#2557 CA Cloning: Failed to update number range in few cases
Closed: fixed 6 years ago Opened 7 years ago by gkapoor.

I am still seeing this issue.I have shared my master's CS.cfg (attached in associated bug).

This is fixed as part of PKI TRAC Ticket #1544 - CA cloning when serial number range is less than serialCloneTransferNumber throws an exception, but i could still see some failures and if we try to access URL
https://pki1.example.com:20443/ca/admin/ca/updateNumberRange, it always shows a NPE.

 The Certificate System has encountered an unrecoverable error.

Error Message:

Please contact your local administrator for assistance.

Steps to Reproduce:

Use the CS.cfg file of master and try to install clone.

Actual results:

Clone install fails

Expected results:

clone installation should pass

Additional info:

[07/Dec/2016:02:31:40][http-bio-31443-exec-3]: updateNumberRange start
host=pki1.example.com adminPort=20443 eePort=20443
[07/Dec/2016:02:31:40][http-bio-31443-exec-3]: ConfigurationUtils: POST
[07/Dec/2016:02:31:41][http-bio-31443-exec-3]: content from admin interface
=<?xml version="1.0" encoding="UTF-8"
standalone="no"?><XMLResponse><Status>1</Status><Error>Error: Failed to update
number range.</Error></XMLResponse>
[07/Dec/2016:02:31:41][http-bio-31443-exec-3]: updateNumberRange(): status=1
java.io.IOException: Error: Failed to update number range.
        at com.netscape.cms.servlet.csadmin.ConfigurationUtils.updateNumberRang
        at com.netscape.cms.servlet.csadmin.ConfigurationUtils.getConfigEntries
        at org.dogtagpki.server.rest.SystemConfigService.configureClone(SystemC

I am slightly confused by this bug/ticket, as the referenced bug/ticket, PKI TRAC Ticket #1544 - CA cloning when serial number range is less than serialCloneTransferNumber throws an exception, is not closed.

In fact, during triage, that ticket was deemed a corner case and was given a Milestone of Future and a priority of minor.

Consequently, I have proposed a Milestone of Future and priority of minor for this ticket as well.

Per PKI Bug Council of 12/08/2016: FUTURE - minor

Hello, I was able to reproduce the same issue with one more config setup where in i have below parameters set.This is how it can be reproduced.

  1. Install Master CA.
  2. Stop master CA instance.Change below parameters in CS.cfg of master.


  1. Restart the master CA.
  2. Now try to setup clone .I always encounter this "Failed to update number range"

Later, i have tried with the config attached with the BZ.So i think this needs to be investigated.I think this could happen in many cases.


If we setup master and clone ( with default config) and after that we do changes in CS.cfg of both master and clone based on our requirement than we skip this issue.

Metadata Update from @gkapoor:
- Issue set to the milestone: FUTURE

7 years ago

Metadata Update from @mharmsen:
- Custom field feature adjusted to ''
- Custom field proposedmilestone adjusted to ''
- Custom field reviewer adjusted to ''
- Custom field version adjusted to ''
- Issue close_status updated to: None
- Issue priority set to: critical (was: minor)
- Issue set to the milestone: 10.4 (was: FUTURE)

7 years ago

Moved back to 10.4 - critical as it may block "https://pagure.io/dogtagpki/issue/1549 - Enabling random serial number management does not enable the same in clone"

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.5 (was: 10.4)

6 years ago

Metadata Update from @mharmsen:
- Issue priority set to: major (was: critical)
- Issue set to the milestone: FUTURE (was: 10.5)

6 years ago

Fix was merged to master some time ago:

  • 8c0a7eee3bbfe01b2d965dbe09e95221c5031c8b pkispawn: make security domain login sleep duration configurable
  • fa2d731b6ce51c5db9fb0b004d586b8f3e1decd3 Sleep after security domain login during configuration
  • 9eb354883c9d965bb271223bf870839bb756db26 TokenAuthentication: log error message on error
  • bc329a0162ae9af382c81e75742b282ea8c5df0d TokenAuthenticate: avoid NPE on null session table

Metadata Update from @ftweedal:
- Issue assigned to ftweedal

6 years ago

Metadata Update from @ftweedal:
- Issue close_status updated to: fixed

6 years ago

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.5.4 (was: FUTURE)

6 years ago

Metadata Update from @mharmsen:
- Custom field fixedinversion adjusted to pki-core-10.5.4-1.fc27

6 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Log in to comment on this ticket.