Re: [Freeipa-users] Failed to start Identity, Policy, Audit
Are you checked the DNS or /etc/hosts file? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Failed to start Identity, Policy, Audit
Umarzuki Mochlis wrote: > After rebooting freeipa server, I cannot log in to its web interface > and when I try to start it, it failed > > More info: > > [root@ipa ~]# systemctl start ipa.service > Job for ipa.service failed. See 'systemctl status ipa.service' and > 'journalctl -n' for details. > > [root@ipa ~]# systemctl status ipa.service > ipa.service - Identity, Policy, Audit > Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled) > Active: failed (Result: exit-code) since Sun, 2015-03-01 > 21:36:49 MYT; 15s ago > Process: 1918 ExecStart=/usr/sbin/ipactl start (code=exited, > status=1/FAILURE) > CGroup: name=systemd:/system/ipa.service > > Mar 01 21:36:49 ipa.domain.com ipactl[1918]: Aborting ipactl > Mar 01 21:36:49 ipa.domain.com ipactl[1918]: Starting Directory Service > Mar 01 21:36:49 ipa.domain.com ipactl[1918]: Starting krb5kdc Service > Mar 01 21:36:49 ipa.domain.com ipactl[1918]: Starting kadmin Service > Mar 01 21:36:49 ipa.domain.com ipactl[1918]: Starting ipa_memcached Service > Mar 01 21:36:49 ipa.domain.com ipactl[1918]: Starting httpd Service > Mar 01 21:36:49 ipa.domain.com ipactl[1918]: Starting pki-tomcatd Service > Mar 01 21:36:49 ipa.domain.com systemd[1]: ipa.service: main process > exited, code=exited, status=1/FAILURE > Mar 01 21:36:49 ipa.domain.com systemd[1]: Failed to start Identity, > Policy, Audit. > Mar 01 21:36:49 ipa.domain.com systemd[1]: Unit ipa.service entered failed > state > > [root@ipa ~]# KRB5_TRACE=/dev/stdout kinit admin > [2324] 1425217336.627346: Getting initial credentials for ad...@domain.com > [2324] 1425217336.630877: Sending request (155 bytes) to domain.com > [2324] 1425217336.631163: Sending initial UDP request to dgram > 192.168.1.100:88 > [2324] 1425217336.631265: UDP error receiving from dgram > 192.168.1.100:88: 111/Connection refused > [2324] 1425217336.631301: Initiating TCP connection to stream 192.168.1.100:88 > [2324] 1425217336.631351: Terminating TCP connection to stream > 192.168.1.100:88 > kinit: Cannot contact any KDC for realm 'domain.com' while getting > initial credentials > > [root@ipa ~]# rpm -qa | grep ipa > freeipa-admintools-3.1.0-2.fc18.x86_64 > freeipa-server-3.1.0-2.fc18.x86_64 > libipa_hbac-python-1.9.3-1.fc18.x86_64 > python-iniparse-0.4-6.fc18.noarch > freeipa-client-3.1.0-2.fc18.x86_64 > freeipa-server-selinux-3.1.0-2.fc18.x86_64 > freeipa-python-3.1.0-2.fc18.x86_64 > libipa_hbac-1.9.3-1.fc18.x86_64 > > What is my next course of action to solve this? > Two suggestions: # getcert list See if you have a bunch of expired certificates. I'm thinking probably not the problem since Apache appears to have started. It is failing with the CA so I'd look in those logs, /var/log/pki-ca IIRC with 3.1 (or /var/log/pki-something, should be obvious. You may also want to look for SELinux errors: # ausearch -m AVC -ts recent Assuming expired certificates aren't the problem you can manually start the other services to get your infrastructure back up while you investigate the CA startup failure. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Failed to start Identity, Policy, Audit
When I checked at /var/log/dirsrv/slapd-DOMAIN-COM/errors [root@ipa ~]# tail -20 /var/log/dirsrv/slapd-DOMAIN-COM/errors [01/Mar/2015:21:36:00 +0800] NSMMReplicationPlugin - CleanAllRUV Task: Not all replicas online, retrying in 20 seconds... [01/Mar/2015:21:36:00 +0800] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [01/Mar/2015:21:36:00 +0800] NSMMReplicationPlugin - agmt="cn=meToiparepl.domain.com" (ipakl:389): Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP server) ((null)) [01/Mar/2015:21:36:00 +0800] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [01/Mar/2015:21:36:00 +0800] NSMMReplicationPlugin - agmt="cn=meToiparepl.domain.com" (ipakl:389): Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP server) ((null)) [01/Mar/2015:21:36:00 +0800] NSMMReplicationPlugin - CleanAllRUV Task: Replica not online (agmt="cn=meToiparepl.domain.com" (ipakl:389)) [01/Mar/2015:21:36:00 +0800] NSMMReplicationPlugin - CleanAllRUV Task: Not all replicas online, retrying in 20 seconds... [01/Mar/2015:21:36:00 +0800] NSMMReplicationPlugin - CleanAllRUV Task: Replica not online (agmt="cn=meToiparepl.domain.com" (ipakl:389)) [01/Mar/2015:21:36:00 +0800] NSMMReplicationPlugin - CleanAllRUV Task: Not all replicas online, retrying in 20 seconds... [01/Mar/2015:21:36:14 +0800] - slapd shutting down - signaling operation threads [01/Mar/2015:21:36:14 +0800] - slapd shutting down - waiting for 29 threads to terminate [01/Mar/2015:21:36:14 +0800] - slapd shutting down - closing down internal subsystems and plugins [01/Mar/2015:21:36:20 +0800] NSMMReplicationPlugin - CleanAllRUV Task: Server shutting down. Process will resume at server startup [01/Mar/2015:21:36:20 +0800] NSMMReplicationPlugin - CleanAllRUV Task: Server shutting down. Process will resume at server startup [01/Mar/2015:21:36:20 +0800] NSMMReplicationPlugin - CleanAllRUV Task: Server shutting down. Process will resume at server startup [01/Mar/2015:21:36:20 +0800] NSMMReplicationPlugin - CleanAllRUV Task: Server shutting down. Process will resume at server startup [01/Mar/2015:21:36:47 +0800] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [01/Mar/2015:21:36:47 +0800] - Waiting for 4 database threads to stop [01/Mar/2015:21:36:48 +0800] - All database threads now stopped [01/Mar/2015:21:36:48 +0800] - slapd stopped. How do I suppose to bring up replica when master itself could not be started? 2015-03-01 21:56 GMT+08:00 Umarzuki Mochlis : > After rebooting freeipa server, I cannot log in to its web interface > and when I try to start it, it failed > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project