ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for url: http://server.example.com:8080/ca/admin/ca/getStatus
Hello!
Frequently during startup on my (admittedly slower) FreeIPA server pki- tomcat fails to start. If I then start it manually after the system is booted, the service invariably succeeds. The end of it's log when it fails during boot is:
Oct 08 13:19:40 server.example.com ipa-pki-wait-running[1760]: ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for url: http://server.example.com:8080/ca/admin/ca/getStatus Oct 08 13:19:41 server.example.com ipa-pki-wait-running[1760]: ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for url: http://server.example.com:8080/ca/admin/ca/getStatus Oct 08 13:19:42 server.example.com ipa-pki-wait-running[1760]: ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for url: http://server.example.com:8080/ca/admin/ca/getStatus Oct 08 13:19:43 server.example.com ipa-pki-wait-running[1760]: ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for url: http://server.example.com:8080/ca/admin/ca/getStatus Oct 08 13:19:44 server.example.com ipa-pki-wait-running[1760]: ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for url: http://server.example.com:8080/ca/admin/ca/getStatus Oct 08 13:19:45 server.example.com ipa-pki-wait-running[1760]: ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for url: http://server.example.com:8080/ca/admin/ca/getStatus Oct 08 13:19:46 server.example.com ipa-pki-wait-running[1760]: ipa-pki-wait-running: Reached end of wait timeout 600, giving up Oct 08 13:19:46 server.example.com systemd[1]: pki-tomcatd@pki-tomcat.service: Control process exited, code=exited status=1 Oct 08 13:19:47 server.example.com systemd[1]: pki-tomcatd@pki-tomcat.service: Failed with result 'exit-code'. Oct 08 13:19:47 server.example.com systemd[1]: Failed to start PKI Tomcat Server pki-tomcat. Oct 08 13:19:47 server.example.com systemd[1]: Reached target PKI Tomcat Server. Oct 08 13:19:47 server.example.com systemd[1]: Starting Certificate monitoring and PKI enrollment... Oct 08 13:19:47 server.example.com certmonger[17034]: 2025-10-08 13:19:47 [17034] Changing to root directory. Oct 08 13:19:47 server.example.com certmonger[17034]: 2025-10-08 13:19:47 [17034] Obtaining system lock. Oct 08 13:19:47 server.example.com systemd[1]: Listening on ipa-otpd socket. Oct 08 13:19:47 server.example.com systemd[1]: Started IPA key daemon. Oct 08 13:19:47 server.example.com ipactl[1988]: ipa: INFO: The ipactl command was successful
Seems I have a timeout that needs to be extended but I'm not sure which one it is. What is not completed it's startup and running that is causing the 404 on http://server.example.com:8080/ca/admin/ca/getStatus when pki-tomcat finally times out and gives up?
Cheers, b.
Hi,
On Wed, Oct 8, 2025 at 7:40 PM Brian J. Murrell via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Hello!
Frequently during startup on my (admittedly slower) FreeIPA server pki- tomcat fails to start. If I then start it manually after the system is booted, the service invariably succeeds. The end of it's log when it fails during boot is:
Oct 08 13:19:40 server.example.com ipa-pki-wait-running[1760]: ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for url: http://server.example.com:8080/ca/admin/ca/getStatus Oct 08 13:19:41 server.example.com ipa-pki-wait-running[1760]: ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for url: http://server.example.com:8080/ca/admin/ca/getStatus Oct 08 13:19:42 server.example.com ipa-pki-wait-running[1760]: ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for url: http://server.example.com:8080/ca/admin/ca/getStatus Oct 08 13:19:43 server.example.com ipa-pki-wait-running[1760]: ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for url: http://server.example.com:8080/ca/admin/ca/getStatus Oct 08 13:19:44 server.example.com ipa-pki-wait-running[1760]: ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for url: http://server.example.com:8080/ca/admin/ca/getStatus Oct 08 13:19:45 server.example.com ipa-pki-wait-running[1760]: ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for url: http://server.example.com:8080/ca/admin/ca/getStatus Oct 08 13:19:46 server.example.com ipa-pki-wait-running[1760]: ipa-pki-wait-running: Reached end of wait timeout 600, giving up Oct 08 13:19:46 server.example.com systemd[1]: pki-tomcatd@pki-tomcat.service: Control process exited, code=exited status=1 Oct 08 13:19:47 server.example.com systemd[1]: pki-tomcatd@pki-tomcat.service: Failed with result 'exit-code'. Oct 08 13:19:47 server.example.com systemd[1]: Failed to start PKI Tomcat Server pki-tomcat. Oct 08 13:19:47 server.example.com systemd[1]: Reached target PKI Tomcat Server. Oct 08 13:19:47 server.example.com systemd[1]: Starting Certificate monitoring and PKI enrollment... Oct 08 13:19:47 server.example.com certmonger[17034]: 2025-10-08 13:19:47 [17034] Changing to root directory. Oct 08 13:19:47 server.example.com certmonger[17034]: 2025-10-08 13:19:47 [17034] Obtaining system lock. Oct 08 13:19:47 server.example.com systemd[1]: Listening on ipa-otpd socket. Oct 08 13:19:47 server.example.com systemd[1]: Started IPA key daemon. Oct 08 13:19:47 server.example.com ipactl[1988]: ipa: INFO: The ipactl command was successful
Seems I have a timeout that needs to be extended but I'm not sure which one it is. What is not completed it's startup and running that is causing the 404 on http://server.example.com:8080/ca/admin/ca/getStatus when pki-tomcat finally times out and gives up?
When pki-tomcat starts, there is a script that is executed in order to wait for the CA subsystem to be reachable. This is setup through the /etc/systemd/system/pki-tomcatd@pki-tomcat.service.d/ipa.conf file that defines *ExecStartPost=/usr/libexec/ipa/ipa-pki-wait-running*. The script simply calls a CA endpoint until it succeeds or the timeout is reached. By default, the timeout is 120s but it can be changed by setting a different value in /etc/ipa/default.conf in the startup_timeout value.
Cheers,
b.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
On Thu, 2025-10-09 at 10:44 +0200, Florence Blanc-Renaud via FreeIPA- users wrote:
Hi,
Hello!
When pki-tomcat starts, there is a script that is executed in order to wait for the CA subsystem to be reachable.
Indeed. This much I gathered.
This is setup through the /etc/systemd/system/pki-tomcatd@pki-tomcat.service.d/ipa.conf file that defines *ExecStartPost=/usr/libexec/ipa/ipa-pki-wait-running*.
Right.
The script simply calls a CA endpoint until it succeeds or the timeout is reached.
Right. It is this much that I had gathered. What I am unsure of is which systemd service unit is responsible for starting whatever service is listening on the CA endpoint? I.e. what unit startup is taking longer than ipa-pki-wait-running is waiting for causing pki-tomcatd@pki-tomcat.service to time out?
By default, the timeout is 120s but it can be changed by setting a different value in /etc/ipa/default.conf in the startup_timeout value.
Right. Which I've already increased:
startup_timeout = 600
But rather than continue to just try to guess at how long it's taking to start up so that the CA endpoint is reachable, I'd like to know which service it is so that I can look in the logs and see how long it's actually taking to start up. I'm not sure which unit file I am looking for though.
Cheers, b.
Brian J. Murrell via FreeIPA-users wrote:
On Thu, 2025-10-09 at 10:44 +0200, Florence Blanc-Renaud via FreeIPA- users wrote:
Hi,
Hello!
When pki-tomcat starts, there is a script that is executed in order to wait for the CA subsystem to be reachable.
Indeed. This much I gathered.
This is setup through the /etc/systemd/system/pki-tomcatd@pki-tomcat.service.d/ipa.conf file that defines *ExecStartPost=/usr/libexec/ipa/ipa-pki-wait-running*.
Right.
The script simply calls a CA endpoint until it succeeds or the timeout is reached.
Right. It is this much that I had gathered. What I am unsure of is which systemd service unit is responsible for starting whatever service is listening on the CA endpoint? I.e. what unit startup is taking longer than ipa-pki-wait-running is waiting for causing pki-tomcatd@pki-tomcat.service to time out?
By default, the timeout is 120s but it can be changed by setting a different value in /etc/ipa/default.conf in the startup_timeout value.
Right. Which I've already increased:
startup_timeout = 600
But rather than continue to just try to guess at how long it's taking to start up so that the CA endpoint is reachable, I'd like to know which service it is so that I can look in the logs and see how long it's actually taking to start up. I'm not sure which unit file I am looking for though.
Cheers, b.
pki-tomcatd@pki-tomcat is timing itself out. Increasing the startup_timeout in /etc/ipa/*.conf is not sufficient. The systemd start timeout needs to be updated as well (blame the systemd folks, not us).
Setting TimeoutStartSec=<some value> in /etc/systemd/system/pki-tomcatd@pki-tomcat.service.d/ipa.conf should do it.
The default is 90s.
rob
On Thu, 2025-10-09 at 16:33 -0400, Rob Crittenden via FreeIPA-users wrote:
pki-tomcatd@pki-tomcat is timing itself out.
I don't think it is:
Oct 08 13:19:46 server.interlinx.bc.ca ipa-pki-wait-running[1760]: ipa-pki-wait-running: Reached end of wait timeout 600, giving up
So it does seem to be waiting the increased 600s timeout.
Increasing the startup_timeout in /etc/ipa/*.conf is not sufficient. The systemd start timeout needs to be updated as well (blame the systemd folks, not us).
Indeed, it was. But I have already addressed that:
# cat /etc/systemd/system/pki-tomcatd@pki-tomcat.service.d/override.conf [Service] TimeoutStartSec=2400
But again, I want to stop guessing at how long the timeout needs to be and look in the journal at the (mysterious, to me) service that is providing the queried CA endpoint to see how long it's actually taking to start using the systemd log messages.
So which systemd unit is providing the queried CA endpoint?
Cheers, b.
On Thu, 2025-10-09 at 17:32 -0400, Brian J. Murrell via FreeIPA-users wrote:
On Thu, 2025-10-09 at 16:33 -0400, Rob Crittenden via FreeIPA-users wrote:
pki-tomcatd@pki-tomcat is timing itself out.
I don't think it is:
Oct 08 13:19:46 server.interlinx.bc.ca ipa-pki-wait-running[1760]: ipa-pki-wait-running: Reached end of wait timeout 600, giving up
So it does seem to be waiting the increased 600s timeout.
Increasing the startup_timeout in /etc/ipa/*.conf is not sufficient. The systemd start timeout needs to be updated as well (blame the systemd folks, not us).
Indeed, it was. But I have already addressed that:
# cat /etc/systemd/system/pki-tomcatd@pki-tomcat.service.d/override.conf [Service] TimeoutStartSec=2400
But again, I want to stop guessing at how long the timeout needs to be and look in the journal at the (mysterious, to me) service that is providing the queried CA endpoint to see how long it's actually taking to start using the systemd log messages.
So which systemd unit is providing the queried CA endpoint?
Any further information available here?
Cheers, b.
Hi,
On Sun, Oct 12, 2025 at 6:39 PM Brian J. Murrell via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
On Thu, 2025-10-09 at 17:32 -0400, Brian J. Murrell via FreeIPA-users wrote:
On Thu, 2025-10-09 at 16:33 -0400, Rob Crittenden via FreeIPA-users wrote:
pki-tomcatd@pki-tomcat is timing itself out.
I don't think it is:
Oct 08 13:19:46 server.interlinx.bc.ca ipa-pki-wait-running[1760]: ipa-pki-wait-running: Reached end of wait timeout 600, giving up
So it does seem to be waiting the increased 600s timeout.
Increasing the startup_timeout in /etc/ipa/*.conf is not sufficient. The systemd start timeout needs to be updated as well (blame the systemd folks, not us).
Indeed, it was. But I have already addressed that:
# cat /etc/systemd/system/pki-tomcatd@pki-tomcat.service.d/override.conf [Service] TimeoutStartSec=2400
But again, I want to stop guessing at how long the timeout needs to be and look in the journal at the (mysterious, to me) service that is providing the queried CA endpoint to see how long it's actually taking to start using the systemd log messages.
So which systemd unit is providing the queried CA endpoint?
Any further information available here?
pki-tomcatd@pki-tomcat (the Certificate server) is providing this endpoint. You can have a look at the logs in /var/log/pki/pki-tomcat/ca/debug to see if the CA has issues connecting to the LDAP server or is simply slow to start.
flo
Cheers, b. -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
On Mon, 2025-10-13 at 10:58 +0200, Florence Blanc-Renaud wrote:
pki-tomcatd@pki-tomcat (the Certificate server) is providing this endpoint.
So it's the pki-tomcatd@pki-tomcat service waiting for itself and timing out when it, itself does not start? But surely it not starting within the timeout is related to something else that is slow to start, yes?
You can have a look at the logs in /var/log/pki/pki-tomcat/ca/debug
That log, on my system has not been updated since Jan 23 2022. Perhaps loggging there was disabled seeing as it was 2,531,627,243 bytes when it was last updated.
I do seem to have logs from 2022 onward in /var/lib/pki/pki- tomcat/logs/ca/ though. Maybe the location was just moved.
Anyway, in that log, between the time of the startup of pki-tomcatd@pki-tomcat and it timing out, the above mentioned debug log has this contents:
2025-10-08 13:10:39 [main] INFO: CMSEngine: initializing password store 2025-10-08 13:10:40 [main] INFO: CMSEngine: initializing password store for internaldb 2025-10-08 13:10:40 [main] INFO: CMSEngine: initializing password store for replicationdb 2025-10-08 13:10:40 [main] INFO: CMSEngine: Initializing subsystem listeners 2025-10-08 13:10:40 [main] INFO: CMSEngine: Java version: 1.8.0_462 2025-10-08 13:10:40 [main] INFO: CMSEngine: security providers: 2025-10-08 13:10:40 [main] INFO: PluginRegistry: Loading plugin registry from /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-10-08 13:10:40 [main] SEVERE: Unable to create socket: java.net.ConnectException: Connection refused (Connection refused) java.net.ConnectException: Connection refused (Connection refused) at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:607) at java.net.Socket.connect(Socket.java:556) at java.net.Socket.<init>(Socket.java:452) at java.net.Socket.<init>(Socket.java:262) at com.netscape.cmscore.ldapconn.PKISocketFactory.makeSSLSocket(PKISocketFactory.java:131) at com.netscape.cmscore.ldapconn.PKISocketFactory.makeSocket(PKISocketFactory.java:169) at netscape.ldap.LDAPConnSetupMgr.connectServer(Unknown Source) at netscape.ldap.LDAPConnSetupMgr.openSerial(Unknown Source) at netscape.ldap.LDAPConnSetupMgr.connect(Unknown Source) at netscape.ldap.LDAPConnSetupMgr.openConnection(Unknown Source) at netscape.ldap.LDAPConnThread.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at com.netscape.cmscore.ldapconn.LdapBoundConnection.<init>(LdapBoundConnection.java:108) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:287) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:263) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:226) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:195) at org.dogtagpki.server.ca.CAEngine.initDatabase(CAEngine.java:199) at com.netscape.cmscore.apps.CMSEngine.start(CMSEngine.java:1105) at com.netscape.cmscore.apps.CMSEngine.contextInitialized(CMSEngine.java:1688) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4462) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4914) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:683) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:124) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:142) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:132) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:656) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:661) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:680) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1844) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:575) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:466) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1584) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:312) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:114) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:345) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:893) at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:794) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:866) at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:248) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardService.startInternal(StandardService.java:433) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:925) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.startup.Catalina.start(Catalina.java:735) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
2025-10-08 13:10:40 [main] SEVERE: LdapBoundConnFactory: Unable to connect to LDAP server: Unable to create socket: java.net.ConnectException: Connection refused (Connection refused) netscape.ldap.LDAPException: Unable to create socket: java.net.ConnectException: Connection refused (Connection refused) (-1) at com.netscape.cmscore.ldapconn.PKISocketFactory.makeSocket(PKISocketFactory.java:202) at netscape.ldap.LDAPConnSetupMgr.connectServer(Unknown Source) at netscape.ldap.LDAPConnSetupMgr.openSerial(Unknown Source) at netscape.ldap.LDAPConnSetupMgr.connect(Unknown Source) at netscape.ldap.LDAPConnSetupMgr.openConnection(Unknown Source) at netscape.ldap.LDAPConnThread.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at com.netscape.cmscore.ldapconn.LdapBoundConnection.<init>(LdapBoundConnection.java:108) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:287) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:263) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:226) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:195) at org.dogtagpki.server.ca.CAEngine.initDatabase(CAEngine.java:199) at com.netscape.cmscore.apps.CMSEngine.start(CMSEngine.java:1105) at com.netscape.cmscore.apps.CMSEngine.contextInitialized(CMSEngine.java:1688) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4462) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4914) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:683) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:124) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:142) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:132) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:656) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:661) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:680) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1844) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:575) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:466) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1584) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:312) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:114) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:345) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:893) at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:794) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:866) at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:248) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardService.startInternal(StandardService.java:433) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:925) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.startup.Catalina.start(Catalina.java:735) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
2025-10-08 13:10:40 [main] SEVERE: Unable to start CA engine: Unable to connect to LDAP server: Unable to create socket: java.net.ConnectException: Connection refused (Connection refused) Unable to connect to LDAP server: Unable to create socket: java.net.ConnectException: Connection refused (Connection refused) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:305) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:263) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:226) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:195) at org.dogtagpki.server.ca.CAEngine.initDatabase(CAEngine.java:199) at com.netscape.cmscore.apps.CMSEngine.start(CMSEngine.java:1105) at com.netscape.cmscore.apps.CMSEngine.contextInitialized(CMSEngine.java:1688) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4462) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4914) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:683) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:124) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:142) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:132) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:656) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:661) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:680) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1844) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:575) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:466) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1584) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:312) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:114) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:345) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:893) at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:794) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:866) at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:248) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardService.startInternal(StandardService.java:433) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:925) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.startup.Catalina.start(Catalina.java:735) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473) Caused by: netscape.ldap.LDAPException: Unable to create socket: java.net.ConnectException: Connection refused (Connection refused) (-1) at com.netscape.cmscore.ldapconn.PKISocketFactory.makeSocket(PKISocketFactory.java:202) at netscape.ldap.LDAPConnSetupMgr.connectServer(Unknown Source) at netscape.ldap.LDAPConnSetupMgr.openSerial(Unknown Source) at netscape.ldap.LDAPConnSetupMgr.connect(Unknown Source) at netscape.ldap.LDAPConnSetupMgr.openConnection(Unknown Source) at netscape.ldap.LDAPConnThread.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at com.netscape.cmscore.ldapconn.LdapBoundConnection.<init>(LdapBoundConnection.java:108) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:287) ... 51 more
2025-10-08 13:10:40 [main] INFO: Shutting down CA subsystem 2025-10-08 13:10:40 [main] SEVERE: Exception sending context initialized event to listener instance of class [org.dogtagpki.server.ca.CAEngine] java.lang.NullPointerException at com.netscape.cmscore.apps.CMSEngine.shutdownAuthSubsystem(CMSEngine.java:1291) at com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:1368) at org.dogtagpki.server.ca.CAEngine.shutdown(CAEngine.java:1741) at com.netscape.cmscore.apps.CMSEngine.contextInitialized(CMSEngine.java:1692) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4462) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4914) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:683) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:124) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:142) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:132) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:656) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:661) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:680) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1844) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:575) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:466) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1584) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:312) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:114) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:345) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:893) at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:794) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:866) at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:248) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardService.startInternal(StandardService.java:433) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:925) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.startup.Catalina.start(Catalina.java:735) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
2025-10-08 13:10:40 [main] INFO: Shutting down CA subsystem 2025-10-08 13:10:40 [main] SEVERE: Exception sending context destroyed event to listener instance of class [org.dogtagpki.server.ca.CAEngine] java.lang.NullPointerException at com.netscape.cmscore.apps.CMSEngine.shutdownAuthSubsystem(CMSEngine.java:1291) at com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:1368) at org.dogtagpki.server.ca.CAEngine.shutdown(CAEngine.java:1741) at com.netscape.cmscore.apps.CMSEngine.contextDestroyed(CMSEngine.java:1699) at org.apache.catalina.core.StandardContext.listenerStop(StandardContext.java:4508) at org.apache.catalina.core.StandardContext.stopInternal(StandardContext.java:5147) at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:242) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:175) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:683) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:124) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:142) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:132) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:656) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:661) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:680) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1844) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:575) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:466) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1584) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:312) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:114) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:345) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:893) at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:794) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:866) at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:248) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardService.startInternal(StandardService.java:433) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:925) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.startup.Catalina.start(Catalina.java:735) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
None of that means anything to me though, unfortunately.
Cheers, b.
Brian J. Murrell via FreeIPA-users wrote:
On Mon, 2025-10-13 at 10:58 +0200, Florence Blanc-Renaud wrote:
pki-tomcatd@pki-tomcat (the Certificate server) is providing this endpoint.
So it's the pki-tomcatd@pki-tomcat service waiting for itself and timing out when it, itself does not start? But surely it not starting within the timeout is related to something else that is slow to start, yes?
tomcat is a webapp runner. The runners themselves do not block tomcat from starting, hence the separate script which is used to identify when the CA is actually running. The 404 are present because the CA never started, so no app to route requests to.
You can have a look at the logs in /var/log/pki/pki-tomcat/ca/debug
That log, on my system has not been updated since Jan 23 2022. Perhaps loggging there was disabled seeing as it was 2,531,627,243 bytes when it was last updated.
I do seem to have logs from 2022 onward in /var/lib/pki/pki- tomcat/logs/ca/ though. Maybe the location was just moved.
No but the name may have changed. Newer versions of pki use time-dated debug log filenames to prevent it from growing forever, or at least until reaching the FS max.
Anyway, in that log, between the time of the startup of pki-tomcatd@pki-tomcat and it timing out, the above mentioned debug log has this contents:
2025-10-08 13:10:39 [main] INFO: CMSEngine: initializing password store 2025-10-08 13:10:40 [main] INFO: CMSEngine: initializing password store for internaldb 2025-10-08 13:10:40 [main] INFO: CMSEngine: initializing password store for replicationdb 2025-10-08 13:10:40 [main] INFO: CMSEngine: Initializing subsystem listeners 2025-10-08 13:10:40 [main] INFO: CMSEngine: Java version: 1.8.0_462 2025-10-08 13:10:40 [main] INFO: CMSEngine: security providers: 2025-10-08 13:10:40 [main] INFO: PluginRegistry: Loading plugin registry from /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-10-08 13:10:40 [main] SEVERE: Unable to create socket: java.net.ConnectException: Connection refused (Connection refused) java.net.ConnectException: Connection refused (Connection refused) at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:607) at java.net.Socket.connect(Socket.java:556) at java.net.Socket.<init>(Socket.java:452) at java.net.Socket.<init>(Socket.java:262) at com.netscape.cmscore.ldapconn.PKISocketFactory.makeSSLSocket(PKISocketFactory.java:131) at com.netscape.cmscore.ldapconn.PKISocketFactory.makeSocket(PKISocketFactory.java:169) at netscape.ldap.LDAPConnSetupMgr.connectServer(Unknown Source) at netscape.ldap.LDAPConnSetupMgr.openSerial(Unknown Source) at netscape.ldap.LDAPConnSetupMgr.connect(Unknown Source) at netscape.ldap.LDAPConnSetupMgr.openConnection(Unknown Source) at netscape.ldap.LDAPConnThread.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at com.netscape.cmscore.ldapconn.LdapBoundConnection.<init>(LdapBoundConnection.java:108) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:287) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:263) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:226) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:195) at org.dogtagpki.server.ca.CAEngine.initDatabase(CAEngine.java:199) at com.netscape.cmscore.apps.CMSEngine.start(CMSEngine.java:1105) at com.netscape.cmscore.apps.CMSEngine.contextInitialized(CMSEngine.java:1688) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4462) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4914) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:683) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:124) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:142) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:132) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:656) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:661) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:680) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1844) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:575) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:466) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1584) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:312) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:114) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:345) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:893) at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:794) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:866) at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:248) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardService.startInternal(StandardService.java:433) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:925) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.startup.Catalina.start(Catalina.java:735) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
2025-10-08 13:10:40 [main] SEVERE: LdapBoundConnFactory: Unable to connect to LDAP server: Unable to create socket: java.net.ConnectException: Connection refused (Connection refused) netscape.ldap.LDAPException: Unable to create socket: java.net.ConnectException: Connection refused (Connection refused) (-1) at com.netscape.cmscore.ldapconn.PKISocketFactory.makeSocket(PKISocketFactory.java:202) at netscape.ldap.LDAPConnSetupMgr.connectServer(Unknown Source) at netscape.ldap.LDAPConnSetupMgr.openSerial(Unknown Source) at netscape.ldap.LDAPConnSetupMgr.connect(Unknown Source) at netscape.ldap.LDAPConnSetupMgr.openConnection(Unknown Source) at netscape.ldap.LDAPConnThread.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at com.netscape.cmscore.ldapconn.LdapBoundConnection.<init>(LdapBoundConnection.java:108) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:287) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:263) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:226) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:195) at org.dogtagpki.server.ca.CAEngine.initDatabase(CAEngine.java:199) at com.netscape.cmscore.apps.CMSEngine.start(CMSEngine.java:1105) at com.netscape.cmscore.apps.CMSEngine.contextInitialized(CMSEngine.java:1688) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4462) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4914) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:683) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:124) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:142) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:132) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:656) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:661) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:680) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1844) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:575) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:466) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1584) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:312) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:114) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:345) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:893) at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:794) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:866) at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:248) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardService.startInternal(StandardService.java:433) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:925) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.startup.Catalina.start(Catalina.java:735) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
2025-10-08 13:10:40 [main] SEVERE: Unable to start CA engine: Unable to connect to LDAP server: Unable to create socket: java.net.ConnectException: Connection refused (Connection refused) Unable to connect to LDAP server: Unable to create socket: java.net.ConnectException: Connection refused (Connection refused) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:305) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:263) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:226) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:195) at org.dogtagpki.server.ca.CAEngine.initDatabase(CAEngine.java:199) at com.netscape.cmscore.apps.CMSEngine.start(CMSEngine.java:1105) at com.netscape.cmscore.apps.CMSEngine.contextInitialized(CMSEngine.java:1688) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4462) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4914) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:683) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:124) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:142) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:132) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:656) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:661) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:680) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1844) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:575) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:466) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1584) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:312) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:114) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:345) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:893) at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:794) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:866) at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:248) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardService.startInternal(StandardService.java:433) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:925) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.startup.Catalina.start(Catalina.java:735) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473) Caused by: netscape.ldap.LDAPException: Unable to create socket: java.net.ConnectException: Connection refused (Connection refused) (-1) at com.netscape.cmscore.ldapconn.PKISocketFactory.makeSocket(PKISocketFactory.java:202) at netscape.ldap.LDAPConnSetupMgr.connectServer(Unknown Source) at netscape.ldap.LDAPConnSetupMgr.openSerial(Unknown Source) at netscape.ldap.LDAPConnSetupMgr.connect(Unknown Source) at netscape.ldap.LDAPConnSetupMgr.openConnection(Unknown Source) at netscape.ldap.LDAPConnThread.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at com.netscape.cmscore.ldapconn.LdapBoundConnection.<init>(LdapBoundConnection.java:108) at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:287) ... 51 more
2025-10-08 13:10:40 [main] INFO: Shutting down CA subsystem 2025-10-08 13:10:40 [main] SEVERE: Exception sending context initialized event to listener instance of class [org.dogtagpki.server.ca.CAEngine] java.lang.NullPointerException at com.netscape.cmscore.apps.CMSEngine.shutdownAuthSubsystem(CMSEngine.java:1291) at com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:1368) at org.dogtagpki.server.ca.CAEngine.shutdown(CAEngine.java:1741) at com.netscape.cmscore.apps.CMSEngine.contextInitialized(CMSEngine.java:1692) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4462) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4914) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:683) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:124) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:142) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:132) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:656) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:661) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:680) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1844) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:575) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:466) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1584) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:312) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:114) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:345) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:893) at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:794) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:866) at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:248) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardService.startInternal(StandardService.java:433) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:925) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.startup.Catalina.start(Catalina.java:735) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
2025-10-08 13:10:40 [main] INFO: Shutting down CA subsystem 2025-10-08 13:10:40 [main] SEVERE: Exception sending context destroyed event to listener instance of class [org.dogtagpki.server.ca.CAEngine] java.lang.NullPointerException at com.netscape.cmscore.apps.CMSEngine.shutdownAuthSubsystem(CMSEngine.java:1291) at com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:1368) at org.dogtagpki.server.ca.CAEngine.shutdown(CAEngine.java:1741) at com.netscape.cmscore.apps.CMSEngine.contextDestroyed(CMSEngine.java:1699) at org.apache.catalina.core.StandardContext.listenerStop(StandardContext.java:4508) at org.apache.catalina.core.StandardContext.stopInternal(StandardContext.java:5147) at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:242) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:175) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:683) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:124) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:142) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:132) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:656) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:661) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:680) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1844) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:575) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:466) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1584) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:312) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:114) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:345) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:893) at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:794) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:866) at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:248) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardService.startInternal(StandardService.java:433) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:925) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.startup.Catalina.start(Catalina.java:735) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
None of that means anything to me though, unfortunately.
These indicate that the LDAP server isn't running. You could try correlating these errors with the DS errors log to see if indeed the service was running or not. It may be that on startup so many other things are also starting it delays the LDAP server startup enough that PKI times out.
rob
same here have you resolve this please ?
freeipa-users@lists.fedorahosted.org
-
Brian J. Murrell -
Florence Blanc-Renaud -
John Michelle -
Rob Crittenden