Upgraded from CentOS 7.5 to 7.6 which includes IPA upgrade.from 4.5.4-10 to 4.6.4-10
upgrade was done via yum upgrade
Upgrade went fine. I see no alarming errors in the logs. It stopped and started all the
servers did the ipa upgrade. All was fine once completed.
Reboot and now pki-tomcatd CA will not start. Tomcat starts, gets all the way to were it
should start the CA and doesn't. No errors, Debug doesn't show any blatant
errors. It does have "Repository: Server not completely started. Returning .."
which is the closest thing I see to an error.
All the certs are in monitoring state. None are expired. Domain is not quite a year old.
PKI is communicating to LDAP without issues. Validated that. Also checked for and
replication errors. There are none.
This is happening on all 4 systems. In the exact same way. DNS is up, we can
authenticate, kerbrose is working. Can search LDAP via SSL and non-SSL Rebooted into the
older kernel just to make sure. Reverted back to an old CS.cfg also, no different.
I'm at a complete loss. Most other posts and pages about this all deal with expired
certs. And the one that wasn't (from Redhat) was about replication conflicts.
Nothing is panning out.
Fully patched CentOS Linux release 7.6.1810 (Core)
ipa-client-4.6.4-10.el7.centos.x86_64
ipa-client-common-4.6.4-10.el7.centos.noarch
ipa-common-4.6.4-10.el7.centos.noarch
ipa-server-4.6.4-10.el7.centos.x86_64
ipa-server-common-4.6.4-10.el7.centos.noarch
ipa-server-dns-4.6.4-10.el7.centos.noarch
libipa_hbac-1.16.2-13.el7.x86_64
python2-ipaclient-4.6.4-10.el7.centos.noarch
python2-ipalib-4.6.4-10.el7.centos.noarch
python2-ipaserver-4.6.4-10.el7.centos.noarch
python-iniparse-0.4-9.el7.noarch
python-libipa_hbac-1.16.2-13.el7.x86_64
sssd-ipa-1.16.2-13.el7.x86_64
krb5-pkinit-1.15.1-34.el7.x86_64
pki-base-10.5.9-6.el7.noarch
pki-base-java-10.5.9-6.el7.noarch
pki-ca-10.5.9-6.el7.noarch
pki-kra-10.5.9-6.el7.noarch
pki-server-10.5.9-6.el7.noarch
pki-tools-10.5.9-6.el7.x86_64
Show replies by date