On 08/01/2017 01:48 AM, Florence Blanc-Renaud wrote:
On 08/01/2017 01:32 AM, Ian Harding via FreeIPA-users wrote:
>
>
> On 07/31/2017 11:34 AM, Rob Crittenden wrote:
>> Ian Harding via FreeIPA-users wrote:
>>> I had an unexpected restart of an IPA server that had apparently had
>>> updates run but had not been restarted. ipactl says pki-tomcatd would
>>> not start.
>>>
>>> Strangely, the actual service appears to be running:
>>>
>>
>> dogtag is an application within tomcat so tomcat can run without dogtag
>> running.
>>
>> We need to see more of the dogtag debug log to see what is going on.
>>
>
> It looks like an authentication problem...
>
> [28/Jul/2017:10:08:47][localhost-startStop-1]: SSL handshake happened
> Could not connect to LDAP server host seattlenfs.bpt.rocks port 636
> Error netscape.ldap.LDAPException: Authentication failed (49)
>
Hi,
dogtag stores its internal data in the LDAP server and needs to
establish a secure LDAP connection. You can check how this connection is
configured in /etc/pki/pki-tomcat/ca/CS.cfg, look for the lines:
internaldb.ldapauth.authtype=SslClientAuth
internaldb.ldapauth.bindDN=cn=Directory Manager
internaldb.ldapauth.bindPWPrompt=internaldb
internaldb.ldapauth.clientCertNickname=subsystemCert cert-pki-ca
internaldb.ldapconn.host=vm-...
internaldb.ldapconn.port=636
internaldb.ldapconn.secureConn
authtype can be SslClientAuth (authentication with a ssl certificate) or
BasicAuth (authentication with a bind DN and password stored in
/var/lib/pki/pki-tomcat/conf/password.conf).
You can use this information to manually check the credentials. For
instance with sslclientauth:
export LDAPTLS_CACERTDIR=/etc/pki/pki-tomcat/alias
export LDAPTLS_CERT='subsystemCert cert-pki-ca'
ldapsearch -H ldaps://`hostname`:636 -b "" -s base -Y EXTERNAL
(provide the password from /etc/pki/pki-tomcat/alias/pwdfile.txt)
I found this:
internaldb.ldapauth.authtype=SslClientAuth
internaldb.ldapauth.bindDN=uid=pkidbuser,ou=people,o=ipaca
internaldb.ldapauth.bindPWPrompt=internaldb
internaldb.ldapauth.clientCertNickname=subsystemCert cert-pki-ca
internaldb.ldapconn.cloneReplicationPort=389
...
and when I try the ldapsearch I am presented with a prompt to provide a
pin/password
Please enter pin, password, or pass phrase for security token 'ldap(0)':
but there is no password file...
ls -a /etc/pki/pki-tomcat/alias/
. .. cert8.db key3.db secmod.db
There are "internal" and "replicationdb" values in
/var/lib/pki/pki-tomcat/conf/password.conf but they don't work in
response to the ldapsearch prompt above.
Thank you so much for your help!
HTH,
Flo.
>
>
> at
> org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
>
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>
> at java.lang.Thread.run(Thread.java:745)
> Internal Database Error encountered: Could not connect to LDAP server
> host seattlenfs.bpt.rocks port 636 Error netscape.ldap.LDAPException:
> Authentication failed (49)
> at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:676)
> at
> com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1172)
> at
> com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1078)
> at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:570)
> at com.netscape.certsrv.apps.CMS.init(CMS.java:188)
> at com.netscape.certsrv.apps.CMS.start(CMS.java:1621)
> at
> com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
>
> at javax.servlet.GenericServlet.init(GenericServlet.java:158)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
>
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
>
> at
> org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270)
>
> at
> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195)
>
> at
> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085)
> at
> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318)
>
> at
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610)
>
> at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
> at
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
>
> at
> org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
> at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
>
> at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
>
> at java.security.AccessController.doPrivileged(Native Method)
> at
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
> at
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
> at
> org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
>
> at
> org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
>
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>
> at java.lang.Thread.run(Thread.java:745)
> [28/Jul/2017:09:56:24][localhost-startStop-1]: CMSEngine.shutdown()
> [28/Jul/2017:10:08:46][localhost-startStop-1]:
> ============================================
> [28/Jul/2017:10:08:46][localhost-startStop-1]: ===== DEBUG SUBSYSTEM
> INITIALIZED =======
> [28/Jul/2017:10:08:46][localhost-startStop-1]:
> ============================================
> [28/Jul/2017:10:08:46][localhost-startStop-1]: CMSEngine: restart at
> autoShutdown? false
> [28/Jul/2017:10:08:46][localhost-startStop-1]: CMSEngine: autoShutdown
> crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb
> [28/Jul/2017:10:08:46][localhost-startStop-1]: CMSEngine: about to
> look for cert for auto-shutdown support:auditSigningCert cert-pki-ca
> [28/Jul/2017:10:08:46][localhost-startStop-1]: CMSEngine: found
> cert:auditSigningCert cert-pki-ca
> [28/Jul/2017:10:08:46][localhost-startStop-1]: CMSEngine: done init
> id=debug
> [28/Jul/2017:10:08:46][localhost-startStop-1]: CMSEngine: initialized
> debug
> [28/Jul/2017:10:08:46][localhost-startStop-1]: CMSEngine:
> initSubsystem id=log
> [28/Jul/2017:10:08:46][localhost-startStop-1]: CMSEngine: ready to
> init id=log
> [28/Jul/2017:10:08:46][localhost-startStop-1]: Creating
> RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/signedAudit/ca_audit)
> [28/Jul/2017:10:08:46][localhost-startStop-1]: Creating
> RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/system)
> [28/Jul/2017:10:08:47][localhost-startStop-1]: Creating
> RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/transactions)
> [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: restart at
> autoShutdown? false
> [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: autoShutdown
> crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb
> [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: about to
> look for cert for auto-shutdown support:auditSigningCert cert-pki-ca
> [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: found
> cert:auditSigningCert cert-pki-ca
> [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: done init
> id=log
> [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: initialized log
> [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine:
> initSubsystem id=jss
> [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: ready to
> init id=jss
> [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: restart at
> autoShutdown? false
> [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: autoShutdown
> crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb
> [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: about to
> look for cert for auto-shutdown support:auditSigningCert cert-pki-ca
> [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: found
> cert:auditSigningCert cert-pki-ca
> [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: done init
> id=jss
> [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: initialized jss
> [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine:
> initSubsystem id=dbs
> [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine: ready to
> init id=dbs
> [28/Jul/2017:10:08:47][localhost-startStop-1]: DBSubsystem: init()
> mEnableSerialMgmt=true
> [28/Jul/2017:10:08:47][localhost-startStop-1]: Creating
> LdapBoundConnFactor(DBSubsystem)
> [28/Jul/2017:10:08:47][localhost-startStop-1]: LdapBoundConnFactory: init
> [28/Jul/2017:10:08:47][localhost-startStop-1]:
> LdapBoundConnFactory:doCloning true
> [28/Jul/2017:10:08:47][localhost-startStop-1]: LdapAuthInfo: init()
> [28/Jul/2017:10:08:47][localhost-startStop-1]: LdapAuthInfo: init begins
> [28/Jul/2017:10:08:47][localhost-startStop-1]: LdapAuthInfo: init ends
> [28/Jul/2017:10:08:47][localhost-startStop-1]: init: before
> makeConnection errorIfDown is true
> [28/Jul/2017:10:08:47][localhost-startStop-1]: makeConnection:
> errorIfDown true
> [28/Jul/2017:10:08:47][localhost-startStop-1]: TCP Keep-Alive: true
> [28/Jul/2017:10:08:47][localhost-startStop-1]:
> SSLClientCertificateSelectionCB: Setting desired cert nickname to:
> subsystemCert cert-pki-ca
> [28/Jul/2017:10:08:47][localhost-startStop-1]: LdapJssSSLSocket: set
> client auth cert nickname subsystemCert cert-pki-ca
> [28/Jul/2017:10:08:47][localhost-startStop-1]:
> SSLClientCertificatSelectionCB: Entering!
> [28/Jul/2017:10:08:47][localhost-startStop-1]: Candidate cert:
> ocspSigningCert cert-pki-ca
> [28/Jul/2017:10:08:47][localhost-startStop-1]: Candidate cert:
> subsystemCert cert-pki-ca
> [28/Jul/2017:10:08:47][localhost-startStop-1]:
> SSLClientCertificateSelectionCB: desired cert found in list:
> subsystemCert cert-pki-ca
> [28/Jul/2017:10:08:47][localhost-startStop-1]:
> SSLClientCertificateSelectionCB: returning: subsystemCert cert-pki-ca
> [28/Jul/2017:10:08:47][localhost-startStop-1]: SSL handshake happened
> Could not connect to LDAP server host seattlenfs.bpt.rocks port 636
> Error netscape.ldap.LDAPException: Authentication failed (49)
> at
>
com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:205)
>
> at
>
com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:166)
>
> at
>
com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:130)
>
> at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:654)
> at
> com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1172)
> at
> com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1078)
> at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:570)
> at com.netscape.certsrv.apps.CMS.init(CMS.java:188)
> at com.netscape.certsrv.apps.CMS.start(CMS.java:1621)
> at
> com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
>
> at javax.servlet.GenericServlet.init(GenericServlet.java:158)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
>
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
>
> at
> org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270)
>
> at
> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195)
>
> at
> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085)
> at
> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318)
>
> at
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610)
>
> at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
> at
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
>
> at
> org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
> at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
>
> at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
>
> at java.security.AccessController.doPrivileged(Native Method)
> at
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
> at
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
> at
> org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
>
> at
> org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
>
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>
> at java.lang.Thread.run(Thread.java:745)
> Internal Database Error encountered: Could not connect to LDAP server
> host seattlenfs.bpt.rocks port 636 Error netscape.ldap.LDAPException:
> Authentication failed (49)
> at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:676)
> at
> com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1172)
> at
> com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1078)
> at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:570)
> at com.netscape.certsrv.apps.CMS.init(CMS.java:188)
> at com.netscape.certsrv.apps.CMS.start(CMS.java:1621)
> at
> com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
>
> at javax.servlet.GenericServlet.init(GenericServlet.java:158)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
>
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
>
> at
> org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270)
>
> at
> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195)
>
> at
> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085)
> at
> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318)
>
> at
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610)
>
> at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
> at
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
>
> at
> org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
> at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
>
> at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
>
> at java.security.AccessController.doPrivileged(Native Method)
> at
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
> at
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
> at
> org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
>
> at
> org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
>
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>
> at java.lang.Thread.run(Thread.java:745)
> [28/Jul/2017:10:08:47][localhost-startStop-1]: CMSEngine.shutdown()
> [28/Jul/2017:10:13:29][localhost-startStop-2]:
> ============================================
> [28/Jul/2017:10:13:29][localhost-startStop-2]: ===== DEBUG SUBSYSTEM
> INITIALIZED =======
> [28/Jul/2017:10:13:29][localhost-startStop-2]:
> ============================================
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: restart at
> autoShutdown? false
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: autoShutdown
> crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: about to
> look for cert for auto-shutdown support:auditSigningCert cert-pki-ca
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: found
> cert:auditSigningCert cert-pki-ca
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: done init
> id=debug
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: initialized
> debug
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine:
> initSubsystem id=log
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: ready to
> init id=log
> [28/Jul/2017:10:13:29][localhost-startStop-2]: Creating
> RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/signedAudit/ca_audit)
> [28/Jul/2017:10:13:29][localhost-startStop-2]: Creating
> RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/system)
> [28/Jul/2017:10:13:29][localhost-startStop-2]: Creating
> RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/transactions)
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: restart at
> autoShutdown? false
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: autoShutdown
> crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: about to
> look for cert for auto-shutdown support:auditSigningCert cert-pki-ca
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: found
> cert:auditSigningCert cert-pki-ca
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: done init
> id=log
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: initialized log
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine:
> initSubsystem id=jss
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: ready to
> init id=jss
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: restart at
> autoShutdown? false
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: autoShutdown
> crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: about to
> look for cert for auto-shutdown support:auditSigningCert cert-pki-ca
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: found
> cert:auditSigningCert cert-pki-ca
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: done init
> id=jss
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: initialized jss
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine:
> initSubsystem id=dbs
> [28/Jul/2017:10:13:29][localhost-startStop-2]: CMSEngine: ready to
> init id=dbs
> [28/Jul/2017:10:13:29][localhost-startStop-2]: DBSubsystem: init()
> mEnableSerialMgmt=true
> [28/Jul/2017:10:13:29][localhost-startStop-2]: Creating
> LdapBoundConnFactor(DBSubsystem)
> [28/Jul/2017:10:13:29][localhost-startStop-2]: LdapBoundConnFactory: init
> [28/Jul/2017:10:13:29][localhost-startStop-2]:
> LdapBoundConnFactory:doCloning true
> [28/Jul/2017:10:13:29][localhost-startStop-2]: LdapAuthInfo: init()
> [28/Jul/2017:10:13:29][localhost-startStop-2]: LdapAuthInfo: init begins
> [28/Jul/2017:10:13:29][localhost-startStop-2]: LdapAuthInfo: init ends
> [28/Jul/2017:10:13:29][localhost-startStop-2]: init: before
> makeConnection errorIfDown is true
> [28/Jul/2017:10:13:29][localhost-startStop-2]: makeConnection:
> errorIfDown true
> [28/Jul/2017:10:13:29][localhost-startStop-2]: TCP Keep-Alive: true
> [28/Jul/2017:10:13:29][localhost-startStop-2]:
> SSLClientCertificateSelectionCB: Setting desired cert nickname to:
> subsystemCert cert-pki-ca
> [28/Jul/2017:10:13:29][localhost-startStop-2]: LdapJssSSLSocket: set
> client auth cert nickname subsystemCert cert-pki-ca
> [28/Jul/2017:10:13:29][localhost-startStop-2]: SSL handshake happened
> Could not connect to LDAP server host seattlenfs.bpt.rocks port 636
> Error netscape.ldap.LDAPException: Authentication failed (49)
> at
>
com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:205)
>
> at
>
com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:166)
>
> at
>
com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:130)
>
> at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:654)
> at
> com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1172)
> at
> com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1078)
> at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:570)
> at com.netscape.certsrv.apps.CMS.init(CMS.java:188)
> at com.netscape.certsrv.apps.CMS.start(CMS.java:1621)
> at
> com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
>
> at javax.servlet.GenericServlet.init(GenericServlet.java:158)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
>
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
>
> at
> org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270)
>
> at
> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195)
>
> at
> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085)
> at
> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318)
>
> at
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610)
>
> at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
> at
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
>
> at
> org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
> at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
>
>
>
>> I don't think re-running the upgrade command would help.
>>
>> rob
>>
>
--
Ian Harding
IT Director
Brown Paper Tickets
1-800-838-3006 ext 7186
http://www.brownpapertickets.com