Hey world, Any ideas?
Gady -----Original Message----- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Gady Notrica Sent: April 26, 2016 10:10 AM To: Ludwig Krispenz; freeipa-users@redhat.com Subject: Re: [Freeipa-users] krb5kdc service not starting No, no changes. Lost connectivity with my VMs during the night (networking issues in datacenter) Reboot the server and oups, no IPA is coming up... The replica (secondary server) is fine though. Gady Notrica -----Original Message----- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Ludwig Krispenz Sent: April 26, 2016 10:02 AM To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] krb5kdc service not starting On 04/26/2016 03:26 PM, Gady Notrica wrote: > Here... > > [root@cd-p-ipa1 log]# ipactl status > Directory Service: STOPPED > Directory Service must be running in order to obtain status of other > services > ipa: INFO: The ipactl command was successful > > [root@cd-p-ipa1 log]# systemctl status dirsrv@IPA-CANDEAL-CA.service > -l ● dirsrv@IPA-CANDEAL-CA.service - 389 Directory Server IPA-CANDEAL-CA. > Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; enabled; vendor > preset: disabled) > Active: failed (Result: exit-code) since Tue 2016-04-26 08:50:21 EDT; > 30min ago > Process: 6333 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i > -i /var/run/dirsrv/slapd-%i.pid -w /var/run/dirsrv/slapd-%i.startpid > (code=exited, status=1/FAILURE) > > Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: > [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp: > slapi_attr_values2keys_sv failed for type attributetypes Apr 26 > 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: > [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp: > slapi_attr_values2keys_sv failed for type attributetypes Apr 26 > 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: > [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp: > slapi_attr_values2keys_sv failed for type attributetypes Apr 26 08:50:21 > cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] - > valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for type > attributetypes Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: > [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp: > slapi_attr_values2keys_sv failed for type attributetypes Apr 26 08:50:21 > cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] - > valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for type > attributetypes Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: > [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp: > slapi_attr_values2keys_sv failed for type attributetypes Apr 26 08:50:21 > cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] - > valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for type > attributetypes Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: > [26/Apr/2016:08:50:21 -0400] dse_read_one_file - The entry cn=schema in file > /etc/dirsrv/slapd-IPA-CANDEAL-CA/schema/00core.ldif (lineno: 1) is invalid, > error code 21 (Invalid syntax) - attribute type aci: Unknown attribute syntax > OID "1.3.6.1.4.1.1466.115.121.1.15" > Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: > [26/Apr/2016:08:50:21 -0400] dse - Please edit the file to correct the > reported problems and then restart the server. this says the server doesn't know a syntax oid, but it is a known one. It could be that the syntax plugings couldn't be loaded. Thera are more errors before, could you check where the errors start in /var/log/dirsrv/slapd-<INSTANCE>/errors ? And, did you do any changes to the system before this problem started ? > [root@cd-p-ipa1 log]# > > Gady > > -----Original Message----- > From: freeipa-users-boun...@redhat.com > [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Martin Babinsky > Sent: April 26, 2016 9:17 AM > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] krb5kdc service not starting > > On 04/26/2016 03:13 PM, Gady Notrica wrote: >> Hello world, >> >> >> >> I am having issues this morning with my primary IPA. See below the >> details in the logs and command result. Basically, krb5kdc service >> not starting - krb5kdc: Server error - while fetching master key. >> >> >> >> DNS is functioning. See below dig result. I have a trust with Windows AD. >> >> >> >> Please help…! >> >> >> >> [root@cd-ipa1 log]# systemctl status krb5kdc.service -l >> >> ● krb5kdc.service - Kerberos 5 KDC >> >> Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service; >> disabled; vendor preset: disabled) >> >> Active: failed (Result: exit-code) since Tue 2016-04-26 08:27:52 >> EDT; 41min ago >> >> Process: 3694 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5kdc.pid >> $KRB5KDC_ARGS (code=exited, status=1/FAILURE) >> >> >> >> Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: Starting Kerberos >> 5 KDC... >> >> Apr 26 08:27:52 cd-ipa1.ipa.domain.localkrb5kdc[3694]: krb5kdc: >> cannot initialize realm IPA.DOMAIN.LOCAL- see log file for details >> >> Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: krb5kdc.service: >> control process exited, code=exited status=1 >> >> Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: Failed to start >> Kerberos 5 KDC. >> >> Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: Unit >> krb5kdc.service entered failed state. >> >> Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: krb5kdc.service failed. >> >> [root@cd-ipa1 log]# >> >> >> >> Errors in /var/log/krb5kdc.log >> >> >> >> krb5kdc: Server error - while fetching master key K/M for realm >> DOMAIN.LOCAL >> >> krb5kdc: Server error - while fetching master key K/M for realm >> DOMAIN.LOCAL >> >> krb5kdc: Server error - while fetching master key K/M for realm >> DOMAIN.LOCAL >> >> >> >> [root@cd-ipa1 log]# systemctl status httpd -l >> >> ● httpd.service - The Apache HTTP Server >> >> Loaded: loaded (/etc/systemd/system/httpd.service; disabled; >> vendor >> preset: disabled) >> >> Active: failed (Result: exit-code) since Tue 2016-04-26 08:27:21 >> EDT; 39min ago >> >> Docs: man:httpd(8) >> >> man:apachectl(8) >> >> Process: 3594 ExecStartPre=/usr/libexec/ipa/ipa-httpd-kdcproxy >> (code=exited, status=1/FAILURE) >> >> >> >> Apr 26 08:27:21 cd-ipa1.ipa.domain.localipa-httpd-kdcproxy[3594]: >> File "/usr/lib/python2.7/siteackages/ipapython/ipaldap.py", line >> 1579, in __wait_for_connection >> >> Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]: >> wait_for_open_socket(lurl.hostport, timeout) >> >> Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]: >> File "/usr/lib/python2.7/siteackages/ipapython/ipautil.py", line >> 1200, in wait_for_open_socket >> >> Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]: >> raise e >> >> Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]: >> error: [Errno 2] No such file or directory >> >> Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]: >> ipa : ERROR Unknown error while retrieving setting from >> ldapi://%2fvar%2frun%2fslapd-IPA-CANDEAL-CA.socket: [Errno 2] No such >> file or directory >> >> Apr 26 08:27:21 cd-ipa1.ipa.domain.localsystemd[1]: httpd.service: >> control process exited, code=exited status=1 >> >> Apr 26 08:27:21 cd-ipa1.ipa.domain.localsystemd[1]: Failed to start >> The Apache HTTP Server. >> >> Apr 26 08:27:21 cd-ipa1.ipa.domain.localsystemd[1]: Unit >> httpd.service entered failed state. >> >> Apr 26 08:27:21 cd-ipa1.ipa.domain.localsystemd[1]: httpd.service failed. >> >> [root@cd-ipa1 log]# >> >> >> >> >> >> DNS Result for dig redhat.com >> >> >> >> ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> redhat.com >> >> ;; global options: +cmd >> >> ;; Got answer: >> >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5414 >> >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 2 >> >> >> >> ;; OPT PSEUDOSECTION: >> >> ; EDNS: version: 0, flags:; udp: 4096 >> >> ;; QUESTION SECTION: >> >> ;redhat.com. IN A >> >> >> >> ;; ANSWER SECTION: >> >> redhat.com. 60 IN A 209.132.183.105 >> >> >> >> ;; AUTHORITY SECTION: >> >> . 849 IN NS f.root-servers.net. >> >> . 849 IN NS e.root-servers.net. >> >> . 849 IN NS k.root-servers.net. >> >> . 849 IN NS m.root-servers.net. >> >> . 849 IN NS b.root-servers.net. >> >> . 849 IN NS g.root-servers.net. >> >> . 849 IN NS c.root-servers.net. >> >> . 849 IN NS h.root-servers.net. >> >> . 849 IN NS l.root-servers.net. >> >> . 849 IN NS a.root-servers.net. >> >> . 849 IN NS j.root-servers.net. >> >> . 849 IN NS i.root-servers.net. >> >> . 849 IN NS d.root-servers.net. >> >> >> >> ;; ADDITIONAL SECTION: >> >> j.root-servers.net. 3246 IN A 192.58.128.30 >> >> >> >> ;; Query time: 79 msec >> >> ;; SERVER: 10.20.10.41#53(10.20.10.41) >> >> ;; WHEN: Tue Apr 26 09:02:43 EDT 2016 >> >> ;; MSG SIZE rcvd: 282 >> >> >> >> Gady >> >> >> >> >> > It seems like Directory server is not running. Can you post result of 'ipactl > status' and 'systemctl status dirsrv@IPA-CANDEAL-CA.service'? > > -- > Martin^3 Babinsky > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -- Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
