Hi,

The important line is around

> named-pkcs11[3511]: GSSAPI Error: Unspecified GSS failure.  Minor code may
provide more information

Unfortunately the log is truncated so it does not show the actual error.

Please see
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart

I hope it helps.
Petr^2 Spacek

On 20.9.2016 12:45, Deepak Dimri wrote:
> Hi All,
> My IPA Server was working all fine until i tried restarting it using "ipactl 
> restart"  and now i am ended with these errors :( 
> 
> 
> 
> 
> 
> 
> 
> 
> [root@ip-172-31-25-165 plugins]# ipactl restartStarting Directory 
> ServiceRestarting krb5kdc ServiceRestarting kadmin ServiceStarting named 
> ServiceJob for named-pkcs11.service failed because the control process exited 
> with error code. See "systemctl status named-pkcs11.service" and "journalctl 
> -xe" for details.Failed to start named ServiceShutting down
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Aborting ipactl
> This is what i get with  "systemctl status named-pkcs11.service"
> [root@ip-172-31-25-165 plugins]# systemctl status named-pkcs11.serviceā— 
> named-pkcs11.service - Berkeley Internet Name Domain (DNS) with native 
> PKCS#11   Loaded: loaded (/usr/lib/systemd/system/named-pkcs11.service; 
> disabled; vendor preset: disabled)   Active: failed (Result: exit-code) since 
> Tue 2016-09-20 06:28:03 EDT; 1min 2s ago  Process: 3281 
> ExecStart=/usr/sbin/named-pkcs11 -u named $OPTIONS (code=exited, 
> status=1/FAILURE)  Process: 3278 ExecStartPre=/bin/bash -c if [ ! 
> "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z 
> /etc/named.conf; else echo "Checking of zone files is disabled"; fi 
> (code=exited, status=0/SUCCESS)
> Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal 
> named-pkcs11[3284]: GSSAPI Error: Unspecified GSS failure.  Minor code may 
> provide more information (Server krbtgt/US-WEST-2.C...database)Sep 20 
> 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: LDAP 
> error: Local error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS 
> failure.  Minor code may...er failedSep 20 06:28:03 
> ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: couldn't 
> establish connection in LDAP connection pool: failureSep 20 06:28:03 
> ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: dynamic 
> database 'ipa' configuration failed: failureSep 20 06:28:03 
> ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: loading 
> configuration: failureSep 20 06:28:03 
> ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: exiting (due 
> to fatal error)Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal 
> systemd[1]: named-pkcs11.service: control process exited, code=exited 
> status=1Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal 
> systemd[1]: Failed to start Berkeley Internet Name Domain (DNS) with native 
> PKCS#11.Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal 
> systemd[1]: Unit named-pkcs11.service entered failed state.Sep 20 06:28:03 
> ip-172-31-25-165.us-west-2.compute.internal systemd[1]: named-pkcs11.service 
> failed.
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Hint: Some lines were ellipsized, use -l to show in full.
> output from "journalctl -xe" is as below:
> [root@ip-172-31-25-165 ec2-user]# journalctl -xeSep 20 06:37:00 
> ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: option 
> 'serial_autoincrement' is not supported, ignoringSep 20 06:37:00 
> ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: GSSAPI client 
> step 1Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal 
> named-pkcs11[3511]: GSSAPI client step 1Sep 20 06:37:00 
> ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: GSSAPI Error: 
> Unspecified GSS failure.  Minor code may provide more information Sep 20 
> 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: LDAP 
> error: Local error: SASL(-1): generic failure: GSSAPI Error: Unspecified 
> GSSep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal 
> named-pkcs11[3511]: couldn't establish connection in LDAP connection pool: 
> failureSep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal 
> named-pkcs11[3511]: dynamic database 'ipa' configuration failed: failureSep 
> 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: 
> loading configuration: failureSep 20 06:37:00 
> ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: exiting (due 
> to fatal error)Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal 
> systemd[1]: named-pkcs11.service: control process exited, code=exited 
> status=1Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal 
> systemd[1]: Failed to start Berkeley Internet Name Domain (DNS) with native 
> PKCS#11.-- Subject: Unit named-pkcs11.service has failed-- Defined-By: 
> systemd-- Support: 
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel-- -- Unit 
> named-pkcs11.service has failed.-- -- The result is failed.Sep 20 06:37:00 
> ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Unit 
> named-pkcs11.service entered failed state.Sep 20 06:37:00 
> ip-172-31-25-165.us-west-2.compute.internal systemd[1]: named-pkcs11.service 
> failed.Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal 
> polkitd[529]: Unregistered Authentication Agent for unix-process:3498:36427945
3 (system bus name :1.Sep 20 06:37:00 
ip-172-31-25-165.us-west-2.compute.internal polkitd[529]: Registered 
Authentication Agent for unix-process:3518:364279465 (system bus name :1.96Sep 
20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Stopping 
389 Directory Server US-WEST-2-COMPUTE-AMAZONAWS-COM....-- Subject: Unit 
dirsrv@US-WEST-2-COMPUTE-AMAZONAWS-COM.service has begun shutting down-- 
Defined-By: systemd-- Support: 
http://lists.freedesktop.org/mailman/listinfo/systemd-devel-- -- Unit 
dirsrv@US-WEST-2-COMPUTE-AMAZONAWS-COM.service has begun shutting down.Sep 20 
06:37:05 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Stopped 389 
Directory Server US-WEST-2-COMPUTE-AMAZONAWS-COM..-- Subject: Unit 
dirsrv@US-WEST-2-COMPUTE-AMAZONAWS-COM.service has finished shutting down-- 
Defined-By: systemd-- Support: 
http://lists.freedesktop.org/mailman/listinfo/systemd-devel-- -- Unit 
dirsrv@US-WEST-2-COMPUTE-AMAZONAWS-COM.service has finished shutting down.Sep 
20 06:37:05 ip-172-31-25-165.us-west-2.compute.internal polkitd[529]: 
Unregistered Authentication Agent for unix-process:3518:364279465 (system bus 
name :1.Sep 20 06:37:15 ip-172-31-25-165.us-west-2.compute.internal 
unix_chkpwd[3531]: password check failed for user (root)Sep 20 06:37:15 
ip-172-31-25-165.us-west-2.compute.internal sshd[3530]: pam_unix(sshd:auth): 
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=Sep 20 
06:37:17 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: error: PAM: 
Authentication failure for root from 221.229.172.103Sep 20 06:37:18 
ip-172-31-25-165.us-west-2.compute.internal unix_chkpwd[3533]: password check 
failed for user (root)Sep 20 06:37:18 
ip-172-31-25-165.us-west-2.compute.internal sshd[3532]: pam_unix(sshd:auth): 
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=Sep 20 
06:37:20 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: error: PAM: 
Authentication failure for root from 221.229.172.103Sep 20 06:37:20 
ip-172-31-25-165.us-west-2.compute.internal unix_chkpwd[3535]: pa
ssword check failed for user (root)Sep 20 06:37:20 
ip-172-31-25-165.us-west-2.compute.internal sshd[3534]: pam_unix(sshd:auth): 
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=Sep 20 
06:37:23 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: error: PAM: 
Authentication failure for root from 221.229.172.103
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Sep 20 06:37:23 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: 
> Received disconnect from 221.229.172.103: 11:  [preauth]
> 
> Would really be thankful if you can get me backup with my IPA Server.. 
> Many Thanks,Deepak
> 
> 
> 
> 
> 
> 
> 
>                                         
> 
> 
> 


-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to