Hi, On Wed, Jan 8, 2025 at 2:47 PM Nacho Marti via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
> I need to make pki-tomcatd to start: pki-tomcatd Service: STOPPED > > I have checked the logs and it says: > > [10/Dec/2024:11:51:53 UTC] [8] [3] In Ldap (bound) connection pool to host > test.test.private port 888, Cannot connect to LDAP server. Error: > netscape.ldap.LDAPException: Unable to create socket: > java.net.ConnectException: Connection refused (Connection refused) (-1) > > the thing is that test.test.private is the actual LDAP and the ldap > service is running. Am I missing something? I really need to make this > service up & running > > Thanks in advance. > > #### Actual behavior > Directory Service: RUNNING > krb5kdc Service: RUNNING > kadmin Service: RUNNING > named Service: RUNNING > httpd Service: RUNNING > ipa-custodia Service: RUNNING > ntpd Service: RUNNING > pki-tomcatd Service: STOPPED > smb Service: RUNNING > winbind Service: RUNNING > ipa-otpd Service: RUNNING > ipa-dnskeysyncd Service: RUNNING > > #### Expected behavior > Directory Service: RUNNING > krb5kdc Service: RUNNING > kadmin Service: RUNNING > named Service: RUNNING > httpd Service: RUNNING > ipa-custodia Service: RUNNING > ntpd Service: RUNNING > pki-tomcatd Service: RUNNING > smb Service: RUNNING > winbind Service: RUNNING > ipa-otpd Service: RUNNING > ipa-dnskeysyncd Service: RUNNING > > #### Version/Release/Distribution > ipa-server-4.6.5-11.el7.centos.x86_64 > ipa-client-4.6.5-11.el7.centos.x86_64 > 389-ds-base-1.3.9.1-10.el7.x86_64 > pki-ca-10.5.16-3.el7.noarch > krb5-server-1.15.1-37.el7_7.2.x86_64 > PKI failing to start may have various root causes, can you provide the logs from /var/log/pki/pki-tomcat/ca/debug ? You can note the date, run ipactl restart and give the logs starting from that date. It's not always the first error that is the most relevant. Note that your version is quite outdated (ipa 4.6.5-11 was shipped in RHEL 7.7 and the more recent version would be 4.6.8-5 on RHEL 7.9, also available in the archived versions for CentOS 7.9 at https://vault.centos.org/7.9.2009/os/x86_64/Packages/). The most common reason is expired certificates (that you can see with getcert list, by checking the expired date). HTH, flo > -- > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
