Re: [Freeipa-users] Failed installation

2012-10-19 Thread Dmitri Pal
On 10/18/2012 10:46 AM, Rob Crittenden wrote:
 Rob Crittenden wrote:
 Bret Wortman wrote:
 Sorry, that wasn't clear at all, was it? The latest attempt was after I
 ran the cleanup. No joy; it's still failing at the same point and
 tomcat
 is definitely not running.

 In order to diagnose why dogtag is failing to install we need to see the
 logs from /var/log/pki-ca and the full /var/log/ipaserver-install.log.
 You can send them directly to me or Martin if you'd prefer.


 To close the loop on this, I had Bret yum reinstall the pki-selinux
 package. For some reason sometimes it fails to load the required
 SELinux contents on install.

Is there any way to make it more reliable?


 Doing that has resolved the installation issue.

 rob

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] Failed installation

2012-10-19 Thread Simo Sorce
On Fri, 2012-10-19 at 14:26 -0400, Dmitri Pal wrote:
 On 10/18/2012 10:46 AM, Rob Crittenden wrote:
  Rob Crittenden wrote:
  Bret Wortman wrote:
  Sorry, that wasn't clear at all, was it? The latest attempt was after I
  ran the cleanup. No joy; it's still failing at the same point and
  tomcat
  is definitely not running.
 
  In order to diagnose why dogtag is failing to install we need to see the
  logs from /var/log/pki-ca and the full /var/log/ipaserver-install.log.
  You can send them directly to me or Martin if you'd prefer.
 
 
  To close the loop on this, I had Bret yum reinstall the pki-selinux
  package. For some reason sometimes it fails to load the required
  SELinux contents on install.
 
 Is there any way to make it more reliable?

The dogtag selinux policy is being merged into the system policy.
This should remove the issue completely in future Fedora versions.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] Failed installation

2012-10-18 Thread Martin Kosek
Hello Bret,

This may be a long shot, but when I sometimes hit this kind of errors when CA
installation crashed and there is still some remaining CA configuration (in
/var/lib/pki-ca). I usually fix this with standard ipa-server-install
--uninstall -U and then running this command:

/usr/bin/pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca --force

HTH,
Martin

On 10/18/2012 12:26 AM, Bret Wortman wrote:
 I think I have SELinux turned off but will double-check in the morning. And
 reply to the list
 
 
 -- 
 Bret Wortman
 http://bretwortman.com/
 http://twitter.com/bretwortman
 
 On Wednesday, October 17, 2012 at 3:17 PM, Rob Crittenden wrote:
 
 Bret Wortman wrote:
 Now it appears that whatever is supposed to be running on port 9445
 (looks like mindarray-ca) isn't running, and I'm not sure how it gets
 started, exactly. I ran lsof -i:9445 on this server and on a FreeIPA
 test box I first set up, and it's running on the test box but not the
 new one. Where should I look next?

 See if there are any SELinux denials: ausearch -m AVC

 It looks like tomcat failed to start. The logs are in /var/log/pki-ca.

 rob


 On Wed, Oct 17, 2012 at 2:07 PM, Bret Wortman
 bret.wort...@damascusgrp.com mailto:bret.wort...@damascusgrp.com wrote:

 Spot on. It was a fresh install of F17 and I neglected to # yum
 update first. I've done so, rebooted, and am trying again with
 better results.


 On Wed, Oct 17, 2012 at 1:45 PM, John Dennis jden...@redhat.com
 mailto:jden...@redhat.com wrote:

 On 10/17/2012 12:40 PM, Bret Wortman wrote:

 I recently tried installing freeipa on a new server, but
 ipa-server-install had problems around this point:

 Configuring certificate server: Estimated time 3 minutes 30
 seconds
 [1/18]: creating certificate server user
 [2/18]: creating pki-ca instance
 [3/18]: configuring certificate server instance
 ipa : CRITICAL failed to configure ca instance Command
 '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
 fs1.wedgeofli.me http://fs1.wedgeofli.me
 http://fs1.wedgeofli.me -cs_port 9445

 -client_certdb_dir /tmp/tmp-UvBMbL -client_certdb_pwd 
 -preop_pin HHxKHUz5RRfzQ3OkFMlR -domain_name IPA -admin_user
 admin
 -admin_email root@localhost -admin_  -agent_name
 ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
 -agent_cert_subject CN=ipa-ca-agent,O=WEDGEOFLI.ME
 http://WEDGEOFLI.ME http://WEDGEOFLI.ME
 -ldap_host fs1.wedgeofli.me http://fs1.wedgeofli.me
 http://fs1.wedgeofli.me -ldap_port 7389

 -bind_dn cn=Directory Manager -bind_ 
 -base_dn o=ipaca
 -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm
 SHA256withRSA
 -save_p12 true -backup_pwd  -subsystem_name pki-cad
 -token_name
 internal -ca_subsystem_cert_subject___name CN=CA
 Subsystem,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
 http://WEDGEOFLI.ME -ca_ocsp_cert_subject_name CN=OCSP
 Subsystem,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
 http://WEDGEOFLI.ME
 -ca_server_cert_subject_name CN=fs1.wedgeofli.me
 http://fs1.wedgeofli.me
 http://fs1.wedgeofli.me,O=WE__DGEOFLI.ME
 http://WEDGEOFLI.ME http://WEDGEOFLI.ME
 -ca_audit_signing_cert___subject_name CN=CA
 Audit,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
 http://WEDGEOFLI.ME -ca_sign_cert_subject_name CN=Certificate
 Authority,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
 http://WEDGEOFLI.ME -external false -clone

 false' returned non-zero exit status 255
 Unexpected error - see ipaserver-install.log for details:
 Configuration of CA failed
 [root@fs1 ~]#

 The logfile revealed the following stack trace:

 ##__###
 Attempting to connect to: fs1.wedgeofli.me:9445
 http://fs1.wedgeofli.me:9445
 http://fs1.wedgeofli.me:9445

 Exception in LoginPanel(): java.lang.NullPointerException
 ERROR: ConfigureCA: LoginPanel() failure
 ERROR: unable to create CA

 ##__##__###

 2012-10-17T16:24:53Z DEBUG stderr=Exception: Unable to Send
 Request:java.net http://java.net.__ConnectException:
 Connection refused
 java.net.ConnectException: Connection refused
 at java.net.PlainSocketImpl.__socketConnect(Native Method)
 at
 java.net
 http://java.net.__AbstractPlainSocketImpl.__doConnect(__AbstractPlainSocketImpl.java:__339)
 at
 java.net
 http://java.net.__AbstractPlainSocketImpl.__connectToAddress(__AbstractPlainSocketImpl.java:__200)
 at
 java.net
 http://java.net.__AbstractPlainSocketImpl.__connect(__AbstractPlainSocketImpl.java:__182)
 at
 java.net.SocksSocketImpl.__connect(SocksSocketImpl.java:__391)
 at java.net.Socket.connect(__Socket.java:579)
 at java.net.Socket.connect(__Socket.java:528)
 at java.net.Socket.init(Socket.__java:425)
 at java.net.Socket.init(Socket.__java:241)
 at HTTPClient.sslConnect(__HTTPClient.java:326)
 at ConfigureCA.LoginPanel(__ConfigureCA.java:244)
 at ConfigureCA.__ConfigureCAInstance(__ConfigureCA.java:1157)
 at ConfigureCA.main(ConfigureCA.__java:1672)
 java.lang.NullPointerException
 at 

Re: [Freeipa-users] Failed installation

2012-10-18 Thread Martin Kosek
On 10/18/2012 01:23 PM, Bret Wortman wrote:
 Tomcat is definitely not running and there's no log in /var/log/pki-ca. 
 SELinux
 is disabled and not running. The same RPMs are installed on both my 
 functioning
 and nonfunctioning system, at least as far as # rpm -qa | grep tomcat | sort
 revealed.
 
 I also followed Martin's suggestion to clean out the CA configuration, but 
 that
 command seems to indicate that there wasn't any existing configuration:
 
 [root@fs1 ~]# /usr/bin/pkiremove -pki_instance_root=/var/lib
 -pki_instance_name=pki-ca --force
 PKI instance Deletion Utility ...
 
 PKI instance Deletion Utility cleaning up instance ...
 
 No security domain defined.
 If this is an unconfigured instance, then that is OK.
 Otherwise, manually delete the entry from the security domain master.
 
 Removing selinux contexts

Actually, I think that the pkiremove utility removed the leftover CA. If the CA
was not there, the output should look like that:

# /usr/bin/pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca 
--force
PKI instance Deletion Utility ...

[error] /usr/bin/pkiremove:  Target directory /var/lib/pki-ca is not a legal
directory.
...

Can you try running the server install again? So that we can see if the CA
cleanup helped?

Martin

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] Failed installation

2012-10-18 Thread Bret Wortman
Sorry, that wasn't clear at all, was it? The latest attempt was after I ran
the cleanup. No joy; it's still failing at the same point and tomcat is
definitely not running.

On Thu, Oct 18, 2012 at 7:28 AM, Martin Kosek mko...@redhat.com wrote:

 On 10/18/2012 01:23 PM, Bret Wortman wrote:
  Tomcat is definitely not running and there's no log in /var/log/pki-ca.
 SELinux
  is disabled and not running. The same RPMs are installed on both my
 functioning
  and nonfunctioning system, at least as far as # rpm -qa | grep tomcat |
 sort
  revealed.
 
  I also followed Martin's suggestion to clean out the CA configuration,
 but that
  command seems to indicate that there wasn't any existing configuration:
 
  [root@fs1 ~]# /usr/bin/pkiremove -pki_instance_root=/var/lib
  -pki_instance_name=pki-ca --force
  PKI instance Deletion Utility ...
 
  PKI instance Deletion Utility cleaning up instance ...
 
  No security domain defined.
  If this is an unconfigured instance, then that is OK.
  Otherwise, manually delete the entry from the security domain master.
 
  Removing selinux contexts

 Actually, I think that the pkiremove utility removed the leftover CA. If
 the CA
 was not there, the output should look like that:

 # /usr/bin/pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca
 --force
 PKI instance Deletion Utility ...

 [error] /usr/bin/pkiremove:  Target directory /var/lib/pki-ca is not a
 legal
 directory.
 ...

 Can you try running the server install again? So that we can see if the CA
 cleanup helped?

 Martin




-- 
Bret Wortman
The Damascus Group
Fairfax, VA
http://bretwortman.com/
http://twitter.com/BretWortman
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Failed installation

2012-10-18 Thread Rob Crittenden

Bret Wortman wrote:

Sorry, that wasn't clear at all, was it? The latest attempt was after I
ran the cleanup. No joy; it's still failing at the same point and tomcat
is definitely not running.


In order to diagnose why dogtag is failing to install we need to see the 
logs from /var/log/pki-ca and the full /var/log/ipaserver-install.log. 
You can send them directly to me or Martin if you'd prefer.


rob



On Thu, Oct 18, 2012 at 7:28 AM, Martin Kosek mko...@redhat.com
mailto:mko...@redhat.com wrote:

On 10/18/2012 01:23 PM, Bret Wortman wrote:
  Tomcat is definitely not running and there's no log in
/var/log/pki-ca. SELinux
  is disabled and not running. The same RPMs are installed on both
my functioning
  and nonfunctioning system, at least as far as # rpm -qa | grep
tomcat | sort
  revealed.
 
  I also followed Martin's suggestion to clean out the CA
configuration, but that
  command seems to indicate that there wasn't any existing
configuration:
 
  [root@fs1 ~]# /usr/bin/pkiremove -pki_instance_root=/var/lib
  -pki_instance_name=pki-ca --force
  PKI instance Deletion Utility ...
 
  PKI instance Deletion Utility cleaning up instance ...
 
  No security domain defined.
  If this is an unconfigured instance, then that is OK.
  Otherwise, manually delete the entry from the security domain master.
 
  Removing selinux contexts

Actually, I think that the pkiremove utility removed the leftover
CA. If the CA
was not there, the output should look like that:

# /usr/bin/pkiremove -pki_instance_root=/var/lib
-pki_instance_name=pki-ca --force
PKI instance Deletion Utility ...

[error] /usr/bin/pkiremove:  Target directory /var/lib/pki-ca is not
a legal
directory.
...

Can you try running the server install again? So that we can see if
the CA
cleanup helped?

Martin




--
Bret Wortman
The Damascus Group
Fairfax, VA
http://bretwortman.com/
http://twitter.com/BretWortman



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] Failed installation

2012-10-18 Thread Rob Crittenden

Rob Crittenden wrote:

Bret Wortman wrote:

Sorry, that wasn't clear at all, was it? The latest attempt was after I
ran the cleanup. No joy; it's still failing at the same point and tomcat
is definitely not running.


In order to diagnose why dogtag is failing to install we need to see the
logs from /var/log/pki-ca and the full /var/log/ipaserver-install.log.
You can send them directly to me or Martin if you'd prefer.



To close the loop on this, I had Bret yum reinstall the pki-selinux 
package. For some reason sometimes it fails to load the required SELinux 
contents on install.


Doing that has resolved the installation issue.

rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


[Freeipa-users] Failed installation

2012-10-17 Thread Bret Wortman
I recently tried installing freeipa on a new server, but ipa-server-install
had problems around this point:

Configuring certificate server: Estimated time 3 minutes 30 seconds
  [1/18]: creating certificate server user
  [2/18]: creating pki-ca instance
  [3/18]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
fs1.wedgeofli.me-cs_port 9445 -client_certdb_dir /tmp/tmp-UvBMbL
-client_certdb_pwd
 -preop_pin HHxKHUz5RRfzQ3OkFMlR -domain_name IPA -admin_user admin
-admin_email root@localhost -admin_  -agent_name
ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject
CN=ipa-ca-agent,O=WEDGEOFLI.ME -ldap_host fs1.wedgeofli.me -ldap_port 7389
-bind_dn cn=Directory Manager -bind_  -base_dn o=ipaca
-db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA
-save_p12 true -backup_pwd  -subsystem_name pki-cad -token_name
internal -ca_subsystem_cert_subject_name CN=CA
Subsystem,O=WEDGEOFLI.ME-ca_ocsp_cert_subject_name CN=OCSP
Subsystem,O=
WEDGEOFLI.ME -ca_server_cert_subject_name
CN=fs1.wedgeofli.me,O=WEDGEOFLI.ME-ca_audit_signing_cert_subject_name
CN=CA Audit,O=
WEDGEOFLI.ME -ca_sign_cert_subject_name CN=Certificate Authority,O=
WEDGEOFLI.ME -external false -clone false' returned non-zero exit status 255
Unexpected error - see ipaserver-install.log for details:
 Configuration of CA failed
[root@fs1 ~]#

The logfile revealed the following stack trace:

#
Attempting to connect to: fs1.wedgeofli.me:9445
Exception in LoginPanel(): java.lang.NullPointerException
ERROR: ConfigureCA: LoginPanel() failure
ERROR: unable to create CA

###

2012-10-17T16:24:53Z DEBUG stderr=Exception: Unable to Send
Request:java.net.ConnectException: Connection refused
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)
at java.net.Socket.connect(Socket.java:579)
at java.net.Socket.connect(Socket.java:528)
at java.net.Socket.init(Socket.java:425)
at java.net.Socket.init(Socket.java:241)
at HTTPClient.sslConnect(HTTPClient.java:326)
at ConfigureCA.LoginPanel(ConfigureCA.java:244)
at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
at ConfigureCA.main(ConfigureCA.java:1672)
java.lang.NullPointerException
at ConfigureCA.LoginPanel(ConfigureCA.java:245)
at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
at ConfigureCA.main(ConfigureCA.java:1672)

Now I seem to be stuck. I tried uninstalling the freeipa-server package
with # yum remove freeipa-server and then reinstalled it the same way, but
ipa-server-install won't run no matter what I attempt.

Any thoughts? I'm pretty new to IPA.

Thanks!


-- 
Bret Wortman
The Damascus Group
Fairfax, VA
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Failed installation

2012-10-17 Thread Dmitri Pal
On 10/17/2012 12:40 PM, Bret Wortman wrote:
 I recently tried installing freeipa on a new server, but
 ipa-server-install had problems around this point:

 Configuring certificate server: Estimated time 3 minutes 30 seconds
   [1/18]: creating certificate server user
   [2/18]: creating pki-ca instance
   [3/18]: configuring certificate server instance
 ipa : CRITICAL failed to configure ca instance Command
 '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
 fs1.wedgeofli.me http://fs1.wedgeofli.me -cs_port 9445
 -client_certdb_dir /tmp/tmp-UvBMbL -client_certdb_pwd 
 -preop_pin HHxKHUz5RRfzQ3OkFMlR -domain_name IPA -admin_user admin
 -admin_email root@localhost -admin_  -agent_name
 ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
 -agent_cert_subject CN=ipa-ca-agent,O=WEDGEOFLI.ME
 http://WEDGEOFLI.ME -ldap_host fs1.wedgeofli.me
 http://fs1.wedgeofli.me -ldap_port 7389 -bind_dn cn=Directory
 Manager -bind_  -base_dn o=ipaca -db_name ipaca
 -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12
 true -backup_pwd  -subsystem_name pki-cad -token_name internal
 -ca_subsystem_cert_subject_name CN=CA Subsystem,O=WEDGEOFLI.ME
 http://WEDGEOFLI.ME -ca_ocsp_cert_subject_name CN=OCSP
 Subsystem,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
 -ca_server_cert_subject_name CN=fs1.wedgeofli.me
 http://fs1.wedgeofli.me,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
 -ca_audit_signing_cert_subject_name CN=CA Audit,O=WEDGEOFLI.ME
 http://WEDGEOFLI.ME -ca_sign_cert_subject_name CN=Certificate
 Authority,O=WEDGEOFLI.ME http://WEDGEOFLI.ME -external false -clone
 false' returned non-zero exit status 255
 Unexpected error - see ipaserver-install.log for details:
  Configuration of CA failed
 [root@fs1 ~]# 

 The logfile revealed the following stack trace:

 #
 Attempting to connect to: fs1.wedgeofli.me:9445
 http://fs1.wedgeofli.me:9445
 Exception in LoginPanel(): java.lang.NullPointerException
 ERROR: ConfigureCA: LoginPanel() failure
 ERROR: unable to create CA

 ###

 2012-10-17T16:24:53Z DEBUG stderr=Exception: Unable to Send
 Request:java.net.ConnectException: Connection refused
 java.net.ConnectException: Connection refused
 at java.net.PlainSocketImpl.socketConnect(Native Method)
 at
 java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
 at
 java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
 at
 java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
 at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)
 at java.net.Socket.connect(Socket.java:579)
 at java.net.Socket.connect(Socket.java:528)
 at java.net.Socket.init(Socket.java:425)
 at java.net.Socket.init(Socket.java:241)
 at HTTPClient.sslConnect(HTTPClient.java:326)
 at ConfigureCA.LoginPanel(ConfigureCA.java:244)
 at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
 at ConfigureCA.main(ConfigureCA.java:1672)
 java.lang.NullPointerException
 at ConfigureCA.LoginPanel(ConfigureCA.java:245)
 at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
 at ConfigureCA.main(ConfigureCA.java:1672)

 Now I seem to be stuck. I tried uninstalling the freeipa-server
 package with # yum remove freeipa-server and then reinstalled it the
 same way, but ipa-server-install won't run no matter what I attempt.

 Any thoughts? I'm pretty new to IPA.


Make sure you have packages installed
Run the uninstall command several times (5 for example)

 ipa-server-install --uninstall -U

In case of failed installation and other steps you made the installtion might 
be in the corrupted state.
Running severl times might help as it might detect and remove/unconfigure 
different things at different moments.

Before trying to reinstall again make sure you have latest SELinux policies.

If it explodes again let us know.
 



 Thanks!


 -- 
 Bret Wortman
 The Damascus Group
 Fairfax, VA



 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Failed installation

2012-10-17 Thread John Dennis

On 10/17/2012 12:40 PM, Bret Wortman wrote:

I recently tried installing freeipa on a new server, but
ipa-server-install had problems around this point:

Configuring certificate server: Estimated time 3 minutes 30 seconds
   [1/18]: creating certificate server user
   [2/18]: creating pki-ca instance
   [3/18]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
fs1.wedgeofli.me http://fs1.wedgeofli.me -cs_port 9445
-client_certdb_dir /tmp/tmp-UvBMbL -client_certdb_pwd 
-preop_pin HHxKHUz5RRfzQ3OkFMlR -domain_name IPA -admin_user admin
-admin_email root@localhost -admin_  -agent_name
ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
-agent_cert_subject CN=ipa-ca-agent,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
-ldap_host fs1.wedgeofli.me http://fs1.wedgeofli.me -ldap_port 7389
-bind_dn cn=Directory Manager -bind_  -base_dn o=ipaca
-db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA
-save_p12 true -backup_pwd  -subsystem_name pki-cad -token_name
internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=WEDGEOFLI.ME
http://WEDGEOFLI.ME -ca_ocsp_cert_subject_name CN=OCSP
Subsystem,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
-ca_server_cert_subject_name CN=fs1.wedgeofli.me
http://fs1.wedgeofli.me,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
-ca_audit_signing_cert_subject_name CN=CA Audit,O=WEDGEOFLI.ME
http://WEDGEOFLI.ME -ca_sign_cert_subject_name CN=Certificate
Authority,O=WEDGEOFLI.ME http://WEDGEOFLI.ME -external false -clone
false' returned non-zero exit status 255
Unexpected error - see ipaserver-install.log for details:
  Configuration of CA failed
[root@fs1 ~]#

The logfile revealed the following stack trace:

#
Attempting to connect to: fs1.wedgeofli.me:9445
http://fs1.wedgeofli.me:9445
Exception in LoginPanel(): java.lang.NullPointerException
ERROR: ConfigureCA: LoginPanel() failure
ERROR: unable to create CA

###

2012-10-17T16:24:53Z DEBUG stderr=Exception: Unable to Send
Request:java.net.ConnectException: Connection refused
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)
at java.net.Socket.connect(Socket.java:579)
at java.net.Socket.connect(Socket.java:528)
at java.net.Socket.init(Socket.java:425)
at java.net.Socket.init(Socket.java:241)
at HTTPClient.sslConnect(HTTPClient.java:326)
at ConfigureCA.LoginPanel(ConfigureCA.java:244)
at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
at ConfigureCA.main(ConfigureCA.java:1672)
java.lang.NullPointerException
at ConfigureCA.LoginPanel(ConfigureCA.java:245)
at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
at ConfigureCA.main(ConfigureCA.java:1672)

Now I seem to be stuck. I tried uninstalling the freeipa-server package
with # yum remove freeipa-server and then reinstalled it the same way,
but ipa-server-install won't run no matter what I attempt.

Any thoughts? I'm pretty new to IPA.


There is a good chance this is due to a version mismatch between the IPA 
packages and the dogtag packages. You didn't mention which OS you're 
using nor the versions of the relevant packages, that would have been 
helpful. In any event I would make sure all your packages are up to date.



--
John Dennis jden...@redhat.com

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] Failed installation

2012-10-17 Thread Bret Wortman
Now it appears that whatever is supposed to be running on port 9445 (looks
like mindarray-ca) isn't running, and I'm not sure how it gets started,
exactly. I ran lsof -i:9445 on this server and on a FreeIPA test box I
first set up, and it's running on the test box but not the new one. Where
should I look next?

On Wed, Oct 17, 2012 at 2:07 PM, Bret Wortman
bret.wort...@damascusgrp.comwrote:

 Spot on. It was a fresh install of F17 and I neglected to # yum update
 first. I've done so, rebooted, and am trying again with better results.


 On Wed, Oct 17, 2012 at 1:45 PM, John Dennis jden...@redhat.com wrote:

 On 10/17/2012 12:40 PM, Bret Wortman wrote:

 I recently tried installing freeipa on a new server, but
 ipa-server-install had problems around this point:

 Configuring certificate server: Estimated time 3 minutes 30 seconds
[1/18]: creating certificate server user
[2/18]: creating pki-ca instance
[3/18]: configuring certificate server instance
 ipa : CRITICAL failed to configure ca instance Command
 '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
 fs1.wedgeofli.me http://fs1.wedgeofli.me -cs_port 9445

 -client_certdb_dir /tmp/tmp-UvBMbL -client_certdb_pwd 
 -preop_pin HHxKHUz5RRfzQ3OkFMlR -domain_name IPA -admin_user admin
 -admin_email root@localhost -admin_  -agent_name
 ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
 -agent_cert_subject CN=ipa-ca-agent,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
 -ldap_host fs1.wedgeofli.me http://fs1.wedgeofli.me -ldap_port 7389

 -bind_dn cn=Directory Manager -bind_  -base_dn o=ipaca
 -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA
 -save_p12 true -backup_pwd  -subsystem_name pki-cad -token_name
 internal -ca_subsystem_cert_subject_**name CN=CA Subsystem,O=
 WEDGEOFLI.ME
 http://WEDGEOFLI.ME -ca_ocsp_cert_subject_name CN=OCSP
 Subsystem,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
 -ca_server_cert_subject_name CN=fs1.wedgeofli.me
 http://fs1.wedgeofli.me,O=WE**DGEOFLI.ME http://WEDGEOFLI.ME 
 http://WEDGEOFLI.ME
 -ca_audit_signing_cert_**subject_name CN=CA Audit,O=WEDGEOFLI.ME
 http://WEDGEOFLI.ME -ca_sign_cert_subject_name CN=Certificate
 Authority,O=WEDGEOFLI.ME http://WEDGEOFLI.ME -external false -clone

 false' returned non-zero exit status 255
 Unexpected error - see ipaserver-install.log for details:
   Configuration of CA failed
 [root@fs1 ~]#

 The logfile revealed the following stack trace:

 ##**###
 Attempting to connect to: fs1.wedgeofli.me:9445
 http://fs1.wedgeofli.me:9445

 Exception in LoginPanel(): java.lang.NullPointerException
 ERROR: ConfigureCA: LoginPanel() failure
 ERROR: unable to create CA

 ##**##**
 ###

 2012-10-17T16:24:53Z DEBUG stderr=Exception: Unable to Send
 Request:java.net.**ConnectException: Connection refused
 java.net.ConnectException: Connection refused
 at java.net.PlainSocketImpl.**socketConnect(Native Method)
 at
 java.net.**AbstractPlainSocketImpl.**doConnect(**
 AbstractPlainSocketImpl.java:**339)
 at
 java.net.**AbstractPlainSocketImpl.**connectToAddress(**
 AbstractPlainSocketImpl.java:**200)
 at
 java.net.**AbstractPlainSocketImpl.**connect(**
 AbstractPlainSocketImpl.java:**182)
 at java.net.SocksSocketImpl.**connect(SocksSocketImpl.java:**391)
 at java.net.Socket.connect(**Socket.java:579)
 at java.net.Socket.connect(**Socket.java:528)
 at java.net.Socket.init(Socket.**java:425)
 at java.net.Socket.init(Socket.**java:241)
 at HTTPClient.sslConnect(**HTTPClient.java:326)
 at ConfigureCA.LoginPanel(**ConfigureCA.java:244)
 at ConfigureCA.**ConfigureCAInstance(**ConfigureCA.java:1157)
 at ConfigureCA.main(ConfigureCA.**java:1672)
 java.lang.NullPointerException
 at ConfigureCA.LoginPanel(**ConfigureCA.java:245)
 at ConfigureCA.**ConfigureCAInstance(**ConfigureCA.java:1157)
 at ConfigureCA.main(ConfigureCA.**java:1672)

 Now I seem to be stuck. I tried uninstalling the freeipa-server package
 with # yum remove freeipa-server and then reinstalled it the same way,
 but ipa-server-install won't run no matter what I attempt.

 Any thoughts? I'm pretty new to IPA.


 There is a good chance this is due to a version mismatch between the IPA
 packages and the dogtag packages. You didn't mention which OS you're using
 nor the versions of the relevant packages, that would have been helpful. In
 any event I would make sure all your packages are up to date.


 --
 John Dennis jden...@redhat.com


 Looking to carve out IT costs?
 www.redhat.com/carveoutcosts/




 --
 Bret Wortman
 The Damascus Group
 Fairfax, VA
 http://bretwortman.com/
 http://twitter.com/BretWortman




-- 
Bret Wortman
The Damascus Group
Fairfax, VA
http://bretwortman.com/
http://twitter.com/BretWortman
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Failed installation

2012-10-17 Thread Dmitri Pal
On 10/17/2012 02:31 PM, Bret Wortman wrote:
 Now it appears that whatever is supposed to be running on port 9445
 (looks like mindarray-ca) isn't running, and I'm not sure how it gets
 started, exactly. I ran lsof -i:9445 on this server and on a FreeIPA
 test box I first set up, and it's running on the test box but not the
 new one. Where should I look next?

You cert system component failed to start because its DS instance failed
to start.

Did the install fail again after cleanup?
If not it is better to start over with cleanup and if the install fails
we will help you to troubleshoot.



 On Wed, Oct 17, 2012 at 2:07 PM, Bret Wortman
 bret.wort...@damascusgrp.com mailto:bret.wort...@damascusgrp.com
 wrote:

 Spot on. It was a fresh install of F17 and I neglected to # yum
 update first. I've done so, rebooted, and am trying again with
 better results.


 On Wed, Oct 17, 2012 at 1:45 PM, John Dennis jden...@redhat.com
 mailto:jden...@redhat.com wrote:

 On 10/17/2012 12:40 PM, Bret Wortman wrote:

 I recently tried installing freeipa on a new server, but
 ipa-server-install had problems around this point:

 Configuring certificate server: Estimated time 3 minutes
 30 seconds
[1/18]: creating certificate server user
[2/18]: creating pki-ca instance
[3/18]: configuring certificate server instance
 ipa : CRITICAL failed to configure ca instance Command
 '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
 fs1.wedgeofli.me http://fs1.wedgeofli.me
 http://fs1.wedgeofli.me -cs_port 9445

 -client_certdb_dir /tmp/tmp-UvBMbL -client_certdb_pwd 
 -preop_pin HHxKHUz5RRfzQ3OkFMlR -domain_name IPA
 -admin_user admin
 -admin_email root@localhost -admin_ 
 -agent_name
 ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
 -agent_cert_subject CN=ipa-ca-agent,O=WEDGEOFLI.ME
 http://WEDGEOFLI.ME http://WEDGEOFLI.ME
 -ldap_host fs1.wedgeofli.me http://fs1.wedgeofli.me
 http://fs1.wedgeofli.me -ldap_port 7389

 -bind_dn cn=Directory Manager -bind_ 
 -base_dn o=ipaca
 -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm
 SHA256withRSA
 -save_p12 true -backup_pwd  -subsystem_name
 pki-cad -token_name
 internal -ca_subsystem_cert_subject_name CN=CA
 Subsystem,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
 http://WEDGEOFLI.ME -ca_ocsp_cert_subject_name CN=OCSP
 Subsystem,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
 http://WEDGEOFLI.ME
 -ca_server_cert_subject_name CN=fs1.wedgeofli.me
 http://fs1.wedgeofli.me
 http://fs1.wedgeofli.me,O=WEDGEOFLI.ME
 http://WEDGEOFLI.ME http://WEDGEOFLI.ME
 -ca_audit_signing_cert_subject_name CN=CA
 Audit,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
 http://WEDGEOFLI.ME -ca_sign_cert_subject_name
 CN=Certificate
 Authority,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
 http://WEDGEOFLI.ME -external false -clone

 false' returned non-zero exit status 255
 Unexpected error - see ipaserver-install.log for details:
   Configuration of CA failed
 [root@fs1 ~]#

 The logfile revealed the following stack trace:

 #
 Attempting to connect to: fs1.wedgeofli.me:9445
 http://fs1.wedgeofli.me:9445
 http://fs1.wedgeofli.me:9445

 Exception in LoginPanel(): java.lang.NullPointerException
 ERROR: ConfigureCA: LoginPanel() failure
 ERROR: unable to create CA

 
 ###

 2012-10-17T16:24:53Z DEBUG stderr=Exception: Unable to Send
 Request:java.net http://java.net.ConnectException:
 Connection refused
 java.net.ConnectException: Connection refused
 at java.net.PlainSocketImpl.socketConnect(Native Method)
 at
 java.net
 
 http://java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
 at
 java.net
 
 http://java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
 at
 java.net
 
 http://java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
 at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)
 at java.net.Socket.connect(Socket.java:579)
 at java.net.Socket.connect(Socket.java:528)
 at 

Re: [Freeipa-users] Failed installation

2012-10-17 Thread Rob Crittenden

Bret Wortman wrote:

Now it appears that whatever is supposed to be running on port 9445
(looks like mindarray-ca) isn't running, and I'm not sure how it gets
started, exactly. I ran lsof -i:9445 on this server and on a FreeIPA
test box I first set up, and it's running on the test box but not the
new one. Where should I look next?


See if there are any SELinux denials: ausearch -m AVC

It looks like tomcat failed to start. The logs are in /var/log/pki-ca.

rob



On Wed, Oct 17, 2012 at 2:07 PM, Bret Wortman
bret.wort...@damascusgrp.com mailto:bret.wort...@damascusgrp.com wrote:

Spot on. It was a fresh install of F17 and I neglected to # yum
update first. I've done so, rebooted, and am trying again with
better results.


On Wed, Oct 17, 2012 at 1:45 PM, John Dennis jden...@redhat.com
mailto:jden...@redhat.com wrote:

On 10/17/2012 12:40 PM, Bret Wortman wrote:

I recently tried installing freeipa on a new server, but
ipa-server-install had problems around this point:

Configuring certificate server: Estimated time 3 minutes 30
seconds
[1/18]: creating certificate server user
[2/18]: creating pki-ca instance
[3/18]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
fs1.wedgeofli.me http://fs1.wedgeofli.me
http://fs1.wedgeofli.me -cs_port 9445

-client_certdb_dir /tmp/tmp-UvBMbL -client_certdb_pwd 
-preop_pin HHxKHUz5RRfzQ3OkFMlR -domain_name IPA -admin_user
admin
-admin_email root@localhost -admin_  -agent_name
ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
-agent_cert_subject CN=ipa-ca-agent,O=WEDGEOFLI.ME
http://WEDGEOFLI.ME http://WEDGEOFLI.ME
-ldap_host fs1.wedgeofli.me http://fs1.wedgeofli.me
http://fs1.wedgeofli.me -ldap_port 7389

-bind_dn cn=Directory Manager -bind_ 
-base_dn o=ipaca
-db_name ipaca -key_size 2048 -key_type rsa -key_algorithm
SHA256withRSA
-save_p12 true -backup_pwd  -subsystem_name pki-cad
-token_name
internal -ca_subsystem_cert_subject___name CN=CA
Subsystem,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
http://WEDGEOFLI.ME -ca_ocsp_cert_subject_name CN=OCSP
Subsystem,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
http://WEDGEOFLI.ME
-ca_server_cert_subject_name CN=fs1.wedgeofli.me
http://fs1.wedgeofli.me
http://fs1.wedgeofli.me,O=WE__DGEOFLI.ME
http://WEDGEOFLI.ME http://WEDGEOFLI.ME
-ca_audit_signing_cert___subject_name CN=CA
Audit,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
http://WEDGEOFLI.ME -ca_sign_cert_subject_name CN=Certificate
Authority,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
http://WEDGEOFLI.ME -external false -clone

false' returned non-zero exit status 255
Unexpected error - see ipaserver-install.log for details:
   Configuration of CA failed
[root@fs1 ~]#

The logfile revealed the following stack trace:

##__###
Attempting to connect to: fs1.wedgeofli.me:9445
http://fs1.wedgeofli.me:9445
http://fs1.wedgeofli.me:9445

Exception in LoginPanel(): java.lang.NullPointerException
ERROR: ConfigureCA: LoginPanel() failure
ERROR: unable to create CA


##__##__###

2012-10-17T16:24:53Z DEBUG stderr=Exception: Unable to Send
Request:java.net http://java.net.__ConnectException:
Connection refused
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.__socketConnect(Native Method)
at
java.net

http://java.net.__AbstractPlainSocketImpl.__doConnect(__AbstractPlainSocketImpl.java:__339)
at
java.net

http://java.net.__AbstractPlainSocketImpl.__connectToAddress(__AbstractPlainSocketImpl.java:__200)
at
java.net

http://java.net.__AbstractPlainSocketImpl.__connect(__AbstractPlainSocketImpl.java:__182)
at
java.net.SocksSocketImpl.__connect(SocksSocketImpl.java:__391)
at java.net.Socket.connect(__Socket.java:579)
at java.net.Socket.connect(__Socket.java:528)
at java.net.Socket.init(Socket.__java:425)
at java.net.Socket.init(Socket.__java:241)
at HTTPClient.sslConnect(__HTTPClient.java:326)
at 

Re: [Freeipa-users] Failed installation

2012-10-17 Thread Bret Wortman
I think I have SELinux turned off but will double-check in the morning. And 
reply to the list 


-- 
Bret Wortman
http://bretwortman.com/
http://twitter.com/bretwortman


On Wednesday, October 17, 2012 at 3:17 PM, Rob Crittenden wrote:

 Bret Wortman wrote:
  Now it appears that whatever is supposed to be running on port 9445
  (looks like mindarray-ca) isn't running, and I'm not sure how it gets
  started, exactly. I ran lsof -i:9445 on this server and on a FreeIPA
  test box I first set up, and it's running on the test box but not the
  new one. Where should I look next?
  
 
 
 See if there are any SELinux denials: ausearch -m AVC
 
 It looks like tomcat failed to start. The logs are in /var/log/pki-ca.
 
 rob
 
  
  On Wed, Oct 17, 2012 at 2:07 PM, Bret Wortman
  bret.wort...@damascusgrp.com mailto:bret.wort...@damascusgrp.com wrote:
  
  Spot on. It was a fresh install of F17 and I neglected to # yum
  update first. I've done so, rebooted, and am trying again with
  better results.
  
  
  On Wed, Oct 17, 2012 at 1:45 PM, John Dennis jden...@redhat.com
  mailto:jden...@redhat.com wrote:
  
  On 10/17/2012 12:40 PM, Bret Wortman wrote:
  
  I recently tried installing freeipa on a new server, but
  ipa-server-install had problems around this point:
  
  Configuring certificate server: Estimated time 3 minutes 30
  seconds
  [1/18]: creating certificate server user
  [2/18]: creating pki-ca instance
  [3/18]: configuring certificate server instance
  ipa : CRITICAL failed to configure ca instance Command
  '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
  fs1.wedgeofli.me http://fs1.wedgeofli.me
  http://fs1.wedgeofli.me -cs_port 9445
  
  -client_certdb_dir /tmp/tmp-UvBMbL -client_certdb_pwd 
  -preop_pin HHxKHUz5RRfzQ3OkFMlR -domain_name IPA -admin_user
  admin
  -admin_email root@localhost -admin_  -agent_name
  ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
  -agent_cert_subject CN=ipa-ca-agent,O=WEDGEOFLI.ME
  http://WEDGEOFLI.ME http://WEDGEOFLI.ME
  -ldap_host fs1.wedgeofli.me http://fs1.wedgeofli.me
  http://fs1.wedgeofli.me -ldap_port 7389
  
  -bind_dn cn=Directory Manager -bind_ 
  -base_dn o=ipaca
  -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm
  SHA256withRSA
  -save_p12 true -backup_pwd  -subsystem_name pki-cad
  -token_name
  internal -ca_subsystem_cert_subject___name CN=CA
  Subsystem,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
  http://WEDGEOFLI.ME -ca_ocsp_cert_subject_name CN=OCSP
  Subsystem,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
  http://WEDGEOFLI.ME
  -ca_server_cert_subject_name CN=fs1.wedgeofli.me
  http://fs1.wedgeofli.me
  http://fs1.wedgeofli.me,O=WE__DGEOFLI.ME
  http://WEDGEOFLI.ME http://WEDGEOFLI.ME
  -ca_audit_signing_cert___subject_name CN=CA
  Audit,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
  http://WEDGEOFLI.ME -ca_sign_cert_subject_name CN=Certificate
  Authority,O=WEDGEOFLI.ME http://WEDGEOFLI.ME
  http://WEDGEOFLI.ME -external false -clone
  
  false' returned non-zero exit status 255
  Unexpected error - see ipaserver-install.log for details:
  Configuration of CA failed
  [root@fs1 ~]#
  
  The logfile revealed the following stack trace:
  
  ##__###
  Attempting to connect to: fs1.wedgeofli.me:9445
  http://fs1.wedgeofli.me:9445
  http://fs1.wedgeofli.me:9445
  
  Exception in LoginPanel(): java.lang.NullPointerException
  ERROR: ConfigureCA: LoginPanel() failure
  ERROR: unable to create CA
  
  ##__##__###
  
  2012-10-17T16:24:53Z DEBUG stderr=Exception: Unable to Send
  Request:java.net http://java.net.__ConnectException:
  Connection refused
  java.net.ConnectException: Connection refused
  at java.net.PlainSocketImpl.__socketConnect(Native Method)
  at
  java.net
  http://java.net.__AbstractPlainSocketImpl.__doConnect(__AbstractPlainSocketImpl.java:__339)
  at
  java.net
  http://java.net.__AbstractPlainSocketImpl.__connectToAddress(__AbstractPlainSocketImpl.java:__200)
  at
  java.net
  http://java.net.__AbstractPlainSocketImpl.__connect(__AbstractPlainSocketImpl.java:__182)
  at
  java.net.SocksSocketImpl.__connect(SocksSocketImpl.java:__391)
  at java.net.Socket.connect(__Socket.java:579)
  at java.net.Socket.connect(__Socket.java:528)
  at java.net.Socket.init(Socket.__java:425)
  at java.net.Socket.init(Socket.__java:241)
  at HTTPClient.sslConnect(__HTTPClient.java:326)
  at ConfigureCA.LoginPanel(__ConfigureCA.java:244)
  at ConfigureCA.__ConfigureCAInstance(__ConfigureCA.java:1157)
  at ConfigureCA.main(ConfigureCA.__java:1672)
  java.lang.NullPointerException
  at ConfigureCA.LoginPanel(__ConfigureCA.java:245)
  at ConfigureCA.__ConfigureCAInstance(__ConfigureCA.java:1157)
  at ConfigureCA.main(ConfigureCA.__java:1672)
  
  Now I seem to be stuck. I tried uninstalling the
  freeipa-server package
  with # yum remove freeipa-server and then reinstalled it the
  same way,
  but