Hi All,
My IPA Server was working all fine until i tried restarting it using "ipactl 
restart"  and now i am ended with these errors :( 








[root@ip-172-31-25-165 plugins]# ipactl restartStarting Directory 
ServiceRestarting krb5kdc ServiceRestarting kadmin ServiceStarting named 
ServiceJob for named-pkcs11.service failed because the control process exited 
with error code. See "systemctl status named-pkcs11.service" and "journalctl 
-xe" for details.Failed to start named ServiceShutting down















Aborting ipactl
This is what i get with  "systemctl status named-pkcs11.service"
[root@ip-172-31-25-165 plugins]# systemctl status named-pkcs11.serviceā— 
named-pkcs11.service - Berkeley Internet Name Domain (DNS) with native PKCS#11  
 Loaded: loaded (/usr/lib/systemd/system/named-pkcs11.service; disabled; vendor 
preset: disabled)   Active: failed (Result: exit-code) since Tue 2016-09-20 
06:28:03 EDT; 1min 2s ago  Process: 3281 ExecStart=/usr/sbin/named-pkcs11 -u 
named $OPTIONS (code=exited, status=1/FAILURE)  Process: 3278 
ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then 
/usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files 
is disabled"; fi (code=exited, status=0/SUCCESS)
Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: 
GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information 
(Server krbtgt/US-WEST-2.C...database)Sep 20 06:28:03 
ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: LDAP error: 
Local error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  
Minor code may...er failedSep 20 06:28:03 
ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: couldn't 
establish connection in LDAP connection pool: failureSep 20 06:28:03 
ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: dynamic 
database 'ipa' configuration failed: failureSep 20 06:28:03 
ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: loading 
configuration: failureSep 20 06:28:03 
ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: exiting (due to 
fatal error)Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal 
systemd[1]: named-pkcs11.service: control process exited, code=exited 
status=1Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: 
Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11.Sep 20 
06:28:03 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Unit 
named-pkcs11.service entered failed state.Sep 20 06:28:03 
ip-172-31-25-165.us-west-2.compute.internal systemd[1]: named-pkcs11.service 
failed.
























Hint: Some lines were ellipsized, use -l to show in full.
output from "journalctl -xe" is as below:
[root@ip-172-31-25-165 ec2-user]# journalctl -xeSep 20 06:37:00 
ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: option 
'serial_autoincrement' is not supported, ignoringSep 20 06:37:00 
ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: GSSAPI client 
step 1Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal 
named-pkcs11[3511]: GSSAPI client step 1Sep 20 06:37:00 
ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: GSSAPI Error: 
Unspecified GSS failure.  Minor code may provide more information Sep 20 
06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: LDAP 
error: Local error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSSep 
20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: 
couldn't establish connection in LDAP connection pool: failureSep 20 06:37:00 
ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: dynamic 
database 'ipa' configuration failed: failureSep 20 06:37:00 
ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: loading 
configuration: failureSep 20 06:37:00 
ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: exiting (due to 
fatal error)Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal 
systemd[1]: named-pkcs11.service: control process exited, code=exited 
status=1Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: 
Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11.-- 
Subject: Unit named-pkcs11.service has failed-- Defined-By: systemd-- Support: 
http://lists.freedesktop.org/mailman/listinfo/systemd-devel-- -- Unit 
named-pkcs11.service has failed.-- -- The result is failed.Sep 20 06:37:00 
ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Unit 
named-pkcs11.service entered failed state.Sep 20 06:37:00 
ip-172-31-25-165.us-west-2.compute.internal systemd[1]: named-pkcs11.service 
failed.Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal 
polkitd[529]: Unregistered Authentication Agent for unix-process:3498:364279453 
(system bus name :1.Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal 
polkitd[529]: Registered Authentication Agent for unix-process:3518:364279465 
(system bus name :1.96Sep 20 06:37:00 
ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Stopping 389 Directory 
Server US-WEST-2-COMPUTE-AMAZONAWS-COM....-- Subject: Unit 
dirsrv@US-WEST-2-COMPUTE-AMAZONAWS-COM.service has begun shutting down-- 
Defined-By: systemd-- Support: 
http://lists.freedesktop.org/mailman/listinfo/systemd-devel-- -- Unit 
dirsrv@US-WEST-2-COMPUTE-AMAZONAWS-COM.service has begun shutting down.Sep 20 
06:37:05 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Stopped 389 
Directory Server US-WEST-2-COMPUTE-AMAZONAWS-COM..-- Subject: Unit 
dirsrv@US-WEST-2-COMPUTE-AMAZONAWS-COM.service has finished shutting down-- 
Defined-By: systemd-- Support: 
http://lists.freedesktop.org/mailman/listinfo/systemd-devel-- -- Unit 
dirsrv@US-WEST-2-COMPUTE-AMAZONAWS-COM.service has finished shutting down.Sep 
20 06:37:05 ip-172-31-25-165.us-west-2.compute.internal polkitd[529]: 
Unregistered Authentication Agent for unix-process:3518:364279465 (system bus 
name :1.Sep 20 06:37:15 ip-172-31-25-165.us-west-2.compute.internal 
unix_chkpwd[3531]: password check failed for user (root)Sep 20 06:37:15 
ip-172-31-25-165.us-west-2.compute.internal sshd[3530]: pam_unix(sshd:auth): 
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=Sep 20 
06:37:17 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: error: PAM: 
Authentication failure for root from 221.229.172.103Sep 20 06:37:18 
ip-172-31-25-165.us-west-2.compute.internal unix_chkpwd[3533]: password check 
failed for user (root)Sep 20 06:37:18 
ip-172-31-25-165.us-west-2.compute.internal sshd[3532]: pam_unix(sshd:auth): 
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=Sep 20 
06:37:20 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: error: PAM: 
Authentication failure for root from 221.229.172.103Sep 20 06:37:20 
ip-172-31-25-165.us-west-2.compute.internal unix_chkpwd[3535]: password check 
failed for user (root)Sep 20 06:37:20 
ip-172-31-25-165.us-west-2.compute.internal sshd[3534]: pam_unix(sshd:auth): 
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=Sep 20 
06:37:23 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: error: PAM: 
Authentication failure for root from 221.229.172.103




















































Sep 20 06:37:23 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: 
Received disconnect from 221.229.172.103: 11:  [preauth]

Would really be thankful if you can get me backup with my IPA Server.. 
Many Thanks,Deepak







                                          
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to