Re: [Freeipa-users] CA: Cannot add Centos7.2 replica to Centos6.8 ipa server
So, does anyone understand something more than me from the logs ? Can I search for something that can help me solve it ? On 9/9/2016 11:26 μμ, Georgios Kafataridis wrote: These are fresh logs from a last attempt to create a replica Centos 7 /var/log/pki/pki-tomcat/ca/debug [09/Sep/2016:22:59:40][http-bio-8443-exec-3]: === Token Panel === [09/Sep/2016:22:59:40][http-bio-8443-exec-3]: === Security Domain Panel === [09/Sep/2016:22:59:40][http-bio-8443-exec-3]: Joining existing security domain [09/Sep/2016:22:59:40][http-bio-8443-exec-3]: Resolving security domain URLhttps://ipa-server.nelios:443 [09/Sep/2016:22:59:40][http-bio-8443-exec-3]: Getting security domain cert chain [09/Sep/2016:22:59:40][http-bio-8443-exec-3]: Getting install token [09/Sep/2016:22:59:40][http-bio-8443-exec-3]: Getting install token [09/Sep/2016:22:59:41][http-bio-8443-exec-3]: Getting old cookie [09/Sep/2016:22:59:41][http-bio-8443-exec-3]: Token: null [09/Sep/2016:22:59:41][http-bio-8443-exec-3]: Install token is null [09/Sep/2016:22:59:41][http-bio-8443-exec-3]: Failed to obtain installation token from security domain Centos 6 /var/log/pki-ca/debug [09/Sep/2016:22:59:42][TP-Processor3]: GetCookie before auth, url =https://ipa2-server2.nelios:443/ca/admin/console/config/wizard?p=5=CA [09/Sep/2016:22:59:42][TP-Processor3]: IP: 192.168.4.175 [09/Sep/2016:22:59:42][TP-Processor3]: AuthMgrName: passwdUserDBAuthMgr [09/Sep/2016:22:59:42][TP-Processor3]: CMSServlet: no client certificate found [09/Sep/2016:22:59:42][TP-Processor3]: Authentication: UID=admin [09/Sep/2016:22:59:42][TP-Processor3]: In LdapBoundConnFactory::getConn() [09/Sep/2016:22:59:42][TP-Processor3]: masterConn is connected: true [09/Sep/2016:22:59:42][TP-Processor3]: getConn: conn is connected true [09/Sep/2016:22:59:42][TP-Processor3]: getConn: mNumConns now 2 [09/Sep/2016:22:59:42][TP-Processor3]: LdapAnonConnFactory::getConn [09/Sep/2016:22:59:42][TP-Processor3]: LdapAnonConnFactory.getConn(): num avail conns now 2 [09/Sep/2016:22:59:42][TP-Processor3]: returnConn: mNumConns now 3 [09/Sep/2016:22:59:42][TP-Processor3]: returnConn: mNumConns now 2 [09/Sep/2016:22:59:42][TP-Processor3]: SignedAuditEventFactory: create() message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=passwdUserDBAuthMgr][AttemptedCred=$Unidentified$] authentication failure [09/Sep/2016:22:59:42][TP-Processor3]: GetCookie authentication failed [09/Sep/2016:22:59:42][TP-Processor3]: mErrorFormPath=/admin/ca/securitydomainlogin.template [09/Sep/2016:22:59:42][TP-Processor3]: CMSServlet: curDate=Fri Sep 09 22:59:42 EEST 2016 id=caGetCookie time=39 /var/log/httpd/access_log 192.168.4.175 - - [09/Sep/2016:22:59:21 +0300] "GET /ca/rest/securityDomain/domainInfo HTTP/1.1" 404 315 192.168.4.175 - - [09/Sep/2016:22:59:22 +0300] "GET /ca/admin/ca/getDomainXML HTTP/1.1" 200 1148 192.168.4.175 - - [09/Sep/2016:22:59:22 +0300] "GET /ca/rest/account/login HTTP/1.1" 404 303 192.168.4.175 - - [09/Sep/2016:22:59:41 +0300] "POST /ca/admin/ca/getCertChain HTTP/1.0" 200 1398 192.168.4.175 - - [09/Sep/2016:22:59:42 +0300] "GET /ca/rest/account/login HTTP/1.1" 404 303 192.168.4.175 - - [09/Sep/2016:22:59:42 +0300] "POST /ca/admin/ca/getCookie HTTP/1.1" 200 5170 /var/log/httpd/error_log [Fri Sep 09 22:59:22 2016] [error] [client 192.168.4.175] File does not exist: /var/www/html/ca [Fri Sep 09 22:59:22 2016] [error] [client 192.168.4.175] File does not exist: /var/www/html/ca [Fri Sep 09 22:59:42 2016] [error] [client 192.168.4.175] File does not exist: /var/www/html/ca /var/log/pki-ca/system 5337.TP-Processor3 - [09/Sep/2016:22:59:42 EEST] [6] [6] Failed to authenticate as admin UID=admin. Error: netscape.ldap.LDAPException: error result (49) 5337.TP-Processor3 - [09/Sep/2016:22:59:42 EEST] [3] [3] Servlet caGetCookie: Error getting servlet output stream when rendering template. Error Invalid Credential.. /var/log/pki-ca/catalina.out Sep 08, 2016 4:17:34 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory ROOT Sep 08, 2016 4:17:34 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-9180 Sep 08, 2016 4:17:34 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-9443 Sep 08, 2016 4:17:35 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-9445 Sep 08, 2016 4:17:35 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-9444 Sep 08, 2016 4:17:35 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-9446 Sep 08, 2016 4:17:35 PM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:9447 <http://0.0.0.0:9447> Sep 08, 2016 4:17:35 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/123 config=null Sep 08, 2016
Re: [Freeipa-users] CA: Cannot add Centos7.2 replica to Centos6.8 ipa server
These are fresh logs from a last attempt to create a replica Centos 7 /var/log/pki/pki-tomcat/ca/debug [09/Sep/2016:22:59:40][http-bio-8443-exec-3]: === Token Panel === [09/Sep/2016:22:59:40][http-bio-8443-exec-3]: === Security Domain Panel === [09/Sep/2016:22:59:40][http-bio-8443-exec-3]: Joining existing security domain [09/Sep/2016:22:59:40][http-bio-8443-exec-3]: Resolving security domain URLhttps://ipa-server.nelios:443 [09/Sep/2016:22:59:40][http-bio-8443-exec-3]: Getting security domain cert chain [09/Sep/2016:22:59:40][http-bio-8443-exec-3]: Getting install token [09/Sep/2016:22:59:40][http-bio-8443-exec-3]: Getting install token [09/Sep/2016:22:59:41][http-bio-8443-exec-3]: Getting old cookie [09/Sep/2016:22:59:41][http-bio-8443-exec-3]: Token: null [09/Sep/2016:22:59:41][http-bio-8443-exec-3]: Install token is null [09/Sep/2016:22:59:41][http-bio-8443-exec-3]: Failed to obtain installation token from security domain Centos 6 /var/log/pki-ca/debug [09/Sep/2016:22:59:42][TP-Processor3]: GetCookie before auth, url = https://ipa2-server2.nelios:443/ca/admin/console/config/wizard?p=5=CA [09/Sep/2016:22:59:42][TP-Processor3]: IP: 192.168.4.175 [09/Sep/2016:22:59:42][TP-Processor3]: AuthMgrName: passwdUserDBAuthMgr [09/Sep/2016:22:59:42][TP-Processor3]: CMSServlet: no client certificate found [09/Sep/2016:22:59:42][TP-Processor3]: Authentication: UID=admin [09/Sep/2016:22:59:42][TP-Processor3]: In LdapBoundConnFactory::getConn() [09/Sep/2016:22:59:42][TP-Processor3]: masterConn is connected: true [09/Sep/2016:22:59:42][TP-Processor3]: getConn: conn is connected true [09/Sep/2016:22:59:42][TP-Processor3]: getConn: mNumConns now 2 [09/Sep/2016:22:59:42][TP-Processor3]: LdapAnonConnFactory::getConn [09/Sep/2016:22:59:42][TP-Processor3]: LdapAnonConnFactory.getConn(): num avail conns now 2 [09/Sep/2016:22:59:42][TP-Processor3]: returnConn: mNumConns now 3 [09/Sep/2016:22:59:42][TP-Processor3]: returnConn: mNumConns now 2 [09/Sep/2016:22:59:42][TP-Processor3]: SignedAuditEventFactory: create() message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=passwdUserDBAuthMgr][AttemptedCred=$Unidentified$] authentication failure [09/Sep/2016:22:59:42][TP-Processor3]: GetCookie authentication failed [09/Sep/2016:22:59:42][TP-Processor3]: mErrorFormPath=/admin/ca/securitydomainlogin.template [09/Sep/2016:22:59:42][TP-Processor3]: CMSServlet: curDate=Fri Sep 09 22:59:42 EEST 2016 id=caGetCookie time=39 /var/log/httpd/access_log 192.168.4.175 - - [09/Sep/2016:22:59:21 +0300] "GET /ca/rest/securityDomain/domainInfo HTTP/1.1" 404 315 192.168.4.175 - - [09/Sep/2016:22:59:22 +0300] "GET /ca/admin/ca/getDomainXML HTTP/1.1" 200 1148 192.168.4.175 - - [09/Sep/2016:22:59:22 +0300] "GET /ca/rest/account/login HTTP/1.1" 404 303 192.168.4.175 - - [09/Sep/2016:22:59:41 +0300] "POST /ca/admin/ca/getCertChain HTTP/1.0" 200 1398 192.168.4.175 - - [09/Sep/2016:22:59:42 +0300] "GET /ca/rest/account/login HTTP/1.1" 404 303 192.168.4.175 - - [09/Sep/2016:22:59:42 +0300] "POST /ca/admin/ca/getCookie HTTP/1.1" 200 5170 /var/log/httpd/error_log [Fri Sep 09 22:59:22 2016] [error] [client 192.168.4.175] File does not exist: /var/www/html/ca [Fri Sep 09 22:59:22 2016] [error] [client 192.168.4.175] File does not exist: /var/www/html/ca [Fri Sep 09 22:59:42 2016] [error] [client 192.168.4.175] File does not exist: /var/www/html/ca /var/log/pki-ca/system 5337.TP-Processor3 - [09/Sep/2016:22:59:42 EEST] [6] [6] Failed to authenticate as admin UID=admin. Error: netscape.ldap.LDAPException: error result (49) 5337.TP-Processor3 - [09/Sep/2016:22:59:42 EEST] [3] [3] Servlet caGetCookie: Error getting servlet output stream when rendering template. Error Invalid Credential.. /var/log/pki-ca/catalina.out Sep 08, 2016 4:17:34 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory ROOT Sep 08, 2016 4:17:34 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-9180 Sep 08, 2016 4:17:34 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-9443 Sep 08, 2016 4:17:35 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-9445 Sep 08, 2016 4:17:35 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-9444 Sep 08, 2016 4:17:35 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-9446 Sep 08, 2016 4:17:35 PM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:9447 Sep 08, 2016 4:17:35 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/123 config=null Sep 08, 2016 4:17:35 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 8550 ms Catalina seems to not have logged anything from yesterday. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on
Re: [Freeipa-users] CA: Cannot add Centos7.2 replica to Centos6.8 ipa server
I've tried that but still the same result. [root@ipa-server /]# ldapsearch -D "cn=directory manager" -W -p 389 -h localhost -b "uid=admin,ou=people,o=ipaca" Enter LDAP Password: # extended LDIF # # LDAPv3 # base