IPA: pki-tomcatd service not starting due to error "Could not connect to LDAP server host ipaserver.example.com port 636 Error netscape.ldap.LDAPException: IO Error creating JSS SSL Socket".

Solution Verified - Updated -

Issue

  • pki-tomcatd service not starting due to error below
Could not connect to LDAP server host ipaserver.example.com port 636 Error netscape.ldap.LDAPException: IO Error creating JSS SSL Socket
  • Error observed in log file /var/log/pki/pki-tomcat/localhost.2015-10-13.log
Oct 13, 2015 11:26:01 AM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet [caGetStatus] in context with path [/ca] threw exception java.io.IOException: CS server is not ready to serve.
  • Error observed in log file /var/log/pki/pki-tomcat/ca/debug.
[13/Oct/2015:12:01:12][localhost-startStop-1]: LdapAuthInfo: init ends
[13/Oct/2015:12:01:12][localhost-startStop-1]: init: before makeConnection errorIfDown is true
[13/Oct/2015:12:01:12][localhost-startStop-1]: makeConnection: errorIfDown true
[13/Oct/2015:12:01:12][localhost-startStop-1]: LdapJssSSLSocket set client auth cert nicknamesubsystemCert cert-pki-ca
[13/Oct/2015:12:01:12][localhost-startStop-1]: CMS:Caught EBaseException
Internal Database Error encountered: Could not connect to LDAP server host ipaserver.example.com port 636 Error netscape.ldap.LDAPException: IO Error creating JSS SSL Socket (-1)
        at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:658)
        at com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:934)
        at com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:865)
        at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:362)
        at com.netscape.certsrv.apps.CMS.init(CMS.java:189)
        at com.netscape.certsrv.apps.CMS.start(CMS.java:1585)
        at com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:96)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
        at java.security.AccessController.doPrivileged(Native Method)
  • Error observed in log file /var/log/pki/pki-tomcat/ca/system.
0.localhost-startStop-1 - [13/Oct/2015:12:01:12 EDT] [8] [3] In Ldap (bound) connection pool to host ipaserver.example.com port 636, Cannot connect to LDAP server. Error: netscape.ldap.LDAPException: IO Error creating JSS SSL Socket (-1)
0.localhost-startStop-1 - [13/Oct/2015:12:13:12 EDT] [8] [3] In Ldap (bound) connection pool to host ipaserver.example.com port 636, Cannot connect to LDAP server. Error: netscape.ldap.LDAPException: IO Error creating JSS SSL Socket (-1)
0.localhost-startStop-1 - [13/Oct/2015:12:14:30 EDT] [8] [3] In Ldap (bound) connection pool to host ipaserver.example.com port 636, Cannot connect to LDAP server. Error: netscape.ldap.LDAPException: IO Error creating JSS SSL Socket (-1)
  • Following error was also observed.
Internal Database Error encountered: Could not connect to LDAP server host ipaserver.example.com port 636 Error netscape.ldap.LDAPException: Unable to create socket: java.net.ConnectException: Connection refused (Connection refused) (-1)

Environment

  • Red Hat Enterprise Linux 7
  • IPA 4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In