#6789 [copr] ipa server install failing with ERROR Command '/bin/systemctl restart gssproxy.service' returned non-zero exit status 1
Closed: fixed 5 years ago by rcritten. Opened 7 years ago by mvarun.

1: snip from console output

Done configuring ipa-otpd.
Configuring ipa-custodia
[1/5]: Generating ipa-custodia config file
[2/5]: Making sure custodia container exists
[3/5]: Generating ipa-custodia keys
[4/5]: starting ipa-custodia
[5/5]: configuring ipa-custodia to start on boot
Done configuring ipa-custodia.
Configuring the web interface (httpd)
[1/22]: setting mod_nss port to 443
[2/22]: setting mod_nss cipher suite
[3/22]: setting mod_nss protocol list to TLSv1.0 - TLSv1.2
[4/22]: setting mod_nss password file
[5/22]: enabling mod_nss renegotiate
[6/22]: adding URL rewriting rules
[7/22]: configuring httpd
[8/22]: setting up httpd keytab
[9/22]: retrieving anonymous keytab
[10/22]: configuring Gssproxy
[error] CalledProcessError: Command '/bin/systemctl restart gssproxy.service' returned non-zero exit status 1
ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR    Command '/bin/systemctl restart gssproxy.service' returned non-zero exit status 1
ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR    The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

2: Versions

ipa-client-common-4.5.90-201703162305.el7.noarch
ipa-server-4.5.90-201703162305.el7.x86_64
ipa-server-common-4.5.90-201703162305.el7.noarch
ipa-server-dns-4.5.90-201703162305.el7.noarch
ipa-common-4.5.90-201703162305.el7.noarch
ipa-client-4.5.90-201703162305.el7.x86_64

3: Additional info:
After removed the nfs config snippet in /etc/gssproxy (Simo's suggestion)

[root@dhcp35-202 ~]# ls /etc/gssproxy/
10-ipa.conf  gssproxy.conf

[root@dhcp35-202 ~]# ipa-server-install --uninstall

This is a NON REVERSIBLE operation and will delete all data and configuration!
It is highly recommended to take a backup of existing data and configuration using ipa-backup utility before proceeding.

Are you sure you want to continue with the uninstall procedure? [no]: yes
---------------------------------------------
Deleted IPA server "dhcp35-202.testrelm.test"
---------------------------------------------
Shutting down all IPA services
Unconfiguring ntpd
Configuring certmonger to stop tracking system certificates for KRA
Configuring certmonger to stop tracking system certificates for CA
Unconfiguring CA
Unconfiguring krb5kdc
Unconfiguring kadmin
Unconfiguring directory server
Unconfiguring ipa-custodia
Unconfiguring ipa-otpd
Removing IPA client configuration
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Client uninstall complete.
The ipa-client-install command was successful



[root@dhcp35-202 ~]# ipa-server-install --setup-dns --forwarder=10.16.36.29 --reverse-zone=35.70.10.in-addr.arpa. --allow-zone-overlap --hostname=dhcp35-202.testrelm.test -r TESTRELM.TEST -n testrelm.test -p Secret123 -a Secret123 --ip-address=10.70.35.202

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the IPA Server.

This includes:
  * Configure a stand-alone CA (dogtag) for certificate management
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)
  * Configure DNS (bind)
  * Configure the KDC to enable PKINIT

To accept the default shown in brackets, press the Enter key.

WARNING: conflicting time&date synchronization service 'chronyd' will be disabled
in favor of ntpd

Warning: skipping DNS resolution of host dhcp35-202.testrelm.test
Checking DNS domain testrelm.test., please wait ...
Checking DNS forwarders, please wait ...
Using reverse zone(s) 35.70.10.in-addr.arpa.

The IPA Master Server will be configured with:
Hostname:       dhcp35-202.testrelm.test
IP address(es): 10.70.35.202
Domain name:    testrelm.test
Realm name:     TESTRELM.TEST

BIND DNS server will be configured to serve IPA domain with:
Forwarders:       10.16.36.29
Forward policy:   only
Reverse zone(s):  35.70.10.in-addr.arpa.

Continue to configure the system with these values? [no]: yes

The following operations may take some minutes to complete.
Please wait until the prompt is returned.

Adding [10.70.35.202 dhcp35-202.testrelm.test] to your /etc/hosts file
Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv). Estimated time: 30 seconds
  [1/47]: creating directory server user
  [2/47]: creating directory server instance
  [3/47]: enabling ldapi
  [4/47]: configure autobind for root
  [5/47]: stopping directory server
  [6/47]: updating configuration in dse.ldif
  [7/47]: starting directory server
  [8/47]: adding default schema
  [9/47]: enabling memberof plugin
  [10/47]: enabling winsync plugin
  [11/47]: configuring replication version plugin
  [12/47]: enabling IPA enrollment plugin
  [13/47]: configuring uniqueness plugin
  [14/47]: configuring uuid plugin
  [15/47]: configuring modrdn plugin
  [16/47]: configuring DNS plugin
  [17/47]: enabling entryUSN plugin
  [18/47]: configuring lockout plugin
  [19/47]: configuring topology plugin
  [20/47]: creating indices
  [21/47]: enabling referential integrity plugin
  [22/47]: configuring certmap.conf
  [23/47]: configure new location for managed entries
  [24/47]: configure dirsrv ccache
  [25/47]: enabling SASL mapping fallback
  [26/47]: restarting directory server
  [27/47]: adding sasl mappings to the directory
  [28/47]: adding default layout
  [29/47]: adding delegation layout
  [30/47]: creating container for managed entries
  [31/47]: configuring user private groups
  [32/47]: configuring netgroups from hostgroups
  [33/47]: creating default Sudo bind user
  [34/47]: creating default Auto Member layout
  [35/47]: adding range check plugin
  [36/47]: creating default HBAC rule allow_all
  [37/47]: adding entries for topology management
  [38/47]: initializing group membership
  [39/47]: adding master entry
  [40/47]: initializing domain level
  [41/47]: configuring Posix uid/gid generation
  [42/47]: adding replication acis
  [43/47]: enabling compatibility plugin
  [44/47]: activating sidgen plugin
  [45/47]: activating extdom plugin
  [46/47]: tuning directory server
  [47/47]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
  [1/30]: creating certificate server user
  [2/30]: configuring certificate server instance
  [3/30]: exporting Dogtag certificate store pin
  [4/30]: stopping certificate server instance to update CS.cfg
  [5/30]: backing up CS.cfg
  [6/30]: disabling nonces
  [7/30]: set up CRL publishing
  [8/30]: enable PKIX certificate path discovery and validation
  [9/30]: starting certificate server instance
  [10/30]: configure certmonger for renewals
  [11/30]: requesting RA certificate from CA
  [12/30]: setting up signing cert profile
  [13/30]: setting audit signing renewal to 2 years
  [14/30]: restarting certificate server
  [15/30]: publishing the CA certificate
  [16/30]: adding RA agent as a trusted user
  [17/30]: authorizing RA to modify profiles
  [18/30]: authorizing RA to manage lightweight CAs
  [19/30]: Ensure lightweight CAs container exists
  [20/30]: configure certificate renewals
  [21/30]: configure Server-Cert certificate renewal
  [22/30]: Configure HTTP to proxy connections
  [23/30]: restarting certificate server
  [24/30]: migrating certificate profiles to LDAP
  [25/30]: importing IPA certificate profiles
  [26/30]: adding default CA ACL
  [27/30]: adding 'ipa' CA entry
  [28/30]: updating IPA configuration
  [29/30]: enabling CA instance
  [30/30]: configuring certmonger renewal for lightweight CAs
Done configuring certificate server (pki-tomcatd).
Configuring directory server (dirsrv)
  [1/3]: configuring TLS for DS instance
  [2/3]: restarting directory server
  [3/3]: adding CA certificate entry
Done configuring directory server (dirsrv).
Configuring Kerberos KDC (krb5kdc)
  [1/10]: adding kerberos container to the directory
  [2/10]: configuring KDC
  [3/10]: initialize kerberos container
WARNING: Your system is running out of entropy, you may experience long delays
  [4/10]: adding default ACIs
  [5/10]: creating a keytab for the directory
  [6/10]: creating a keytab for the machine
  [7/10]: adding the password extension to the directory
  [8/10]: creating anonymous principal
  [9/10]: starting the KDC
  [10/10]: configuring KDC to start on boot
Done configuring Kerberos KDC (krb5kdc).
Configuring kadmin
  [1/2]: starting kadmin 
  [2/2]: configuring kadmin to start on boot
Done configuring kadmin.
Restarting directory server to enable password extension plugin
Configuring ipa-otpd
  [1/2]: starting ipa-otpd 
  [2/2]: configuring ipa-otpd to start on boot
Done configuring ipa-otpd.
Configuring ipa-custodia
  [1/5]: Generating ipa-custodia config file
  [2/5]: Making sure custodia container exists
  [3/5]: Generating ipa-custodia keys
  [4/5]: starting ipa-custodia 
  [5/5]: configuring ipa-custodia to start on boot
Done configuring ipa-custodia.
Configuring the web interface (httpd)
  [1/22]: setting mod_nss port to 443
  [2/22]: setting mod_nss cipher suite
  [3/22]: setting mod_nss protocol list to TLSv1.0 - TLSv1.2
  [4/22]: setting mod_nss password file
  [5/22]: enabling mod_nss renegotiate
  [6/22]: adding URL rewriting rules
  [7/22]: configuring httpd
  [8/22]: setting up httpd keytab
  [9/22]: retrieving anonymous keytab
  [10/22]: configuring Gssproxy
  [11/22]: setting up ssl
  [12/22]: configure certmonger for renewals
  [13/22]: importing CA certificates from LDAP
  [14/22]: publish CA cert
  [15/22]: clean up any existing httpd ccaches
  [16/22]: configuring SELinux for httpd
  [17/22]: create KDC proxy user
  [18/22]: create KDC proxy config
  [19/22]: enable KDC proxy
  [20/22]: restarting httpd
  [21/22]: configuring httpd to start on boot
  [22/22]: enabling oddjobd
Done configuring the web interface (httpd).
Configuring Kerberos KDC (krb5kdc)
  [1/1]: installing X509 Certificate for PKINIT
Done configuring Kerberos KDC (krb5kdc).
Applying LDAP updates
Upgrading IPA:. Estimated time: 1 minute 30 seconds
  [1/9]: stopping directory server
  [2/9]: saving configuration
  [3/9]: disabling listeners
  [4/9]: enabling DS global lock
  [5/9]: starting directory server
  [6/9]: upgrading server
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=anonymous-limits,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Add failure Operations error: 
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=usermap,cn=selinux,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Managed Entries,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Templates,cn=Managed Entries,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Definitions,cn=Managed Entries,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ng,cn=alt,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Add failure missing required attribute "objectclass"
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=computers,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=computers,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=masters,cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=masters,cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=sysaccounts,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=kerberos,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=services,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ranges,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=sysaccounts,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Default Host Password Policy,cn=computers,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Default Service Password Policy,cn=services,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Kerberos Service Password Policy,cn=TESTRELM.TEST,cn=kerberos,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Default Kerberos Service Password Policy,cn=Kerberos Service Password Policy,cn=TESTRELM.TEST,cn=kerberos,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=cosTemplates,cn=computers,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Default Password Policy,cn=cosTemplates,cn=computers,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Default Password Policy,cn=computers,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=cosTemplates,cn=services,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Default Password Policy,cn=cosTemplates,cn=services,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Default Password Policy,cn=services,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=cosTemplates,cn=TESTRELM.TEST,cn=kerberos,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Default Password Policy,cn=cosTemplates,cn=TESTRELM.TEST,cn=kerberos,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Default Password Policy,cn=TESTRELM.TEST,cn=kerberos,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ipaservers,cn=hostgroups,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ipaservers,cn=hostgroups,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of ou=profile,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=default,ou=profile,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=replication,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=replication managers,cn=sysaccounts,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=topology,cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=domain,cn=topology,cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=dhcp35-202.testrelm.test,cn=masters,cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ca_renewal,cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=certificates,cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=replicas,cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=provisioning,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=accounts,cn=provisioning,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=staged users,cn=accounts,cn=provisioning,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=deleted users,cn=accounts,cn=provisioning,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=staged users,cn=accounts,cn=provisioning,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=deleted users,cn=accounts,cn=provisioning,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=provisioning accounts lock,cn=accounts,cn=provisioning,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Inactivation cos template,cn=accounts,cn=provisioning,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=s4u2proxy,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=locations,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=automember,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Hostgroup,cn=automember,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Group,cn=automember,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ca,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=certprofiles,cn=ca,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=HBAC Administrator,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Sudo Administrator,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Host Enrollment,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=SELinux User Map Administrators,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Revoke Certificate,cn=permissions,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=certificates,cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Automember Task Administrator,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=retrieve certificate,cn=virtual operations,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=request certificate,cn=virtual operations,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=request certificate different host,cn=virtual operations,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=certificate status,cn=virtual operations,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=revoke certificate,cn=virtual operations,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=certificate remove hold,cn=virtual operations,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=RBAC Readers,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Password Policy Readers,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Kerberos Ticket Policy Readers,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Automember Readers,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=IPA Masters Readers,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=masters,cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=PassSync Service,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=CA Administrator,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Vault Administrators,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=DNS Administrators,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=DNS Servers,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=otp,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=otp,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=radiusproxy,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Realm Domains,cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Modify DNA Range,cn=permissions,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Read DNA Range,cn=permissions,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=caacls,cn=ca,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=cas,cn=ca,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Modify Group membership,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=User Administrator,cn=roles,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=User Administrators,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Group Administrators,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Stage User Administrators,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=IT Specialist,cn=roles,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Host Administrators,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Host Group Administrators,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Service Administrators,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Automount Administrators,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=IT Security Specialist,cn=roles,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=HBAC Administrator,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Sudo administrator,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Security Architect,cn=roles,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Delegation Administrator,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Replication Administrators,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=admins,cn=groups,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ipausers,cn=groups,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=editors,cn=groups,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=crond,cn=hbacservices,cn=hbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=vsftpd,cn=hbacservices,cn=hbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=proftpd,cn=hbacservices,cn=hbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=gssftp,cn=hbacservices,cn=hbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ftp,cn=hbacservicegroups,cn=hbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ipaConfig,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=TESTRELM.TEST,cn=kerberos,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=adtrust agents,cn=sysaccounts,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=trust admins,cn=groups,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ADTrust Agents,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=trusts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=trusts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ranges,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=views,cn=accounts,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Domain Level,cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=dhcp35-202.testrelm.test,cn=masters,cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=certmap,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=certmaprules,cn=certmap,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=Certificate Identity Mapping Administrators,cn=privileges,cn=pbac,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=custodia,cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=dhcp35-202.testrelm.test,cn=masters,cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ca,cn=topology,cn=ipa,cn=etc,dc=testrelm,dc=test may not exist, cannot create the entry
ipa         : ERROR    default_range: No local ID range and no admins group found. Cannot create default ID range
ipa         : ERROR    Upgrade failed with no such entry
  [error] RuntimeError: no such entry
  [cleanup]: stopping directory server
  [cleanup]: restoring configuration
ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR    Update failed: no such entry
ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR    The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

[root@dhcp35-202 ~]# ls /etc/gssproxy/
10-ipa.conf  gssproxy.conf
[root@dhcp35-202 ~]#


[root@dhcp35-202 ~]# systemctl status gssproxy.service
● gssproxy.service - GSSAPI Proxy Daemon
Loaded: loaded (/usr/lib/systemd/system/gssproxy.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2017-03-20 19:03:48 IST; 1h 14min ago
Main PID: 4598 (gssproxy)
CGroup: /system.slice/gssproxy.service
        └─4598 /usr/sbin/gssproxy -D

Metadata Update from @pvoborni:
- Issue priority set to: 1
- Issue set to the milestone: FreeIPA 4.5.1
- Issue tagged with: regression, testblocker

7 years ago

Metadata Update from @pvoborni:
- Issue assigned to pvoborni

7 years ago

Metadata Update from @pvoborni:
- Issue assigned to tbordaz (was: pvoborni)

7 years ago

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1435122

7 years ago

This is not regression on FreeIPA part but rather a DS bug https://pagure.io/389-ds-base/issue/49204 which is manifested on machines with small memory. Increasing memery e.g. to 2.5GB fixes the issue.

Metadata Update from @pvoborni:
- Custom field external_tracker adjusted to https://pagure.io/389-ds-base/issue/49204
- Issue untagged with: regression, testblocker
- Issue priority set to: major (was: blocker)
- Issue tagged with: tracker

6 years ago

Metadata Update from @mbasti:
- Issue set to the milestone: FreeIPA 4.5.2 (was: FreeIPA 4.5.1)

6 years ago

FreeIPA 4.5.1 has been released, moving to FreeIPA 4.5.2 milestone

Encountered this error today running "dnf update free-ipaserver" from 4.4 to 4.5.1

Server is a replica with no CA installed running fedora 25 freeipa-server 4.4.
Master is a Centos 7.3 running ipa-server 4.4 with CA.
The exercise is to attempt to deploy a CA on 4.5.1 because other versions have been having the pki-tomcat problem when running ipa-ca-install, thus unable to deploy a backup CA since upgrading to 4.4.

After running the dnf update and then the suggested "ipa-server-upgrade", the 4.5.1 server fails to authenticate on the web interface.

Error line was:

warning: file /etc/gssproxy/24-nfs-server.conf: remove failed: No such file or directory
IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
Certificate issuance failed (CA_UNREACHABLE)
The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information

Attached are dnf command output, ipaupgrade.log tail and ipa-server-upgrade output.

ipa-server-upgrade.txt

Metadata Update from @tkrizek:
- Issue set to the milestone: FreeIPA 4.5.3 (was: FreeIPA 4.5.2)

6 years ago

Metadata Update from @tkrizek:
- Issue set to the milestone: FreeIPA 4.5.4 (was: FreeIPA 4.5.3)

6 years ago

Metadata Update from @tkrizek:
- Issue set to the milestone: FreeIPA 4.5.5 (was: FreeIPA 4.5.4)

6 years ago

I'm going to mark this as fixed by the DS change.

@blaisek I assume you have resolved your issue since so much time has passed. It was likely unrelated to this issue in any case.

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

5 years ago

Login to comment on this ticket.

Metadata
Attachments 1
Attached 6 years ago View Comment