Hi, The important line is around
> named-pkcs11[3511]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information Unfortunately the log is truncated so it does not show the actual error. Please see https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart I hope it helps. Petr^2 Spacek On 20.9.2016 12:45, Deepak Dimri wrote: > Hi All, > My IPA Server was working all fine until i tried restarting it using "ipactl > restart" and now i am ended with these errors :( > > > > > > > > > [root@ip-172-31-25-165 plugins]# ipactl restartStarting Directory > ServiceRestarting krb5kdc ServiceRestarting kadmin ServiceStarting named > ServiceJob for named-pkcs11.service failed because the control process exited > with error code. See "systemctl status named-pkcs11.service" and "journalctl > -xe" for details.Failed to start named ServiceShutting down > > > > > > > > > > > > > > > > Aborting ipactl > This is what i get with "systemctl status named-pkcs11.service" > [root@ip-172-31-25-165 plugins]# systemctl status named-pkcs11.serviceā > named-pkcs11.service - Berkeley Internet Name Domain (DNS) with native > PKCS#11 Loaded: loaded (/usr/lib/systemd/system/named-pkcs11.service; > disabled; vendor preset: disabled) Active: failed (Result: exit-code) since > Tue 2016-09-20 06:28:03 EDT; 1min 2s ago Process: 3281 > ExecStart=/usr/sbin/named-pkcs11 -u named $OPTIONS (code=exited, > status=1/FAILURE) Process: 3278 ExecStartPre=/bin/bash -c if [ ! > "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z > /etc/named.conf; else echo "Checking of zone files is disabled"; fi > (code=exited, status=0/SUCCESS) > Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal > named-pkcs11[3284]: GSSAPI Error: Unspecified GSS failure. Minor code may > provide more information (Server krbtgt/US-WEST-2.C...database)Sep 20 > 06:28:03 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: LDAP > error: Local error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS > failure. Minor code may...er failedSep 20 06:28:03 > ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: couldn't > establish connection in LDAP connection pool: failureSep 20 06:28:03 > ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: dynamic > database 'ipa' configuration failed: failureSep 20 06:28:03 > ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: loading > configuration: failureSep 20 06:28:03 > ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3284]: exiting (due > to fatal error)Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal > systemd[1]: named-pkcs11.service: control process exited, code=exited > status=1Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal > systemd[1]: Failed to start Berkeley Internet Name Domain (DNS) with native > PKCS#11.Sep 20 06:28:03 ip-172-31-25-165.us-west-2.compute.internal > systemd[1]: Unit named-pkcs11.service entered failed state.Sep 20 06:28:03 > ip-172-31-25-165.us-west-2.compute.internal systemd[1]: named-pkcs11.service > failed. > > > > > > > > > > > > > > > > > > > > > > > > > Hint: Some lines were ellipsized, use -l to show in full. > output from "journalctl -xe" is as below: > [root@ip-172-31-25-165 ec2-user]# journalctl -xeSep 20 06:37:00 > ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: option > 'serial_autoincrement' is not supported, ignoringSep 20 06:37:00 > ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: GSSAPI client > step 1Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal > named-pkcs11[3511]: GSSAPI client step 1Sep 20 06:37:00 > ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: GSSAPI Error: > Unspecified GSS failure. Minor code may provide more information Sep 20 > 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: LDAP > error: Local error: SASL(-1): generic failure: GSSAPI Error: Unspecified > GSSep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal > named-pkcs11[3511]: couldn't establish connection in LDAP connection pool: > failureSep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal > named-pkcs11[3511]: dynamic database 'ipa' configuration failed: failureSep > 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: > loading configuration: failureSep 20 06:37:00 > ip-172-31-25-165.us-west-2.compute.internal named-pkcs11[3511]: exiting (due > to fatal error)Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal > systemd[1]: named-pkcs11.service: control process exited, code=exited > status=1Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal > systemd[1]: Failed to start Berkeley Internet Name Domain (DNS) with native > PKCS#11.-- Subject: Unit named-pkcs11.service has failed-- Defined-By: > systemd-- Support: > http://lists.freedesktop.org/mailman/listinfo/systemd-devel-- -- Unit > named-pkcs11.service has failed.-- -- The result is failed.Sep 20 06:37:00 > ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Unit > named-pkcs11.service entered failed state.Sep 20 06:37:00 > ip-172-31-25-165.us-west-2.compute.internal systemd[1]: named-pkcs11.service > failed.Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal > polkitd[529]: Unregistered Authentication Agent for unix-process:3498:36427945 3 (system bus name :1.Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal polkitd[529]: Registered Authentication Agent for unix-process:3518:364279465 (system bus name :1.96Sep 20 06:37:00 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Stopping 389 Directory Server US-WEST-2-COMPUTE-AMAZONAWS-COM....-- Subject: Unit [email protected] has begun shutting down-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel-- -- Unit [email protected] has begun shutting down.Sep 20 06:37:05 ip-172-31-25-165.us-west-2.compute.internal systemd[1]: Stopped 389 Directory Server US-WEST-2-COMPUTE-AMAZONAWS-COM..-- Subject: Unit [email protected] has finished shutting down-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel-- -- Unit [email protected] has finished shutting down.Sep 20 06:37:05 ip-172-31-25-165.us-west-2.compute.internal polkitd[529]: Unregistered Authentication Agent for unix-process:3518:364279465 (system bus name :1.Sep 20 06:37:15 ip-172-31-25-165.us-west-2.compute.internal unix_chkpwd[3531]: password check failed for user (root)Sep 20 06:37:15 ip-172-31-25-165.us-west-2.compute.internal sshd[3530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=Sep 20 06:37:17 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: error: PAM: Authentication failure for root from 221.229.172.103Sep 20 06:37:18 ip-172-31-25-165.us-west-2.compute.internal unix_chkpwd[3533]: password check failed for user (root)Sep 20 06:37:18 ip-172-31-25-165.us-west-2.compute.internal sshd[3532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=Sep 20 06:37:20 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: error: PAM: Authentication failure for root from 221.229.172.103Sep 20 06:37:20 ip-172-31-25-165.us-west-2.compute.internal unix_chkpwd[3535]: pa ssword check failed for user (root)Sep 20 06:37:20 ip-172-31-25-165.us-west-2.compute.internal sshd[3534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=Sep 20 06:37:23 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: error: PAM: Authentication failure for root from 221.229.172.103 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Sep 20 06:37:23 ip-172-31-25-165.us-west-2.compute.internal sshd[3528]: > Received disconnect from 221.229.172.103: 11: [preauth] > > Would really be thankful if you can get me backup with my IPA Server.. > Many Thanks,Deepak > > > > > > > > > > > -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
