep expires
>         expires: 2017-07-18 00:55:14 UTC
>         expires: 2017-07-18 00:54:14 UTC
>         expires: 2017-07-18 00:54:14 UTC
>         expires: 2017-07-18 00:54:14 UTC
>         expires: 2017-07-18 00:54:14 UTC
>         expires: 2017-08-09 00:54:19 UTC
>         expires: 2017-08-09 00:54:19 UTC
>         expires: 2017-08-09 00:54:21 UTC #
> 
> I was wondering if I might be hitting this:
> 
> http://cp.mcafee.com/d/1jWVIi6x8SyMVuXzX0VMSrhhjhupjvvhdEEFELcFKcECPpISHoHZalxOVIsWqehMGDpMQsyGeWOPtfhktZy0GM-xEGYCXslsttJtVNxeSICPpISr9PCJhbctZ2It9RFfQe00UX7_AJKjBoHYYvhjd79IQh1ysM3d40tY8iEq8zh0qf0XUgBjwNeoalIl-BaMVsQv6QmhPPzNI5-Aq83iSbN_VbqnrFYq6BQQg3K3Ph17RzVmQQgixiuDDCy1Sdljh0VMuq85tFfUCy1Tp7QdK8CQPrNKVJUSyrh
> http://cp.mcafee.com/d/5fHCNEg3zqb3BXKfI3D3pJ55d5VBdZZ4SyyCyYOCUOyrdCPqJyLQFm7bCNPFEV72GtD3hOaEXHbdQZ5hTS82H3W6yHOrJNlNRSRTD64XqOrdCPpIDeqR4INTQaNQDmA_gU03yNmmjBoHYYhod7bVIQh1ysM3d40tY8iEq8zh0qf0XUgBjwNeoalIl-BaMVsQv6QmhPPzNI5-Aq83iSbN_VbqnrFYq6BQQg3K3Ph17RzVmQQgixiuDDCy1Sdljh0VMuq85tFfUCy1Tp7QdK8CQPrNKVJUSyrh
> 
> It says it is fixed in pki 10.2.6. 10.2.6 has been released for Fedora (many 
> months ago), but is not yet available for enterprise.
> 
> Dennis
> 
> 
> 
> 
> -----Original Message-----
> From: Petr Vobornik [mailto:pvobo...@redhat.com]
> Sent: Thursday, April 07, 2016 10:56 AM
> To: Ott, Dennis; Freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] 7.x replica install from 6.x master fails
> 
> Sorry for the late response.
> 
> It looks like a bug 
> http://cp.mcafee.com/d/1jWVIe4xAe3zqb3BXInd7b1EVdCQkkQnCkTTQjqaaqbParza9ISrdGSa_iBosKr7eLqaEF-waI47nQ7LQl8m7f2H3ab0Ggvhv5mtKqek4Q4hPEVwSrdCPpesRG9px1IyaiffTE-wjSvbVgDkMaA6Of08iAwsyCqekhP0US5LD4Qg1CF2IoiaCy0Qub6qAaNx85hZ0DI-nd7NJ5CZNPxI5-Aq83iSbN_VbqnrFYq6BQQg3K3Ph17RzVmQQgixiuDDCy1Sdljh0VMuq85tFfUCy1Tp7QdK8CQPrNKVJUSyrh
> But it should be fixed in pki-core-9.0.3-45.el6_7 so I'm not sure.
> 
> Anyway,
> java.io.IOException: 2 actually means authentication failure.
> 
> The authentication problem might be caused by a missing subsystem user (bug 
> #1225589) and there's already a tool to restore it. However, before running 
> the script, please run this command on the master to verify the
> problem:
> 
> $ pki-server ca-group-member-find "Subsystem Group"
> 
> Ideally it should return a user ID "CA-<hostname>-9443" and the description 
> attribute should contain the subsystem certificate in this format 
> "<version>;<serial>;<issuer DN>;<subject DN>".
> 
> If that's not the case, please run this tool to restore the subsystem user:
> 
> $ python /usr/share/pki/scripts/restore-subsystem-user.py
> 
> Then run this command again to verify the fix:
> 
> $ pki-server ca-group-member-find "Subsystem Group"
> 
> If everything works well, please try installing the replica again.
> 
> Also verify that all certificates in `getcert list` output are not expired.
> 
> 
> On 03/31/2016 09:07 PM, Ott, Dennis wrote:
>> Petr,
>>
>> Original 6.x master installed at:
>>
>> ipa-server-2.1.3-9
>>
>> pki-ca-9.0.3-20
>>
>>
>> At the time the migration was attempted, the 6.x master had been updated to:
>>
>> ipa-server-3.0.0-47
>>
>> pki-ca-9.0.3-45
>>
>>
>> The 7.x replica install has been attempted using a variety of versions. The 
>> log excerpts at the beginning of this email were from an installation 
>> attempt using:
>>
>> ipa-server-4.2.0-15.0.1
>>
>> pki-ca-10.2.5-6
>>
>>
>> It's a standard CA installation. This line is from 
>> /var/log/ipaserverinstall.log showing selfsign as False:
>>
>> 2013-09-04T18:41:20Z DEBUG /usr/sbin/ipa-server-install was invoked 
>> with options: {'zone_refresh': 0, 'reverse_zone': None, 'realm_name':
>> None, 'create_sshfp': True, 'conf_sshd': False, 'conf_ntp': False,
>> 'subject': None, 'no_forwarders': False, 'persistent_search': True,
>> 'ui_redirect': True, 'domain_name': None, 'idmax': 0, 'hbac_allow': 
>> True, 'no_reverse': False, 'dirsrv_pkcs12': None, 'unattended': False,
>> 'selfsign': False, 'trust_sshfp': False, 'external_ca_file': None,
>> 'no_host_dns': False, 'http_pkcs12': None, 'zone_notif': False,
>> 'forwarders': None, 'idstart': 900000000, 'external_ca': False,
>> 'ip_address': None, 'conf_ssh': False, 'serial_autoincrement': True,
>> 'zonemgr': None, 'setup_dns': False, 'host_name': None, 'debug': 
>> False, 'external_cert_file': None, 'uninstall': False} 
>> 2013-09-04T18:41:20Z DEBUG missing options might be asked for 
>> interactively later
>>
>>
>> -----Original Message-----
>> From: Petr Vobornik [mailto:pvobo...@redhat.com]
>> Sent: Tuesday, March 29, 2016 6:43 AM
>> To: Ott, Dennis; Freeipa-users@redhat.com
>> Subject: Re: [Freeipa-users] 7.x replica install from 6.x master fails
>>
>> On 03/24/2016 04:29 PM, Ott, Dennis wrote:
>>> I am trying to migrate from OS 6.x / IPA 3.0 to OS 7.x / IPA 4.x. 
>>> After working through and solving a few issues, my current efforts 
>>> fail when setting up the replica CA.
>>>
>>> If I set up a new, pristine master on OS 6.7, I am able to create an 
>>> OS 7.x replica without any problem. However, if I try to create a 
>>> replica from my two year old test lab instance (production will be 
>>> another matter for the future) it fails. The test lab master was 
>>> created a couple of years ago on OS 6.3 / IPA 2.x and has been 
>>> upgraded to the latest versions in the 6.x chain. It is old enough to 
>>> have had all the certificates renewed, but I believe I have worked through 
>>> all the issues related to that.
>>>
>>> Below is what I believe are the useful portions of the pertinent logs. 
>>> I’ve not been able to find anything online that speaks to the errors 
>>> I am seeing
>>>
>>> Thanks for your help.
>>
>> Hello Dennis,
>>
>> what are the exact versions of pki-ca and ipa-server on the 6.x master and 
>> 7.x replica?
>>
>> What kind of CA installation does the old 6.x master install have? Is 
>> standard installation with CA or does it also use external CA?
>>
>> I assume it is not self-sign (very old unsupported type, which could be 
>> converted in 7.x as CA-less).
>>
>>>
>>> /var/log/ipareplica-install.log
>>>
>>> 2016-03-23T21:55:11Z DEBUG Configuring certificate server (pki-tomcatd).
>>> Estimated time: 3 minutes 30 seconds
>>>
>>> 2016-03-23T21:55:11Z DEBUG   [1/23]: creating certificate server user
>>>
>>> 2016-03-23T21:55:11Z DEBUG group pkiuser exists
>>>
>>> 2016-03-23T21:55:11Z DEBUG user pkiuser exists
>>>
>>> 2016-03-23T21:55:11Z DEBUG   duration: 0 seconds
>>>
>>> 2016-03-23T21:55:11Z DEBUG   [2/23]: configuring certificate server instance
>>>
>>> 2016-03-23T21:55:11Z DEBUG Loading StateFile from 
>>> '/var/lib/ipa/sysrestore/sysrestore.state'
>>>
>>> 2016-03-23T21:55:11Z DEBUG Saving StateFile to 
>>> '/var/lib/ipa/sysrestore/sysrestore.state'
>>>
>>> 2016-03-23T21:55:11Z DEBUG Contents of pkispawn configuration file 
>>> (/tmp/tmpGQ59ZC):
>>>
>>> [CA]
>>>
>>> pki_security_domain_name = IPA
>>>
>>> pki_enable_proxy = True
>>>
>>> pki_restart_configured_instance = False
>>>
>>> pki_backup_keys = True
>>>
>>> pki_backup_password = XXXXXXXX
>>>
>>> pki_profiles_in_ldap = True
>>>
>>> pki_client_database_dir = /tmp/tmp-g0CKZ3
>>>
>>> pki_client_database_password = XXXXXXXX
>>>
>>> pki_client_database_purge = False
>>>
>>> pki_client_pkcs12_password = XXXXXXXX
>>>
>>> pki_admin_name = admin
>>>
>>> pki_admin_uid = admin
>>>
>>> pki_admin_email = root@localhost
>>>
>>> pki_admin_password = XXXXXXXX
>>>
>>> pki_admin_nickname = ipa-ca-agent
>>>
>>> pki_admin_subject_dn = cn=ipa-ca-agent,O=EXAMPLE.COM
>>>
>>> pki_client_admin_cert_p12 = /root/ca-agent.p12
>>>
>>> pki_ds_ldap_port = 389
>>>
>>> pki_ds_password = XXXXXXXX
>>>
>>> pki_ds_base_dn = o=ipaca
>>>
>>> pki_ds_database = ipaca
>>>
>>> pki_subsystem_subject_dn = cn=CA Subsystem,O=EXAMPLE.COM
>>>
>>> pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=EXAMPLE.COM
>>>
>>> pki_ssl_server_subject_dn = cn=pt-idm-vm01.example.com,O=EXAMPLE.COM
>>>
>>> pki_audit_signing_subject_dn = cn=CA Audit,O=EXAMPLE.COM
>>>
>>> pki_ca_signing_subject_dn = cn=Certificate Authority,O=EXAMPLE.COM
>>>
>>> pki_subsystem_nickname = subsystemCert cert-pki-ca
>>>
>>> pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca
>>>
>>> pki_ssl_server_nickname = Server-Cert cert-pki-ca
>>>
>>> pki_audit_signing_nickname = auditSigningCert cert-pki-ca
>>>
>>> pki_ca_signing_nickname = caSigningCert cert-pki-ca
>>>
>>> pki_ca_signing_key_algorithm = SHA256withRSA
>>>
>>> pki_security_domain_hostname = ptipa1.example.com
>>>
>>> pki_security_domain_https_port = 443
>>>
>>> pki_security_domain_user = admin
>>>
>>> pki_security_domain_password = XXXXXXXX
>>>
>>> pki_clone = True
>>>
>>> pki_clone_pkcs12_path = /tmp/ca.p12
>>>
>>> pki_clone_pkcs12_password = XXXXXXXX
>>>
>>> pki_clone_replication_security = TLS
>>>
>>> pki_clone_replication_master_port = 7389
>>>
>>> pki_clone_replication_clone_port = 389
>>>
>>> pki_clone_replicate_schema = False
>>>
>>> pki_clone_uri =
>>> http://cp.mcafee.com/d/k-Kr6zqb3VEVjouhuodCQkkQnCkTTQjqaaqbParza9ISrd
>>> G
>>> Sa_iBosKrKVXMGgog82KA1N1BeTyH93t5m7hOoHH3b8GOxvQd8e89K8CPpISr9PCJhbcm
>>> D
>>> 9rkuYf21_YLxIbve9Ew3di5oMAld41EYmcR8lz2gazW1fpYKqfzqaabyr1I5-Aq83iSbN
>>> _
>>> VbqnrFYq6BQQg3K3Ph17RzVmQQgixiuDDCy1Sdljh0VMuq85tFfUCy1Tp7QdK8CQPrNKV
>>> J
>>> USyrh
>>>
>>> 2016-03-23T21:55:11Z DEBUG Starting external process
>>>
>>> 2016-03-23T21:55:11Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f' 
>>> '/tmp/tmpGQ59ZC'
>>>
>>> 2016-03-23T21:56:51Z DEBUG Process finished, return code=1
>>>
>>> 2016-03-23T21:56:51Z DEBUG stdout=Log file:
>>> /var/log/pki/pki-ca-spawn.20160323175511.log
>>>
>>> Loading deployment configuration from /tmp/tmpGQ59ZC.
>>>
>>> Installing CA into /var/lib/pki/pki-tomcat.
>>>
>>> Storing deployment configuration into 
>>> /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
>>>
>>> Installation failed.
>>>
>>> 2016-03-23T21:56:51Z DEBUG
>>> stderr=/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769:
>>> InsecureRequestWarning: Unverified HTTPS request is being made. 
>>> Adding certificate verification is strongly advised. See:
>>> http://cp.mcafee.com/d/5fHCNAi6hESyM-qekS7AnC3pJ55d5VBdZZ4SyyCyYOCUOy
>>> r
>>> dCPqJyLQFm7bCXKuYaA6420HF0sgpjJUGOgThlxQsCaWMOOaIEnZ3i3y2ry9ISrdCOsVH
>>> k
>>> iP6UDDO8cZ7ZgCjZ2JGs01PUovI_FfavpKcFBK1NIbve9Ew3di5oMAld41EYmcR8lz2ga
>>> z
>>> W1fpYKqfzqaabyr1I5-Aq83iSbN_VbqnrFYq6BQQg3K3Ph17RzVmQQgixiuDDCy1Sdljh
>>> 0
>>> VMuq85tFfUCy1Tp7QdK8CQPrNKVJUSyrh
>>>
>>>     InsecureRequestWarning)
>>>
>>> pkispawn    : WARNING  ....... unable to validate security domain 
>>> user/password
>>> through REST interface. Interface not available
>>>
>>> pkispawn    : ERROR    ....... Exception from Java Configuration Servlet: 
>>> 500
>>> Server Error: Internal Server Error
>>>
>>> pkispawn    : ERROR    ....... ParseError: not well-formed (invalid token): 
>>> line
>>> 1, column 0:
>>> {"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.
>>> PKIException","Code":500,"Message":"Error
>>> while updating security domain: java.io.IOException: 2"}
>>>
>>> 2016-03-23T21:56:51Z CRITICAL Failed to configure CA instance: 
>>> Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpGQ59ZC'' 
>>> returned non-zero exit status 1
>>>
>>> 2016-03-23T21:56:51Z CRITICAL See the installation logs and the 
>>> following files/directories for more information:
>>>
>>> 2016-03-23T21:56:51Z CRITICAL   /var/log/pki-ca-install.log
>>>
>>> 2016-03-23T21:56:51Z CRITICAL   /var/log/pki/pki-tomcat
>>>
>>> 2016-03-23T21:56:51Z DEBUG Traceback (most recent call last):
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
>>> 418, in start_creation
>>>
>>>       run_step(full_msg, method)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
>>> 408, in run_step
>>>
>>>       method()
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>>> line 620, in __spawn_instance
>>>
>>>       DogtagInstance.spawn_instance(self, cfg_file)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py"
>>> ,
>>> line 201, in spawn_instance
>>>
>>>       self.handle_setup_error(e)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py"
>>> ,
>>> line 465, in handle_setup_error
>>>
>>>       raise RuntimeError("%s configuration failed." % self.subsystem)
>>>
>>> RuntimeError: CA configuration failed.
>>>
>>> 2016-03-23T21:56:51Z DEBUG   [error] RuntimeError: CA configuration failed.
>>>
>>> 2016-03-23T21:56:51Z DEBUG   File
>>> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, 
>>> in execute
>>>
>>>       return_value = self.run()
>>>
>>>     File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py",
>>> line 311, in run
>>>
>>>       cfgr.run()
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>> line 281, in run
>>>
>>>       self.execute()
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>> line 303, in execute
>>>
>>>       for nothing in self._executor():
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>> line 343, in __runner
>>>
>>>       self._handle_exception(exc_info)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>> line 365, in _handle_exception
>>>
>>>       util.raise_exc_info(exc_info)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>> line 333, in __runner
>>>
>>>       step()
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
>>> line 87, in run_generator_with_yield_from
>>>
>>>       raise_exc_info(exc_info)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
>>> line 65, in run_generator_with_yield_from
>>>
>>>       value = gen.send(prev_value)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>> line 524, in _configure
>>>
>>>       executor.next()
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>> line 343, in __runner
>>>
>>>       self._handle_exception(exc_info)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>> line 421, in _handle_exception
>>>
>>>       self.__parent._handle_exception(exc_info)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>> line 365, in _handle_exception
>>>
>>>       util.raise_exc_info(exc_info)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>> line 418, in _handle_exception
>>>
>>>       super(ComponentBase, self)._handle_exception(exc_info)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>> line 365, in _handle_exception
>>>
>>>       util.raise_exc_info(exc_info)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>> line 333, in __runner
>>>
>>>       step()
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
>>> line 87, in run_generator_with_yield_from
>>>
>>>       raise_exc_info(exc_info)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
>>> line 65, in run_generator_with_yield_from
>>>
>>>       value = gen.send(prev_value)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 
>>> 63, in _install
>>>
>>>       for nothing in self._installer(self.parent):
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicains
>>> t
>>> all.py",
>>> line 879, in main
>>>
>>>       install(self)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicains
>>> t
>>> all.py",
>>> line 295, in decorated
>>>
>>>       func(installer)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicains
>>> t
>>> all.py",
>>> line 584, in install
>>>
>>>       ca.install(False, config, options)
>>>
>>>     File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py",
>>> line 106, in install
>>>
>>>       install_step_0(standalone, replica_config, options)
>>>
>>>     File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py",
>>> line 130, in
>>> install_step_0
>>>
>>>       ra_p12=getattr(options, 'ra_p12', None))
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>>> line 1543, in install_replica_ca
>>>
>>>       subject_base=config.subject_base)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>>> line 486, in configure_instance
>>>
>>>       self.start_creation(runtime=210)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
>>> 418, in start_creation
>>>
>>>       run_step(full_msg, method)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
>>> 408, in run_step
>>>
>>>       method()
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>>> line 620, in __spawn_instance
>>>
>>>       DogtagInstance.spawn_instance(self, cfg_file)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py"
>>> ,
>>> line 201, in spawn_instance
>>>
>>>       self.handle_setup_error(e)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py"
>>> ,
>>> line 465, in handle_setup_error
>>>
>>>       raise RuntimeError("%s configuration failed." % self.subsystem)
>>>
>>> 2016-03-23T21:56:51Z DEBUG The ipa-replica-install command failed, 
>>> exception:
>>> RuntimeError: CA configuration failed.
>>>
>>> 2016-03-23T21:56:51Z ERROR CA configuration failed.
>>>
>>> /var/log/pki/pki-ca-spawn.<date>.log
>>>
>>> 2016-03-23 17:55:12 pkispawn    : INFO     ....... rm -f
>>> /etc/pki/pki-tomcat/ca/noise
>>>
>>> 2016-03-23 17:55:12 pkispawn    : INFO     ....... rm -f 
>>> /etc/pki/pki-tomcat/pfile
>>>
>>> 2016-03-23 17:55:12 pkispawn    : INFO     ....... ln -s
>>> /lib/systemd/system/pki-tomcatd@.service
>>> /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.s
>>> e
>>> rvice
>>>
>>> 2016-03-23 17:55:12 pkispawn    : DEBUG    ........... chown -h 17:17
>>> /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.s
>>> e
>>> rvice
>>>
>>> 2016-03-23 17:55:12 pkispawn    : INFO     ... configuring
>>> 'pki.server.deployment.scriptlets.configuration'
>>>
>>> 2016-03-23 17:55:12 pkispawn    : INFO     ....... mkdir -p
>>> /root/.dogtag/pki-tomcat/ca
>>>
>>> 2016-03-23 17:55:12 pkispawn    : DEBUG    ........... chmod 755
>>> /root/.dogtag/pki-tomcat/ca
>>>
>>> 2016-03-23 17:55:12 pkispawn    : DEBUG    ........... chown 0:0
>>> /root/.dogtag/pki-tomcat/ca
>>>
>>> 2016-03-23 17:55:12 pkispawn    : INFO     ....... generating
>>> '/root/.dogtag/pki-tomcat/ca/password.conf'
>>>
>>> 2016-03-23 17:55:12 pkispawn    : INFO     ....... modifying
>>> '/root/.dogtag/pki-tomcat/ca/password.conf'
>>>
>>> 2016-03-23 17:55:12 pkispawn    : DEBUG    ........... chmod 660
>>> /root/.dogtag/pki-tomcat/ca/password.conf
>>>
>>> 2016-03-23 17:55:12 pkispawn    : DEBUG    ........... chown 0:0
>>> /root/.dogtag/pki-tomcat/ca/password.conf
>>>
>>> 2016-03-23 17:55:12 pkispawn    : INFO     ....... generating
>>> '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf'
>>>
>>> 2016-03-23 17:55:12 pkispawn    : INFO     ....... modifying
>>> '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf'
>>>
>>> 2016-03-23 17:55:12 pkispawn    : DEBUG    ........... chmod 660
>>> /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf
>>>
>>> 2016-03-23 17:55:12 pkispawn    : DEBUG    ........... chown 17:17
>>> /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf
>>>
>>> 2016-03-23 17:55:12 pkispawn    : INFO     ....... executing 'certutil -N -d
>>> /tmp/tmp-g0CKZ3 -f /root/.dogtag/pki-tomcat/ca/password.conf'
>>>
>>> 2016-03-23 17:55:12 pkispawn    : INFO     ....... executing 'systemctl
>>> daemon-reload'
>>>
>>> 2016-03-23 17:55:12 pkispawn    : INFO     ....... executing 'systemctl 
>>> start
>>> pki-tomcatd@pki-tomcat.service'
>>>
>>> 2016-03-23 17:55:12 pkispawn    : DEBUG    ........... No connection - 
>>> server
>>> may still be down
>>>
>>> 2016-03-23 17:55:12 pkispawn    : DEBUG    ........... No connection - 
>>> exception
>>> thrown: ('Connection aborted.', error(111, 'Connection refused'))
>>>
>>> 2016-03-23 17:55:13 pkispawn    : DEBUG    ........... No connection - 
>>> server
>>> may still be down
>>>
>>> 2016-03-23 17:55:13 pkispawn    : DEBUG    ........... No connection - 
>>> exception
>>> thrown: ('Connection aborted.', error(111, 'Connection refused'))
>>>
>>> 2016-03-23 17:55:24 pkispawn    : DEBUG    ........... <?xml version="1.0"
>>> encoding="UTF-8"
>>> standalone="no"?><XMLResponse><State>0</State><Type>CA</Type><Status>
>>> r unning</Status><Version>10.2.5-6.el7</Version></XMLResponse>
>>>
>>> 2016-03-23 17:55:25 pkispawn    : INFO     ....... constructing PKI
>>> configuration data.
>>>
>>> 2016-03-23 17:55:25 pkispawn    : INFO     ....... configuring PKI 
>>> configuration
>>> data.
>>>
>>> 2016-03-23 17:56:51 pkispawn    : ERROR    ....... Exception from Java
>>> Configuration Servlet: 500 Server Error: Internal Server Error
>>>
>>> 2016-03-23 17:56:51 pkispawn    : ERROR    ....... ParseError: not 
>>> well-formed
>>> (invalid token): line 1, column 0:
>>> {"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.
>>> PKIException","Code":500,"Message":"Error
>>> while updating security domain: java.io.IOException: 2"}
>>>
>>> 2016-03-23 17:56:51 pkispawn    : DEBUG    ....... Error Type: ParseError
>>>
>>> 2016-03-23 17:56:51 pkispawn    : DEBUG    ....... Error Message: not
>>> well-formed (invalid token): line 1, column 0
>>>
>>> 2016-03-23 17:56:51 pkispawn    : DEBUG    .......   File 
>>> "/usr/sbin/pkispawn",
>>> line 597, in main
>>>
>>>       rv = instance.spawn(deployer)
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/co
>>> n
>>> figuration.py",
>>> line 116, in spawn
>>>
>>>       json.dumps(data, cls=pki.encoder.CustomTypeEncoder))
>>>
>>>     File
>>> "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py"
>>> ,
>>> line 3906, in configure_pki_data
>>>
>>>       root = ET.fromstring(e.response.text)
>>>
>>>     File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1300, 
>>> in XML
>>>
>>>       parser.feed(text)
>>>
>>>     File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1642, 
>>> in feed
>>>
>>>       self._raiseerror(v)
>>>
>>>     File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1506, 
>>> in _raiseerror
>>>
>>>       raise err
>>>
>>> /var/log/pki/pki-tomcat/ca/debug
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: password
>>> ok: store in memory cache
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: init ends
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: init: before 
>>> makeConnection errorIfDown is false
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: makeConnection: 
>>> errorIfDown false
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: Established LDAP 
>>> connection using basic authentication to host pt-idm-vm01.example.com 
>>> port 389 as cn=Directory Manager
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: initializing with 
>>> mininum 3 and maximum 15 connections to host pt-idm-vm01.example.com 
>>> port 389, secure connection, false, authentication type 1
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: increasing minimum 
>>> connections by 3
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: new total available 
>>> connections 3
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: new number of 
>>> connections 3
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: In
>>> LdapBoundConnFactory::getConn()
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: masterConn is connected: 
>>> true
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: getConn: conn is 
>>> connected true
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: getConn: mNumConns now
>>> 2
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: importLDIFS:
>>> param=preop.internaldb.manager_ldif
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: importLDIFS(): ldif 
>>> file = /usr/share/pki/server/conf/manager.ldif
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: importLDIFS(): ldif 
>>> file copy to /var/lib/pki/pki-tomcat/ca/conf/manager.ldif
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: importLDIFS(): LDAP 
>>> Errors in importing /var/lib/pki/pki-tomcat/ca/conf/manager.ldif
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LDAPUtil:importLDIF: 
>>> exception in adding entry
>>> ou=csusers,cn=config:netscape.ldap.LDAPException: error result (68)
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LDAPUtil:importLDIF: 
>>> exception in modifying entry o=ipaca:netscape.ldap.LDAPException: 
>>> error result (20)
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: populateVLVIndexes(): 
>>> start
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: Creating
>>> LdapBoundConnFactor(ConfigurationUtils)
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapBoundConnFactory: 
>>> init
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: 
>>> LdapBoundConnFactory:doCloning true
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: init()
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: init 
>>> begins
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: init: 
>>> prompt is internaldb
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: init: try 
>>> getting from memory cache
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: init: got 
>>> password from memory
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: init: 
>>> password found for prompt.
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: password
>>> ok: store in memory cache
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: init ends
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: init: before 
>>> makeConnection errorIfDown is false
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: makeConnection: 
>>> errorIfDown false
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: Established LDAP 
>>> connection using basic authentication to host pt-idm-vm01.example.com 
>>> port 389 as cn=Directory Manager
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: initializing with 
>>> mininum 3 and maximum 15 connections to host pt-idm-vm01.example.com 
>>> port 389, secure connection, false, authentication type 1
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: increasing minimum 
>>> connections by 3
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: new total available 
>>> connections 3
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: new number of 
>>> connections 3
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: In
>>> LdapBoundConnFactory::getConn()
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: masterConn is connected: 
>>> true
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: getConn: conn is 
>>> connected true
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: getConn: mNumConns now
>>> 2
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: importLDIFS:
>>> param=preop.internaldb.post_ldif
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: importLDIFS(): ldif 
>>> file = /usr/share/pki/ca/conf/vlv.ldif
>>>
>>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: importLDIFS(): ldif 
>>> file copy to /var/lib/pki/pki-tomcat/ca/conf/vlv.ldif
>>>
>>> [23/Mar/2016:17:56:46][http-bio-8443-exec-3]: importLDIFS(): ldif 
>>> file = /usr/share/pki/ca/conf/vlvtasks.ldif
>>>
>>> [23/Mar/2016:17:56:46][http-bio-8443-exec-3]: importLDIFS(): ldif 
>>> file copy to /var/lib/pki/pki-tomcat/ca/conf/vlvtasks.ldif
>>>
>>> [23/Mar/2016:17:56:46][http-bio-8443-exec-3]: Checking wait_dn 
>>> cn=index1160589769, cn=index, cn=tasks, cn=config
>>>
>>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: Found data for 'sslserver'
>>>
>>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]:
>>> SystemConfigService:processCerts(): san_server_cert not found for tag 
>>> sslserver
>>>
>>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: configCert: caType is 
>>> local
>>>
>>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: configCert: caType is 
>>> remote (revised)
>>>
>>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: NamePanel: 
>>> updateConfig() for certTag sslserver
>>>
>>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: updateConfig() done
>>>
>>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: configCert: remote CA
>>>
>>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: CertRequestPanel: got 
>>> public key
>>>
>>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: CertRequestPanel: got 
>>> private key
>>>
>>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: NamePanel: For this 
>>> Cloned CA, always use its Master CA to generate the 'sslserver'
>>> certificate to avoid any changes which may have been made to the X500Name 
>>> directory string encoding order.
>>>
>>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: ConfigurationUtils: 
>>> injectSAN=false
>>>
>>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: CertUtil
>>> createRemoteCert: content
>>> requestor_name=CA-pt-idm-vm01.example.com-8443&profileId=caInternalAu
>>> t
>>> hServerCert&cert_request_type=pkcs10&cert_request=MIICmzCCAYxxxxxxxxx
>>> x
>>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>> x
>>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>> x
>>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>> x
>>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>> x
>>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>> x
>>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxrD6JPIBR7AA%3D&xmlOutput=true&
>>> s
>>> essionID=-4495713718673639316
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: CertUtil
>>> createRemoteCert: status=0
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: CertUtil createRemoteCert:
>>> MIIDxTCCAq2gxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>> x
>>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>> x
>>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>> x
>>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>> x
>>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>> x
>>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxTDuSAWm2v7
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: ConfigurationUtils:
>>> handleCertRequest() begins
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: handleCertRequest: 
>>> tag=sslserver
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]:
>>> privKeyID=29c021f3ccfafb1049bd33ce00e9b4ba35f2c1e7
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: handleCertRequest: 
>>> created cert request
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: Processing 'sslserver' 
>>> certificate:
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: handleCerts(): for cert 
>>> tag 'sslserver' using cert type 'remote'
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: handleCerts(): process 
>>> remote...import cert
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: deleteCert: 
>>> nickname=Server-Cert cert-pki-ca
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: deleteCert: cert 
>>> deleted successfully
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: handleCerts(): 
>>> certchains length=2
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: handleCerts(): import 
>>> certificate successfully, certTag=sslserver
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: Processed 'sslserver' 
>>> certificate.
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: === BackupKeyCert
>>> Panel/SavePKCS12 Panel ===
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: backupKeys(): start
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: === Admin Panel ===
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: === Done Panel ===
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: Updating existing 
>>> security domain
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: isSDHostDomainMaster(): 
>>> Getting domain.xml from CA...
>>>
>>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: getDomainXML start
>>>
>>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: getDomainXML: status=0
>>>
>>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: getDomainXML: 
>>> domainInfo=<?xml version="1.0" encoding="UTF-8"
>>> standalone="no"?><DomainInfo><Name>IPA</Name><CAList><CA><Host>ptipa1.
>>> example.com</Host><SecurePort>443</SecurePort><SecureAgentPort>443</S
>>> e
>>> cureAgentPort><SecureAdminPort>443</SecureAdminPort><SecureEEClientAu
>>> cureAgentPort>t
>>> hPort>443</SecureEEClientAuthPort><UnSecurePort>80</UnSecurePort><Clo
>>> hPort>n
>>> e>FALSE</Clone><SubsystemName>pki-cad</SubsystemName><DomainManager>T
>>> e>R
>>> UE</DomainManager></CA><SubsystemCount>1</SubsystemCount></CAList><OC
>>> S
>>> PList><SubsystemCount>0</SubsystemCount></OCSPList><KRAList><Subsyste
>>> PList>m
>>> Count>0</SubsystemCount></KRAList><RAList><SubsystemCount>0</Subsyste
>>> Count>m
>>> Count></RAList><TKSList><SubsystemCount>0</SubsystemCount></TKSList><
>>> Count>T
>>> PSList><SubsystemCount>0</SubsystemCount></TPSList></DomainInfo>
>>>
>>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: Cloning a domain master
>>>
>>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: WizardPanelBase 
>>> updateDomainXML start hostname=ptipa1.example.com port=443
>>>
>>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: updateSecurityDomain: 
>>> failed to update security domain using admin port 443: 
>>> org.xml.sax.SAXParseException;
>>> lineNumber: 1; columnNumber: 50; White spaces are required between 
>>> publicId and systemId.
>>>
>>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: updateSecurityDomain: 
>>> now trying agent port with client auth
>>>
>>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: WizardPanelBase 
>>> updateDomainXML start hostname=ptipa1.example.com port=443
>>>
>>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: updateDomainXML() 
>>> nickname=subsystemCert cert-pki-ca
>>>
>>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: WizardPanelBase 
>>> updateDomainXML:
>>> status=1
>>>
>>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: Error while updating 
>>> security
>>> domain: java.io.IOException: 2
>>>
>>> [23/Mar/2016:23:44:52][http-bio-8080-exec-1]: according to ccMode, 
>>> authorization for servlet: caProfileList is LDAP based, not XML {1}, use 
>>> default authz mgr: {2}.
>>>
>>> /var/log/pki/pki-tomcat/ca/system
>>>
>>> 0.localhost-startStop-1 - [23/Mar/2016:17:55:24 EDT] [3] [3] Cannot 
>>> build CA chain. Error java.security.cert.CertificateException:
>>> Certificate is not a PKCS
>>> #11 certificate
>>>
>>> 0.localhost-startStop-1 - [23/Mar/2016:17:55:24 EDT] [13] [3] authz 
>>> instance DirAclAuthz initialization failed and skipped, 
>>> error=Property internaldb.ldapconn.port missing value
>>>
>>> *Dennis M Ott*
>>> Infrastructure Administrator
>>> Infrastructure and Security Operations
>>>
>>> *McKesson Corporation
>>> McKesson Pharmacy Systems and Automation* www.mckesson.com 
>>> <http://www.mckesson.com/>
>>>> --
>> Petr Vobornik
>>
> --
> Petr Vobornik
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> http://cp.mcafee.com/d/5fHCMUe6gUSyMVuXzX0VMSrhhjhupjvvhdEEFELcFKcECPpISHoHZalxOVIsWqehMGDpMQsyGeWOPtfhktZy0GM-xEGYCXslsttJtVNxeSICPpISr9PCJhbcat7Q2uPVv1dnoovaAVgtHzIv-iSBSWv6xIQh1ysM3d40tY8iEq8zh0qf0XUgBjwNeoalIl-BaMVsQv6QmhPPzNI5-Aq83iSbN_VbqnrFYq6BQQg3K3Ph17RzVmQQgixiuDDCy1Sdljh0VMuq85tFfUCy1Tp7QdK8CQPrNKVJUSyrh
> Go to 
> http://cp.mcafee.com/d/FZsSd3gArhosLtNZwsUrdEEFELcFLLECQkkQnCkT6kjpISrlIl-BaMVsSetd78UljIUqehl7tppKDEGe-N0lovgQlujtKaKeKSKYUMDrmjpISrdw0To_YBJU03xIQh1ysM3d40tY8iEq8zh0qf0XUgBjwNeoalIl-BaMVsQv6QmhPPzNI5-Aq83iSbN_VbqnrFYq6BQQg3K3Ph17RzVmQQgixiuDDCy1Sdljh0VMuq85tFfUCy1Tp7QdK8CQPrNKVJUSyrh
>  for more info on the project
> 


-- 
Petr Vobornik

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to