Hi,
It looks like the "auditSigningCert cert-pki-ca" is invalid.
26/Jan/2018:20:43:16][localhost-startStop-1]: CertUtils:
verifySystemCertByNickname(): calling verifyCertificate(auditSigningCert
cert-pki-ca, true, ObjectSigner)
[26/Jan/2018:20:43:16][localhost-startStop-1]: CertUtils:
verifySystemCertByNickname() failed: java.lang.Exception: Certificate
auditSigningCert cert-pki-ca is invalid: Invalid certificate: (-8181)
Peer's Certificate has expired.
[26/Jan/2018:20:43:16][localhost-startStop-1]: CertUtils:
verifySystemCertsByTag() failed: java.lang.Exception: Certificate
auditSigningCert cert-pki-ca is invalid: Invalid certificate: (-8181)
Peer's Certificate has expired.
The "auditSigningCert cert-pki-ca" got recently renewed:
Request ID '20171206120336':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB',pin set
certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-ca-renew-agent
issuer: CN=Certificate Authority,O=XXXKD.FAU.DE,OU=Some Institute
(XXX) - FAU,C=DE,E=guy(a)example.com,L=FUERTH
subject: CN=CA Audit,O=XXXKD.FAU.DE,OU=Some Institute (XXX) -
FAU,C=DE,E=guy(a)example.com,L=FUERTH
expires: 2020-01-19 13:22:53 UTC
key usage: digitalSignature,nonRepudiation
pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert
"auditSigningCert cert-pki-ca"
track: yes
auto-renew: yes
All the expired certificates, this one too, have expired on '2018-01-29
12:00:xx', this one too. But it got renewed 1 hour after it expired.
Request ID '20171206120336':
status: MONITORING
ca-error: Invalid cookie: ''
stuck: no
key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB',pin set
certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-ca-renew-agent
issuer: CN=Certificate Authority,O=WW8KD.FAU.DE,OU=Institute of
Materials Simulation (WW8) - FAU,C=DE,E=christof.schulze(a)fau.de,L=FUERTH
subject: CN=CA Audit,O=WW8KD.FAU.DE,OU=Institute of Materials
Simulation (WW8) - FAU,C=DE,E=christof.schulze(a)fau.de,L=FUERTH
expires: 2018-01-29 12:00:45 UTC
key usage: digitalSignature,nonRepudiation
pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert
"auditSigningCert cert-pki-ca"
track: yes
auto-renew: yes
So when going back the new 'auditSigningCert cert-pki-ca' is not.
Am 01.02.2018 um 01:48 schrieb Fraser Tweedale via FreeIPA-users:
On Wed, Jan 31, 2018 at 04:58:30PM +0100, Christof Schulze via
FreeIPA-users wrote:
> Hi,
>
> did time roll back. Does look like the pki-tomcatd is not running, and can
> not be restared.
>
> Checked the userCertificates, they look identical to me.
>
> The Certificate requests for the three expiring certificates are now in
> SUBMITTING-state. Cant see any other Errors than:
>
>
> Jan 26 20:23:59 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[16805]:
> dogtag-ipa-renew-agent returned 2
> Jan 26 20:30:36 idm1.XXXkd.fau.de systemd[1]: Stopping Certificate
> monitoring and PKI enrollment...
> Jan 26 20:30:36 idm1.XXXkd.fau.de systemd[1]: Starting Certificate
> monitoring and PKI enrollment...
>
> Is there some way to start certmonger and maybe the pki-tomcatd in debugging
> mode?
>
What is is /var/log/pki/pki-tomcat/ca/debug? If it is not starting
properly, there should be some output in there related to that.
Thanks,
Fraser
> On 31.01.2018 00:27, Fraser Tweedale via FreeIPA-users wrote:
>> On Tue, Jan 30, 2018 at 05:29:46PM +0100, Christof Schulze via FreeIPA-users
wrote:
>>> Hi,
>>>
>>>
>>> Checked AVCs first. Selinux is always a burden on our Fedora Clients.
>>>
>>> Certmonger is still trying.
>>>
>>> Does it make sense to make some timetravel for certificate renewal with the
>>> Renewal master, even if the renewal didn't work when the certificates
where
>>> still valid?
>>>
>> Time travel will be necessary.
>>
>> Wind the clock back on the renewal master to a time when all certs
>> are valid, and then investigate why renewal was failing.
>>
>> Please check that the userCertificate attributes of the following
>> entries are in sync with their corresponding certificates:
>>
>> - uid=ipara,ou=people,o=ipaca
>> must match /var/lib/ipa/ra-agent.pem
>>
>> - uid=pkidbuser,ou=people,o=ipaca
>> must match /etc/pki/pki-tomcat/alias : 'subsystemCert
cert-pki-ca'
>>
>> Cheers,
>> Fraser
>>
>>>
>>> On 30.01.2018 16:42, Rob Crittenden via FreeIPA-users wrote:
>>>> Christof Schulze via FreeIPA-users wrote:
>>>>> Hi,
>>>>>
>>>>> Here may be the problem, all are masters, the idm1 I am working on
is
>>>>> the CA renewal master (checked ldap and config-show).
>>>>>
>>>>> IPA masters: idm1.ww8kd.fau.de, idm2.ww8kd.fau.de, idm3.ww8kd.fau.de
>>>>> IPA CA servers: idm1.ww8kd.fau.de, idm2.ww8kd.fau.de,
idm3.ww8kd.fau.de
>>>>> IPA NTP servers: idm1.ww8kd.fau.de, idm2.ww8kd.fau.de,
idm3.ww8kd.fau.de
>>>>> IPA CA renewal master: idm1.ww8kd.fau.de
>>>>>
>>>>> But when checking the different points on the side linked by you. I
can
>>>>> see:
>>>>> All off them have
>>>>> ca.crl.MasterCRL.enableCRLUpdates=false
>>>>> ca.crl.MasterCRL.enableCRLCache=false
>>>>>
>>>>> And all of them have the RewriteRule in the
>>>>> /etc/httpd/conf.d/ipa-pki-proxy.conf.
>>>>>
>>>>> I remember years ago the original idm1 got roasted by some
electrical
>>>>> surge. And I think it got cloned by one of the others (documentation
>>>>> would be king).
>>>>>
>>>>> So all of them are clones and we don't have a CRL generation
master.
>>>>>
>>>>> The renewed "auditSigningCert cert-pki-ca" on the master
didn't get
>>>>> replicated to the others.
>>>>>
>>>>> Can I just promote idm1 to become CRL generation master by setting
>>>>> ca.crl.MasterCRL.enableCRLUpdates=true
>>>>> ca.crl.MasterCRL.enableCRLCache=true
>>>> Yes but that won't affect renewal.
>>>>
>>>>> And how to get new certificates?
>>>> As Flo suggested, check syslog for certmonger messages. Look for AVCs.
>>>>
>>>> Look at the output of getcert list to see what the status and errors
are.
>>>>
>>>> rob
>>>>
>>>>> And Thanks for your patience.
>>>>>
>>>>>
>>>>> On 30.01.2018 14:26, Florence Blanc-Renaud wrote:
>>>>>> On 01/30/2018 02:02 PM, Christof Schulze via FreeIPA-users
wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> Now the roof is on fire, all certificates are synced on all
masters
>>>>>>> since a long time ago.
>>>>>>>
>>>>>>> The not renewing certificates in /etc/pki/pki-tomcat/alias
have now
>>>>>>> expired
>>>>>>> "subsystemCert cert-pki-ca" ,
"ocspSigningCert cert-pki-ca" ,
>>>>>>> "/var/lib/ipa/ra-agent.pem"
>>>>>>>
>>>>>>> The "auditSigningCert cert-pki-ca" certificate is
the only one which
>>>>>>> has been renewed. (Old Serial Number: 5 (0x5), New Serial
Number:
>>>>>>> 536739845 (0x1ffe0005) valid till 2020)
>>>>>>>
>>>>>>> The userCertificate in (uid=ipara,ou=people,o=ipaca) and the
IPA RA
>>>>>>> certificate in /var/lib/ipa/ra-agent.pem are matching and
expired.
>>>>>>>
>>>>>>>
>>>>>>> pki-tomcat can no longer access the ldap.
>>>>>>>
>>>>>>> slapi_ldap_bind - Error: could not send startTLS
request: error
>>>>>>> -1 (Can't contact LDAP server) errno 107 (Transport
endpoint is not
>>>>>>> connected)
>>>>>>>
>>>>>>>
>>>>>>> Is there some way this situation can be solved?
>>>>>> Hi,
>>>>>>
>>>>>> you need first to identify who is your renewal master and start
>>>>>> repairing this machine. You can use ipa config-show or a direct
>>>>>> ldapsearch as described here
>>>>>>
(
https://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#I...)
>>>>>> to find the renewal master.
>>>>>>
>>>>>> On the renewal master, check if the certificates have been
properly
>>>>>> renewed. If it is not the case, you will need to chase the
failure by
>>>>>> checking SE linux AVCs or errors in the journal produced by
certmonger.
>>>>>> The renewal master really needs to be repaired first, as it is
the
>>>>>> source containing some certs that will later be downloaded by
the
>>>>>> other masters.
>>>>>>
>>>>>> Flo
>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> Christof Schulze
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Request ID '20171206120336':
>>>>>>> status: MONITORING
>>>>>>> stuck: no
>>>>>>> key pair storage:
>>>>>>>
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
>>>>>>> cert-pki-ca',token='NSS Certificate DB',pin set
>>>>>>> certificate:
>>>>>>>
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
>>>>>>> cert-pki-ca',token='NSS Certificate DB'
>>>>>>> CA: dogtag-ipa-ca-renew-agent
>>>>>>> issuer: CN=Certificate
Authority,O=XXXKD.FAU.DE,OU=Some
>>>>>>> Institute (XXX) - FAU,C=DE,E=guy(a)example.com,L=FUERTH
>>>>>>> subject: CN=CA Audit,O=XXXKD.FAU.DE,OU=Some Institute
(XXX) -
>>>>>>> FAU,C=DE,E=guy(a)example.com,L=FUERTH
>>>>>>> expires: 2020-01-19 13:22:53 UTC
>>>>>>> key usage: digitalSignature,nonRepudiation
>>>>>>> pre-save command:
/usr/libexec/ipa/certmonger/stop_pkicad
>>>>>>> post-save command:
/usr/libexec/ipa/certmonger/renew_ca_cert
>>>>>>> "auditSigningCert cert-pki-ca"
>>>>>>> track: yes
>>>>>>> auto-renew: yes
>>>>>>> Request ID '20171206120337':
>>>>>>> status: MONITORING
>>>>>>> stuck: no
>>>>>>> key pair storage:
>>>>>>>
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
>>>>>>> cert-pki-ca',token='NSS Certificate DB',pin set
>>>>>>> certificate:
>>>>>>>
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
>>>>>>> cert-pki-ca',token='NSS Certificate DB'
>>>>>>> CA: dogtag-ipa-ca-renew-agent
>>>>>>> issuer: CN=Certificate
Authority,O=XXXKD.FAU.DE,OU=Some
>>>>>>> Institute (XXX) - FAU,C=DE,E=guy(a)example.com,L=FUERTH
>>>>>>> subject: CN=OCSP Subsystem,O=XXXKD.FAU.DE,OU=Some
Institute
>>>>>>> (XXX) - FAU,C=DE,E=guy(a)example.com,L=FUERTH
>>>>>>> expires: 2018-01-29 12:00:44 UTC
>>>>>>> key usage:
digitalSignature,nonRepudiation,keyCertSign,cRLSign
>>>>>>> eku: id-kp-OCSPSigning
>>>>>>> pre-save command:
/usr/libexec/ipa/certmonger/stop_pkicad
>>>>>>> post-save command:
/usr/libexec/ipa/certmonger/renew_ca_cert
>>>>>>> "ocspSigningCert cert-pki-ca"
>>>>>>> track: yes
>>>>>>> auto-renew: yes
>>>>>>> Request ID '20171206120338':
>>>>>>> status: MONITORING
>>>>>>> stuck: no
>>>>>>> key pair storage:
>>>>>>>
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
>>>>>>> cert-pki-ca',token='NSS Certificate DB',pin set
>>>>>>> certificate:
>>>>>>>
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
>>>>>>> cert-pki-ca',token='NSS Certificate DB'
>>>>>>> CA: dogtag-ipa-ca-renew-agent
>>>>>>> issuer: CN=Certificate
Authority,O=XXXKD.FAU.DE,OU=Some
>>>>>>> Institute (XXX) - FAU,C=DE,E=guy(a)example.com,L=FUERTH
>>>>>>> subject: CN=CA Subsystem,O=XXXKD.FAU.DE,OU=Some
Institute (XXX)
>>>>>>> - FAU,C=DE,E=guy(a)example.com,L=FUERTH
>>>>>>> expires: 2018-01-29 12:00:44 UTC
>>>>>>> key usage:
>>>>>>>
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>>>>>>> eku: id-kp-serverAuth,id-kp-clientAuth
>>>>>>> pre-save command:
/usr/libexec/ipa/certmonger/stop_pkicad
>>>>>>> post-save command:
/usr/libexec/ipa/certmonger/renew_ca_cert
>>>>>>> "subsystemCert cert-pki-ca"
>>>>>>> track: yes
>>>>>>> auto-renew: yes
>>>>>>> Request ID '20171206120340':
>>>>>>> status: MONITORING
>>>>>>> stuck: no
>>>>>>> key pair storage:
type=FILE,location='/var/lib/ipa/ra-agent.key'
>>>>>>> certificate:
type=FILE,location='/var/lib/ipa/ra-agent.pem'
>>>>>>> CA: dogtag-ipa-ca-renew-agent
>>>>>>> issuer: CN=Certificate
Authority,O=XXXKD.FAU.DE,OU=Some
>>>>>>> Institute (XXX) - FAU,C=DE,E=guy(a)example.com,L=FUERTH
>>>>>>> subject: CN=IPA RA,O=XXXKD.FAU.DE,OU=Some Institute
(XXX) -
>>>>>>> FAU,C=DE,E=guy(a)example.com,L=FUERTH
>>>>>>> expires: 2018-01-29 12:01:11 UTC
>>>>>>> key usage:
>>>>>>>
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>>>>>>> eku: id-kp-serverAuth,id-kp-clientAuth
>>>>>>> pre-save command:
/usr/libexec/ipa/certmonger/renew_ra_cert_pre
>>>>>>> post-save command:
/usr/libexec/ipa/certmonger/renew_ra_cert
>>>>>>> track: yes
>>>>>>> auto-renew: yes
>>>>>>>
>>>>>>>
>>>>>>> On 30.01.2018 00:40, Fraser Tweedale via FreeIPA-users
wrote:
>>>>>>>> On Mon, Jan 29, 2018 at 03:55:07PM +0100, Christof
Schulze via
>>>>>>>> FreeIPA-users wrote:
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> some certificates on our freeipa-cluster (3 servers)
are have been not
>>>>>>>>> renewed till now, 2 hours before expiring. Can this
be a problem?
>>>>>>>>>
>>>>>>>>> Some of the certificates, the ones expiring show
"ca-error:
>>>>>>>>> Invalid cookie:
>>>>>>>>> '' in the "getcert list" output,
what makes me nervous.
>>>>>>>>>
>>>>>>>>> We also have the problem when certmonger can not
reach the CA
>>>>>>>>> CA_UNREACHABLE
>>>>>>>>> after restarting a freeipa-server. But when we
restart the
>>>>>>>>> certmonger.server
>>>>>>>>> after everything being up again everything looks
good.
>>>>>>>>>
>>>>>>>>> Maybe you can give me some advice what to check and
which logs you
>>>>>>>>> else
>>>>>>>>> would need.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>>
>>>>>>>>> Christof Schulze
>>>>>>>>>
>>>>>>>> Hi Christof,
>>>>>>>>
>>>>>>>> Yes, it is a problem. They should have been renewed
before now.
>>>>>>>> The errors in `getcert list' output show that there
has been a
>>>>>>>> problem.
>>>>>>>>
>>>>>>>> First, check that all certificates are valid, all
certificates have
>>>>>>>> been synced across all masters using `ipa-certupdate` on
each
>>>>>>>> master. You should also check that the userCertificate
attribute in
>>>>>>>> entry:
>>>>>>>>
>>>>>>>> uid=ipara,ou=people,o=ipaca
>>>>>>>>
>>>>>>>> matches the actual IPA RA certificate in
/var/lib/ipa/ra-agent.pem
>>>>>>>>
>>>>>>>> Also check that your topology has correct renewal master
>>>>>>>> configuration. ldapsearch
cn=masters,cn=ipa,cn=etc,dc=ipa,dc=local
>>>>>>>> with filter
(&(cn=CA)(ipaConfigString=caRenewalMaster)). It should
>>>>>>>> return exactly one entry and it must be a valid, active
master.
>>>>>>>>
>>>>>>>> HTH,
>>>>>>>> Fraser
>>>> _______________________________________________
>>>> FreeIPA-users mailing list --freeipa-users(a)lists.fedorahosted.org
>>>> To unsubscribe send an email
tofreeipa-users-leave(a)lists.fedorahosted.org
>>>>
>>> journalctl -u certmonger.service
>>>
>>> Jan 29 20:43:46 idm1.ww8kd.fau.de certmonger[13223]: Certificate in file
"/var/lib/ipa/ra-agent.pem" is no longer valid.
>>> Jan 29 20:43:49 idm1.ww8kd.fau.de dogtag-ipa-ca-renew-agent-submit[13225]:
Forwarding request to dogtag-ipa-renew-agent
>>> Jan 29 20:43:49 idm1.ww8kd.fau.de dogtag-ipa-ca-renew-agent-submit[13225]:
dogtag-ipa-renew-agent returned 2
>>>
>>> .... repeating till...
>>>
>>> Jan 29 20:45:10 idm1.ww8kd.fau.de certmonger[13328]: Certificate named
"ocspSigningCert cert-pki-ca" in token "NSS Certificate DB" in
database "/etc/pki/pki-tomcat/alias" is no longer valid.
>>> Jan 29 20:45:13 idm1.ww8kd.fau.de dogtag-ipa-ca-renew-agent-submit[13330]:
Forwarding request to dogtag-ipa-renew-agent
>>>
>>> .... repeating till...
>>>
>>> Jan 29 20:53:36 idm1.ww8kd.fau.de dogtag-ipa-ca-renew-agent-submit[13943]:
dogtag-ipa-renew-agent returned 2
>>> Jan 29 20:53:47 idm1.ww8kd.fau.de certmonger[13954]: Certificate named
"ocspSigningCert cert-pki-ca" in token "NSS Certificate DB" in
database "/etc/pki/pki-tomcat/alias" is no longer valid.
>>> Jan 29 20:53:49 idm1.ww8kd.fau.de dogtag-ipa-ca-renew-agent-submit[13956]:
Forwarding request to dogtag-ipa-renew-agent
>>> Jan 29 20:53:49 idm1.ww8kd.fau.de dogtag-ipa-ca-renew-agent-submit[13956]:
dogtag-ipa-renew-agent returned 2
>>>
>>> .... repeating till...
>>>
>>> Jan 29 20:55:57 idm1.ww8kd.fau.de certmonger[14110]: Certificate named
"ocspSigningCert cert-pki-ca" in token "NSS Certificate DB" in
database "/etc/pki/pki-tomcat/alias" is no longer valid.
>>> Jan 29 20:55:59 idm1.ww8kd.fau.de dogtag-ipa-ca-renew-agent-submit[14112]:
Forwarding request to dogtag-ipa-renew-agent
>>> Jan 29 20:55:59 idm1.ww8kd.fau.de dogtag-ipa-ca-renew-agent-submit[14112]:
dogtag-ipa-renew-agent returned 2
>>>
>>> .... repeating
>>>
>>> Then suddenly:
>>>
>>> Jan 30 16:09:31 idm1.ww8kd.fau.de dogtag-ipa-ca-renew-agent-submit[27370]:
Traceback (most recent call last):
>>>
File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit", line 540, in
<module>
>>>
sys.exit(main())
>>>
File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit", line 514, in
main
>>>
kinit_keytab(principal, paths.KRB5_KEYTAB, ccache_filename)
>>>
File "/usr/lib/python2.7/site-packages/ipalib/install/kinit.py", line 43, in
kinit_keytab
>>>
cred = gssapi.Credentials(name=name, store=store, usage='initiate')
>>>
File "/usr/lib64/python2.7/site-packages/gssapi/creds.py", line 64, in __new__
>>>
store=store)
>>>
File "/usr/lib64/python2.7/site-packages/gssapi/creds.py", line 148, in
acquire
>>>
usage)
>>>
File "ext_cred_store.pyx", line 182, in
gssapi.raw.ext_cred_store.acquire_cred_from (gssapi/raw/ext_cred_store.c:1732)
>>>
GSSError: Major (851968): Unspecified GSS failure. Minor code may provide more
information, Minor (2529639068): Cannot contact any KDC for realm 'WW8KD.FAU.DE'
>>> Jan 30 16:09:31 idm1.ww8kd.fau.de certmonger[15905]: 2018-01-30 16:09:31
[15905] Internal error
>>> Jan 30 16:09:50 idm1.ww8kd.fau.de dogtag-ipa-ca-renew-agent-submit[27500]:
Traceback (most recent call last):
>>>
File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit", line 540, in
<module>
>>>
sys.exit(main())
>>>
File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit", line 514, in
main
>>>
kinit_keytab(principal, paths.KRB5_KEYTAB, ccache_filename)
>>>
File "/usr/lib/python2.7/site-packages/ipalib/install/kinit.py", line 43, in
kinit_keytab
>>>
cred = gssapi.Credentials(name=name, store=store, usage='initiate')
>>>
File "/usr/lib64/python2.7/site-packages/gssapi/creds.py", line 64, in __new__
>>>
store=store)
>>>
File "/usr/lib64/python2.7/site-packages/gssapi/creds.py", line 148, in
acquire
>>>
usage)
>>>
File "ext_cred_store.pyx", line 182, in
gssapi.raw.ext_cred_store.acquire_cred_from (gssapi/raw/ext_cred_store.c:1732)
>>>
GSSError: Major (851968): Unspecified GSS failure. Minor code may provide more
information, Minor (2529639068): Cannot contact any KDC for realm 'WW8KD.FAU.DE'
>>> Jan 30 16:09:50 idm1.ww8kd.fau.de certmonger[15905]: 2018-01-30 16:09:50
[15905] Internal error
>>> Jan 30 16:09:51 idm1.ww8kd.fau.de dogtag-ipa-ca-renew-agent-submit[27509]:
Traceback (most recent call last):
>>>
File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit", line 540, in
<module>
>>>
sys.exit(main())
>>>
File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit", line 514, in
main
>>>
kinit_keytab(principal, paths.KRB5_KEYTAB, ccache_filename)
>>>
File "/usr/lib/python2.7/site-packages/ipalib/install/kinit.py", line 43, in
kinit_keytab
>>>
cred = gssapi.Credentials(name=name, store=store, usage='initiate')
>>>
File "/usr/lib64/python2.7/site-packages/gssapi/creds.py", line 64, in __new__
>>>
store=store)
>>>
File "/usr/lib64/python2.7/site-packages/gssapi/creds.py", line 148, in
acquire
>>>
usage)
>>>
File "ext_cred_store.pyx", line 182, in
gssapi.raw.ext_cred_store.acquire_cred_from (gssapi/raw/ext_cred_store.c:1732)
>>>
GSSError: Major (851968): Unspecified GSS failure. Minor code may provide more
information, Minor (2529639068): Cannot contact any KDC for realm 'WW8KD.FAU.DE'
>>> Jan 30 16:09:51 idm1.ww8kd.fau.de certmonger[15905]: 2018-01-30 16:09:51
[15905] Internal error
>>> Jan 30 16:15:03 idm1.ww8kd.fau.de dogtag-ipa-ca-renew-agent-submit[28056]:
Forwarding request to dogtag-ipa-renew-agent
>>> Jan 30 16:15:03 idm1.ww8kd.fau.de dogtag-ipa-ca-renew-agent-submit[28056]:
dogtag-ipa-renew-agent returned 2
>>>
>>> .... repeating till end...
>>> an 30 17:10:18 idm1 certmonger: Certificate named "subsystemCert
cert-pki-ca" in token "NSS Certificate DB" in database
"/etc/pki/pki-tomcat/alias" is no longer valid.
>>> Jan 30 17:10:20 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request to
dogtag-ipa-renew-agent
>>> Jan 30 17:10:20 idm1 dogtag-ipa-ca-renew-agent-submit: dogtag-ipa-renew-agent
returned 2
>>> Jan 30 17:10:24 idm1 server: Jan 30, 2018 5:10:24 PM
org.apache.catalina.core.ContainerBase backgroundProcess
>>> Jan 30 17:10:24 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
>>> Jan 30 17:10:24 idm1 server: javax.ws.rs.ServiceUnavailableException:
Subsystem unavailable
>>> Jan 30 17:10:24 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
>>> Jan 30 17:10:24 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
>>> Jan 30 17:10:24 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
>>> Jan 30 17:10:24 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
>>> Jan 30 17:10:24 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
>>> Jan 30 17:10:24 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
>>> Jan 30 17:10:24 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
>>> Jan 30 17:10:24 idm1 server: at java.lang.Thread.run(Thread.java:748)
>>> Jan 30 17:10:26 idm1 certmonger: Certificate in file
"/var/lib/ipa/ra-agent.pem" is no longer valid.
>>> Jan 30 17:10:28 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request to
dogtag-ipa-renew-agent
>>> Jan 30 17:10:28 idm1 dogtag-ipa-ca-renew-agent-submit: dogtag-ipa-renew-agent
returned 2
>>> Jan 30 17:10:34 idm1 server: Jan 30, 2018 5:10:34 PM
org.apache.catalina.core.ContainerBase backgroundProcess
>>> Jan 30 17:10:34 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
>>> Jan 30 17:10:34 idm1 server: javax.ws.rs.ServiceUnavailableException:
Subsystem unavailable
>>> Jan 30 17:10:34 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
>>> Jan 30 17:10:34 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
>>> Jan 30 17:10:34 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
>>> Jan 30 17:10:34 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
>>> Jan 30 17:10:34 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
>>> Jan 30 17:10:34 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
>>> Jan 30 17:10:34 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
>>> Jan 30 17:10:34 idm1 server: at java.lang.Thread.run(Thread.java:748)
>>> Jan 30 17:10:44 idm1 server: Jan 30, 2018 5:10:44 PM
org.apache.catalina.core.ContainerBase backgroundProcess
>>> Jan 30 17:10:44 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
>>> Jan 30 17:10:44 idm1 server: javax.ws.rs.ServiceUnavailableException:
Subsystem unavailable
>>> Jan 30 17:10:44 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
>>> Jan 30 17:10:44 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
>>> Jan 30 17:10:44 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
>>> Jan 30 17:10:44 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
>>> Jan 30 17:10:44 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
>>> Jan 30 17:10:44 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
>>> Jan 30 17:10:44 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
>>> Jan 30 17:10:44 idm1 server: at java.lang.Thread.run(Thread.java:748)
>>> Jan 30 17:10:44 idm1 certmonger: Certificate named "ocspSigningCert
cert-pki-ca" in token "NSS Certificate DB" in database
"/etc/pki/pki-tomcat/alias" is no longer valid.
>>> Jan 30 17:10:46 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request to
dogtag-ipa-renew-agent
>>> Jan 30 17:10:46 idm1 dogtag-ipa-ca-renew-agent-submit: dogtag-ipa-renew-agent
returned 2
>>> Jan 30 17:10:50 idm1 certmonger: Certificate named "subsystemCert
cert-pki-ca" in token "NSS Certificate DB" in database
"/etc/pki/pki-tomcat/alias" is no longer valid.
>>> Jan 30 17:10:53 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request to
dogtag-ipa-renew-agent
>>> Jan 30 17:10:53 idm1 dogtag-ipa-ca-renew-agent-submit: dogtag-ipa-renew-agent
returned 2
>>> Jan 30 17:10:54 idm1 server: Jan 30, 2018 5:10:54 PM
org.apache.catalina.core.ContainerBase backgroundProcess
>>> Jan 30 17:10:54 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
>>> Jan 30 17:10:54 idm1 server: javax.ws.rs.ServiceUnavailableException:
Subsystem unavailable
>>> Jan 30 17:10:54 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
>>> Jan 30 17:10:54 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
>>> Jan 30 17:10:54 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
>>> Jan 30 17:10:54 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
>>> Jan 30 17:10:54 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
>>> Jan 30 17:10:54 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
>>> Jan 30 17:10:54 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
>>> Jan 30 17:10:54 idm1 server: at java.lang.Thread.run(Thread.java:748)
>>> Jan 30 17:10:58 idm1 certmonger: Certificate in file
"/var/lib/ipa/ra-agent.pem" is no longer valid.
>>> Jan 30 17:11:01 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request to
dogtag-ipa-renew-agent
>>> Jan 30 17:11:01 idm1 dogtag-ipa-ca-renew-agent-submit: dogtag-ipa-renew-agent
returned 2
>>> _______________________________________________
>>> FreeIPA-users mailing list --freeipa-users(a)lists.fedorahosted.org
>>> To unsubscribe send an email tofreeipa-users-leave(a)lists.fedorahosted.org
> --
> Christof Schulze
>
> Institute of Materials Simulation (WW8)
> Department of Materials Science
> Friedrich-Alexander-University Erlangen-Nürnberg
> Dr.-Mack-Str. 77,
> 90762 Fürth, Germany
>
> Tel: 0911/65078-65069
> Email:christof.schulze@ww.uni-erlangen.de
> journalctl -u certmonger.service
>
>
> Jan 26 20:03:58 idm1.XXXkd.fau.de ipa-submit[15799]: GSSAPI client step 1
> Jan 26 20:03:58 idm1.XXXkd.fau.de ipa-submit[15799]: GSSAPI client step 1
> Jan 26 20:03:58 idm1.XXXkd.fau.de ipa-submit[15799]: GSSAPI client step 1
> Jan 26 20:03:58 idm1.XXXkd.fau.de ipa-submit[15799]: GSSAPI client step 1
> Jan 26 20:03:58 idm1.XXXkd.fau.de ipa-submit[15799]: GSSAPI client step 2
> Jan 26 20:03:59 idm1.XXXkd.fau.de certmonger[15838]: Certificate named
"ocspSigningCert cert-pki-ca" in token "NSS Certificate DB" in
database "/etc/pki/pki-tomcat/alias" will not be valid after 20180129120044.
> Jan 26 20:04:32 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[15860]: Forwarding
request to dogtag-ipa-renew-agent
> Jan 26 20:04:32 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[15860]:
dogtag-ipa-renew-agent returned 2
> Jan 26 20:04:42 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[15853]: Forwarding
request to dogtag-ipa-renew-agent
> Jan 26 20:04:42 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[15853]:
dogtag-ipa-renew-agent returned 2
> Jan 26 20:04:52 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[15851]: Forwarding
request to dogtag-ipa-renew-agent
> Jan 26 20:04:52 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[15851]:
dogtag-ipa-renew-agent returned 2
> Jan 26 20:06:08 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[16044]: Forwarding
request to dogtag-ipa-renew-agent
> Jan 26 20:06:08 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[16044]:
dogtag-ipa-renew-agent returned 2
> Jan 26 20:16:36 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[16726]: Forwarding
request to dogtag-ipa-renew-agent
> Jan 26 20:16:37 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[16726]:
dogtag-ipa-renew-agent returned 2
> Jan 26 20:17:37 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[16746]: Forwarding
request to dogtag-ipa-renew-agent
> Jan 26 20:17:37 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[16746]:
dogtag-ipa-renew-agent returned 2
> Jan 26 20:23:59 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[16805]: Forwarding
request to dogtag-ipa-renew-agent
> Jan 26 20:23:59 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[16805]:
dogtag-ipa-renew-agent returned 2
> equest ID '20171206120337':
> status: SUBMITTING
> stuck: no
> key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS Certificate DB',pin set
> certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS Certificate DB'
> CA: dogtag-ipa-ca-renew-agent
> issuer: CN=Certificate Authority,O=XXXKD.FAU.DE,OU=Some Institute (XXX) -
FAU,C=DE,E=christof.schulze(a)fau.de,L=FUERTH
> subject: CN=OCSP Subsystem,O=XXXKD.FAU.DE,OU=Some Institute (XXX) -
FAU,C=DE,E=christof.schulze(a)fau.de,L=FUERTH
> expires: 2018-01-29 12:00:44 UTC
> key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
> eku: id-kp-OCSPSigning
> pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
> post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert "ocspSigningCert
cert-pki-ca"
> track: yes
> auto-renew: yes
> Request ID '20171206120338':
> status: SUBMITTING
> stuck: no
> key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
cert-pki-ca',token='NSS Certificate DB',pin set
> certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
cert-pki-ca',token='NSS Certificate DB'
> CA: dogtag-ipa-ca-renew-agent
> issuer: CN=Certificate Authority,O=XXXKD.FAU.DE,OU=Some Institute (XXX) -
FAU,C=DE,E=christof.schulze(a)fau.de,L=FUERTH
> subject: CN=CA Subsystem,O=XXXKD.FAU.DE,OU=Some Institute (XXX) -
FAU,C=DE,E=christof.schulze(a)fau.de,L=FUERTH
> expires: 2018-01-29 12:00:44 UTC
> key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
> eku: id-kp-serverAuth,id-kp-clientAuth
> pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
> post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert "subsystemCert
cert-pki-ca"
> track: yes
> auto-renew: yes
> Request ID '20171206120340':
> status: SUBMITTING
> stuck: no
> key pair storage: type=FILE,location='/var/lib/ipa/ra-agent.key'
> certificate: type=FILE,location='/var/lib/ipa/ra-agent.pem'
> CA: dogtag-ipa-ca-renew-agent
> issuer: CN=Certificate Authority,O=XXXKD.FAU.DE,OU=Some Institute (XXX) -
FAU,C=DE,E=christof.schulze(a)fau.de,L=FUERTH
> subject: CN=IPA RA,O=XXXKD.FAU.DE,OU=Some Institute (XXX) -
FAU,C=DE,E=christof.schulze(a)fau.de,L=FUERTH
> expires: 2018-01-29 12:01:11 UTC
> key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
> eku: id-kp-serverAuth,id-kp-clientAuth
> pre-save command: /usr/libexec/ipa/certmonger/renew_ra_cert_pre
> post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert
> track: yes
> auto-renew: yes
> ldapsearch -x -h localhost -b uid=pkidbuser,ou=people,o=ipaca
> # extended LDIF
> #
> # LDAPv3
> # base <uid=pkidbuser,ou=people,o=ipaca> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # pkidbuser, people, ipaca
> dn: uid=pkidbuser,ou=people,o=ipaca
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: cmsuser
> uid: pkidbuser
> sn: pkidbuser
> cn: pkidbuser
> mail:
> usertype: agentType
> userstate: 1
> description: 2;4;CN=Certificate Authority,O=XXXKD.FAU.DE,OU=Institute of Mater
> ials Simulation (XXX) - FAU,C=DE,E=christof.schulze(a)fau.de,L=FUERTH;CN=CA Sub
> system,O=XXXKD.FAU.DE,OU=Some Institute (XXX) - FAU,C=DE,E
> =christof.schulze(a)fau.de,L=FUERTH
> userCertificate:: MIIEcz
> .................
> seeAlso: CN=CA Subsystem,O=XXXKD.FAU.DE,OU=Some Institute (
> XXX) - FAU,C=DE,E=christof.schulze(a)fau.de,L=FUERTH
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
> Jan 26 20:00:00 idm1 systemd: Time has been changed
> Jan 26 20:00:05 idm1 server: Jan 26, 2018 8:00:05 PM
org.apache.catalina.core.ContainerBase backgroundProcess
> Jan 26 20:00:05 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
> Jan 26 20:00:05 idm1 server: javax.ws.rs.ServiceUnavailableException: Subsystem
unavailable
> Jan 26 20:00:05 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
> Jan 26 20:00:05 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
> Jan 26 20:00:05 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
> Jan 26 20:00:05 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
> Jan 26 20:00:05 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> Jan 26 20:00:05 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> Jan 26 20:00:05 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
> Jan 26 20:00:05 idm1 server: at java.lang.Thread.run(Thread.java:748)
> Jan 26 20:00:10 idm1 ns-slapd: [26/Jan/2018:20:00:10.040578826 +0100] - WARN -
csngen_new_csn - Too much time skew (-416592 secs). Current seqnum=4
> Jan 26 20:00:10 idm1 ns-slapd: [26/Jan/2018:20:00:10.061165225 +0100] - WARN -
csngen_new_csn - Too much time skew (-416593 secs). Current seqnum=5
> Jan 26 20:00:10 idm1 ns-slapd: [26/Jan/2018:20:00:10.087176808 +0100] - WARN -
csngen_new_csn - Too much time skew (-416594 secs). Current seqnum=6
> Jan 26 20:00:10 idm1 ns-slapd: [26/Jan/2018:20:00:10.093683659 +0100] - WARN -
csngen_new_csn - Too much time skew (-416595 secs). Current seqnum=7
> Jan 26 20:00:15 idm1 server: Jan 26, 2018 8:00:15 PM
org.apache.catalina.core.ContainerBase backgroundProcess
> Jan 26 20:00:15 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
> Jan 26 20:00:15 idm1 server: javax.ws.rs.ServiceUnavailableException: Subsystem
unavailable
> Jan 26 20:00:15 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
> Jan 26 20:00:15 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
> Jan 26 20:00:15 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
> Jan 26 20:00:15 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
> Jan 26 20:00:15 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> Jan 26 20:00:15 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> Jan 26 20:00:15 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
> Jan 26 20:00:15 idm1 server: at java.lang.Thread.run(Thread.java:748)
> Jan 26 20:00:25 idm1 server: Jan 26, 2018 8:00:25 PM
org.apache.catalina.core.ContainerBase backgroundProcess
> Jan 26 20:00:25 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
> Jan 26 20:00:25 idm1 server: javax.ws.rs.ServiceUnavailableException: Subsystem
unavailable
> Jan 26 20:00:25 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
> Jan 26 20:00:25 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
> Jan 26 20:00:25 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
> Jan 26 20:00:25 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
> Jan 26 20:00:25 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> Jan 26 20:00:25 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> Jan 26 20:00:25 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
> Jan 26 20:00:25 idm1 server: at java.lang.Thread.run(Thread.java:748)
> Jan 26 20:00:26 idm1 systemd: Starting PKI Tomcat Server tomcatd...
> Jan 26 20:00:26 idm1 pkidaemon: tomcatd is an invalid 'tomcat' instance
> Jan 26 20:00:26 idm1 systemd:pki-tomcatd@tomcatd.service: control process exited,
code=exited status=5
> Jan 26 20:00:26 idm1 systemd: Failed to start PKI Tomcat Server tomcatd.
> Jan 26 20:00:26 idm1 systemd: Unitpki-tomcatd(a)tomcatd.service entered failed state.
> Jan 26 20:00:26 idm1 systemd:pki-tomcatd@tomcatd.service failed.
> Jan 26 20:00:30 idm1 ns-slapd: [26/Jan/2018:20:00:30.030350069 +0100] - WARN -
csngen_new_csn - Too much time skew (-416576 secs). Current seqnum=8
> Jan 26 20:00:30 idm1 ns-slapd: [26/Jan/2018:20:00:30.036532171 +0100] - WARN -
csngen_new_csn - Too much time skew (-416577 secs). Current seqnum=9
> Jan 26 20:00:30 idm1 ns-slapd: [26/Jan/2018:20:00:30.054084481 +0100] - WARN -
csngen_new_csn - Too much time skew (-416578 secs). Current seqnum=a
> Jan 26 20:00:30 idm1 ns-slapd: [26/Jan/2018:20:00:30.072843629 +0100] - WARN -
csngen_new_csn - Too much time skew (-416579 secs). Current seqnum=b
> Jan 26 20:00:35 idm1 server: Jan 26, 2018 8:00:35 PM
org.apache.catalina.core.ContainerBase backgroundProcess
> Jan 26 20:00:35 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
> Jan 26 20:00:35 idm1 server: javax.ws.rs.ServiceUnavailableException: Subsystem
unavailable
> Jan 26 20:00:35 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
> Jan 26 20:00:35 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
> Jan 26 20:00:35 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
> Jan 26 20:00:35 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
> Jan 26 20:00:35 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> Jan 26 20:00:35 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> Jan 26 20:00:35 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
> Jan 26 20:00:35 idm1 server: at java.lang.Thread.run(Thread.java:748)
> Jan 26 20:00:45 idm1 server: Jan 26, 2018 8:00:45 PM
org.apache.catalina.core.ContainerBase backgroundProcess
> Jan 26 20:00:45 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
> Jan 26 20:00:45 idm1 server: javax.ws.rs.ServiceUnavailableException: Subsystem
unavailable
> Jan 26 20:00:45 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
> Jan 26 20:00:45 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
> Jan 26 20:00:45 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
> Jan 26 20:00:45 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
> Jan 26 20:00:45 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> Jan 26 20:00:45 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> Jan 26 20:00:45 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
> Jan 26 20:00:45 idm1 server: at java.lang.Thread.run(Thread.java:748)
> Jan 26 20:00:48 idm1 ns-slapd: [26/Jan/2018:20:00:48.030570760 +0100] - WARN -
csngen_new_csn - Too much time skew (-416562 secs). Current seqnum=4
> Jan 26 20:00:48 idm1 ns-slapd: [26/Jan/2018:20:00:48.035772779 +0100] - WARN -
csngen_new_csn - Too much time skew (-416563 secs). Current seqnum=5
> Jan 26 20:00:48 idm1 ns-slapd: [26/Jan/2018:20:00:48.053399054 +0100] - WARN -
csngen_new_csn - Too much time skew (-416564 secs). Current seqnum=6
> Jan 26 20:00:48 idm1 ns-slapd: [26/Jan/2018:20:00:48.058488375 +0100] - WARN -
csngen_new_csn - Too much time skew (-416565 secs). Current seqnum=7
> Jan 26 20:00:54 idm1 systemd: Stopped target PKI Tomcat Server.
> Jan 26 20:00:54 idm1 systemd: Stopping PKI Tomcat Server.
> Jan 26 20:00:54 idm1 systemd: Stopping PKI Tomcat Server pki-tomcat...
> Jan 26 20:00:54 idm1 systemd: Stopping 389 Directory Server XXXKD-FAU-DE....
> Jan 26 20:00:54 idm1 ns-slapd: [26/Jan/2018:20:00:54.631434461 +0100] - INFO -
op_thread_cleanup - slapd shutting down - signaling operation threads - op stack size 19
max work q size 6 max work q stack size 6
> Jan 26 20:00:54 idm1 ns-slapd: [26/Jan/2018:20:00:54.662944402 +0100] - INFO -
slapd_daemon - slapd shutting down - waiting for 14 threads to terminate
> Jan 26 20:00:54 idm1 ns-slapd: [26/Jan/2018:20:00:54.693612476 +0100] - INFO -
slapd_daemon - slapd shutting down - closing down internal subsystems and plugins
> Jan 26 20:00:55 idm1 server: Java virtual machine used:
/usr/lib/jvm/jre-1.8.0-openjdk/bin/java
> Jan 26 20:00:55 idm1 server: classpath used:
/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
> Jan 26 20:00:55 idm1 server: main class used: org.apache.catalina.startup.Bootstrap
> Jan 26 20:00:55 idm1 server: flags used: -DRESTEASY_LIB=/usr/share/java/resteasy-base
-Djava.library.path=/usr/lib64/nuxwdog-jni
> Jan 26 20:00:55 idm1 server: options used: -Dcatalina.base=/var/lib/pki/pki-tomcat
-Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs=
-Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> Jan 26 20:00:55 idm1 server: arguments used: stop
> Jan 26 20:00:55 idm1 ns-slapd: [26/Jan/2018:20:00:55.269159082 +0100] - INFO -
dblayer_pre_close - Waiting for 4 database threads to stop
> Jan 26 20:00:55 idm1 server: Jan 26, 2018 8:00:55 PM
org.apache.catalina.core.ContainerBase backgroundProcess
> Jan 26 20:00:55 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
> Jan 26 20:00:55 idm1 server: javax.ws.rs.ServiceUnavailableException: Subsystem
unavailable
> Jan 26 20:00:55 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
> Jan 26 20:00:55 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
> Jan 26 20:00:55 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
> Jan 26 20:00:55 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
> Jan 26 20:00:55 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> Jan 26 20:00:55 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> Jan 26 20:00:55 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
> Jan 26 20:00:55 idm1 server: at java.lang.Thread.run(Thread.java:748)
> Jan 26 20:00:56 idm1 ns-slapd: [26/Jan/2018:20:00:56.047222363 +0100] - INFO -
dblayer_pre_close - All database threads now stopped
> Jan 26 20:00:56 idm1 ns-slapd: [26/Jan/2018:20:00:56.136143475 +0100] - INFO -
ldbm_back_instance_set_destructor - Set of instances destroyed
> Jan 26 20:00:56 idm1 ns-slapd: [26/Jan/2018:20:00:56.250499625 +0100] - INFO -
connection_post_shutdown_cleanup - slapd shutting down - freed 6 work q stack objects -
freed 19 op stack objects
> Jan 26 20:00:56 idm1 ns-slapd: [26/Jan/2018:20:00:56.466290546 +0100] - INFO - main -
slapd stopped.
> Jan 26 20:00:57 idm1 systemd: Starting 389 Directory Server XXXKD-FAU-DE....
> Jan 26 20:00:57 idm1 server: Jan 26, 2018 8:00:57 PM
org.apache.catalina.startup.ClassLoaderFactory validateFile
> Jan 26 20:00:57 idm1 server: WARNING: Problem with JAR file
[/usr/share/pki/server/common/lib/symkey.jar], exists: [false], canRead: [false]
> Jan 26 20:00:59 idm1 server: Jan 26, 2018 8:00:59 PM
org.apache.catalina.core.StandardServer await
> Jan 26 20:00:59 idm1 server: INFO: A valid shutdown command was received via the
shutdown port. Stopping the Server instance.
> Jan 26 20:00:59 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_stop]
> Jan 26 20:00:59 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[stop]
> Jan 26 20:00:59 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[configure_stop]
> Jan 26 20:00:59 idm1 server: Jan 26, 2018 8:00:59 PM
org.apache.coyote.AbstractProtocol pause
> Jan 26 20:00:59 idm1 server: INFO: Pausing ProtocolHandler
["http-bio-8080"]
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.166056006 +0100] - WARN -
Security Initialization - SSL alert: Sending pin request to SVRCore. You may need to run
systemd-tty-ask-password-agent to provide the password.
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.192768272 +0100] - INFO -
Security Initialization - SSL info: Enabling default cipher set.
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.194054627 +0100] - INFO -
Security Initialization - SSL info: Configured NSS Ciphers
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.195443005 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.196488030 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.197471823 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.198476669 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.199408370 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.200335494 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.201269623 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.202187620 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.203076746 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
enabled
> Jan 26 20:01:00 idm1 systemd: Stopped PKI Tomcat Server pki-tomcat.
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.212403223 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.213802057 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.214320583 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.215664034 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.216287901 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.216973776 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.217398701 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.217909449 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.218369168 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.218796504 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.219235985 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.220009250 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.220862707 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.221671302 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.222376985 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.223115430 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.223989576 +0100] - INFO -
Security Initialization - SSL info: #011TLS_AES_128_GCM_SHA256: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.224808605 +0100] - INFO -
Security Initialization - SSL info: #011TLS_CHACHA20_POLY1305_SHA256: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.225509347 +0100] - INFO -
Security Initialization - SSL info: #011TLS_AES_256_GCM_SHA384: enabled
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.251261397 +0100] - INFO -
Security Initialization - slapd_ssl_init2 - Configured SSL version range: min: TLS1.0,
max: TLS1.2
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.252601147 +0100] - INFO - main -
389-Directory/1.3.6.1 B2018.025.1550 starting up
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.267546859 +0100] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.271447152 +0100] - WARN -
default_mr_indexer_create - Plugin [caseIgnoreIA5Match] does not handle caseExactIA5Match
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.275981745 +0100] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.283140403 +0100] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.289336025 +0100] - NOTICE -
ldbm_back_start - found 1532164k physical memory
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.290187342 +0100] - NOTICE -
ldbm_back_start - found 588692k available
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.291044337 +0100] - NOTICE -
ldbm_back_start - cache autosizing: db cache: 61286k
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.291982935 +0100] - NOTICE -
ldbm_back_start - cache autosizing: userRoot entry cache (3 total): 65536k
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.294255028 +0100] - NOTICE -
ldbm_back_start - cache autosizing: ipaca entry cache (3 total): 65536k
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.296509006 +0100] - NOTICE -
ldbm_back_start - cache autosizing: changelog entry cache (3 total): 65536k
> Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.298844301 +0100] - NOTICE -
ldbm_back_start - total cache size: 282989821 B;
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.208240370 +0100] - ERR -
schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 seconds after
the server startup!
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.256911972 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.258221666 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=keys,cn=sec,cn=dns,dc=XXXkd,dc=fau,dc=de does
not exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.259183606 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.260299224 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.261345202 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=XXXkd,dc=fau,dc=de does
not exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.262389108 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=XXXkd,dc=fau,dc=de does
not exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.263438748 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.264619539 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.265661588 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.266617305 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.267503563 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.268386977 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.269339542 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.270164213 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.271060127 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.271880025 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.272730680 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.273618472 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.274598861 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.275455547 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.276441760 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.283273623 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.284297934 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:01:01 idm1 systemd: Started Session 84 of user root.
> Jan 26 20:01:01 idm1 systemd: Starting Session 84 of user root.
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.396213753 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=automember rebuild
membership,cn=tasks,cn=config does not exist
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.399323317 +0100] - ERR -
auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule (invalid
regex). Error "nothing to repeat".
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.399986425 +0100] - ERR -
auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule (invalid
regex). Error "nothing to repeat".
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.400970832 +0100] - ERR -
auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule (invalid
regex). Error "nothing to repeat".
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.636616613 +0100] - ERR -
schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds!
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.639886286 +0100] - ERR -
set_krb5_creds - Could not get initial credentials for principal
[ldap/idm1.XXXkd.fau.de(a)XXXKD.FAU.DE] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328324
(Generic error (see e-text))
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.644711700 +0100] - INFO -
slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.645973404 +0100] - INFO -
slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests
> Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.659963996 +0100] - INFO -
slapd_daemon - Listening on /var/run/slapd-XXXKD-FAU-DE.socket for LDAPI requests
> Jan 26 20:01:01 idm1 ns-slapd: GSSAPI Error: Unspecified GSS failure. Minor code may
provide more information (No Kerberos credentials available (default cache:
/tmp/krb5cc_993))
> Jan 26 20:01:01 idm1 systemd: Started 389 Directory Server XXXKD-FAU-DE..
> Jan 26 20:01:01 idm1 systemd: Stopping Kerberos 5 KDC...
> Jan 26 20:01:01 idm1 systemd: Starting Kerberos 5 KDC...
> Jan 26 20:01:02 idm1 systemd: PID file /var/run/krb5kdc.pid not readable (yet?) after
start.
> Jan 26 20:01:02 idm1 systemd: Started Kerberos 5 KDC.
> Jan 26 20:01:02 idm1 systemd: Stopping Kerberos 5 Password-changing and
Administration...
> Jan 26 20:01:02 idm1 systemd: kadmin.service: main process exited, code=exited,
status=2/INVALIDARGUMENT
> Jan 26 20:01:02 idm1 systemd: Unit kadmin.service entered failed state.
> Jan 26 20:01:02 idm1 systemd: kadmin.service failed.
> Jan 26 20:01:02 idm1 systemd: Starting Kerberos 5 Password-changing and
Administration...
> Jan 26 20:01:02 idm1 systemd: Started Kerberos 5 Password-changing and
Administration.
> Jan 26 20:01:02 idm1 systemd: Stopping The Apache HTTP Server...
> Jan 26 20:01:04 idm1 kernel: httpd[27874]: segfault at 8 ip 00007ff9ffbd2a90 sp
00007ff9dbc05d70 error 4 in libpython2.7.so.1.0[7ff9ffad3000+17d000]
> Jan 26 20:01:04 idm1 ns-slapd: [26/Jan/2018:20:01:04.672339153 +0100] - WARN -
csngen_new_csn - Too much time skew (-416549 secs). Current seqnum=8
> Jan 26 20:01:05 idm1 ns-slapd: [26/Jan/2018:20:01:05.044521936 +0100] - ERR -
NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=meToidm2.XXXkd.fau.de"
(idm2:389) - Replication bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials)
()
> Jan 26 20:01:05 idm1 systemd: Starting The Apache HTTP Server...
> Jan 26 20:01:05 idm1 ipa-httpd-kdcproxy: ipa : INFO KDC proxy enabled
> Jan 26 20:01:06 idm1 systemd: Started The Apache HTTP Server.
> Jan 26 20:01:07 idm1 systemd: Stopping IPA Custodia Service...
> Jan 26 20:01:07 idm1 systemd: Starting IPA Custodia Service...
> Jan 26 20:01:07 idm1 ns-slapd: [26/Jan/2018:20:01:07.739422386 +0100] - ERR -
schema-compat-plugin - Finished plugin initialization.
> Jan 26 20:01:08 idm1 ipa-custodia: 2018-01-26 20:01:08 - server
- Serving on Unix socket /run/httpd/ipa-custodia.sock
> Jan 26 20:01:08 idm1 systemd: Started IPA Custodia Service.
> Jan 26 20:01:08 idm1 systemd: Starting Network Time Service...
> Jan 26 20:01:08 idm1 ntpd[15428]: ntpd4.2.6p5(a)1.2349-o Wed Apr 12 21:24:06 UTC 2017
(1)
> Jan 26 20:01:08 idm1 ntpd[15429]: proto: precision = 0.087 usec
> Jan 26 20:01:08 idm1 ntpd[15429]: 0.0.0.0 c01d 0d kern kernel time sync enabled
> Jan 26 20:01:08 idm1 systemd: Started Network Time Service.
> Jan 26 20:01:08 idm1 ntpd[15429]: getaddrinfo: "2001:638:a000:b201::/64"
invalid host address, ignored
> Jan 26 20:01:08 idm1 systemd: Starting PKI Tomcat Server pki-tomcat...
> Jan 26 20:01:08 idm1 ntpd[15429]: restrict: error in address
'2001:638:a000:b201::/64' on line 21. Ignoring...
> Jan 26 20:01:08 idm1 ntpd[15429]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
> Jan 26 20:01:08 idm1 ntpd[15429]: Listen and drop on 1 v6wildcard :: UDP 123
> Jan 26 20:01:08 idm1 ntpd[15429]: Listen normally on 2 lo 127.0.0.1 UDP 123
> Jan 26 20:01:08 idm1 ntpd[15429]: Listen normally on 3 eth0 10.188.220.100 UDP 123
> Jan 26 20:01:08 idm1 ntpd[15429]: Listen normally on 4 lo ::1 UDP 123
> Jan 26 20:01:08 idm1 ntpd[15429]: Listen normally on 5 eth0 fe80::5054:ff:fe4e:b270
UDP 123
> Jan 26 20:01:08 idm1 ntpd[15429]: Listen normally on 6 eth0
2001:638:a000:b201::220:100 UDP 123
> Jan 26 20:01:08 idm1 ntpd[15429]: Listening on routing socket on fd #23 for interface
updates
> Jan 26 20:01:08 idm1 ntpd[15429]: 0.0.0.0 c016 06 restart
> Jan 26 20:01:08 idm1 ntpd[15429]: 0.0.0.0 c012 02 freq_set ntpd -11.506 PPM
> Jan 26 20:01:09 idm1 pkidaemon: -----------------------
> Jan 26 20:01:09 idm1 pkidaemon: Banner is not installed
> Jan 26 20:01:09 idm1 pkidaemon: -----------------------
> Jan 26 20:01:09 idm1 pkidaemon: ----------------------
> Jan 26 20:01:09 idm1 pkidaemon: Enabled all subsystems
> Jan 26 20:01:09 idm1 pkidaemon: ----------------------
> Jan 26 20:01:10 idm1 systemd: Started PKI Tomcat Server pki-tomcat.
> Jan 26 20:01:10 idm1 systemd: Reached target PKI Tomcat Server.
> Jan 26 20:01:10 idm1 systemd: Starting PKI Tomcat Server.
> Jan 26 20:01:10 idm1 server: Java virtual machine used:
/usr/lib/jvm/jre-1.8.0-openjdk/bin/java
> Jan 26 20:01:10 idm1 server: classpath used:
/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
> Jan 26 20:01:10 idm1 server: main class used: org.apache.catalina.startup.Bootstrap
> Jan 26 20:01:10 idm1 server: flags used: -DRESTEASY_LIB=/usr/share/java/resteasy-base
-Djava.library.path=/usr/lib64/nuxwdog-jni
> Jan 26 20:01:10 idm1 server: options used: -Dcatalina.base=/var/lib/pki/pki-tomcat
-Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs=
-Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.security.manager
-Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy
> Jan 26 20:01:10 idm1 server: arguments used: start
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.ClassLoaderFactory validateFile
> Jan 26 20:01:11 idm1 server: WARNING: Problem with JAR file
[/usr/share/pki/server/common/lib/symkey.jar], exists: [false], canRead: [false]
> Jan 26 20:01:11 idm1 ns-slapd: [26/Jan/2018:20:01:11.084620256 +0100] - WARN -
csngen_new_csn - Too much time skew (-416544 secs). Current seqnum=9
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'enableOCSP' to
'false' did not find a matching property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspResponderURL' to 'http://idm1.XXXkd.fau.de:9080/ca/ocsp' did not find
a matching property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspResponderCertNickname' to 'ocspSigningCert cert-pki-ca' did not find
a matching property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspCacheSize'
to '1000' did not find a matching property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMinCacheEntryDuration' to '60' did not find a matching property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMaxCacheEntryDuration' to '120' did not find a matching property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspTimeout' to
'10' did not find a matching property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'strictCiphers'
to 'true' did not find a matching property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'sslOptions' to
'ssl2=false,ssl3=false,tls=true' did not find a matching property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ssl2Ciphers' to
'-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5'
did not find a matching property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ssl3Ciphers' to
'-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'tlsCiphers' to
'-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_DSS_WITH_AES_128_CBC_SHA,+TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslVersionRangeStream' to 'tls1_0:tls1_2' did not find a matching
property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslVersionRangeDatagram' to 'tls1_1:tls1_2' did not find a matching
property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslRangeCiphers' to
'-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,+TLS_RSA_WITH_AES_128_CBC_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA256,+TLS_RSA_WITH_AES_128_GCM_SHA256,+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256'
did not find a matching property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'serverCertNickFile' to '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf'
did not find a matching property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'passwordFile'
to '/var/lib/pki/pki-tomcat/conf/password.conf' did not find a matching property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'passwordClass'
to 'org.apache.tomcat.util.net.jss.PlainPasswordFile' did not find a matching
property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'certdbDir' to
'/var/lib/pki/pki-tomcat/alias' did not find a matching property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.tomcat.util.digester.SetPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING: [SetPropertiesRule]{Server/Service/Engine/Host}
Setting property 'xmlValidation' to 'false' did not find a matching
property.
> Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.tomcat.util.digester.SetPropertiesRule begin
> Jan 26 20:01:11 idm1 server: WARNING: [SetPropertiesRule]{Server/Service/Engine/Host}
Setting property 'xmlNamespaceAware' to 'false' did not find a matching
property.
> Jan 26 20:01:11 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_init]
> Jan 26 20:01:12 idm1 server: Jan 26, 2018 8:01:12 PM
org.apache.coyote.AbstractProtocol init
> Jan 26 20:01:12 idm1 server: INFO: Initializing ProtocolHandler
["http-bio-8080"]
> Jan 26 20:01:12 idm1 server: Jan 26, 2018 8:01:12 PM
org.apache.coyote.AbstractProtocol init
> Jan 26 20:01:12 idm1 server: INFO: Initializing ProtocolHandler
["http-bio-8443"]
> Jan 26 20:01:12 idm1 server: Error: SSL cipher
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" not recognized by tomcatjss
> Jan 26 20:01:12 idm1 server: Error: SSL cipher
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" not recognized by tomcatjss
> Jan 26 20:01:12 idm1 server: Jan 26, 2018 8:01:12 PM
org.apache.coyote.AbstractProtocol init
> Jan 26 20:01:12 idm1 server: INFO: Initializing ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> Jan 26 20:01:12 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_init]
> Jan 26 20:01:12 idm1 server: Jan 26, 2018 8:01:12 PM
org.apache.catalina.startup.Catalina load
> Jan 26 20:01:12 idm1 server: INFO: Initialization processed in 1363 ms
> Jan 26 20:01:12 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_start]
> Jan 26 20:01:12 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[configure_start]
> Jan 26 20:01:12 idm1 ns-slapd: [26/Jan/2018:20:01:12.623763048 +0100] - WARN -
csngen_new_csn - Too much time skew (-416544 secs). Current seqnum=a
> Jan 26 20:01:12 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[start]
> Jan 26 20:01:12 idm1 server: Jan 26, 2018 8:01:12 PM
org.apache.catalina.core.StandardService startInternal
> Jan 26 20:01:12 idm1 server: INFO: Starting service Catalina
> Jan 26 20:01:12 idm1 server: Jan 26, 2018 8:01:12 PM
org.apache.catalina.core.StandardEngine startInternal
> Jan 26 20:01:12 idm1 server: INFO: Starting Servlet Engine: Apache Tomcat/7.0.76
> Jan 26 20:01:12 idm1 server: Jan 26, 2018 8:01:12 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:01:12 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ca.xml
> Jan 26 20:01:12 idm1 ns-slapd: [26/Jan/2018:20:01:12.731562409 +0100] - WARN -
csngen_new_csn - Too much time skew (-416544 secs). Current seqnum=b
> Jan 26 20:01:12 idm1 server: SSLAuthenticatorWithFallback: Creating SSL authenticator
with fallback
> Jan 26 20:01:12 idm1 server: SSLAuthenticatorWithFallback: Setting container
> Jan 26 20:01:13 idm1 ntpd[15429]: 0.0.0.0 c515 05 clock_sync
> Jan 26 20:01:15 idm1 server: Jan 26, 2018 8:01:15 PM
org.apache.catalina.startup.TldConfig execute
> Jan 26 20:01:15 idm1 server: INFO: At least one JAR was scanned for TLDs yet
contained no TLDs. Enable debug logging for this logger for a complete list of JARs that
were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can
improve startup time and JSP compilation time.
> Jan 26 20:01:15 idm1 server: SSLAuthenticatorWithFallback: Initializing
authenticators
> Jan 26 20:01:15 idm1 server: SSLAuthenticatorWithFallback: Starting authenticators
> Jan 26 20:01:15 idm1 server: CMSEngine.initializePasswordStore() begins
> Jan 26 20:01:15 idm1 server: CMSEngine.initializePasswordStore(): tag=internaldb
> Jan 26 20:01:15 idm1 server: CMSEngine.initializePasswordStore(): tag=replicationdb
> Jan 26 20:01:18 idm1 server: SelfTestSubsystem: Disabling "ca" subsystem
due to selftest failure.
> Jan 26 20:01:18 idm1 server: -----------------------
> Jan 26 20:01:18 idm1 server: Disabled "ca" subsystem
> Jan 26 20:01:18 idm1 server: -----------------------
> Jan 26 20:01:18 idm1 server: Subsystem ID: ca
> Jan 26 20:01:18 idm1 server: Instance ID: pki-tomcat
> Jan 26 20:01:18 idm1 server: Enabled: False
> Jan 26 20:01:18 idm1 server: Invalid class name repositorytop
> Jan 26 20:01:19 idm1 server: Invalid class name repositorytop
> Jan 26 20:01:19 idm1 server: at
com.netscape.cmscore.dbs.DBRegistry.createObject(DBRegistry.java:485)
> Jan 26 20:01:19 idm1 server: at
com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:167)
> Jan 26 20:01:19 idm1 server: at
com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:137)
> Jan 26 20:01:19 idm1 server: at
com.netscape.cmscore.dbs.Repository.getSerialNumber(Repository.java:125)
> Jan 26 20:01:19 idm1 server: at
com.netscape.cmscore.dbs.Repository.initCache(Repository.java:244)
> Jan 26 20:01:19 idm1 server: at
com.netscape.cmscore.dbs.Repository.checkRanges(Repository.java:460)
> Jan 26 20:01:19 idm1 server: at
com.netscape.cmscore.apps.CMSEngine.startup(CMSEngine.java:1378)
> Jan 26 20:01:19 idm1 server: at com.netscape.certsrv.apps.CMS.startup(CMS.java:202)
> Jan 26 20:01:19 idm1 server: at com.netscape.certsrv.apps.CMS.start(CMS.java:1632)
> Jan 26 20:01:19 idm1 server: at
com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:117)
> Jan 26 20:01:19 idm1 server: at
javax.servlet.GenericServlet.init(GenericServlet.java:158)
> Jan 26 20:01:19 idm1 server: at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
> Jan 26 20:01:19 idm1 server: at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> Jan 26 20:01:19 idm1 server: at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> Jan 26 20:01:19 idm1 server: at java.lang.reflect.Method.invoke(Method.java:498)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
> Jan 26 20:01:19 idm1 server: at java.security.AccessController.doPrivileged(Native
Method)
> Jan 26 20:01:19 idm1 server: at
javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1257)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1182)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1072)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5368)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5660)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
> Jan 26 20:01:19 idm1 server: at java.security.AccessController.doPrivileged(Native
Method)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
> Jan 26 20:01:19 idm1 server: at
org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
> Jan 26 20:01:19 idm1 server: at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> Jan 26 20:01:19 idm1 server: at
java.util.concurrent.FutureTask.run(FutureTask.java:266)
> Jan 26 20:01:19 idm1 server: at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> Jan 26 20:01:19 idm1 server: at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> Jan 26 20:01:19 idm1 server: at java.lang.Thread.run(Thread.java:748)
> Jan 26 20:01:19 idm1 server: Jan 26, 2018 8:01:19 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:01:19 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ca.xml has finished in 6,698 ms
> Jan 26 20:01:19 idm1 server: Jan 26, 2018 8:01:19 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:01:19 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml
> Jan 26 20:01:20 idm1 server: Jan 26, 2018 8:01:20 PM
org.apache.catalina.startup.TldConfig execute
> Jan 26 20:01:20 idm1 server: INFO: At least one JAR was scanned for TLDs yet
contained no TLDs. Enable debug logging for this logger for a complete list of JARs that
were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can
improve startup time and JSP compilation time.
> Jan 26 20:01:20 idm1 server: Jan 26, 2018 8:01:20 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:01:20 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml has finished in 857 ms
> Jan 26 20:01:20 idm1 server: Jan 26, 2018 8:01:20 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:01:20 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki.xml
> Jan 26 20:01:21 idm1 server: Jan 26, 2018 8:01:21 PM
org.apache.catalina.startup.TldConfig execute
> Jan 26 20:01:21 idm1 server: INFO: At least one JAR was scanned for TLDs yet
contained no TLDs. Enable debug logging for this logger for a complete list of JARs that
were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can
improve startup time and JSP compilation time.
> Jan 26 20:01:21 idm1 server: Jan 26, 2018 8:01:21 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:01:21 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki.xml has finished in 1,161 ms
> Jan 26 20:01:21 idm1 server: Jan 26, 2018 8:01:21 PM
org.apache.coyote.AbstractProtocol start
> Jan 26 20:01:21 idm1 server: INFO: Starting ProtocolHandler
["http-bio-8080"]
> Jan 26 20:01:21 idm1 server: Jan 26, 2018 8:01:21 PM
org.apache.coyote.AbstractProtocol start
> Jan 26 20:01:21 idm1 server: INFO: Starting ProtocolHandler
["http-bio-8443"]
> Jan 26 20:01:21 idm1 server: Jan 26, 2018 8:01:21 PM
org.apache.coyote.AbstractProtocol start
> Jan 26 20:01:21 idm1 server: INFO: Starting ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> Jan 26 20:01:21 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_start]
> Jan 26 20:01:21 idm1 ntpd[15429]: 0.0.0.0 0613 03 spike_detect +416608.985992 s
> Jan 26 20:01:21 idm1 server: PKIListener: Subsystem CA is disabled.
> Jan 26 20:01:21 idm1 server: PKIListener: Check
/var/log/pki/pki-tomcat/ca/selftests.log for possible errors.
> Jan 26 20:01:21 idm1 server: PKIListener: To enable the subsystem:
> Jan 26 20:01:21 idm1 server: PKIListener: pki-server subsystem-enable -i pki-tomcat
ca
> Jan 26 20:01:21 idm1 server: Jan 26, 2018 8:01:21 PM
org.apache.catalina.startup.Catalina start
> Jan 26 20:01:21 idm1 server: INFO: Server startup in 8856 ms
> Jan 26 20:01:23 idm1 ns-slapd: [26/Jan/2018:20:01:23.234040056 +0100] - WARN -
csngen_new_csn - Too much time skew (-416535 secs). Current seqnum=c
> Jan 26 20:01:31 idm1 ns-slapd: [26/Jan/2018:20:01:31.761653163 +0100] - WARN -
csngen_new_csn - Too much time skew (-416527 secs). Current seqnum=d
> Jan 26 20:01:31 idm1 ns-slapd: [26/Jan/2018:20:01:31.782442210 +0100] - WARN -
csngen_new_csn - Too much time skew (-416528 secs). Current seqnum=e
> Jan 26 20:01:31 idm1 server: Jan 26, 2018 8:01:31 PM
org.apache.catalina.startup.HostConfig undeploy
> Jan 26 20:01:31 idm1 server: INFO: Undeploying context [/ca]
> Jan 26 20:01:31 idm1 server: SSLAuthenticatorWithFallback: Stopping authenticators
> Jan 26 20:01:31 idm1 server: Jan 26, 2018 8:01:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:01:31 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [LDAPConnThread-0ldaps://idm1.XXXkd.fau.de:636] but has failed to
stop it. This is very likely to create a memory leak.
> Jan 26 20:01:31 idm1 server: Jan 26, 2018 8:01:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:01:31 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [LDAPConnThread-2ldaps://idm1.XXXkd.fau.de:636] but has failed to
stop it. This is very likely to create a memory leak.
> Jan 26 20:01:31 idm1 server: Jan 26, 2018 8:01:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:01:31 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [authorityMonitor] but has failed to stop it. This is very likely
to create a memory leak.
> Jan 26 20:01:31 idm1 server: Jan 26, 2018 8:01:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:01:31 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [LDAPConnThread-3ldaps://idm1.XXXkd.fau.de:636] but has failed to
stop it. This is very likely to create a memory leak.
> Jan 26 20:01:31 idm1 server: Jan 26, 2018 8:01:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:01:31 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [profileChangeMonitor] but has failed to stop it. This is very
likely to create a memory leak.
> Jan 26 20:01:31 idm1 server: SSLAuthenticatorWithFallback: Setting container
> Jan 26 20:01:32 idm1 ns-slapd: [26/Jan/2018:20:01:32.298667463 +0100] - WARN -
csngen_new_csn - Too much time skew (-416529 secs). Current seqnum=f
> Jan 26 20:01:32 idm1 ns-slapd: [26/Jan/2018:20:01:32.678832654 +0100] - WARN -
csngen_new_csn - Too much time skew (-416530 secs). Current seqnum=10
> Jan 26 20:01:33 idm1 ns-slapd: [26/Jan/2018:20:01:33.028623160 +0100] - WARN -
csngen_new_csn - Too much time skew (-416530 secs). Current seqnum=11
> Jan 26 20:01:33 idm1 ns-slapd: [26/Jan/2018:20:01:33.048763804 +0100] - WARN -
csngen_new_csn - Too much time skew (-416531 secs). Current seqnum=12
> Jan 26 20:01:47 idm1 ns-slapd: [26/Jan/2018:20:01:47.701332510 +0100] - WARN -
csngen_new_csn - Too much time skew (-416517 secs). Current seqnum=13
> Jan 26 20:02:04 idm1 ns-slapd: [26/Jan/2018:20:02:04.380427048 +0100] - WARN -
csngen_new_csn - Too much time skew (-416502 secs). Current seqnum=14
> Jan 26 20:02:04 idm1 ns-slapd: [26/Jan/2018:20:02:04.405310477 +0100] - WARN -
csngen_new_csn - Too much time skew (-416503 secs). Current seqnum=15
> Jan 26 20:02:34 idm1 ns-slapd: [26/Jan/2018:20:02:34.796622396 +0100] - WARN -
csngen_new_csn - Too much time skew (-416473 secs). Current seqnum=16
> Jan 26 20:02:37 idm1 ns-slapd: [26/Jan/2018:20:02:37.454779669 +0100] - WARN -
csngen_new_csn - Too much time skew (-416472 secs). Current seqnum=17
> Jan 26 20:02:37 idm1 ns-slapd: [26/Jan/2018:20:02:37.476249201 +0100] - WARN -
csngen_new_csn - Too much time skew (-416473 secs). Current seqnum=18
> Jan 26 20:02:37 idm1 ns-slapd: [26/Jan/2018:20:02:37.517017269 +0100] - WARN -
csngen_new_csn - Too much time skew (-416474 secs). Current seqnum=19
> Jan 26 20:02:37 idm1 ns-slapd: [26/Jan/2018:20:02:37.539991754 +0100] - WARN -
csngen_new_csn - Too much time skew (-416475 secs). Current seqnum=1a
> Jan 26 20:02:48 idm1 systemd: Stopping Network Time Service...
> Jan 26 20:02:48 idm1 ntpd[15429]: ntpd exiting on signal 15
> Jan 26 20:02:48 idm1 systemd: Stopped Network Time Service.
> Jan 26 20:03:01 idm1 ns-slapd: [26/Jan/2018:20:03:01.034768459 +0100] - WARN -
csngen_new_csn - Too much time skew (-416452 secs). Current seqnum=1b
> Jan 26 20:03:01 idm1 ns-slapd: [26/Jan/2018:20:03:01.055043214 +0100] - WARN -
csngen_new_csn - Too much time skew (-416453 secs). Current seqnum=1c
> Jan 26 20:03:03 idm1 ns-slapd: [26/Jan/2018:20:03:03.375580834 +0100] - WARN -
csngen_new_csn - Too much time skew (-416452 secs). Current seqnum=1d
> Jan 26 20:03:03 idm1 ns-slapd: [26/Jan/2018:20:03:03.399395635 +0100] - WARN -
csngen_new_csn - Too much time skew (-416453 secs). Current seqnum=1e
> Jan 26 20:03:10 idm1 ns-slapd: [26/Jan/2018:20:03:10.279455298 +0100] - WARN -
csngen_new_csn - Too much time skew (-416447 secs). Current seqnum=1f
> Jan 26 20:03:10 idm1 ns-slapd: [26/Jan/2018:20:03:10.320874031 +0100] - WARN -
csngen_new_csn - Too much time skew (-416448 secs). Current seqnum=20
> Jan 26 20:03:45 idm1 systemd: Stopping Certificate monitoring and PKI enrollment...
> Jan 26 20:03:45 idm1 systemd: Stopped Certificate monitoring and PKI enrollment.
> Jan 26 20:03:56 idm1 systemd: Starting Certificate monitoring and PKI enrollment...
> Jan 26 20:03:57 idm1 systemd: Started Certificate monitoring and PKI enrollment.
> Jan 26 20:03:58 idm1 ns-slapd: [26/Jan/2018:20:03:58.111287110 +0100] - WARN -
csngen_new_csn - Too much time skew (-416401 secs). Current seqnum=21
> Jan 26 20:03:58 idm1 ns-slapd: [26/Jan/2018:20:03:58.390628999 +0100] - WARN -
csngen_new_csn - Too much time skew (-416402 secs). Current seqnum=22
> Jan 26 20:03:59 idm1 certmonger: Certificate named "ocspSigningCert
cert-pki-ca" in token "NSS Certificate DB" in database
"/etc/pki/pki-tomcat/alias" will not be valid after 20180129120044.
> Jan 26 20:03:59 idm1 certmonger: Certificate named "subsystemCert
cert-pki-ca" in token "NSS Certificate DB" in database
"/etc/pki/pki-tomcat/alias" will not be valid after 20180129120044.
> Jan 26 20:03:59 idm1 certmonger: Certificate in file
"/var/lib/ipa/ra-agent.pem" will not be valid after 20180129120111.
> Jan 26 20:04:01 idm1 ns-slapd: [26/Jan/2018:20:04:01.082324882 +0100] - WARN -
csngen_new_csn - Too much time skew (-416400 secs). Current seqnum=23
> Jan 26 20:04:06 idm1 ns-slapd: [26/Jan/2018:20:04:06.245845741 +0100] - WARN -
csngen_new_csn - Too much time skew (-416396 secs). Current seqnum=24
> Jan 26 20:04:17 idm1 ns-slapd: [26/Jan/2018:20:04:17.377907663 +0100] - WARN -
csngen_new_csn - Too much time skew (-416385 secs). Current seqnum=25
> Jan 26 20:04:32 idm1 ns-slapd: [26/Jan/2018:20:04:32.296003137 +0100] - WARN -
csngen_new_csn - Too much time skew (-416372 secs). Current seqnum=26
> Jan 26 20:04:32 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request to
dogtag-ipa-renew-agent
> Jan 26 20:04:32 idm1 dogtag-ipa-ca-renew-agent-submit: dogtag-ipa-renew-agent
returned 2
> Jan 26 20:04:42 idm1 ns-slapd: [26/Jan/2018:20:04:42.139493501 +0100] - WARN -
csngen_new_csn - Too much time skew (-416363 secs). Current seqnum=27
> Jan 26 20:04:42 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request to
dogtag-ipa-renew-agent
> Jan 26 20:04:42 idm1 dogtag-ipa-ca-renew-agent-submit: dogtag-ipa-renew-agent
returned 2
> Jan 26 20:04:52 idm1 ns-slapd: [26/Jan/2018:20:04:52.130303926 +0100] - WARN -
csngen_new_csn - Too much time skew (-416354 secs). Current seqnum=28
> Jan 26 20:04:52 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request to
dogtag-ipa-renew-agent
> Jan 26 20:04:52 idm1 dogtag-ipa-ca-renew-agent-submit: dogtag-ipa-renew-agent
returned 2
> Jan 26 20:05:15 idm1 systemd: Reloading.
> Jan 26 20:05:16 idm1 systemd: [/usr/lib/systemd/system/ip6tables.service:3] Failed to
add dependency on syslog.target,iptables.service, ignoring: Invalid argument
> Jan 26 20:06:08 idm1 ns-slapd: [26/Jan/2018:20:06:08.075349646 +0100] - WARN -
csngen_new_csn - Too much time skew (-416279 secs). Current seqnum=29
> Jan 26 20:06:08 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request to
dogtag-ipa-renew-agent
> Jan 26 20:06:08 idm1 dogtag-ipa-ca-renew-agent-submit: dogtag-ipa-renew-agent
returned 2
> Jan 26 20:06:10 idm1 systemd: Stopping Kerberos 5 KDC...
> Jan 26 20:06:10 idm1 systemd: Stopped Kerberos 5 KDC.
> Jan 26 20:06:10 idm1 systemd: Stopping Kerberos 5 Password-changing and
Administration...
> Jan 26 20:06:10 idm1 systemd: kadmin.service: main process exited, code=exited,
status=2/INVALIDARGUMENT
> Jan 26 20:06:10 idm1 systemd: Stopped Kerberos 5 Password-changing and
Administration.
> Jan 26 20:06:10 idm1 systemd: Unit kadmin.service entered failed state.
> Jan 26 20:06:10 idm1 systemd: kadmin.service failed.
> Jan 26 20:06:10 idm1 systemd: Stopping The Apache HTTP Server...
> Jan 26 20:06:43 idm1 systemd: Stopped The Apache HTTP Server.
> Jan 26 20:06:44 idm1 systemd: Stopping IPA Custodia Service...
> Jan 26 20:06:44 idm1 systemd: Stopped IPA Custodia Service.
> Jan 26 20:06:44 idm1 systemd: Stopped target PKI Tomcat Server.
> Jan 26 20:06:44 idm1 systemd: Stopping PKI Tomcat Server.
> Jan 26 20:06:44 idm1 systemd: Stopping PKI Tomcat Server pki-tomcat...
> Jan 26 20:06:44 idm1 systemd: Stopping Samba SMB Daemon...
> Jan 26 20:06:44 idm1 smbd[28030]: [2018/01/26 20:06:44.275355, 0]
../source3/rpc_server/lsasd.c:139(lsasd_sig_term_handler)
> Jan 26 20:06:44 idm1 smbd[28030]: termination signal
> Jan 26 20:06:44 idm1 systemd: Stopped Samba SMB Daemon.
> Jan 26 20:06:44 idm1 systemd: Stopping Samba Winbind Daemon...
> Jan 26 20:06:44 idm1 winbindd[28044]: [2018/01/26 20:06:44.476018, 0]
../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
> Jan 26 20:06:44 idm1 winbindd[28044]: Got sig[15] terminate (is_parent=1)
> Jan 26 20:06:44 idm1 server: Java virtual machine used:
/usr/lib/jvm/jre-1.8.0-openjdk/bin/java
> Jan 26 20:06:44 idm1 server: classpath used:
/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
> Jan 26 20:06:44 idm1 server: main class used: org.apache.catalina.startup.Bootstrap
> Jan 26 20:06:44 idm1 server: flags used: -DRESTEASY_LIB=/usr/share/java/resteasy-base
-Djava.library.path=/usr/lib64/nuxwdog-jni
> Jan 26 20:06:44 idm1 server: options used: -Dcatalina.base=/var/lib/pki/pki-tomcat
-Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs=
-Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> Jan 26 20:06:44 idm1 server: arguments used: stop
> Jan 26 20:06:44 idm1 winbindd[28045]: [2018/01/26 20:06:44.508730, 0]
../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
> Jan 26 20:06:44 idm1 systemd: Stopped Samba Winbind Daemon.
> Jan 26 20:06:44 idm1 winbindd[28045]: Got sig[15] terminate (is_parent=0)
> Jan 26 20:06:44 idm1 systemd: Closed ipa-otpd socket.
> Jan 26 20:06:44 idm1 systemd: Stopping ipa-otpd socket.
> Jan 26 20:06:44 idm1 systemd: Stopping 389 Directory Server XXXKD-FAU-DE....
> Jan 26 20:06:44 idm1 ns-slapd: [26/Jan/2018:20:06:44.721155688 +0100] - INFO -
op_thread_cleanup - slapd shutting down - signaling operation threads - op stack size 5
max work q size 2 max work q stack size 2
> Jan 26 20:06:44 idm1 ns-slapd: [26/Jan/2018:20:06:44.735943820 +0100] - INFO -
slapd_daemon - slapd shutting down - waiting for 18 threads to terminate
> Jan 26 20:06:44 idm1 ns-slapd: [26/Jan/2018:20:06:44.825965094 +0100] - INFO -
slapd_daemon - slapd shutting down - closing down internal subsystems and plugins
> Jan 26 20:06:45 idm1 ns-slapd: [26/Jan/2018:20:06:45.381054379 +0100] - INFO -
dblayer_pre_close - Waiting for 4 database threads to stop
> Jan 26 20:06:45 idm1 ns-slapd: [26/Jan/2018:20:06:45.927329520 +0100] - INFO -
dblayer_pre_close - All database threads now stopped
> Jan 26 20:06:46 idm1 ns-slapd: [26/Jan/2018:20:06:46.117991206 +0100] - INFO -
ldbm_back_instance_set_destructor - Set of instances destroyed
> Jan 26 20:06:46 idm1 ns-slapd: [26/Jan/2018:20:06:46.172299744 +0100] - INFO -
connection_post_shutdown_cleanup - slapd shutting down - freed 2 work q stack objects -
freed 7 op stack objects
> Jan 26 20:06:46 idm1 server: Jan 26, 2018 8:06:46 PM
org.apache.catalina.startup.ClassLoaderFactory validateFile
> Jan 26 20:06:46 idm1 server: WARNING: Problem with JAR file
[/usr/share/pki/server/common/lib/symkey.jar], exists: [false], canRead: [false]
> Jan 26 20:06:46 idm1 ns-slapd: [26/Jan/2018:20:06:46.752180768 +0100] - INFO - main -
slapd stopped.
> Jan 26 20:06:47 idm1 systemd: Stopped 389 Directory Server XXXKD-FAU-DE..
> Jan 26 20:06:47 idm1 server: Jan 26, 2018 8:06:47 PM
org.apache.catalina.core.StandardServer await
> Jan 26 20:06:47 idm1 server: INFO: A valid shutdown command was received via the
shutdown port. Stopping the Server instance.
> Jan 26 20:06:47 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_stop]
> Jan 26 20:06:47 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[stop]
> Jan 26 20:06:47 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[configure_stop]
> Jan 26 20:06:47 idm1 server: Jan 26, 2018 8:06:47 PM
org.apache.coyote.AbstractProtocol pause
> Jan 26 20:06:47 idm1 server: INFO: Pausing ProtocolHandler
["http-bio-8080"]
> Jan 26 20:06:47 idm1 server: Jan 26, 2018 8:06:47 PM
org.apache.coyote.AbstractProtocol pause
> Jan 26 20:06:47 idm1 server: INFO: Pausing ProtocolHandler
["http-bio-8443"]
> Jan 26 20:06:48 idm1 server: Jan 26, 2018 8:06:48 PM
org.apache.coyote.AbstractProtocol pause
> Jan 26 20:06:48 idm1 server: INFO: Pausing ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> Jan 26 20:06:48 idm1 systemd: Stopped PKI Tomcat Server pki-tomcat.
> Jan 26 20:07:15 idm1 systemd: Starting 389 Directory Server XXXKD-FAU-DE....
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.478325959 +0100] - WARN -
Security Initialization - SSL alert: Sending pin request to SVRCore. You may need to run
systemd-tty-ask-password-agent to provide the password.
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.480593865 +0100] - INFO -
Security Initialization - SSL info: Enabling default cipher set.
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.481219973 +0100] - INFO -
Security Initialization - SSL info: Configured NSS Ciphers
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.481824600 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.482318301 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.482871806 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.483404678 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.483877775 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.484356724 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.485086617 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.485626013 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.486222706 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.486720917 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.487170422 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.487651590 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.488120831 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.488616154 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.489101124 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.489614588 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.490132278 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.490638790 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.491050535 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.491551374 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.491963122 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.492404036 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.492844912 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.493331259 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.493865506 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.494373239 +0100] - INFO -
Security Initialization - SSL info: #011TLS_AES_128_GCM_SHA256: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.494856356 +0100] - INFO -
Security Initialization - SSL info: #011TLS_CHACHA20_POLY1305_SHA256: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.495379801 +0100] - INFO -
Security Initialization - SSL info: #011TLS_AES_256_GCM_SHA384: enabled
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.504713771 +0100] - INFO -
Security Initialization - slapd_ssl_init2 - Configured SSL version range: min: TLS1.0,
max: TLS1.2
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.505720965 +0100] - INFO - main -
389-Directory/1.3.6.1 B2018.025.1550 starting up
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.519359109 +0100] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.522754168 +0100] - WARN -
default_mr_indexer_create - Plugin [caseIgnoreIA5Match] does not handle caseExactIA5Match
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.527038258 +0100] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.533380854 +0100] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.539571019 +0100] - NOTICE -
ldbm_back_start - found 1532164k physical memory
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.540267898 +0100] - NOTICE -
ldbm_back_start - found 1210532k available
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.540903052 +0100] - NOTICE -
ldbm_back_start - cache autosizing: db cache: 61286k
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.541531113 +0100] - NOTICE -
ldbm_back_start - cache autosizing: userRoot entry cache (3 total): 65536k
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.543313364 +0100] - NOTICE -
ldbm_back_start - cache autosizing: ipaca entry cache (3 total): 65536k
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.544960676 +0100] - NOTICE -
ldbm_back_start - cache autosizing: changelog entry cache (3 total): 65536k
> Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.546649579 +0100] - NOTICE -
ldbm_back_start - total cache size: 282989821 B;
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.188126082 +0100] - ERR -
schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 seconds after
the server startup!
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.254545220 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.255636672 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=keys,cn=sec,cn=dns,dc=XXXkd,dc=fau,dc=de does
not exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.256464414 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.257250650 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.258164746 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=XXXkd,dc=fau,dc=de does
not exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.258863403 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=XXXkd,dc=fau,dc=de does
not exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.259511799 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.260127161 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.260803146 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.261498596 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.262204544 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.262929674 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.263636127 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.264272729 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.265176992 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.265924764 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.266565141 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.267196538 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.267799261 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.268432799 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.269320406 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.277180952 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.277931491 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.394597339 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=automember rebuild
membership,cn=tasks,cn=config does not exist
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.397664334 +0100] - ERR -
auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule (invalid
regex). Error "nothing to repeat".
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.398357312 +0100] - ERR -
auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule (invalid
regex). Error "nothing to repeat".
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.398994945 +0100] - ERR -
auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule (invalid
regex). Error "nothing to repeat".
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.437779220 +0100] - ERR -
set_krb5_creds - Could not get initial credentials for principal
[ldap/idm1.XXXkd.fau.de(a)XXXKD.FAU.DE] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228
(Cannot contact any KDC for requested realm)
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.450559118 +0100] - ERR -
schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds!
> Jan 26 20:07:17 idm1 ns-slapd: GSSAPI Error: Unspecified GSS failure. Minor code may
provide more information (No Kerberos credentials available (default cache:
/tmp/krb5cc_993))
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.457942893 +0100] - INFO -
slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.459144092 +0100] - INFO -
slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests
> Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.460493541 +0100] - INFO -
slapd_daemon - Listening on /var/run/slapd-XXXKD-FAU-DE.socket for LDAPI requests
> Jan 26 20:07:17 idm1 systemd: Started 389 Directory Server XXXKD-FAU-DE..
> Jan 26 20:07:17 idm1 systemd: Starting Kerberos 5 KDC...
> Jan 26 20:07:18 idm1 systemd: PID file /var/run/krb5kdc.pid not readable (yet?) after
start.
> Jan 26 20:07:18 idm1 systemd: Started Kerberos 5 KDC.
> Jan 26 20:07:18 idm1 systemd: Starting Kerberos 5 Password-changing and
Administration...
> Jan 26 20:07:18 idm1 systemd: Started Kerberos 5 Password-changing and
Administration.
> Jan 26 20:07:18 idm1 systemd: Starting The Apache HTTP Server...
> Jan 26 20:07:18 idm1 ipa-httpd-kdcproxy: ipa : INFO KDC proxy enabled
> Jan 26 20:07:19 idm1 systemd: Started The Apache HTTP Server.
> Jan 26 20:07:19 idm1 systemd: Starting IPA Custodia Service...
> Jan 26 20:07:20 idm1 ipa-custodia: 2018-01-26 20:07:20 - server
- Serving on Unix socket /run/httpd/ipa-custodia.sock
> Jan 26 20:07:20 idm1 systemd: Started IPA Custodia Service.
> Jan 26 20:07:20 idm1 ns-slapd: [26/Jan/2018:20:07:20.562156820 +0100] - WARN -
csngen_new_csn - Too much time skew (-416207 secs). Current seqnum=2a
> Jan 26 20:07:20 idm1 systemd: Starting Network Time Service...
> Jan 26 20:07:20 idm1 ns-slapd: [26/Jan/2018:20:07:20.753895497 +0100] - ERR -
NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=meToidm2.XXXkd.fau.de"
(idm2:389) - Replication bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials)
()
> Jan 26 20:07:20 idm1 ntpd[16369]: ntpd4.2.6p5(a)1.2349-o Wed Apr 12 21:24:06 UTC 2017
(1)
> Jan 26 20:07:20 idm1 systemd: Started Network Time Service.
> Jan 26 20:07:20 idm1 ntpd[16370]: proto: precision = 0.087 usec
> Jan 26 20:07:20 idm1 ntpd[16370]: 0.0.0.0 c01d 0d kern kernel time sync enabled
> Jan 26 20:07:20 idm1 ntpd[16370]: getaddrinfo: "2001:638:a000:b201::/64"
invalid host address, ignored
> Jan 26 20:07:20 idm1 ntpd[16370]: restrict: error in address
'2001:638:a000:b201::/64' on line 21. Ignoring...
> Jan 26 20:07:20 idm1 ntpd[16370]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
> Jan 26 20:07:20 idm1 systemd: Starting PKI Tomcat Server pki-tomcat...
> Jan 26 20:07:20 idm1 ntpd[16370]: Listen and drop on 1 v6wildcard :: UDP 123
> Jan 26 20:07:20 idm1 ntpd[16370]: Listen normally on 2 lo 127.0.0.1 UDP 123
> Jan 26 20:07:20 idm1 ntpd[16370]: Listen normally on 3 eth0 10.188.220.100 UDP 123
> Jan 26 20:07:20 idm1 ntpd[16370]: Listen normally on 4 lo ::1 UDP 123
> Jan 26 20:07:20 idm1 ntpd[16370]: Listen normally on 5 eth0 fe80::5054:ff:fe4e:b270
UDP 123
> Jan 26 20:07:20 idm1 ntpd[16370]: Listen normally on 6 eth0
2001:638:a000:b201::220:100 UDP 123
> Jan 26 20:07:20 idm1 ntpd[16370]: Listening on routing socket on fd #23 for interface
updates
> Jan 26 20:07:20 idm1 ntpd[16370]: 0.0.0.0 c016 06 restart
> Jan 26 20:07:20 idm1 ntpd[16370]: 0.0.0.0 c012 02 freq_set ntpd -11.506 PPM
> Jan 26 20:07:23 idm1 ns-slapd: [26/Jan/2018:20:07:23.040493392 +0100] - ERR -
schema-compat-plugin - Finished plugin initialization.
> Jan 26 20:07:23 idm1 pkidaemon: -----------------------
> Jan 26 20:07:23 idm1 pkidaemon: Banner is not installed
> Jan 26 20:07:23 idm1 pkidaemon: -----------------------
> Jan 26 20:07:23 idm1 pkidaemon: ----------------------
> Jan 26 20:07:23 idm1 pkidaemon: Enabled all subsystems
> Jan 26 20:07:23 idm1 pkidaemon: ----------------------
> Jan 26 20:07:23 idm1 systemd: Started PKI Tomcat Server pki-tomcat.
> Jan 26 20:07:23 idm1 systemd: Reached target PKI Tomcat Server.
> Jan 26 20:07:23 idm1 systemd: Starting PKI Tomcat Server.
> Jan 26 20:07:23 idm1 server: Java virtual machine used:
/usr/lib/jvm/jre-1.8.0-openjdk/bin/java
> Jan 26 20:07:23 idm1 server: classpath used:
/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
> Jan 26 20:07:23 idm1 server: main class used: org.apache.catalina.startup.Bootstrap
> Jan 26 20:07:23 idm1 server: flags used: -DRESTEASY_LIB=/usr/share/java/resteasy-base
-Djava.library.path=/usr/lib64/nuxwdog-jni
> Jan 26 20:07:23 idm1 server: options used: -Dcatalina.base=/var/lib/pki/pki-tomcat
-Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs=
-Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.security.manager
-Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy
> Jan 26 20:07:23 idm1 server: arguments used: start
> Jan 26 20:07:23 idm1 server: Jan 26, 2018 8:07:23 PM
org.apache.catalina.startup.ClassLoaderFactory validateFile
> Jan 26 20:07:23 idm1 server: WARNING: Problem with JAR file
[/usr/share/pki/server/common/lib/symkey.jar], exists: [false], canRead: [false]
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'enableOCSP' to
'false' did not find a matching property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspResponderURL' to 'http://idm1.XXXkd.fau.de:9080/ca/ocsp' did not find
a matching property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspResponderCertNickname' to 'ocspSigningCert cert-pki-ca' did not find
a matching property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspCacheSize'
to '1000' did not find a matching property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMinCacheEntryDuration' to '60' did not find a matching property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMaxCacheEntryDuration' to '120' did not find a matching property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspTimeout' to
'10' did not find a matching property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'strictCiphers'
to 'true' did not find a matching property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'sslOptions' to
'ssl2=false,ssl3=false,tls=true' did not find a matching property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ssl2Ciphers' to
'-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5'
did not find a matching property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ssl3Ciphers' to
'-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'tlsCiphers' to
'-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_DSS_WITH_AES_128_CBC_SHA,+TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslVersionRangeStream' to 'tls1_0:tls1_2' did not find a matching
property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslVersionRangeDatagram' to 'tls1_1:tls1_2' did not find a matching
property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslRangeCiphers' to
'-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,+TLS_RSA_WITH_AES_128_CBC_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA256,+TLS_RSA_WITH_AES_128_GCM_SHA256,+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256'
did not find a matching property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'serverCertNickFile' to '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf'
did not find a matching property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'passwordFile'
to '/var/lib/pki/pki-tomcat/conf/password.conf' did not find a matching property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'passwordClass'
to 'org.apache.tomcat.util.net.jss.PlainPasswordFile' did not find a matching
property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'certdbDir' to
'/var/lib/pki/pki-tomcat/alias' did not find a matching property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.tomcat.util.digester.SetPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING: [SetPropertiesRule]{Server/Service/Engine/Host}
Setting property 'xmlValidation' to 'false' did not find a matching
property.
> Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.tomcat.util.digester.SetPropertiesRule begin
> Jan 26 20:07:24 idm1 server: WARNING: [SetPropertiesRule]{Server/Service/Engine/Host}
Setting property 'xmlNamespaceAware' to 'false' did not find a matching
property.
> Jan 26 20:07:24 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_init]
> Jan 26 20:07:25 idm1 server: Jan 26, 2018 8:07:25 PM
org.apache.coyote.AbstractProtocol init
> Jan 26 20:07:25 idm1 server: INFO: Initializing ProtocolHandler
["http-bio-8080"]
> Jan 26 20:07:25 idm1 server: Jan 26, 2018 8:07:25 PM
org.apache.coyote.AbstractProtocol init
> Jan 26 20:07:25 idm1 server: INFO: Initializing ProtocolHandler
["http-bio-8443"]
> Jan 26 20:07:25 idm1 server: Error: SSL cipher
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" not recognized by tomcatjss
> Jan 26 20:07:25 idm1 server: Error: SSL cipher
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" not recognized by tomcatjss
> Jan 26 20:07:25 idm1 server: Jan 26, 2018 8:07:25 PM
org.apache.coyote.AbstractProtocol init
> Jan 26 20:07:25 idm1 server: INFO: Initializing ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> Jan 26 20:07:25 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_init]
> Jan 26 20:07:25 idm1 server: Jan 26, 2018 8:07:25 PM
org.apache.catalina.startup.Catalina load
> Jan 26 20:07:25 idm1 server: INFO: Initialization processed in 1535 ms
> Jan 26 20:07:25 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_start]
> Jan 26 20:07:25 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[configure_start]
> Jan 26 20:07:25 idm1 ntpd[16370]: 0.0.0.0 c515 05 clock_sync
> Jan 26 20:07:25 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[start]
> Jan 26 20:07:25 idm1 server: Jan 26, 2018 8:07:25 PM
org.apache.catalina.core.StandardService startInternal
> Jan 26 20:07:25 idm1 server: INFO: Starting service Catalina
> Jan 26 20:07:25 idm1 server: Jan 26, 2018 8:07:25 PM
org.apache.catalina.core.StandardEngine startInternal
> Jan 26 20:07:25 idm1 server: INFO: Starting Servlet Engine: Apache Tomcat/7.0.76
> Jan 26 20:07:25 idm1 server: Jan 26, 2018 8:07:25 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:07:25 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ca.xml
> Jan 26 20:07:25 idm1 server: SSLAuthenticatorWithFallback: Creating SSL authenticator
with fallback
> Jan 26 20:07:25 idm1 server: SSLAuthenticatorWithFallback: Setting container
> Jan 26 20:07:26 idm1 ns-slapd: [26/Jan/2018:20:07:26.811402672 +0100] - WARN -
csngen_new_csn - Too much time skew (-416202 secs). Current seqnum=2b
> Jan 26 20:07:27 idm1 server: Jan 26, 2018 8:07:27 PM
org.apache.catalina.startup.TldConfig execute
> Jan 26 20:07:27 idm1 server: INFO: At least one JAR was scanned for TLDs yet
contained no TLDs. Enable debug logging for this logger for a complete list of JARs that
were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can
improve startup time and JSP compilation time.
> Jan 26 20:07:27 idm1 server: SSLAuthenticatorWithFallback: Initializing
authenticators
> Jan 26 20:07:27 idm1 server: SSLAuthenticatorWithFallback: Starting authenticators
> Jan 26 20:07:28 idm1 server: CMSEngine.initializePasswordStore() begins
> Jan 26 20:07:28 idm1 server: CMSEngine.initializePasswordStore(): tag=internaldb
> Jan 26 20:07:28 idm1 server: CMSEngine.initializePasswordStore(): tag=replicationdb
> Jan 26 20:07:30 idm1 server: SelfTestSubsystem: Disabling "ca" subsystem
due to selftest failure.
> Jan 26 20:07:31 idm1 server: -----------------------
> Jan 26 20:07:31 idm1 server: Disabled "ca" subsystem
> Jan 26 20:07:31 idm1 server: -----------------------
> Jan 26 20:07:31 idm1 server: Subsystem ID: ca
> Jan 26 20:07:31 idm1 server: Instance ID: pki-tomcat
> Jan 26 20:07:31 idm1 server: Enabled: False
> Jan 26 20:07:31 idm1 server: Invalid class name repositorytop
> Jan 26 20:07:31 idm1 server: Invalid class name repositorytop
> Jan 26 20:07:31 idm1 server: at
com.netscape.cmscore.dbs.DBRegistry.createObject(DBRegistry.java:485)
> Jan 26 20:07:31 idm1 server: at
com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:167)
> Jan 26 20:07:31 idm1 server: at
com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:137)
> Jan 26 20:07:31 idm1 server: at
com.netscape.cmscore.dbs.Repository.getSerialNumber(Repository.java:125)
> Jan 26 20:07:31 idm1 server: at
com.netscape.cmscore.dbs.Repository.initCache(Repository.java:244)
> Jan 26 20:07:31 idm1 server: at
com.netscape.cmscore.dbs.Repository.checkRanges(Repository.java:460)
> Jan 26 20:07:31 idm1 server: at
com.netscape.cmscore.apps.CMSEngine.startup(CMSEngine.java:1378)
> Jan 26 20:07:31 idm1 server: at com.netscape.certsrv.apps.CMS.startup(CMS.java:202)
> Jan 26 20:07:31 idm1 server: at com.netscape.certsrv.apps.CMS.start(CMS.java:1632)
> Jan 26 20:07:31 idm1 server: at
com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:117)
> Jan 26 20:07:31 idm1 server: at
javax.servlet.GenericServlet.init(GenericServlet.java:158)
> Jan 26 20:07:31 idm1 server: at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
> Jan 26 20:07:31 idm1 server: at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> Jan 26 20:07:31 idm1 server: at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> Jan 26 20:07:31 idm1 server: at java.lang.reflect.Method.invoke(Method.java:498)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
> Jan 26 20:07:31 idm1 server: at java.security.AccessController.doPrivileged(Native
Method)
> Jan 26 20:07:31 idm1 server: at
javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1257)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1182)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1072)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5368)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5660)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
> Jan 26 20:07:31 idm1 server: at java.security.AccessController.doPrivileged(Native
Method)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
> Jan 26 20:07:31 idm1 server: at
org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
> Jan 26 20:07:31 idm1 server: at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> Jan 26 20:07:31 idm1 server: at
java.util.concurrent.FutureTask.run(FutureTask.java:266)
> Jan 26 20:07:31 idm1 server: at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> Jan 26 20:07:31 idm1 server: at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> Jan 26 20:07:31 idm1 server: at java.lang.Thread.run(Thread.java:748)
> Jan 26 20:07:31 idm1 server: Jan 26, 2018 8:07:31 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:07:31 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ca.xml has finished in 5,520 ms
> Jan 26 20:07:31 idm1 server: Jan 26, 2018 8:07:31 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:07:31 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml
> Jan 26 20:07:32 idm1 server: Jan 26, 2018 8:07:32 PM
org.apache.catalina.startup.TldConfig execute
> Jan 26 20:07:32 idm1 server: INFO: At least one JAR was scanned for TLDs yet
contained no TLDs. Enable debug logging for this logger for a complete list of JARs that
were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can
improve startup time and JSP compilation time.
> Jan 26 20:07:32 idm1 server: Jan 26, 2018 8:07:32 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:07:32 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml has finished in 790 ms
> Jan 26 20:07:32 idm1 server: Jan 26, 2018 8:07:32 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:07:32 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki.xml
> Jan 26 20:07:33 idm1 server: Jan 26, 2018 8:07:33 PM
org.apache.catalina.startup.TldConfig execute
> Jan 26 20:07:33 idm1 server: INFO: At least one JAR was scanned for TLDs yet
contained no TLDs. Enable debug logging for this logger for a complete list of JARs that
were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can
improve startup time and JSP compilation time.
> Jan 26 20:07:33 idm1 server: Jan 26, 2018 8:07:33 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:07:33 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki.xml has finished in 1,064 ms
> Jan 26 20:07:33 idm1 server: Jan 26, 2018 8:07:33 PM
org.apache.coyote.AbstractProtocol start
> Jan 26 20:07:33 idm1 server: INFO: Starting ProtocolHandler
["http-bio-8080"]
> Jan 26 20:07:33 idm1 server: Jan 26, 2018 8:07:33 PM
org.apache.coyote.AbstractProtocol start
> Jan 26 20:07:33 idm1 server: INFO: Starting ProtocolHandler
["http-bio-8443"]
> Jan 26 20:07:33 idm1 server: Jan 26, 2018 8:07:33 PM
org.apache.coyote.AbstractProtocol start
> Jan 26 20:07:33 idm1 server: INFO: Starting ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> Jan 26 20:07:33 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_start]
> Jan 26 20:07:33 idm1 server: PKIListener: Subsystem CA is disabled.
> Jan 26 20:07:33 idm1 server: PKIListener: Check
/var/log/pki/pki-tomcat/ca/selftests.log for possible errors.
> Jan 26 20:07:33 idm1 server: PKIListener: To enable the subsystem:
> Jan 26 20:07:33 idm1 server: PKIListener: pki-server subsystem-enable -i pki-tomcat
ca
> Jan 26 20:07:33 idm1 server: Jan 26, 2018 8:07:33 PM
org.apache.catalina.startup.Catalina start
> Jan 26 20:07:33 idm1 server: INFO: Server startup in 7515 ms
> Jan 26 20:07:39 idm1 ns-slapd: [26/Jan/2018:20:07:39.035843722 +0100] - WARN -
csngen_new_csn - Too much time skew (-416191 secs). Current seqnum=2c
> Jan 26 20:07:43 idm1 server: Jan 26, 2018 8:07:43 PM
org.apache.catalina.startup.HostConfig undeploy
> Jan 26 20:07:43 idm1 server: INFO: Undeploying context [/ca]
> Jan 26 20:07:43 idm1 server: SSLAuthenticatorWithFallback: Stopping authenticators
> Jan 26 20:07:43 idm1 server: Jan 26, 2018 8:07:43 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:07:43 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [LDAPConnThread-0ldaps://idm1.XXXkd.fau.de:636] but has failed to
stop it. This is very likely to create a memory leak.
> Jan 26 20:07:43 idm1 server: Jan 26, 2018 8:07:43 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:07:43 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [LDAPConnThread-2ldaps://idm1.XXXkd.fau.de:636] but has failed to
stop it. This is very likely to create a memory leak.
> Jan 26 20:07:43 idm1 server: Jan 26, 2018 8:07:43 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:07:43 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [authorityMonitor] but has failed to stop it. This is very likely
to create a memory leak.
> Jan 26 20:07:43 idm1 server: Jan 26, 2018 8:07:43 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:07:43 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [LDAPConnThread-3ldaps://idm1.XXXkd.fau.de:636] but has failed to
stop it. This is very likely to create a memory leak.
> Jan 26 20:07:43 idm1 server: Jan 26, 2018 8:07:43 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:07:43 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [profileChangeMonitor] but has failed to stop it. This is very
likely to create a memory leak.
> Jan 26 20:07:43 idm1 server: SSLAuthenticatorWithFallback: Setting container
> Jan 26 20:07:47 idm1 ns-slapd: [26/Jan/2018:20:07:47.844329850 +0100] - WARN -
csngen_new_csn - Too much time skew (-416183 secs). Current seqnum=2d
>
> Jan 26 20:08:09 idm1 ns-slapd: [26/Jan/2018:20:08:09.059172306 +0100] - WARN -
csngen_new_csn - Too much time skew (-416174 secs). Current seqnum=1
> Jan 26 20:08:27 idm1 ntpd[16370]: ntpd exiting on signal 15
> Jan 26 20:08:27 idm1 systemd: Stopping Network Time Service...
> Jan 26 20:08:27 idm1 systemd: Stopped Network Time Service.
> Jan 26 20:08:49 idm1 ns-slapd: [26/Jan/2018:20:08:49.052101605 +0100] - WARN -
csngen_new_csn - Too much time skew (-416135 secs). Current seqnum=1
> Jan 26 20:08:49 idm1 ns-slapd: [26/Jan/2018:20:08:49.075642776 +0100] - WARN -
csngen_new_csn - Too much time skew (-416136 secs). Current seqnum=1
> Jan 26 20:08:51 idm1 ns-slapd: [26/Jan/2018:20:08:51.298345097 +0100] - WARN -
csngen_new_csn - Too much time skew (-416135 secs). Current seqnum=1
> Jan 26 20:09:25 idm1 ns-slapd: [26/Jan/2018:20:09:25.093696262 +0100] - WARN -
csngen_new_csn - Too much time skew (-416102 secs). Current seqnum=1
> Jan 26 20:09:25 idm1 ns-slapd: [26/Jan/2018:20:09:25.115607333 +0100] - WARN -
csngen_new_csn - Too much time skew (-416103 secs). Current seqnum=1
> Jan 26 20:10:27 idm1 ns-slapd: [26/Jan/2018:20:10:27.371866302 +0100] - WARN -
csngen_new_csn - Too much time skew (-416042 secs). Current seqnum=1
> Jan 26 20:11:11 idm1 ns-slapd: [26/Jan/2018:20:11:11.185235999 +0100] - WARN -
csngen_new_csn - Too much time skew (-415999 secs). Current seqnum=1
> Jan 26 20:12:24 idm1 systemd: Starting Samba SMB Daemon...
> Jan 26 20:12:24 idm1 smbd[16684]: GSSAPI Error: Unspecified GSS failure. Minor code
may provide more information (Ticket not yet valid)
> Jan 26 20:12:24 idm1 ns-slapd: [26/Jan/2018:20:12:24.338023606 +0100] - WARN -
csngen_new_csn - Too much time skew (-415927 secs). Current seqnum=1
> Jan 26 20:12:24 idm1 ns-slapd: [26/Jan/2018:20:12:24.492918154 +0100] - WARN -
csngen_new_csn - Too much time skew (-415928 secs). Current seqnum=1
> Jan 26 20:12:24 idm1 smbd[16684]: [2018/01/26 20:12:24.644663, 0]
../lib/util/become_daemon.c:124(daemon_ready)
> Jan 26 20:12:24 idm1 systemd: Started Samba SMB Daemon.
> Jan 26 20:12:24 idm1 smbd[16684]: STATUS=daemon 'smbd' finished starting up
and ready to serve connections
> Jan 26 20:12:24 idm1 systemd: Starting Samba Winbind Daemon...
> Jan 26 20:12:24 idm1 winbindd[16702]: [2018/01/26 20:12:24.744499, 0]
../source3/winbindd/winbindd_cache.c:3171(initialize_winbindd_cache)
> Jan 26 20:12:24 idm1 systemd: winbind.service: Supervising process 16702 which is not
our child. We'll most likely not notice when it exits.
> Jan 26 20:12:24 idm1 winbindd[16702]: initialize_winbindd_cache: clearing cache and
re-creating with version number 2
> Jan 26 20:12:24 idm1 winbindd[16702]: [2018/01/26 20:12:24.788607, 0]
../lib/util/become_daemon.c:124(daemon_ready)
> Jan 26 20:12:24 idm1 systemd: Started Samba Winbind Daemon.
> Jan 26 20:12:24 idm1 winbindd[16702]: STATUS=daemon 'winbindd' finished
starting up and ready to serve connections
> Jan 26 20:12:24 idm1 systemd: Listening on ipa-otpd socket.
> Jan 26 20:12:24 idm1 systemd: Starting ipa-otpd socket.
> Jan 26 20:12:24 idm1 ns-slapd: [26/Jan/2018:20:12:24.835355417 +0100] - WARN -
csngen_new_csn - Too much time skew (-415928 secs). Current seqnum=1
>
> Jan 26 20:16:36 idm1 ns-slapd: [26/Jan/2018:20:16:36.642664215 +0100] - WARN -
csngen_new_csn - Too much time skew (-415688 secs). Current seqnum=1
> Jan 26 20:16:36 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request to
dogtag-ipa-renew-agent
> Jan 26 20:16:37 idm1 dogtag-ipa-ca-renew-agent-submit: dogtag-ipa-renew-agent
returned 2
> Jan 26 20:17:24 idm1 ns-slapd: [26/Jan/2018:20:17:24.820564227 +0100] - WARN -
csngen_new_csn - Too much time skew (-415641 secs). Current seqnum=1
> Jan 26 20:17:37 idm1 ns-slapd: [26/Jan/2018:20:17:37.625304230 +0100] - WARN -
csngen_new_csn - Too much time skew (-415629 secs). Current seqnum=1
> Jan 26 20:17:37 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request to
dogtag-ipa-renew-agent
> Jan 26 20:17:37 idm1 dogtag-ipa-ca-renew-agent-submit: dogtag-ipa-renew-agent
returned 2
> Jan 26 20:18:01 idm1 logrotate: ALERT exited abnormally with [1]
> Jan 26 20:18:38 idm1 ns-slapd: [26/Jan/2018:20:18:38.792663979 +0100] - WARN -
csngen_new_csn - Too much time skew (-415569 secs). Current seqnum=1
> Jan 26 20:22:24 idm1 ns-slapd: [26/Jan/2018:20:22:24.817110632 +0100] - WARN -
csngen_new_csn - Too much time skew (-415344 secs). Current seqnum=1
>
> Jan 26 20:23:59 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request to
dogtag-ipa-renew-agent
> Jan 26 20:23:59 idm1 dogtag-ipa-ca-renew-agent-submit: dogtag-ipa-renew-agent
returned 2
> Jan 26 20:24:45 idm1 stop_pkicad: Stopping pki_tomcatd
> Jan 26 20:24:45 idm1 systemd: Stopping PKI Tomcat Server pki-tomcat...
> Jan 26 20:24:45 idm1 server: Java virtual machine used:
/usr/lib/jvm/jre-1.8.0-openjdk/bin/java
> Jan 26 20:24:45 idm1 server: classpath used:
/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
> Jan 26 20:24:45 idm1 server: main class used: org.apache.catalina.startup.Bootstrap
> Jan 26 20:24:45 idm1 server: flags used: -DRESTEASY_LIB=/usr/share/java/resteasy-base
-Djava.library.path=/usr/lib64/nuxwdog-jni
> Jan 26 20:24:45 idm1 server: options used: -Dcatalina.base=/var/lib/pki/pki-tomcat
-Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs=
-Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> Jan 26 20:24:45 idm1 server: arguments used: stop
> Jan 26 20:24:45 idm1 server: Jan 26, 2018 8:24:45 PM
org.apache.catalina.startup.ClassLoaderFactory validateFile
> Jan 26 20:24:45 idm1 server: WARNING: Problem with JAR file
[/usr/share/pki/server/common/lib/symkey.jar], exists: [false], canRead: [false]
> Jan 26 20:24:46 idm1 server: Jan 26, 2018 8:24:46 PM
org.apache.catalina.core.StandardServer await
> Jan 26 20:24:46 idm1 server: INFO: A valid shutdown command was received via the
shutdown port. Stopping the Server instance.
> Jan 26 20:24:46 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_stop]
> Jan 26 20:24:46 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[stop]
> Jan 26 20:24:46 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[configure_stop]
> Jan 26 20:24:46 idm1 server: Jan 26, 2018 8:24:46 PM
org.apache.coyote.AbstractProtocol pause
> Jan 26 20:24:46 idm1 server: INFO: Pausing ProtocolHandler
["http-bio-8080"]
> Jan 26 20:24:46 idm1 systemd: Stopped PKI Tomcat Server pki-tomcat.
> Jan 26 20:24:46 idm1 stop_pkicad: Stopped pki_tomcatd
> Jan 26 20:27:24 idm1 ns-slapd: [26/Jan/2018:20:27:24.817184276 +0100] - WARN -
csngen_new_csn - Too much time skew (-415053 secs). Current seqnum=1
> Jan 26 20:28:39 idm1 ns-slapd: [26/Jan/2018:20:28:39.388139879 +0100] - WARN -
csngen_new_csn - Too much time skew (-414980 secs). Current seqnum=1
> Jan 26 20:28:45 idm1 systemd: Reloading.
> Jan 26 20:28:45 idm1 systemd: [/usr/lib/systemd/system/ip6tables.service:3] Failed to
add dependency on syslog.target,iptables.service, ignoring: Invalid argument
> Jan 26 20:28:45 idm1 yum[17021]: Installed: pki-server-10.4.1-17.el7_4.noarch
>
> Jan 26 20:30:09 idm1 yum[17100]: Installed: pki-symkey-10.4.1-17.el7_4.x86_64
> Jan 26 20:30:10 idm1 ns-slapd: [26/Jan/2018:20:30:10.056412100 +0100] - WARN -
csngen_new_csn - Too much time skew (-414902 secs). Current seqnum=1
> Jan 26 20:30:10 idm1 ns-slapd: [26/Jan/2018:20:30:10.112492509 +0100] - WARN -
csngen_new_csn - Too much time skew (-414903 secs). Current seqnum=1
> Jan 26 20:30:36 idm1 systemd: Stopping Certificate monitoring and PKI enrollment...
> Jan 26 20:30:36 idm1 systemd: Starting Certificate monitoring and PKI enrollment...
> Jan 26 20:30:36 idm1 systemd: Started Certificate monitoring and PKI enrollment.
> Jan 26 20:30:51 idm1 ns-slapd: [26/Jan/2018:20:30:51.459575928 +0100] - WARN -
csngen_new_csn - Too much time skew (-414862 secs). Current seqnum=1
> Jan 26 20:30:53 idm1 ns-slapd: [26/Jan/2018:20:30:53.004542140 +0100] - WARN -
csngen_new_csn - Too much time skew (-414862 secs). Current seqnum=1
>
> Jan 26 20:32:53 idm1 ns-slapd: [26/Jan/2018:20:32:53.104794576 +0100] - WARN -
csngen_new_csn - Too much time skew (-414747 secs). Current seqnum=1
> Jan 26 20:33:38 idm1 ns-slapd: [26/Jan/2018:20:33:38.708156346 +0100] - WARN -
csngen_new_csn - Too much time skew (-414702 secs). Current seqnum=1
> Jan 26 20:35:26 idm1 systemd: Starting PKI Tomcat Server tomcatd...
> Jan 26 20:35:27 idm1 pkidaemon: tomcatd is an invalid 'tomcat' instance
> Jan 26 20:35:27 idm1 systemd:pki-tomcatd@tomcatd.service: control process exited,
code=exited status=5
> Jan 26 20:35:27 idm1 systemd: Failed to start PKI Tomcat Server tomcatd.
> Jan 26 20:35:27 idm1 systemd: Unitpki-tomcatd(a)tomcatd.service entered failed state.
> Jan 26 20:35:27 idm1 systemd:pki-tomcatd@tomcatd.service failed.
> Jan 26 20:38:15 idm1 systemd: Stopping Certificate monitoring and PKI enrollment...
> Jan 26 20:38:15 idm1 systemd: Starting Certificate monitoring and PKI enrollment...
> Jan 26 20:38:16 idm1 systemd: Started Certificate monitoring and PKI enrollment.
>
> Jan 26 20:38:50 idm1 systemd: Stopped target PKI Tomcat Server.
> Jan 26 20:38:50 idm1 systemd: Stopping PKI Tomcat Server.
> Jan 26 20:38:50 idm1 systemd: Stopping 389 Directory Server XXXKD-FAU-DE....
> Jan 26 20:38:50 idm1 ns-slapd: [26/Jan/2018:20:38:50.930128624 +0100] - INFO -
op_thread_cleanup - slapd shutting down - signaling operation threads - op stack size 7
max work q size 3 max work q stack size 3
> Jan 26 20:38:50 idm1 ns-slapd: [26/Jan/2018:20:38:50.938738333 +0100] - INFO -
slapd_daemon - slapd shutting down - closing down internal subsystems and plugins
> Jan 26 20:38:51 idm1 ns-slapd: [26/Jan/2018:20:38:51.491982395 +0100] - INFO -
dblayer_pre_close - Waiting for 4 database threads to stop
> Jan 26 20:38:52 idm1 ns-slapd: [26/Jan/2018:20:38:52.643000430 +0100] - INFO -
dblayer_pre_close - All database threads now stopped
> Jan 26 20:38:52 idm1 ns-slapd: [26/Jan/2018:20:38:52.843193691 +0100] - INFO -
ldbm_back_instance_set_destructor - Set of instances destroyed
> Jan 26 20:38:52 idm1 ns-slapd: [26/Jan/2018:20:38:52.845431711 +0100] - INFO -
connection_post_shutdown_cleanup - slapd shutting down - freed 3 work q stack objects -
freed 7 op stack objects
> Jan 26 20:38:52 idm1 ns-slapd: [26/Jan/2018:20:38:52.949112608 +0100] - INFO - main -
slapd stopped.
> Jan 26 20:38:53 idm1 systemd: Starting 389 Directory Server XXXKD-FAU-DE....
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.798684376 +0100] - WARN -
Security Initialization - SSL alert: Sending pin request to SVRCore. You may need to run
systemd-tty-ask-password-agent to provide the password.
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.802136681 +0100] - INFO -
Security Initialization - SSL info: Enabling default cipher set.
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.803482731 +0100] - INFO -
Security Initialization - SSL info: Configured NSS Ciphers
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.804571447 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.805584219 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.806587975 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.807433596 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.808344028 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.809263480 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.810258405 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.811278159 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.812279895 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.813211722 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.814155963 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.815027810 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.815884935 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.816664023 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.817588461 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.820002292 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.820921200 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.821848282 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.822790429 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.823796031 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.824792858 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.825834646 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.826645719 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.827439967 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.828388576 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.829379262 +0100] - INFO -
Security Initialization - SSL info: #011TLS_AES_128_GCM_SHA256: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.830270347 +0100] - INFO -
Security Initialization - SSL info: #011TLS_CHACHA20_POLY1305_SHA256: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.831112791 +0100] - INFO -
Security Initialization - SSL info: #011TLS_AES_256_GCM_SHA384: enabled
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.842425631 +0100] - INFO -
Security Initialization - slapd_ssl_init2 - Configured SSL version range: min: TLS1.0,
max: TLS1.2
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.844467130 +0100] - INFO - main -
389-Directory/1.3.6.1 B2018.025.1550 starting up
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.862148344 +0100] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.866723860 +0100] - WARN -
default_mr_indexer_create - Plugin [caseIgnoreIA5Match] does not handle caseExactIA5Match
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.872029440 +0100] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.880396494 +0100] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.887683843 +0100] - NOTICE -
ldbm_back_start - found 1532164k physical memory
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.889387846 +0100] - NOTICE -
ldbm_back_start - found 957616k available
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.890401127 +0100] - NOTICE -
ldbm_back_start - cache autosizing: db cache: 61286k
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.891282794 +0100] - NOTICE -
ldbm_back_start - cache autosizing: userRoot entry cache (3 total): 65536k
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.893673995 +0100] - NOTICE -
ldbm_back_start - cache autosizing: ipaca entry cache (3 total): 65536k
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.896279383 +0100] - NOTICE -
ldbm_back_start - cache autosizing: changelog entry cache (3 total): 65536k
> Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.899099347 +0100] - NOTICE -
ldbm_back_start - total cache size: 282989821 B;
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.288606109 +0100] - ERR -
schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 seconds after
the server startup!
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.356204866 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.357475508 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=keys,cn=sec,cn=dns,dc=XXXkd,dc=fau,dc=de does
not exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.358533489 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.359655614 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.360824909 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=XXXkd,dc=fau,dc=de does
not exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.361929056 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=XXXkd,dc=fau,dc=de does
not exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.362916495 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.363933986 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.364863852 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.365773801 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.366715005 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.367657233 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.368620393 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.369654121 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.370568017 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.371627613 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.372549625 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.373548074 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.374515489 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.375468905 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.376417537 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.384105365 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.385229794 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.489142376 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=automember rebuild
membership,cn=tasks,cn=config does not exist
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.492165481 +0100] - ERR -
auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule (invalid
regex). Error "nothing to repeat".
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.493230810 +0100] - ERR -
auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule (invalid
regex). Error "nothing to repeat".
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.494325526 +0100] - ERR -
auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule (invalid
regex). Error "nothing to repeat".
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.533752266 +0100] - ERR -
schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds!
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.538206222 +0100] - ERR -
set_krb5_creds - Could not get initial credentials for principal
[ldap/idm1.XXXkd.fau.de(a)XXXKD.FAU.DE] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328324
(Generic error (see e-text))
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.542196033 +0100] - INFO -
slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.550911263 +0100] - INFO -
slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests
> Jan 26 20:38:55 idm1 ns-slapd: GSSAPI Error: Unspecified GSS failure. Minor code may
provide more information (No Kerberos credentials available (default cache:
/tmp/krb5cc_993))
> Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.552234132 +0100] - INFO -
slapd_daemon - Listening on /var/run/slapd-XXXKD-FAU-DE.socket for LDAPI requests
> Jan 26 20:38:55 idm1 systemd: Started 389 Directory Server XXXKD-FAU-DE..
> Jan 26 20:38:55 idm1 systemd: Stopping Kerberos 5 KDC...
> Jan 26 20:38:55 idm1 systemd: Starting Kerberos 5 KDC...
> Jan 26 20:38:55 idm1 systemd: PID file /var/run/krb5kdc.pid not readable (yet?) after
start.
> Jan 26 20:38:55 idm1 systemd: Started Kerberos 5 KDC.
> Jan 26 20:38:55 idm1 systemd: Stopping Kerberos 5 Password-changing and
Administration...
> Jan 26 20:38:55 idm1 systemd: kadmin.service: main process exited, code=exited,
status=2/INVALIDARGUMENT
> Jan 26 20:38:55 idm1 systemd: Unit kadmin.service entered failed state.
> Jan 26 20:38:55 idm1 systemd: kadmin.service failed.
> Jan 26 20:38:55 idm1 systemd: Starting Kerberos 5 Password-changing and
Administration...
> Jan 26 20:38:56 idm1 systemd: Started Kerberos 5 Password-changing and
Administration.
> Jan 26 20:38:56 idm1 systemd: Stopping The Apache HTTP Server...
> Jan 26 20:38:58 idm1 ns-slapd: [26/Jan/2018:20:38:58.564805340 +0100] - WARN -
csngen_new_csn - Too much time skew (-414396 secs). Current seqnum=1
> Jan 26 20:38:58 idm1 ns-slapd: [26/Jan/2018:20:38:58.641081747 +0100] - ERR -
NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=meToidm2.XXXkd.fau.de"
(idm2:389) - Replication bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials)
()
> Jan 26 20:39:00 idm1 systemd: Starting The Apache HTTP Server...
> Jan 26 20:39:00 idm1 ipa-httpd-kdcproxy: ipa : INFO KDC proxy enabled
> Jan 26 20:39:00 idm1 ns-slapd: [26/Jan/2018:20:39:00.943662244 +0100] - ERR -
schema-compat-plugin - Finished plugin initialization.
> Jan 26 20:39:01 idm1 systemd: Started The Apache HTTP Server.
> Jan 26 20:39:01 idm1 systemd: Stopping IPA Custodia Service...
> Jan 26 20:39:01 idm1 systemd: Starting IPA Custodia Service...
> Jan 26 20:39:02 idm1 systemd: Started IPA Custodia Service.
> Jan 26 20:39:02 idm1 ipa-custodia: 2018-01-26 20:39:02 - server
- Serving on Unix socket /run/httpd/ipa-custodia.sock
> Jan 26 20:39:02 idm1 systemd: Starting Network Time Service...
> Jan 26 20:39:02 idm1 ntpd[17985]: ntpd4.2.6p5(a)1.2349-o Wed Apr 12 21:24:06 UTC 2017
(1)
> Jan 26 20:39:02 idm1 systemd: Started Network Time Service.
> Jan 26 20:39:02 idm1 ntpd[17986]: proto: precision = 0.097 usec
> Jan 26 20:39:02 idm1 ntpd[17986]: 0.0.0.0 c01d 0d kern kernel time sync enabled
> Jan 26 20:39:02 idm1 systemd: Starting PKI Tomcat Server pki-tomcat...
> Jan 26 20:39:03 idm1 ntpd[17986]: getaddrinfo: "2001:638:a000:b201::/64"
invalid host address, ignored
> Jan 26 20:39:03 idm1 ntpd[17986]: restrict: error in address
'2001:638:a000:b201::/64' on line 21. Ignoring...
> Jan 26 20:39:03 idm1 ntpd[17986]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
> Jan 26 20:39:03 idm1 ntpd[17986]: Listen and drop on 1 v6wildcard :: UDP 123
> Jan 26 20:39:03 idm1 ntpd[17986]: Listen normally on 2 lo 127.0.0.1 UDP 123
> Jan 26 20:39:03 idm1 ntpd[17986]: Listen normally on 3 eth0 10.188.220.100 UDP 123
> Jan 26 20:39:03 idm1 ntpd[17986]: Listen normally on 4 lo ::1 UDP 123
> Jan 26 20:39:03 idm1 ntpd[17986]: Listen normally on 5 eth0 fe80::5054:ff:fe4e:b270
UDP 123
> Jan 26 20:39:03 idm1 ntpd[17986]: Listen normally on 6 eth0
2001:638:a000:b201::220:100 UDP 123
> Jan 26 20:39:03 idm1 ntpd[17986]: Listening on routing socket on fd #23 for interface
updates
> Jan 26 20:39:03 idm1 ntpd[17986]: 0.0.0.0 c016 06 restart
> Jan 26 20:39:03 idm1 ntpd[17986]: 0.0.0.0 c012 02 freq_set ntpd -11.506 PPM
> Jan 26 20:39:04 idm1 ns-slapd: [26/Jan/2018:20:39:04.677894447 +0100] - WARN -
csngen_new_csn - Too much time skew (-414391 secs). Current seqnum=1
> Jan 26 20:39:05 idm1 pkidaemon: -----------------------
> Jan 26 20:39:05 idm1 pkidaemon: Banner is not installed
> Jan 26 20:39:05 idm1 pkidaemon: -----------------------
> Jan 26 20:39:05 idm1 pkidaemon: ----------------------
> Jan 26 20:39:05 idm1 pkidaemon: Enabled all subsystems
> Jan 26 20:39:05 idm1 pkidaemon: ----------------------
> Jan 26 20:39:05 idm1 systemd: Started PKI Tomcat Server pki-tomcat.
> Jan 26 20:39:05 idm1 systemd: Reached target PKI Tomcat Server.
> Jan 26 20:39:05 idm1 systemd: Starting PKI Tomcat Server.
> Jan 26 20:39:05 idm1 server: Java virtual machine used:
/usr/lib/jvm/jre-1.8.0-openjdk/bin/java
> Jan 26 20:39:05 idm1 server: classpath used:
/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
> Jan 26 20:39:05 idm1 server: main class used: org.apache.catalina.startup.Bootstrap
> Jan 26 20:39:05 idm1 server: flags used: -DRESTEASY_LIB=/usr/share/java/resteasy-base
-Djava.library.path=/usr/lib64/nuxwdog-jni
> Jan 26 20:39:05 idm1 server: options used: -Dcatalina.base=/var/lib/pki/pki-tomcat
-Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs=
-Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.security.manager
-Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy
> Jan 26 20:39:05 idm1 server: arguments used: start
> Jan 26 20:39:07 idm1 ntpd[17986]: 0.0.0.0 c515 05 clock_sync
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'enableOCSP' to
'false' did not find a matching property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspResponderURL' to 'http://idm1.XXXkd.fau.de:9080/ca/ocsp' did not find
a matching property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspResponderCertNickname' to 'ocspSigningCert cert-pki-ca' did not find
a matching property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspCacheSize'
to '1000' did not find a matching property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMinCacheEntryDuration' to '60' did not find a matching property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMaxCacheEntryDuration' to '120' did not find a matching property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspTimeout' to
'10' did not find a matching property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'strictCiphers'
to 'true' did not find a matching property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'sslOptions' to
'ssl2=false,ssl3=false,tls=true' did not find a matching property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ssl2Ciphers' to
'-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5'
did not find a matching property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ssl3Ciphers' to
'-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'tlsCiphers' to
'-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_DSS_WITH_AES_128_CBC_SHA,+TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslVersionRangeStream' to 'tls1_0:tls1_2' did not find a matching
property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslVersionRangeDatagram' to 'tls1_1:tls1_2' did not find a matching
property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslRangeCiphers' to
'-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,+TLS_RSA_WITH_AES_128_CBC_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA256,+TLS_RSA_WITH_AES_128_GCM_SHA256,+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256'
did not find a matching property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'serverCertNickFile' to '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf'
did not find a matching property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'passwordFile'
to '/var/lib/pki/pki-tomcat/conf/password.conf' did not find a matching property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'passwordClass'
to 'org.apache.tomcat.util.net.jss.PlainPasswordFile' did not find a matching
property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'certdbDir' to
'/var/lib/pki/pki-tomcat/alias' did not find a matching property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.tomcat.util.digester.SetPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING: [SetPropertiesRule]{Server/Service/Engine/Host}
Setting property 'xmlValidation' to 'false' did not find a matching
property.
> Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.tomcat.util.digester.SetPropertiesRule begin
> Jan 26 20:39:07 idm1 server: WARNING: [SetPropertiesRule]{Server/Service/Engine/Host}
Setting property 'xmlNamespaceAware' to 'false' did not find a matching
property.
> Jan 26 20:39:07 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_init]
> Jan 26 20:39:08 idm1 server: Jan 26, 2018 8:39:08 PM
org.apache.coyote.AbstractProtocol init
> Jan 26 20:39:08 idm1 server: INFO: Initializing ProtocolHandler
["http-bio-8080"]
> Jan 26 20:39:08 idm1 server: Jan 26, 2018 8:39:08 PM
org.apache.coyote.AbstractProtocol init
> Jan 26 20:39:08 idm1 server: INFO: Initializing ProtocolHandler
["http-bio-8443"]
> Jan 26 20:39:08 idm1 server: Error: SSL cipher
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" not recognized by tomcatjss
> Jan 26 20:39:08 idm1 server: Error: SSL cipher
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" not recognized by tomcatjss
> Jan 26 20:39:08 idm1 server: Jan 26, 2018 8:39:08 PM
org.apache.coyote.AbstractProtocol init
> Jan 26 20:39:08 idm1 server: INFO: Initializing ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> Jan 26 20:39:08 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_init]
> Jan 26 20:39:08 idm1 server: Jan 26, 2018 8:39:08 PM
org.apache.catalina.startup.Catalina load
> Jan 26 20:39:08 idm1 server: INFO: Initialization processed in 1254 ms
> Jan 26 20:39:08 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_start]
> Jan 26 20:39:08 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[configure_start]
> Jan 26 20:39:08 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[start]
> Jan 26 20:39:08 idm1 server: Jan 26, 2018 8:39:08 PM
org.apache.catalina.core.StandardService startInternal
> Jan 26 20:39:08 idm1 server: INFO: Starting service Catalina
> Jan 26 20:39:08 idm1 server: Jan 26, 2018 8:39:08 PM
org.apache.catalina.core.StandardEngine startInternal
> Jan 26 20:39:08 idm1 server: INFO: Starting Servlet Engine: Apache Tomcat/7.0.76
> Jan 26 20:39:08 idm1 server: Jan 26, 2018 8:39:08 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:39:08 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ca.xml
> Jan 26 20:39:08 idm1 server: SSLAuthenticatorWithFallback: Creating SSL authenticator
with fallback
> Jan 26 20:39:08 idm1 server: SSLAuthenticatorWithFallback: Setting container
> Jan 26 20:39:10 idm1 server: Jan 26, 2018 8:39:10 PM
org.apache.catalina.startup.TldConfig execute
> Jan 26 20:39:10 idm1 server: INFO: At least one JAR was scanned for TLDs yet
contained no TLDs. Enable debug logging for this logger for a complete list of JARs that
were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can
improve startup time and JSP compilation time.
> Jan 26 20:39:10 idm1 server: SSLAuthenticatorWithFallback: Initializing
authenticators
> Jan 26 20:39:10 idm1 server: SSLAuthenticatorWithFallback: Starting authenticators
> Jan 26 20:39:10 idm1 server: CMSEngine.initializePasswordStore() begins
> Jan 26 20:39:10 idm1 server: CMSEngine.initializePasswordStore(): tag=internaldb
> Jan 26 20:39:10 idm1 server: CMSEngine.initializePasswordStore(): tag=replicationdb
> Jan 26 20:39:13 idm1 server: SelfTestSubsystem: Disabling "ca" subsystem
due to selftest failure.
> Jan 26 20:39:13 idm1 server: -----------------------
> Jan 26 20:39:13 idm1 server: Disabled "ca" subsystem
> Jan 26 20:39:13 idm1 server: -----------------------
> Jan 26 20:39:13 idm1 server: Subsystem ID: ca
> Jan 26 20:39:13 idm1 server: Instance ID: pki-tomcat
> Jan 26 20:39:13 idm1 server: Enabled: False
> Jan 26 20:39:13 idm1 server: Invalid class name repositorytop
> Jan 26 20:39:14 idm1 server: Invalid class name repositorytop
> Jan 26 20:39:14 idm1 server: at
com.netscape.cmscore.dbs.DBRegistry.createObject(DBRegistry.java:485)
> Jan 26 20:39:14 idm1 server: at
com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:167)
> Jan 26 20:39:14 idm1 server: at
com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:137)
> Jan 26 20:39:14 idm1 server: at
com.netscape.cmscore.dbs.Repository.getSerialNumber(Repository.java:125)
> Jan 26 20:39:14 idm1 server: at
com.netscape.cmscore.dbs.Repository.initCache(Repository.java:244)
> Jan 26 20:39:14 idm1 server: at
com.netscape.cmscore.dbs.Repository.checkRanges(Repository.java:460)
> Jan 26 20:39:14 idm1 server: at
com.netscape.cmscore.apps.CMSEngine.startup(CMSEngine.java:1378)
> Jan 26 20:39:14 idm1 server: at com.netscape.certsrv.apps.CMS.startup(CMS.java:202)
> Jan 26 20:39:14 idm1 server: at com.netscape.certsrv.apps.CMS.start(CMS.java:1632)
> Jan 26 20:39:14 idm1 server: at
com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:117)
> Jan 26 20:39:14 idm1 server: at
javax.servlet.GenericServlet.init(GenericServlet.java:158)
> Jan 26 20:39:14 idm1 server: at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
> Jan 26 20:39:14 idm1 server: at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> Jan 26 20:39:14 idm1 server: at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> Jan 26 20:39:14 idm1 server: at java.lang.reflect.Method.invoke(Method.java:498)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
> Jan 26 20:39:14 idm1 server: at java.security.AccessController.doPrivileged(Native
Method)
> Jan 26 20:39:14 idm1 server: at
javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1257)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1182)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1072)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5368)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5660)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
> Jan 26 20:39:14 idm1 server: at java.security.AccessController.doPrivileged(Native
Method)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
> Jan 26 20:39:14 idm1 server: at
org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
> Jan 26 20:39:14 idm1 server: at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> Jan 26 20:39:14 idm1 server: at
java.util.concurrent.FutureTask.run(FutureTask.java:266)
> Jan 26 20:39:14 idm1 server: at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> Jan 26 20:39:14 idm1 server: at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> Jan 26 20:39:14 idm1 server: at java.lang.Thread.run(Thread.java:748)
> Jan 26 20:39:14 idm1 server: Jan 26, 2018 8:39:14 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:39:14 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ca.xml has finished in 5,603 ms
> Jan 26 20:39:14 idm1 server: Jan 26, 2018 8:39:14 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:39:14 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml
> Jan 26 20:39:14 idm1 server: Jan 26, 2018 8:39:14 PM
org.apache.catalina.startup.TldConfig execute
> Jan 26 20:39:14 idm1 server: INFO: At least one JAR was scanned for TLDs yet
contained no TLDs. Enable debug logging for this logger for a complete list of JARs that
were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can
improve startup time and JSP compilation time.
> Jan 26 20:39:14 idm1 server: Jan 26, 2018 8:39:14 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:39:14 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml has finished in 724 ms
> Jan 26 20:39:14 idm1 server: Jan 26, 2018 8:39:14 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:39:14 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki.xml
> Jan 26 20:39:15 idm1 server: Jan 26, 2018 8:39:15 PM
org.apache.catalina.startup.TldConfig execute
> Jan 26 20:39:15 idm1 server: INFO: At least one JAR was scanned for TLDs yet
contained no TLDs. Enable debug logging for this logger for a complete list of JARs that
were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can
improve startup time and JSP compilation time.
> Jan 26 20:39:15 idm1 server: Jan 26, 2018 8:39:15 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:39:15 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki.xml has finished in 1,041 ms
> Jan 26 20:39:15 idm1 server: Jan 26, 2018 8:39:15 PM
org.apache.coyote.AbstractProtocol start
> Jan 26 20:39:15 idm1 server: INFO: Starting ProtocolHandler
["http-bio-8080"]
> Jan 26 20:39:15 idm1 server: Jan 26, 2018 8:39:15 PM
org.apache.coyote.AbstractProtocol start
> Jan 26 20:39:15 idm1 server: INFO: Starting ProtocolHandler
["http-bio-8443"]
> Jan 26 20:39:15 idm1 server: Jan 26, 2018 8:39:15 PM
org.apache.coyote.AbstractProtocol start
> Jan 26 20:39:15 idm1 server: INFO: Starting ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> Jan 26 20:39:15 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_start]
> Jan 26 20:39:15 idm1 server: PKIListener: Subsystem CA is disabled.
> Jan 26 20:39:15 idm1 server: PKIListener: Check
/var/log/pki/pki-tomcat/ca/selftests.log for possible errors.
> Jan 26 20:39:15 idm1 server: PKIListener: To enable the subsystem:
> Jan 26 20:39:15 idm1 server: PKIListener: pki-server subsystem-enable -i pki-tomcat
ca
> Jan 26 20:39:15 idm1 server: Jan 26, 2018 8:39:15 PM
org.apache.catalina.startup.Catalina start
> Jan 26 20:39:15 idm1 server: INFO: Server startup in 7480 ms
> Jan 26 20:39:17 idm1 ns-slapd: [26/Jan/2018:20:39:17.236299024 +0100] - WARN -
csngen_new_csn - Too much time skew (-414380 secs). Current seqnum=1
> Jan 26 20:39:22 idm1 ns-slapd: [26/Jan/2018:20:39:22.056843883 +0100] - WARN -
csngen_new_csn - Too much time skew (-414376 secs). Current seqnum=1
> Jan 26 20:39:22 idm1 ns-slapd: [26/Jan/2018:20:39:22.084016470 +0100] - WARN -
csngen_new_csn - Too much time skew (-414377 secs). Current seqnum=1
> Jan 26 20:39:26 idm1 ns-slapd: [26/Jan/2018:20:39:26.282879120 +0100] - WARN -
csngen_new_csn - Too much time skew (-414374 secs). Current seqnum=1
> Jan 26 20:39:26 idm1 ns-slapd: [26/Jan/2018:20:39:26.321619015 +0100] - WARN -
csngen_new_csn - Too much time skew (-414375 secs). Current seqnum=1
> Jan 26 20:39:26 idm1 server: Jan 26, 2018 8:39:26 PM
org.apache.catalina.startup.HostConfig undeploy
> Jan 26 20:39:26 idm1 server: INFO: Undeploying context [/ca]
> Jan 26 20:39:26 idm1 server: SSLAuthenticatorWithFallback: Stopping authenticators
> Jan 26 20:39:26 idm1 server: Jan 26, 2018 8:39:26 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:39:26 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [LDAPConnThread-0ldaps://idm1.XXXkd.fau.de:636] but has failed to
stop it. This is very likely to create a memory leak.
> Jan 26 20:39:26 idm1 server: Jan 26, 2018 8:39:26 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:39:26 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [LDAPConnThread-2ldaps://idm1.XXXkd.fau.de:636] but has failed to
stop it. This is very likely to create a memory leak.
> Jan 26 20:39:26 idm1 server: Jan 26, 2018 8:39:26 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:39:26 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [authorityMonitor] but has failed to stop it. This is very likely
to create a memory leak.
> Jan 26 20:39:26 idm1 server: Jan 26, 2018 8:39:26 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:39:26 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [LDAPConnThread-3ldaps://idm1.XXXkd.fau.de:636] but has failed to
stop it. This is very likely to create a memory leak.
> Jan 26 20:39:26 idm1 server: Jan 26, 2018 8:39:26 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:39:26 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [profileChangeMonitor] but has failed to stop it. This is very
likely to create a memory leak.
> Jan 26 20:39:26 idm1 server: SSLAuthenticatorWithFallback: Setting container
> J
>
> Jan 26 20:42:16 idm1 systemd: Closed ipa-otpd socket.
> Jan 26 20:42:16 idm1 systemd: Stopping ipa-otpd socket.
> Jan 26 20:42:16 idm1 systemd: Stopping Samba Winbind Daemon...
> Jan 26 20:42:16 idm1 winbindd[16702]: [2018/01/26 20:42:16.696807, 0]
../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
> Jan 26 20:42:16 idm1 winbindd[16702]: Got sig[15] terminate (is_parent=1)
> Jan 26 20:42:16 idm1 winbindd[16703]: [2018/01/26 20:42:16.841466, 0]
../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
> Jan 26 20:42:16 idm1 winbindd[16703]: Got sig[15] terminate (is_parent=0)
> Jan 26 20:42:16 idm1 systemd: Stopped Samba Winbind Daemon.
> Jan 26 20:42:16 idm1 systemd: Stopping Samba SMB Daemon...
> Jan 26 20:42:16 idm1 smbd[16688]: [2018/01/26 20:42:16.916550, 0]
../source3/rpc_server/lsasd.c:139(lsasd_sig_term_handler)
> Jan 26 20:42:16 idm1 smbd[16688]: termination signal
> Jan 26 20:42:16 idm1 systemd: Stopped Samba SMB Daemon.
> Jan 26 20:42:17 idm1 systemd: Stopping IPA Custodia Service...
> Jan 26 20:42:17 idm1 systemd: Stopped IPA Custodia Service.
> Jan 26 20:42:17 idm1 systemd: Stopping The Apache HTTP Server...
> Jan 26 20:42:18 idm1 systemd: Stopped The Apache HTTP Server.
> Jan 26 20:42:18 idm1 systemd: Stopping Kerberos 5 Password-changing and
Administration...
> Jan 26 20:42:18 idm1 systemd: kadmin.service: main process exited, code=exited,
status=2/INVALIDARGUMENT
> Jan 26 20:42:18 idm1 systemd: Stopped Kerberos 5 Password-changing and
Administration.
> Jan 26 20:42:18 idm1 systemd: Unit kadmin.service entered failed state.
> Jan 26 20:42:18 idm1 systemd: kadmin.service failed.
> Jan 26 20:42:18 idm1 systemd: Stopping Kerberos 5 KDC...
> Jan 26 20:42:18 idm1 systemd: Stopped Kerberos 5 KDC.
> Jan 26 20:42:18 idm1 systemd: Stopping 389 Directory Server XXXKD-FAU-DE....
> Jan 26 20:42:18 idm1 ns-slapd: [26/Jan/2018:20:42:18.368608160 +0100] - INFO -
op_thread_cleanup - slapd shutting down - signaling operation threads - op stack size 6
max work q size 2 max work q stack size 2
> Jan 26 20:42:18 idm1 ns-slapd: [26/Jan/2018:20:42:18.372309172 +0100] - INFO -
slapd_daemon - slapd shutting down - waiting for 15 threads to terminate
> Jan 26 20:42:18 idm1 ns-slapd: [26/Jan/2018:20:42:18.374142668 +0100] - INFO -
slapd_daemon - slapd shutting down - closing down internal subsystems and plugins
> Jan 26 20:42:18 idm1 ns-slapd: [26/Jan/2018:20:42:18.726004813 +0100] - INFO -
dblayer_pre_close - Waiting for 4 database threads to stop
> Jan 26 20:42:19 idm1 ns-slapd: [26/Jan/2018:20:42:19.258064040 +0100] - INFO -
dblayer_pre_close - All database threads now stopped
> Jan 26 20:42:19 idm1 ns-slapd: [26/Jan/2018:20:42:19.286571363 +0100] - INFO -
ldbm_back_instance_set_destructor - Set of instances destroyed
> Jan 26 20:42:19 idm1 ns-slapd: [26/Jan/2018:20:42:19.288632006 +0100] - INFO -
connection_post_shutdown_cleanup - slapd shutting down - freed 2 work q stack objects -
freed 7 op stack objects
> Jan 26 20:42:19 idm1 ns-slapd: [26/Jan/2018:20:42:19.803231467 +0100] - INFO - main -
slapd stopped.
> Jan 26 20:42:19 idm1 systemd: Stopped 389 Directory Server XXXKD-FAU-DE..
> Jan 26 20:42:30 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_stop]
> Jan 26 20:42:30 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[stop]
> Jan 26 20:42:30 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[configure_stop]
> Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.coyote.AbstractProtocol pause
> Jan 26 20:42:30 idm1 server: INFO: Pausing ProtocolHandler
["http-bio-8080"]
> Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.coyote.AbstractProtocol pause
> Jan 26 20:42:30 idm1 server: INFO: Pausing ProtocolHandler
["http-bio-8443"]
> Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.coyote.AbstractProtocol pause
> Jan 26 20:42:30 idm1 server: INFO: Pausing ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.catalina.core.StandardService stopInternal
> Jan 26 20:42:30 idm1 server: INFO: Stopping service Catalina
> Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.coyote.AbstractProtocol stop
> Jan 26 20:42:30 idm1 server: INFO: Stopping ProtocolHandler
["http-bio-8080"]
> Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.coyote.AbstractProtocol stop
> Jan 26 20:42:30 idm1 server: INFO: Stopping ProtocolHandler
["http-bio-8443"]
> Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.coyote.AbstractProtocol stop
> Jan 26 20:42:30 idm1 server: INFO: Stopping ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> Jan 26 20:42:30 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_stop]
> Jan 26 20:42:30 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_destroy]
> Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.coyote.AbstractProtocol destroy
> Jan 26 20:42:30 idm1 server: INFO: Destroying ProtocolHandler
["http-bio-8080"]
> Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.coyote.AbstractProtocol destroy
> Jan 26 20:42:30 idm1 server: INFO: Destroying ProtocolHandler
["http-bio-8443"]
> Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.coyote.AbstractProtocol destroy
> Jan 26 20:42:30 idm1 server: INFO: Destroying ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> Jan 26 20:42:30 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_destroy]
> Jan 26 20:42:30 idm1 server: Java virtual machine used:
/usr/lib/jvm/jre-1.8.0-openjdk/bin/java
> Jan 26 20:42:30 idm1 server: classpath used:
/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
> Jan 26 20:42:30 idm1 server: main class used: org.apache.catalina.startup.Bootstrap
> Jan 26 20:42:30 idm1 server: flags used: -DRESTEASY_LIB=/usr/share/java/resteasy-base
-Djava.library.path=/usr/lib64/nuxwdog-jni
> Jan 26 20:42:30 idm1 server: options used: -Dcatalina.base=/var/lib/pki/pki-tomcat
-Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs=
-Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> Jan 26 20:42:30 idm1 server: arguments used: stop
> Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.catalina.startup.Catalina stopServer
> Jan 26 20:42:30 idm1 server: SEVERE: Could not contact localhost:8005. Tomcat may not
be running.
> Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.catalina.startup.Catalina stopServer
> Jan 26 20:42:30 idm1 server: SEVERE: Catalina.stop:
> Jan 26 20:42:30 idm1 server: java.net.ConnectException: Connection refused
(Connection refused)
> Jan 26 20:42:30 idm1 server: at java.net.PlainSocketImpl.socketConnect(Native
Method)
> Jan 26 20:42:30 idm1 server: at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
> Jan 26 20:42:30 idm1 server: at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
> Jan 26 20:42:30 idm1 server: at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
> Jan 26 20:42:30 idm1 server: at
java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
> Jan 26 20:42:30 idm1 server: at java.net.Socket.connect(Socket.java:589)
> Jan 26 20:42:30 idm1 server: at java.net.Socket.connect(Socket.java:538)
> Jan 26 20:42:30 idm1 server: at java.net.Socket.<init>(Socket.java:434)
> Jan 26 20:42:30 idm1 server: at java.net.Socket.<init>(Socket.java:211)
> Jan 26 20:42:30 idm1 server: at
org.apache.catalina.startup.Catalina.stopServer(Catalina.java:498)
> Jan 26 20:42:30 idm1 server: at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
> Jan 26 20:42:30 idm1 server: at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> Jan 26 20:42:30 idm1 server: at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> Jan 26 20:42:30 idm1 server: at java.lang.reflect.Method.invoke(Method.java:498)
> Jan 26 20:42:30 idm1 server: at
org.apache.catalina.startup.Bootstrap.stopServer(Bootstrap.java:343)
> Jan 26 20:42:30 idm1 server: at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
> Jan 26 20:42:30 idm1 systemd:pki-tomcatd@pki-tomcat.service: control process exited,
code=exited status=1
> Jan 26 20:42:30 idm1 systemd: Unitpki-tomcatd(a)pki-tomcat.service entered failed
state.
> Jan 26 20:42:30 idm1 systemd:pki-tomcatd@pki-tomcat.service failed.
> Jan 26 20:43:06 idm1 systemd: Starting 389 Directory Server XXXKD-FAU-DE....
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.135519647 +0100] - WARN -
Security Initialization - SSL alert: Sending pin request to SVRCore. You may need to run
systemd-tty-ask-password-agent to provide the password.
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.137896015 +0100] - INFO -
Security Initialization - SSL info: Enabling default cipher set.
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.138653476 +0100] - INFO -
Security Initialization - SSL info: Configured NSS Ciphers
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.139362471 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.139997617 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.140969886 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.141763790 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.142425874 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.143128669 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.143876111 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.144506089 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.145128275 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.145681866 +0100] - INFO -
Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.146327021 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.146946087 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.147538973 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.148175269 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.148809308 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.149468022 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.150081883 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.150700313 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.151358604 +0100] - INFO -
Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.151978602 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.152607727 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_CBC_SHA: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.153363369 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.153985935 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.154615624 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_CBC_SHA: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.155162346 +0100] - INFO -
Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.155751837 +0100] - INFO -
Security Initialization - SSL info: #011TLS_AES_128_GCM_SHA256: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.156407344 +0100] - INFO -
Security Initialization - SSL info: #011TLS_CHACHA20_POLY1305_SHA256: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.157006854 +0100] - INFO -
Security Initialization - SSL info: #011TLS_AES_256_GCM_SHA384: enabled
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.166751450 +0100] - INFO -
Security Initialization - slapd_ssl_init2 - Configured SSL version range: min: TLS1.0,
max: TLS1.2
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.167990669 +0100] - INFO - main -
389-Directory/1.3.6.1 B2018.025.1550 starting up
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.182152260 +0100] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.186165063 +0100] - WARN -
default_mr_indexer_create - Plugin [caseIgnoreIA5Match] does not handle caseExactIA5Match
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.190789757 +0100] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.197372415 +0100] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.203502167 +0100] - NOTICE -
ldbm_back_start - found 1532164k physical memory
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.204358115 +0100] - NOTICE -
ldbm_back_start - found 945032k available
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.205099201 +0100] - NOTICE -
ldbm_back_start - cache autosizing: db cache: 61286k
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.205772172 +0100] - NOTICE -
ldbm_back_start - cache autosizing: userRoot entry cache (3 total): 65536k
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.207976581 +0100] - NOTICE -
ldbm_back_start - cache autosizing: ipaca entry cache (3 total): 65536k
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.209935120 +0100] - NOTICE -
ldbm_back_start - cache autosizing: changelog entry cache (3 total): 65536k
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.211955092 +0100] - NOTICE -
ldbm_back_start - total cache size: 282989821 B;
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.268450630 +0100] - ERR -
schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 seconds after
the server startup!
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.282669243 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.283853676 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=keys,cn=sec,cn=dns,dc=XXXkd,dc=fau,dc=de does
not exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.284750958 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.285646359 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.286462970 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=XXXkd,dc=fau,dc=de does
not exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.287349607 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=XXXkd,dc=fau,dc=de does
not exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.288118043 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.289095649 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.289876366 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.290752671 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.291856781 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.292684559 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.293502496 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.294411988 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.295131467 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.295944190 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.296675050 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.297436245 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.298242490 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.299012600 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.299921149 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.307173136 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.308050707 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=XXXkd,dc=fau,dc=de does not exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.414161967 +0100] - ERR -
NSACLPlugin - acl_parse - The ACL target cn=automember rebuild
membership,cn=tasks,cn=config does not exist
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.417370681 +0100] - ERR -
auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule (invalid
regex). Error "nothing to repeat".
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.418164001 +0100] - ERR -
auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule (invalid
regex). Error "nothing to repeat".
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.419003673 +0100] - ERR -
auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule (invalid
regex). Error "nothing to repeat".
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.451898960 +0100] - ERR -
schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds!
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.454077292 +0100] - ERR -
set_krb5_creds - Could not get initial credentials for principal
[ldap/idm1.XXXkd.fau.de(a)XXXKD.FAU.DE] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228
(Cannot contact any KDC for requested realm)
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.459158890 +0100] - INFO -
slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests
> Jan 26 20:43:07 idm1 systemd: Started 389 Directory Server XXXKD-FAU-DE..
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.461550924 +0100] - INFO -
slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests
> Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.462589374 +0100] - INFO -
slapd_daemon - Listening on /var/run/slapd-XXXKD-FAU-DE.socket for LDAPI requests
> Jan 26 20:43:07 idm1 ns-slapd: GSSAPI Error: Unspecified GSS failure. Minor code may
provide more information (No Kerberos credentials available (default cache:
/tmp/krb5cc_993))
> Jan 26 20:43:07 idm1 systemd: Starting Kerberos 5 KDC...
> Jan 26 20:43:07 idm1 systemd: Started Kerberos 5 KDC.
> Jan 26 20:43:07 idm1 systemd: Starting Kerberos 5 Password-changing and
Administration...
> Jan 26 20:43:07 idm1 systemd: Started Kerberos 5 Password-changing and
Administration.
> Jan 26 20:43:08 idm1 systemd: Starting The Apache HTTP Server...
> Jan 26 20:43:08 idm1 ipa-httpd-kdcproxy: ipa : INFO KDC proxy enabled
> Jan 26 20:43:08 idm1 systemd: Started The Apache HTTP Server.
> Jan 26 20:43:09 idm1 systemd: Starting IPA Custodia Service...
> Jan 26 20:43:09 idm1 ipa-custodia: 2018-01-26 20:43:09 - server
- Serving on Unix socket /run/httpd/ipa-custodia.sock
> Jan 26 20:43:09 idm1 systemd: Started IPA Custodia Service.
> Jan 26 20:43:09 idm1 systemd: Starting Network Time Service...
> Jan 26 20:43:09 idm1 ntpd[18606]: ntpd4.2.6p5(a)1.2349-o Wed Apr 12 21:24:06 UTC 2017
(1)
> Jan 26 20:43:09 idm1 ntpd[18607]: proto: precision = 0.092 usec
> Jan 26 20:43:09 idm1 ntpd[18607]: 0.0.0.0 c01d 0d kern kernel time sync enabled
> Jan 26 20:43:09 idm1 systemd: Started Network Time Service.
> Jan 26 20:43:09 idm1 ntpd[18607]: getaddrinfo: "2001:638:a000:b201::/64"
invalid host address, ignored
> Jan 26 20:43:09 idm1 ntpd[18607]: restrict: error in address
'2001:638:a000:b201::/64' on line 21. Ignoring...
> Jan 26 20:43:09 idm1 ntpd[18607]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
> Jan 26 20:43:09 idm1 ntpd[18607]: Listen and drop on 1 v6wildcard :: UDP 123
> Jan 26 20:43:09 idm1 ntpd[18607]: Listen normally on 2 lo 127.0.0.1 UDP 123
> Jan 26 20:43:09 idm1 ntpd[18607]: Listen normally on 3 eth0 10.188.220.100 UDP 123
> Jan 26 20:43:09 idm1 ntpd[18607]: Listen normally on 4 lo ::1 UDP 123
> Jan 26 20:43:09 idm1 ntpd[18607]: Listen normally on 5 eth0 fe80::5054:ff:fe4e:b270
UDP 123
> Jan 26 20:43:09 idm1 ntpd[18607]: Listen normally on 6 eth0
2001:638:a000:b201::220:100 UDP 123
> Jan 26 20:43:10 idm1 ntpd[18607]: Listening on routing socket on fd #23 for interface
updates
> Jan 26 20:43:10 idm1 ntpd[18607]: 0.0.0.0 c016 06 restart
> Jan 26 20:43:10 idm1 ntpd[18607]: 0.0.0.0 c012 02 freq_set ntpd -11.506 PPM
> Jan 26 20:43:10 idm1 systemd: Starting PKI Tomcat Server pki-tomcat...
> Jan 26 20:43:10 idm1 ns-slapd: [26/Jan/2018:20:43:10.654518701 +0100] - WARN -
csngen_new_csn - Too much time skew (-414240 secs). Current seqnum=1
> Jan 26 20:43:10 idm1 ns-slapd: [26/Jan/2018:20:43:10.903986761 +0100] - ERR -
NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=meToidm2.XXXkd.fau.de"
(idm2:389) - Replication bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials)
()
> Jan 26 20:43:11 idm1 ns-slapd: [26/Jan/2018:20:43:11.090525190 +0100] - WARN -
csngen_new_csn - Too much time skew (-414241 secs). Current seqnum=1
> Jan 26 20:43:11 idm1 ns-slapd: [26/Jan/2018:20:43:11.418472466 +0100] - WARN -
csngen_new_csn - Too much time skew (-414242 secs). Current seqnum=1
> Jan 26 20:43:11 idm1 ns-slapd: [26/Jan/2018:20:43:11.690552308 +0100] - WARN -
csngen_new_csn - Too much time skew (-414242 secs). Current seqnum=1
> Jan 26 20:43:11 idm1 ns-slapd: [26/Jan/2018:20:43:11.913216706 +0100] - WARN -
csngen_new_csn - Too much time skew (-414243 secs). Current seqnum=1
> Jan 26 20:43:12 idm1 pkidaemon: -----------------------
> Jan 26 20:43:12 idm1 pkidaemon: Banner is not installed
> Jan 26 20:43:12 idm1 pkidaemon: -----------------------
> Jan 26 20:43:12 idm1 pkidaemon: ----------------------
> Jan 26 20:43:12 idm1 pkidaemon: Enabled all subsystems
> Jan 26 20:43:12 idm1 pkidaemon: ----------------------
> Jan 26 20:43:12 idm1 systemd: Started PKI Tomcat Server pki-tomcat.
> Jan 26 20:43:12 idm1 server: Java virtual machine used:
/usr/lib/jvm/jre-1.8.0-openjdk/bin/java
> Jan 26 20:43:12 idm1 server: classpath used:
/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
> Jan 26 20:43:12 idm1 server: main class used: org.apache.catalina.startup.Bootstrap
> Jan 26 20:43:12 idm1 server: flags used: -DRESTEASY_LIB=/usr/share/java/resteasy-base
-Djava.library.path=/usr/lib64/nuxwdog-jni
> Jan 26 20:43:12 idm1 server: options used: -Dcatalina.base=/var/lib/pki/pki-tomcat
-Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs=
-Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.security.manager
-Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy
> Jan 26 20:43:12 idm1 server: arguments used: start
> Jan 26 20:43:12 idm1 ns-slapd: [26/Jan/2018:20:43:12.856244489 +0100] - ERR -
schema-compat-plugin - Finished plugin initialization.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'enableOCSP' to
'false' did not find a matching property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspResponderURL' to 'http://idm1.XXXkd.fau.de:9080/ca/ocsp' did not find
a matching property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspResponderCertNickname' to 'ocspSigningCert cert-pki-ca' did not find
a matching property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspCacheSize'
to '1000' did not find a matching property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMinCacheEntryDuration' to '60' did not find a matching property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMaxCacheEntryDuration' to '120' did not find a matching property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspTimeout' to
'10' did not find a matching property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'strictCiphers'
to 'true' did not find a matching property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'sslOptions' to
'ssl2=false,ssl3=false,tls=true' did not find a matching property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ssl2Ciphers' to
'-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5'
did not find a matching property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ssl3Ciphers' to
'-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'tlsCiphers' to
'-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_DSS_WITH_AES_128_CBC_SHA,+TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslVersionRangeStream' to 'tls1_0:tls1_2' did not find a matching
property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslVersionRangeDatagram' to 'tls1_1:tls1_2' did not find a matching
property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslRangeCiphers' to
'-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,+TLS_RSA_WITH_AES_128_CBC_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA256,+TLS_RSA_WITH_AES_128_GCM_SHA256,+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256'
did not find a matching property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'serverCertNickFile' to '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf'
did not find a matching property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'passwordFile'
to '/var/lib/pki/pki-tomcat/conf/password.conf' did not find a matching property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'passwordClass'
to 'org.apache.tomcat.util.net.jss.PlainPasswordFile' did not find a matching
property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'certdbDir' to
'/var/lib/pki/pki-tomcat/alias' did not find a matching property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.tomcat.util.digester.SetPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING: [SetPropertiesRule]{Server/Service/Engine/Host}
Setting property 'xmlValidation' to 'false' did not find a matching
property.
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.tomcat.util.digester.SetPropertiesRule begin
> Jan 26 20:43:13 idm1 server: WARNING: [SetPropertiesRule]{Server/Service/Engine/Host}
Setting property 'xmlNamespaceAware' to 'false' did not find a matching
property.
> Jan 26 20:43:13 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_init]
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.coyote.AbstractProtocol init
> Jan 26 20:43:13 idm1 server: INFO: Initializing ProtocolHandler
["http-bio-8080"]
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.coyote.AbstractProtocol init
> Jan 26 20:43:13 idm1 server: INFO: Initializing ProtocolHandler
["http-bio-8443"]
> Jan 26 20:43:13 idm1 server: Error: SSL cipher
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" not recognized by tomcatjss
> Jan 26 20:43:13 idm1 server: Error: SSL cipher
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" not recognized by tomcatjss
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.coyote.AbstractProtocol init
> Jan 26 20:43:13 idm1 server: INFO: Initializing ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> Jan 26 20:43:13 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_init]
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.Catalina load
> Jan 26 20:43:13 idm1 server: INFO: Initialization processed in 887 ms
> Jan 26 20:43:13 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_start]
> Jan 26 20:43:13 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[configure_start]
> Jan 26 20:43:13 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[start]
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.core.StandardService startInternal
> Jan 26 20:43:13 idm1 server: INFO: Starting service Catalina
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.core.StandardEngine startInternal
> Jan 26 20:43:13 idm1 server: INFO: Starting Servlet Engine: Apache Tomcat/7.0.76
> Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:43:13 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ca.xml
> Jan 26 20:43:13 idm1 server: SSLAuthenticatorWithFallback: Creating SSL authenticator
with fallback
> Jan 26 20:43:13 idm1 server: SSLAuthenticatorWithFallback: Setting container
> Jan 26 20:43:14 idm1 ntpd[18607]: 0.0.0.0 c515 05 clock_sync
> Jan 26 20:43:15 idm1 server: Jan 26, 2018 8:43:15 PM
org.apache.catalina.startup.TldConfig execute
> Jan 26 20:43:15 idm1 server: INFO: At least one JAR was scanned for TLDs yet
contained no TLDs. Enable debug logging for this logger for a complete list of JARs that
were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can
improve startup time and JSP compilation time.
> Jan 26 20:43:15 idm1 server: SSLAuthenticatorWithFallback: Initializing
authenticators
> Jan 26 20:43:15 idm1 server: SSLAuthenticatorWithFallback: Starting authenticators
> Jan 26 20:43:15 idm1 server: CMSEngine.initializePasswordStore() begins
> Jan 26 20:43:15 idm1 server: CMSEngine.initializePasswordStore(): tag=internaldb
> Jan 26 20:43:15 idm1 server: CMSEngine.initializePasswordStore(): tag=replicationdb
> Jan 26 20:43:16 idm1 ns-slapd: [26/Jan/2018:20:43:16.928242338 +0100] - WARN -
csngen_new_csn - Too much time skew (-414239 secs). Current seqnum=1
> Jan 26 20:43:17 idm1 ns-slapd: [26/Jan/2018:20:43:17.631952903 +0100] - WARN -
csngen_new_csn - Too much time skew (-414239 secs). Current seqnum=1
> Jan 26 20:43:17 idm1 ns-slapd: [26/Jan/2018:20:43:17.654048776 +0100] - WARN -
csngen_new_csn - Too much time skew (-414240 secs). Current seqnum=1
> Jan 26 20:43:18 idm1 server: SelfTestSubsystem: Disabling "ca" subsystem
due to selftest failure.
> Jan 26 20:43:18 idm1 server: -----------------------
> Jan 26 20:43:18 idm1 server: Disabled "ca" subsystem
> Jan 26 20:43:18 idm1 server: -----------------------
> Jan 26 20:43:18 idm1 server: Subsystem ID: ca
> Jan 26 20:43:18 idm1 server: Instance ID: pki-tomcat
> Jan 26 20:43:18 idm1 server: Enabled: False
> Jan 26 20:43:18 idm1 server: Invalid class name repositorytop
> Jan 26 20:43:19 idm1 server: Invalid class name repositorytop
> Jan 26 20:43:19 idm1 server: at
com.netscape.cmscore.dbs.DBRegistry.createObject(DBRegistry.java:485)
> Jan 26 20:43:19 idm1 server: at
com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:167)
> Jan 26 20:43:19 idm1 server: at
com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:137)
> Jan 26 20:43:19 idm1 server: at
com.netscape.cmscore.dbs.Repository.getSerialNumber(Repository.java:125)
> Jan 26 20:43:19 idm1 server: at
com.netscape.cmscore.dbs.Repository.initCache(Repository.java:244)
> Jan 26 20:43:19 idm1 server: at
com.netscape.cmscore.dbs.Repository.checkRanges(Repository.java:460)
> Jan 26 20:43:19 idm1 server: at
com.netscape.cmscore.apps.CMSEngine.startup(CMSEngine.java:1378)
> Jan 26 20:43:19 idm1 server: at com.netscape.certsrv.apps.CMS.startup(CMS.java:202)
> Jan 26 20:43:19 idm1 server: at com.netscape.certsrv.apps.CMS.start(CMS.java:1632)
> Jan 26 20:43:19 idm1 server: at
com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:117)
> Jan 26 20:43:19 idm1 server: at
javax.servlet.GenericServlet.init(GenericServlet.java:158)
> Jan 26 20:43:19 idm1 server: at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
> Jan 26 20:43:19 idm1 server: at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> Jan 26 20:43:19 idm1 server: at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> Jan 26 20:43:19 idm1 server: at java.lang.reflect.Method.invoke(Method.java:498)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
> Jan 26 20:43:19 idm1 server: at java.security.AccessController.doPrivileged(Native
Method)
> Jan 26 20:43:19 idm1 server: at
javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1257)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1182)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1072)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5368)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5660)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
> Jan 26 20:43:19 idm1 server: at java.security.AccessController.doPrivileged(Native
Method)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
> Jan 26 20:43:19 idm1 server: at
org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
> Jan 26 20:43:19 idm1 server: at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> Jan 26 20:43:19 idm1 server: at
java.util.concurrent.FutureTask.run(FutureTask.java:266)
> Jan 26 20:43:19 idm1 server: at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> Jan 26 20:43:19 idm1 server: at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> Jan 26 20:43:19 idm1 server: at java.lang.Thread.run(Thread.java:748)
> Jan 26 20:43:19 idm1 server: Jan 26, 2018 8:43:19 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:43:19 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ca.xml has finished in 5,274 ms
> Jan 26 20:43:19 idm1 server: Jan 26, 2018 8:43:19 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:43:19 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml
> Jan 26 20:43:19 idm1 server: Jan 26, 2018 8:43:19 PM
org.apache.catalina.startup.TldConfig execute
> Jan 26 20:43:19 idm1 server: INFO: At least one JAR was scanned for TLDs yet
contained no TLDs. Enable debug logging for this logger for a complete list of JARs that
were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can
improve startup time and JSP compilation time.
> Jan 26 20:43:19 idm1 server: Jan 26, 2018 8:43:19 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:43:19 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml has finished in 738 ms
> Jan 26 20:43:19 idm1 server: Jan 26, 2018 8:43:19 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:43:19 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki.xml
> Jan 26 20:43:20 idm1 server: Jan 26, 2018 8:43:20 PM
org.apache.catalina.startup.TldConfig execute
> Jan 26 20:43:20 idm1 server: INFO: At least one JAR was scanned for TLDs yet
contained no TLDs. Enable debug logging for this logger for a complete list of JARs that
were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can
improve startup time and JSP compilation time.
> Jan 26 20:43:20 idm1 server: Jan 26, 2018 8:43:20 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> Jan 26 20:43:20 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki.xml has finished in 1,088 ms
> Jan 26 20:43:20 idm1 server: Jan 26, 2018 8:43:20 PM
org.apache.coyote.AbstractProtocol start
> Jan 26 20:43:20 idm1 server: INFO: Starting ProtocolHandler
["http-bio-8080"]
> Jan 26 20:43:20 idm1 server: Jan 26, 2018 8:43:20 PM
org.apache.coyote.AbstractProtocol start
> Jan 26 20:43:20 idm1 server: INFO: Starting ProtocolHandler
["http-bio-8443"]
> Jan 26 20:43:20 idm1 server: Jan 26, 2018 8:43:20 PM
org.apache.coyote.AbstractProtocol start
> Jan 26 20:43:20 idm1 server: INFO: Starting ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> Jan 26 20:43:20 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_start]
> Jan 26 20:43:20 idm1 server: PKIListener: Subsystem CA is disabled.
> Jan 26 20:43:20 idm1 server: PKIListener: Check
/var/log/pki/pki-tomcat/ca/selftests.log for possible errors.
> Jan 26 20:43:20 idm1 server: PKIListener: To enable the subsystem:
> Jan 26 20:43:20 idm1 server: PKIListener: pki-server subsystem-enable -i pki-tomcat
ca
> Jan 26 20:43:20 idm1 server: Jan 26, 2018 8:43:20 PM
org.apache.catalina.startup.Catalina start
> Jan 26 20:43:20 idm1 server: INFO: Server startup in 7197 ms
> Jan 26 20:43:21 idm1 ns-slapd: [26/Jan/2018:20:43:21.078383741 +0100] - WARN -
csngen_new_csn - Too much time skew (-414238 secs). Current seqnum=1
> Jan 26 20:43:21 idm1 ns-slapd: [26/Jan/2018:20:43:21.369142943 +0100] - WARN -
csngen_new_csn - Too much time skew (-414239 secs). Current seqnum=1
> Jan 26 20:43:29 idm1 ns-slapd: [26/Jan/2018:20:43:29.176587570 +0100] - WARN -
csngen_new_csn - Too much time skew (-414232 secs). Current seqnum=1
> Jan 26 20:43:31 idm1 server: Jan 26, 2018 8:43:31 PM
org.apache.catalina.startup.HostConfig undeploy
> Jan 26 20:43:31 idm1 server: INFO: Undeploying context [/ca]
> Jan 26 20:43:31 idm1 server: SSLAuthenticatorWithFallback: Stopping authenticators
> Jan 26 20:43:31 idm1 server: Jan 26, 2018 8:43:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:43:31 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [LDAPConnThread-0ldaps://idm1.XXXkd.fau.de:636] but has failed to
stop it. This is very likely to create a memory leak.
> Jan 26 20:43:31 idm1 server: Jan 26, 2018 8:43:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:43:31 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [LDAPConnThread-2ldaps://idm1.XXXkd.fau.de:636] but has failed to
stop it. This is very likely to create a memory leak.
> Jan 26 20:43:31 idm1 server: Jan 26, 2018 8:43:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:43:31 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [authorityMonitor] but has failed to stop it. This is very likely
to create a memory leak.
> Jan 26 20:43:31 idm1 server: Jan 26, 2018 8:43:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:43:31 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [LDAPConnThread-3ldaps://idm1.XXXkd.fau.de:636] but has failed to
stop it. This is very likely to create a memory leak.
> Jan 26 20:43:31 idm1 server: Jan 26, 2018 8:43:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> Jan 26 20:43:31 idm1 server: SEVERE: The web application [/ca] appears to have
started a thread named [profileChangeMonitor] but has failed to stop it. This is very
likely to create a memory leak.
> Jan 26 20:43:31 idm1 server: SSLAuthenticatorWithFallback: Setting container
> Jan 26 20:43:38 idm1 ns-slapd: [26/Jan/2018:20:43:38.212105934 +0100] - WARN -
csngen_new_csn - Too much time skew (-414224 secs). Current seqnum=1
> Jan 26 20:43:38 idm1 ns-slapd: [26/Jan/2018:20:43:38.221564490 +0100] - WARN -
csngen_new_csn - Too much time skew (-414225 secs). Current seqnum=1
> Jan 26 20:43:50 idm1 ns-slapd: [26/Jan/2018:20:43:50.895768971 +0100] - WARN -
csngen_new_csn - Too much time skew (-414213 secs). Current seqnum=1
> Jan 26 20:43:50 idm1 ns-slapd: [26/Jan/2018:20:43:50.928585085 +0100] - WARN -
csngen_new_csn - Too much time skew (-414214 secs). Current seqnum=1
> Jan 26 20:43:50 idm1 ns-slapd: [26/Jan/2018:20:43:50.973568568 +0100] - WARN -
csngen_new_csn - Too much time skew (-414215 secs). Current seqnum=1
> Jan 26 20:43:50 idm1 ns-slapd: [26/Jan/2018:20:43:50.996767806 +0100] - WARN -
csngen_new_csn - Too much time skew (-414216 secs). Current seqnum=1
> Jan 26 20:43:53 idm1 ns-slapd: [26/Jan/2018:20:43:53.245471011 +0100] - WARN -
csngen_new_csn - Too much time skew (-414215 secs). Current seqnum=1
> Jan 26 20:44:09 idm1 ns-slapd: [26/Jan/2018:20:44:09.057455395 +0100] - WARN -
csngen_new_csn - Too much time skew (-414200 secs). Current seqnum=1
> Jan 26 20:44:09 idm1 ns-slapd: [26/Jan/2018:20:44:09.080883041 +0100] - WARN -
csngen_new_csn - Too much time skew (-414201 secs). Current seqnum=1
> Jan 26 20:44:22 idm1 ns-slapd: [26/Jan/2018:20:44:22.056086120 +0100] - WARN -
csngen_new_csn - Too much time skew (-414189 secs). Current seqnum=1
> Jan 26 20:44:22 idm1 ns-slapd: [26/Jan/2018:20:44:22.083244850 +0100] - WARN -
csngen_new_csn - Too much time skew (-414190 secs). Current seqnum=1
> Jan 26 20:44:22 idm1 ns-slapd: [26/Jan/2018:20:44:22.090879226 +0100] - WARN -
csngen_new_csn - Too much time skew (-414191 secs). Current seqnum=1
> _______________________________________________
> FreeIPA-users mailing list --freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email tofreeipa-users-leave(a)lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list --freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email tofreeipa-users-leave(a)lists.fedorahosted.org