Den fre 22 jan. 2021 kl 09:54 skrev John Obaterspok <john.obaters...@gmail.com>:
>
> Hi,
>
> I'm stuck since about a week when I updated to latest ipa-server. It
> seems to be the same problem as Ian had ("FreeIPA centos8 update
> Failed to authenticate to CA REST API"). He seem to resolve this using
> a replicate which I dont have.
>
[... snip ...]> [Migrating certificate profiles to LDAP] > IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run > command ipa-server-upgrade manually. > Unexpected error - see /var/log/ipaupgrade.log for details: > RemoteRetrieveError: Failed to authenticate to CA REST API > ... > ... > CA subsystem unavailable. Check CA debug > log.\n\tcom.netscape.cms.tomcat.ProxyRealm.validateRealm(ProxyRealm.java:81)\n\tcom.netscape.cms.tomcat.ProxyRealm.findSecurityConstraints(ProxyRealm.java:149)\n\torg.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:530)\... Strange enough, it's working just fine now after the server was restarted after dnf-automatic update and scheduled reboot. Only thing I did prior to this was to replace old ipa server name from sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg + /etc/pki/pki-tomcat/ca/CS.cfg The old server name was when I did a fedora xx to centos 8 migration using replica. I believe I followed the https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/migrate-7-to-8_migrating guide -- john _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
