Show Table of Contents
B.1.2.
Appendix B. Troubleshooting: Solutions to Specific Problems
For troubleshooting advice for:
- Servers, see Section B.1, “Identity Management Servers”
- Replicas, see Section B.2, “Identity Management Replicas”
- Clients, see Section B.3, “Identity Management Clients”
- Authentication, see Section B.4, “Logging In and Authentication Problems”
- Vaults, see Section B.5, “Vaults”
B.1. Identity Management Servers
B.1.1. External CA Installation Fails
The
ipa-server-install --external-ca command fails with the following error:
ipa : CRITICAL failed to configure ca instance Command '/usr/sbin/pkispawn -s CA -f /tmp/configuration_file' returned non-zero exit status 1 Configuration of CA failed
The
env|grep proxy command displays variables such as the following:
env|grep proxy http_proxy=http://example.com:8080 ftp_proxy=http://example.com:8080 https_proxy=http://example.com:8080
What this means:
The
*_proxy environmental variables are preventing the server from being installed.
To fix the problem:
- Use the following shell script to unset the
*_proxyenvironmental variables:# for i in ftp http https; do unset ${i}_proxy; done - Run the
pkidestroyutility to remove the unsuccessful CA subsystem installation:# pkidestroy -s CA -i pki-tomcat; rm -rf /var/log/pki/pki-tomcat /etc/sysconfig/pki-tomcat /etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat /etc/pki/pki-tomcat /root/ipa.csr
- Remove the failed IdM server installation:
# ipa-server-install --uninstall
- Retry running
ipa-server-install --external-ca.
B.1.2. named Daemon Fails to Start
After installing an IdM server with integrated DNS, the
named-pkcs11 fails to start. The /var/log/messages file includes an error message related to the named-pkcs11 service and the ldap.so library:
ipaserver named[6886]: failed to dynamically load driver 'ldap.so': libldap-2.4.so.2: cannot open shared object file: No such file or directory
What this means:
The bind-chroot package is installed and is preventing the
named-pkcs11 service from starting.
To fix the problem:
- Uninstall the bind-chroot package.
# yum remove bind-chroot
- Restart the IdM server.
# ipactl restart
B.1.3. Installing a Server Fails on a System with IPv6 Disabled
When attempting to install an IdM server on a system with IPv6 disabled, the following error occurs during the installation process:
CRITICAL Failed to restart the directory server Command '/bin/systemctl restart dirsrv@EXAMPLE.service' returned non-zero exit status 1
What this means:
Installing and running a server requires IPv6 to be enabled on the network. See Section 2.1.2, “System Requirements”.
To fix the problem:
Enable IPv6 on your system. For details, see How do I disable or enable the IPv6 protocol in Red Hat Enterprise Linux? in Red Hat Knowledgebase.
Note that IPv6 is enabled by default on Red Hat Enterprise Linux 7 systems.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.