Jochen Hein <[email protected]> writes: > 2016-11-27T21:07:26Z DEBUG The ipa-replica-install command failed, exception: > HTTPError: 406 Client Error: Failed to validate message: No recipient matched > the provided key["Failed: [ValueError('Multibackend cannot be initialized > with no backends. If you are seeing this error when trying to use > default_backend() please try uninstalling and reinstalling cryptography.',)]"] > 2016-11-27T21:07:26Z ERROR 406 Client Error: Failed to validate message: No > recipient matched the provided key["Failed: [ValueError('Multibackend cannot > be initialized with no backends. If you are seeing this error when trying to > use default_backend() please try uninstalling and reinstalling > cryptography.',)]"] > 2016-11-27T21:07:26Z ERROR The ipa-replica-install command failed. See > /var/log/ipareplica-install.log for more information > > Any idea what's wrong?
Around that time the pki on the old master has this: 0.Thread-17 - [27/Nov/2016:22:06:47 MEZ] [8] [3] Publishing: Could not publish certificate serial number 0x1a. Error Failed to publish using rule: No rules enabled Debug has: [27/Nov/2016:22:06:47][Thread-17]: RunListeners:: Queue: 1 noSingleRequest [27/Nov/2016:22:06:47][Thread-17]: getRequest mRequests=1 mSearchForRequests=false [27/Nov/2016:22:06:47][Thread-17]: getRequest getting request: 29 [27/Nov/2016:22:06:47][Thread-17]: In LdapBoundConnFactory::getConn() [27/Nov/2016:22:06:47][Thread-17]: masterConn is connected: true [27/Nov/2016:22:06:47][Thread-17]: getConn: conn is connected true [27/Nov/2016:22:06:47][Thread-17]: getConn: mNumConns now 4 [27/Nov/2016:22:06:47][Thread-17]: returnConn: mNumConns now 5 [27/Nov/2016:22:06:47][Thread-17]: getRequest request 29 found [27/Nov/2016:22:06:47][Thread-17]: getRequest mRequests=0 mSearchForRequests=false done [27/Nov/2016:22:06:47][Thread-17]: RunListeners: IRequestListener = com.netscape.cms.listeners.CertificateIssuedListener [27/Nov/2016:22:06:47][Thread-17]: CertificateIssuedListener: accept 29 [27/Nov/2016:22:06:47][Thread-17]: RunListeners: IRequestListener = com.netscape.ca.CRLIssuingPoint$RevocationRequestListener [27/Nov/2016:22:06:47][Thread-17]: RunListeners: IRequestListener = com.netscape.cmscore.ldap.LdapRequestListener [27/Nov/2016:22:06:47][Thread-17]: LdapRequestListener handling publishing for enrollment request id 29 [27/Nov/2016:22:06:47][Thread-17]: Checking publishing for request 29 [27/Nov/2016:22:06:47][Thread-17]: In PublisherProcessor::publishCert [27/Nov/2016:22:06:47][Thread-17]: Publishing: can't find publishing rule,exiting routine. [27/Nov/2016:22:06:47][Thread-17]: PublishProcessor::publishCert : Failed to publish using rule: No rules enabled [27/Nov/2016:22:06:47][Thread-17]: RunListeners: IRequestListener = com.netscape.cms.listeners.CertificateRevokedListener [27/Nov/2016:22:06:47][Thread-17]: RunListeners: mRequest = 29 [27/Nov/2016:22:06:47][Thread-17]: updatePublishingStatus mSavePublishingCounter: 3 mSavePublishingStatus: 200 [27/Nov/2016:22:06:47][Thread-17]: RunListeners: noQueue SingleRequest [27/Nov/2016:22:06:47][Thread-17]: RequestRepository: setPublishingStatus mBaseDN: ou=ca,ou=requests,o=ipaca status: -1 [27/Nov/2016:22:06:47][Thread-17]: In LdapBoundConnFactory::getConn() [27/Nov/2016:22:06:47][Thread-17]: masterConn is connected: true [27/Nov/2016:22:06:47][Thread-17]: getConn: conn is connected true [27/Nov/2016:22:06:47][Thread-17]: getConn: mNumConns now 4 [27/Nov/2016:22:06:47][Thread-17]: returnConn: mNumConns now 5 [27/Nov/2016:22:06:47][Thread-17]: Number of publishing threads: 0 Maybe something in dogtag is missing? Jochen -- The only problem with troubleshooting is that the trouble shoots back. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
