Is there a reason the ipactl status command shows pki stopped even though the systemctl shows it as running? Here is the example output:
[root@id-management-1 log]# systemctl status pki-tomcatd@pki-tomcat ● pki-tomcatd@pki-tomcat.service - PKI Tomcat Server pki-tomcat Loaded: loaded (/lib/systemd/system/pki-tomcatd@.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2016-10-01 00:07:50 EDT; 33min ago Process: 22425 ExecStop=/usr/libexec/tomcat/server stop (code=exited, status=0/SUCCESS) Process: 22469 ExecStartPre=/usr/bin/pkidaemon start %i (code=exited, status=0/SUCCESS) Main PID: 22582 (java) CGroup: /system.slice/system-pki\x2dtomcatd.slice/pki-tomcatd@pki-tomcat.service └─22582 /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -DRESTEASY_LIB=/usr/share/java/resteasy-base -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.j... Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: Oct 01, 2016 12:07:54 AM org.apache.catalina.startup.HostConfig deployDescriptor Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: INFO: Deployment of configuration descriptor /etc/pki/pki-tomcat/Catalina/localhost/pki#js.xml has finished in 993 ms Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: Oct 01, 2016 12:07:54 AM org.apache.coyote.AbstractProtocol start Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: INFO: Starting ProtocolHandler ["http-bio-8080"] Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: Oct 01, 2016 12:07:54 AM org.apache.coyote.AbstractProtocol start Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: INFO: Starting ProtocolHandler ["http-bio-8443"] Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: Oct 01, 2016 12:07:54 AM org.apache.coyote.AbstractProtocol start Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: INFO: Starting ProtocolHandler ["ajp-bio-127.0.0.1-8009"] Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: Oct 01, 2016 12:07:54 AM org.apache.catalina.startup.Catalina start Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: INFO: Server startup in 3313 ms [root@id-management-1 log]# ipactl status Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING named Service: RUNNING ipa_memcached Service: RUNNING httpd Service: RUNNING pki-tomcatd Service: STOPPED smb Service: RUNNING winbind Service: RUNNING ipa-otpd Service: RUNNING ipa-dnskeysyncd Service: RUNNING ipa: INFO: The ipactl command was successful [root@id-management-1 log]# The system clock has been set to the past in an attempt to renew expired certificates. I keep getting CA_UNREACHABLE status messages when trying to renew the certs and I don't know if this is related or not. Thanks, Jeff
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project