After the upgrade to freeipa-server-4.9.3-1.fc33.x86_64
on 5.10.18-200.fc33.x86_64, the web UI will not load and just has the alert
box pop up with Unknown Error: error
Parsing through some logs here are some errors/warnings:
2021-04-09T06:22:57Z DEBUG request body ''
2021-04-09T06:22:57Z DEBUG httplib request failed:
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/ipapython/dogtag.py", line 262, in
_httplib_request
conn.request(method, path, body=request_body, headers=headers)
File "/usr/lib64/python3.9/http/client.py", line 1255, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib64/python3.9/http/client.py", line 1301, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib64/python3.9/http/client.py", line 1250, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib64/python3.9/http/client.py", line 1010, in _send_output
self.send(msg)
File "/usr/lib64/python3.9/http/client.py", line 950, in send
self.connect()
File "/usr/lib64/python3.9/http/client.py", line 921, in connect
self.sock = self._create_connection(
File "/usr/lib64/python3.9/socket.py", line 843, in create_connection
raise err
File "/usr/lib64/python3.9/socket.py", line 831, in create_connection
sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused
2021-04-09T06:22:57Z DEBUG Failed to check CA status: cannot connect to '
http://ourdomain.edu:8080/ca/admin/ca/getStatus';: [Errno 111] Connection
refused
2021-04-09T06:22:57Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
DEBUG stderr=ERROR: ERROR: No kra subsystem in instance pki-tomcat.
[auth_gssapi:error] [pid 1553901:tid 1554106] [client x.x.x.x:59482] GSS
ERROR In Negotiate Auth: gss_accept_sec_context() failed: [An unsupported
mechanism was requested (Unknown error)], referer:
https://ourdomain.edu/ipa/ui/
And running rndc reload is successful but the logs show:
Apr 12 13:28:07 ourdomain named[1553865]: zone
ourdomain.edu/IN: NS '
ourdomain.edu' has no address records (A or AAAA)
Apr 12 13:28:07 ourdomain named[1553865]: zone
ourdomain.edu/IN: not loaded
due to errors.
Apr 12 13:28:07 ourdomain named[1553865]: 1 master zones from LDAP instance
'ipa' loaded (2 zones defined, 0 inactive, 1 failed to load)
Apr 12 13:28:07 ourdomain named[1553865]: zone
ourdomain.edu/IN: NS '
ourdomain.edu' has no address records (A or AAAA)
Apr 12 13:28:07 ourdomain named[1553865]: zone
ourdomain.edu/IN: not loaded
due to errors.
Apr 12 13:28:07 ourdomain named[1553865]: update_zone (syncrepl) failed for
master zone DN 'idnsname=ourdomain.edu.,cn=dns,dc=ourdomain,dc=edu'. Zones
can be outdated, run `rndc reload`: bad zone
Apr 12 13:28:07 ourdomain named[1553865]: timed out resolving
'./DNSKEY/IN': 8.8.8.8#53
Apr 12 13:28:07 ourdomain named[1553865]: managed-keys-zone: Key 20326 for
zone . acceptance timer complete: key now trusted
Apr 12 13:28:08 ourdomain named[1553865]: resolver priming query complete
Apr 12 13:28:08 ourdomain named[1553865]: checkhints: unable to get root NS
rrset from cache: not found
Anything new that could've caused this?