Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

On [Tue, 29.03.2016 20:53], Timothy Geier wrote: On Mar 29, 2016, at 2:00 AM, Thorsten Scherf wrote: On [Mon, 28.03.2016 18:18], Timothy Geier wrote: On Mar 28, 2016, at 12:53 PM, Thorsten Scherf wrote: On [Sat, 26.03.2016 03:26], Timothy Geier wrote: To follow up on this issue, we have

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

> On Mar 29, 2016, at 2:00 AM, Thorsten Scherf wrote: > > On [Mon, 28.03.2016 18:18], Timothy Geier wrote: >> >>> On Mar 28, 2016, at 12:53 PM, Thorsten Scherf wrote: >>> >>> On [Sat, 26.03.2016 03:26], Timothy Geier wrote: To follow up on this issue, we haven’t been able to get any furt

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

On [Mon, 28.03.2016 18:18], Timothy Geier wrote: On Mar 28, 2016, at 12:53 PM, Thorsten Scherf wrote: On [Sat, 26.03.2016 03:26], Timothy Geier wrote: To follow up on this issue, we haven’t been able to get any further since last month due to the missing caServerCert profile..the configura

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

On Mon, Mar 28, 2016 at 10:55:06AM -0500, Endi Sukma Dewata wrote: > On 3/28/2016 10:00 AM, Rob Crittenden wrote: > >Timothy Geier wrote: > >>>Thanks for the procedure..the good news is this worked quite > >>>well in making sure that 389 didn’t crash immediately after > >>>startup. The bad news is

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

> On Mar 28, 2016, at 12:53 PM, Thorsten Scherf wrote: > > On [Sat, 26.03.2016 03:26], Timothy Geier wrote: >> To follow up on this issue, we haven’t been able to get any further since >> last month due to the missing caServerCert profile..the configuration >> files /usr/share/pki/ca/profiles

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

On [Sat, 26.03.2016 03:26], Timothy Geier wrote: To follow up on this issue, we haven’t been able to get any further since last month due to the missing caServerCert profile..the configuration files /usr/share/pki/ca/profiles/ca/caServerCert.cfg and /var/lib/pki/pki-tomcat/ca/profiles/ca/

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

On 3/28/2016 10:00 AM, Rob Crittenden wrote: Timothy Geier wrote: Thanks for the procedure..the good news is this worked quite well in making sure that 389 didn’t crash immediately after startup. The bad news is that the certificates still didn’t renew due to Server at "http://master_server:80

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

Timothy Geier wrote: On Feb 28, 2016, at 2:15 AM, Timothy Geier mailto:tge...@accertify.com>> wrote: On Feb 23, 2016, at 4:22 AM, Ludwig Krispenz mailto:lkris...@redhat.com>> wrote: On 02/22/2016 11:51 PM, Timothy Geier wrote: What’s the established procedure to start a 389 instance with

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

On Feb 28, 2016, at 2:15 AM, Timothy Geier mailto:tge...@accertify.com>> wrote: On Feb 23, 2016, at 4:22 AM, Ludwig Krispenz mailto:lkris...@redhat.com>> wrote: On 02/22/2016 11:51 PM, Timothy Geier wrote: What’s the established procedure to start a 389 instance without any replication agr

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

On Feb 23, 2016, at 4:22 AM, Ludwig Krispenz mailto:lkris...@redhat.com>> wrote: On 02/22/2016 11:51 PM, Timothy Geier wrote: What’s the established procedure to start a 389 instance without any replication agreements enabled? The only thing that seemed close on google (http://directory.fed

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

Ludwig Krispenz wrote: > The crash is an abort because of a failed assertion in the kerberos code > > Thread 1 (Thread 0x7fa7d4c88700 (LWP 3125)): > #0 0x7fa7e6ace5f7 in raise () from /lib64/libc.so.6 > No symbol table info available. > #1 0x7fa7e6acfce8 in abort () from /lib64/libc.so.

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

On 02/22/2016 11:51 PM, Timothy Geier wrote: What’s the established procedure to start a 389 instance without any replication agreements enabled? The only thing that seemed close on google (http://directory.fedoraproject.org/docs/389ds/howto/howto-fix-and-reset-time-skew.html) seems risky

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

On Feb 22, 2016, at 9:21 AM, Ludwig Krispenz mailto:lkris...@redhat.com>> wrote: The crash is an abort because of a failed assertion in the kerberos code Thread 1 (Thread 0x7fa7d4c88700 (LWP 3125)): #0 0x7fa7e6ace5f7 in raise () from /lib64/libc.so.6 No symbol table info available. #1 0x

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

The crash is an abort because of a failed assertion in the kerberos code Thread 1 (Thread 0x7fa7d4c88700 (LWP 3125)): #0 0x7fa7e6ace5f7 in raise () from /lib64/libc.so.6 No symbol table info available. #1 0x7fa7e6acfce8 in abort () from /lib64/libc.so.6 No symbol table info available.

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

Timothy Geier wrote: > >> On Feb 10, 2016, at 3:01 AM, Rob Crittenden > > wrote: >>> >>> [09/Feb/2016:12:55:41 -0600] conn=109598 fd=287 slot=287 SSL >>> connection from master_ip to master_ip >>> [09/Feb/2016:12:55:41 -0600] conn=109597 op=0 EXT >>> oid="1.3.6.1.4.1.14

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

On Feb 10, 2016, at 3:01 AM, Rob Crittenden mailto:rcrit...@redhat.com>> wrote: [09/Feb/2016:12:55:41 -0600] conn=109598 fd=287 slot=287 SSL connection from master_ip to master_ip [09/Feb/2016:12:55:41 -0600] conn=109597 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [09/Feb/2016:12:55:

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

Timothy Geier wrote: On Feb 9, 2016, at 2:58 AM, Rob Crittenden wrote: Timothy Geier wrote: The debug log has a lot of instances of: Could not connect to LDAP server host xxx. port 636 Error netscape.ldap.LDAPException: IO Error creating JSS SSL Socket (-1) Internal Database Error enc

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

> On Feb 9, 2016, at 2:58 AM, Rob Crittenden wrote: > > Timothy Geier wrote: >> >> >> The debug log has a lot of instances of: >> >> Could not connect to LDAP server host xxx. port 636 Error >> netscape.ldap.LDAPException: IO Error creating JSS SSL Socket (-1) >> Internal Database Error e

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

Timothy Geier wrote: The debug log has a lot of instances of: Could not connect to LDAP server host xxx. port 636 Error netscape.ldap.LDAPException: IO Error creating JSS SSL Socket (-1) Internal Database Error encountered: Could not connect to LDAP server host xxx. port 636 Error nets

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

On Feb 8, 2016, at 4:28 AM, Rob Crittenden mailto:rcrit...@redhat.com>> wrote: Timothy Geier wrote: Greetings all, For the record,this is a CentOS 7.2 box with all current patches. (ipa-server-4.2.0-15.el7.centos.3.x86_64, etc.) The situation is that pki-tomcatd on the lone CA server in our I

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

Timothy Geier wrote: Greetings all, For the record,this is a CentOS 7.2 box with all current patches. (ipa-server-4.2.0-15.el7.centos.3.x86_64, etc.) The situation is that pki-tomcatd on the lone CA server in our IPA cluster refuses to start cleanly. The issues started earlier this week afte

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

Timothy Geier wrote: Greetings all, For the record,this is a CentOS 7.2 box with all current patches. (ipa-server-4.2.0-15.el7.centos.3.x86_64, etc.) The situation is that pki-tomcatd on the lone CA server in our IPA cluster refuses to start cleanly. The issues started earlier this week afte