These bugs are almost exactly the issue I'm experiencing:
https://bugzilla.redhat.com/show_bug.cgi?id=430499 https://bugzilla.redhat.com/show_bug.cgi?id=442103
In my case, the admin server on host1 can use the "Manage Certificates" button on the admin server, and the directory server installed on the same host. So the bug is not happening to me.
However, I get "java.net.ConnectException: Connection refused" when I use the "Manage Certificates" button on host2's directory server that I registered with host1's admin server.
I don't get any output on the console when I repeat this procedure having run 389-console from the command line. I don't see anything immediately obvious under /var/log/dirsrv/*/errors on both servers. I can run ldapsearch against ldaps://host1 and ldaps://host2.
Would you list denizens possibly have any hints as to how to troubleshoot this?
On 02/08/2011 04:11 PM, Christopher Wood wrote:
These bugs are almost exactly the issue I'm experiencing:
https://bugzilla.redhat.com/show_bug.cgi?id=430499 https://bugzilla.redhat.com/show_bug.cgi?id=442103
In my case, the admin server on host1 can use the "Manage Certificates" button on the admin server, and the directory server installed on the same host. So the bug is not happening to me.
However, I get "java.net.ConnectException: Connection refused" when I use the "Manage Certificates" button on host2's directory server that I registered with host1's admin server.
I don't get any output on the console when I repeat this procedure having run 389-console from the command line. I don't see anything immediately obvious under /var/log/dirsrv/*/errors on both servers. I can run ldapsearch against ldaps://host1 and ldaps://host2.
Would you list denizens possibly have any hints as to how to troubleshoot this?
389-console -D 9 -f console.log - paste the log to fpaste.org or similar - be sure to remove or obscure any sensitive information - post the link here
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On Tue, Feb 08, 2011 at 06:14:27PM -0700, Rich Megginson wrote:
On 02/08/2011 04:11 PM, Christopher Wood wrote:
These bugs are almost exactly the issue I'm experiencing:
https://bugzilla.redhat.com/show_bug.cgi?id=430499 https://bugzilla.redhat.com/show_bug.cgi?id=442103
In my case, the admin server on host1 can use the "Manage Certificates" button on the admin server, and the directory server installed on the same host. So the bug is not happening to me.
However, I get "java.net.ConnectException: Connection refused" when I use the "Manage Certificates" button on host2's directory server that I registered with host1's admin server.
I don't get any output on the console when I repeat this procedure having run 389-console from the command line. I don't see anything immediately obvious under /var/log/dirsrv/*/errors on both servers. I can run ldapsearch against ldaps://host1 and ldaps://host2.
Would you list denizens possibly have any hints as to how to troubleshoot this?
389-console -D 9 -f console.log - paste the log to fpaste.org or similar - be sure to remove or obscure any sensitive information - post the link here
Thank you, I appreciate it.
The full paste: http://fpaste.org/mgYb/
My procedure was to run 389-console with the above command line, click "Manage Certificates" in the directory server on the same host as the admin server ("host1"), then close that and click "Manage Certificates" in the directory server on the other host ("host2").
Just from reading along as I clicked buttons, it appears that the console is trying to itself talk to an admin server on host2. There is no admin server running on that host since I registered the directory server on host2 with the admin server on host1.
ResourceSet: found in cache loader9690857:com.netscape.management.client.security.securityResource CommManager> New CommRecord (http://host2.mycompany.com:3389/admin-serv/tasks/configuration/SecurityOp) java.net.ConnectException: Connection refused admserv version = null
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 02/09/2011 07:59 AM, Christopher Wood wrote:
On Tue, Feb 08, 2011 at 06:14:27PM -0700, Rich Megginson wrote:
On 02/08/2011 04:11 PM, Christopher Wood wrote:
These bugs are almost exactly the issue I'm experiencing:
https://bugzilla.redhat.com/show_bug.cgi?id=430499 https://bugzilla.redhat.com/show_bug.cgi?id=442103
In my case, the admin server on host1 can use the "Manage Certificates" button on the admin server, and the directory server installed on the same host. So the bug is not happening to me.
However, I get "java.net.ConnectException: Connection refused" when I use the "Manage Certificates" button on host2's directory server that I registered with host1's admin server.
I don't get any output on the console when I repeat this procedure having run 389-console from the command line. I don't see anything immediately obvious under /var/log/dirsrv/*/errors on both servers. I can run ldapsearch against ldaps://host1 and ldaps://host2.
Would you list denizens possibly have any hints as to how to troubleshoot this?
389-console -D 9 -f console.log - paste the log to fpaste.org or similar - be sure to remove or obscure any sensitive information - post the link here
Thank you, I appreciate it.
The full paste: http://fpaste.org/mgYb/
My procedure was to run 389-console with the above command line, click "Manage Certificates" in the directory server on the same host as the admin server ("host1"), then close that and click "Manage Certificates" in the directory server on the other host ("host2").
Just from reading along as I clicked buttons, it appears that the console is trying to itself talk to an admin server on host2. There is no admin server running on that host since I registered the directory server on host2 with the admin server on host1.
Even if you use setup-ds-admin.pl to create a directory server and register it with another configuration directory server, there always has to be one admin server running on each machine. The admin server executes CGIs, such as the log viewer, server process management, etc. - tasks that must be done outside of the directory server process.
ResourceSet: found in cache loader9690857:com.netscape.management.client.security.securityResource CommManager> New CommRecord (http://host2.mycompany.com:3389/admin-serv/tasks/configuration/SecurityOp) java.net.ConnectException: Connection refused
The admin server should always be running, unless you explicitly shut it down.
admserv version = null
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
11;rgb:0000/0000/0000On Wed, Feb 09, 2011 at 05:49:28PM -0700, Rich Megginson wrote:
On 02/09/2011 07:59 AM, Christopher Wood wrote:
On Tue, Feb 08, 2011 at 06:14:27PM -0700, Rich Megginson wrote:
On 02/08/2011 04:11 PM, Christopher Wood wrote:
These bugs are almost exactly the issue I'm experiencing:
https://bugzilla.redhat.com/show_bug.cgi?id=430499 https://bugzilla.redhat.com/show_bug.cgi?id=442103
In my case, the admin server on host1 can use the "Manage Certificates" button on the admin server, and the directory server installed on the same host. So the bug is not happening to me.
However, I get "java.net.ConnectException: Connection refused" when I use the "Manage Certificates" button on host2's directory server that I registered with host1's admin server.
I don't get any output on the console when I repeat this procedure having run 389-console from the command line. I don't see anything immediately obvious under /var/log/dirsrv/*/errors on both servers. I can run ldapsearch against ldaps://host1 and ldaps://host2.
Would you list denizens possibly have any hints as to how to troubleshoot this?
389-console -D 9 -f console.log - paste the log to fpaste.org or similar - be sure to remove or obscure any sensitive information - post the link here
Thank you, I appreciate it.
The full paste: http://fpaste.org/mgYb/
My procedure was to run 389-console with the above command line, click "Manage Certificates" in the directory server on the same host as the admin server ("host1"), then close that and click "Manage Certificates" in the directory server on the other host ("host2").
Just from reading along as I clicked buttons, it appears that the console is trying to itself talk to an admin server on host2. There is no admin server running on that host since I registered the directory server on host2 with the admin server on host1.
Even if you use setup-ds-admin.pl to create a directory server and register it with another configuration directory server, there always has to be one admin server running on each machine. The admin server executes CGIs, such as the log viewer, server process management, etc. - tasks that must be done outside of the directory server process.
ResourceSet: found in cache loader9690857:com.netscape.management.client.security.securityResource CommManager> New CommRecord (http://host2.mycompany.com:3389/admin-serv/tasks/configuration/SecurityOp) java.net.ConnectException: Connection refused
The admin server should always be running, unless you explicitly shut it down.
In my case (host1 having admin/ds and host2 just having ds), I registered host2's directory server with host1's config directory server. However, host2's admin server failed to start. From /var/log/dirsrv/admin-serv/error when I try to start it manually:
[root@host2 admin-serv]# cat /var/log/dirsrv/admin-serv/error [Wed Feb 09 13:01:29 2011] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) Configuration Failed [Thu Feb 10 09:22:51 2011] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) Configuration Failed
From /tmp/setuphtlOC3.log on host2 (I chose a "Typical" (2) setup):
[11/02/09:13:01:28] - [Setup] Info Starting admin server . . . [11/02/09:13:01:29] - [Setup] Fatal Failed to create and configure the admin server [11/02/09:13:01:29] - [Setup] Fatal Exiting . . .
That happened every time when in the setup-ds-admin.pl stage on something other than host1 where I would pick ldaps://host1/o=NetscapeRoot as the configuration directory server url. Of course, for the setup on host1 I set everything up with basically defaults and added the encryption later. Not certain if that's pertinent, though.
I'm starting to think that I've misread something in the install docs, will re-read.
admserv version = null
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 02/10/2011 07:45 AM, Christopher Wood wrote:
11;rgb:0000/0000/0000On Wed, Feb 09, 2011 at 05:49:28PM -0700, Rich Megginson wrote:
On 02/09/2011 07:59 AM, Christopher Wood wrote:
On Tue, Feb 08, 2011 at 06:14:27PM -0700, Rich Megginson wrote:
On 02/08/2011 04:11 PM, Christopher Wood wrote:
These bugs are almost exactly the issue I'm experiencing:
https://bugzilla.redhat.com/show_bug.cgi?id=430499 https://bugzilla.redhat.com/show_bug.cgi?id=442103
In my case, the admin server on host1 can use the "Manage Certificates" button on the admin server, and the directory server installed on the same host. So the bug is not happening to me.
However, I get "java.net.ConnectException: Connection refused" when I use the "Manage Certificates" button on host2's directory server that I registered with host1's admin server.
I don't get any output on the console when I repeat this procedure having run 389-console from the command line. I don't see anything immediately obvious under /var/log/dirsrv/*/errors on both servers. I can run ldapsearch against ldaps://host1 and ldaps://host2.
Would you list denizens possibly have any hints as to how to troubleshoot this?
389-console -D 9 -f console.log - paste the log to fpaste.org or similar - be sure to remove or obscure any sensitive information - post the link here
Thank you, I appreciate it.
The full paste: http://fpaste.org/mgYb/
My procedure was to run 389-console with the above command line, click "Manage Certificates" in the directory server on the same host as the admin server ("host1"), then close that and click "Manage Certificates" in the directory server on the other host ("host2").
Just from reading along as I clicked buttons, it appears that the console is trying to itself talk to an admin server on host2. There is no admin server running on that host since I registered the directory server on host2 with the admin server on host1.
Even if you use setup-ds-admin.pl to create a directory server and register it with another configuration directory server, there always has to be one admin server running on each machine. The admin server executes CGIs, such as the log viewer, server process management, etc. - tasks that must be done outside of the directory server process.
ResourceSet: found in cache loader9690857:com.netscape.management.client.security.securityResource CommManager> New CommRecord (http://host2.mycompany.com:3389/admin-serv/tasks/configuration/SecurityOp) java.net.ConnectException: Connection refused
The admin server should always be running, unless you explicitly shut it down.
In my case (host1 having admin/ds and host2 just having ds), I registered host2's directory server with host1's config directory server. However, host2's admin server failed to start. From /var/log/dirsrv/admin-serv/error when I try to start it manually:
[root@host2 admin-serv]# cat /var/log/dirsrv/admin-serv/error [Wed Feb 09 13:01:29 2011] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) Configuration Failed [Thu Feb 10 09:22:51 2011] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) Configuration Failed
Start the admin server like this: /usr/sbin/start-ds-admin -e debug then post the admin server error log
From /tmp/setuphtlOC3.log on host2 (I chose a "Typical" (2) setup):
[11/02/09:13:01:28] - [Setup] Info Starting admin server . . . [11/02/09:13:01:29] - [Setup] Fatal Failed to create and configure the admin server [11/02/09:13:01:29] - [Setup] Fatal Exiting . . .
That happened every time when in the setup-ds-admin.pl stage on something other than host1 where I would pick ldaps://host1/o=NetscapeRoot as the configuration directory server url. Of course, for the setup on host1 I set everything up with basically defaults and added the encryption later. Not certain if that's pertinent, though.
I'm starting to think that I've misread something in the install docs, will re-read.
admserv version = null
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On Thu, Feb 10, 2011 at 08:11:09AM -0700, Rich Megginson wrote:
On 02/10/2011 07:45 AM, Christopher Wood wrote:
11;rgb:0000/0000/0000On Wed, Feb 09, 2011 at 05:49:28PM -0700, Rich Megginson wrote:
On 02/09/2011 07:59 AM, Christopher Wood wrote:
On Tue, Feb 08, 2011 at 06:14:27PM -0700, Rich Megginson wrote:
On 02/08/2011 04:11 PM, Christopher Wood wrote:
These bugs are almost exactly the issue I'm experiencing:
https://bugzilla.redhat.com/show_bug.cgi?id=430499 https://bugzilla.redhat.com/show_bug.cgi?id=442103
In my case, the admin server on host1 can use the "Manage Certificates" button on the admin server, and the directory server installed on the same host. So the bug is not happening to me.
However, I get "java.net.ConnectException: Connection refused" when I use the "Manage Certificates" button on host2's directory server that I registered with host1's admin server.
I don't get any output on the console when I repeat this procedure having run 389-console from the command line. I don't see anything immediately obvious under /var/log/dirsrv/*/errors on both servers. I can run ldapsearch against ldaps://host1 and ldaps://host2.
Would you list denizens possibly have any hints as to how to troubleshoot this?
389-console -D 9 -f console.log - paste the log to fpaste.org or similar - be sure to remove or obscure any sensitive information - post the link here
Thank you, I appreciate it.
The full paste: http://fpaste.org/mgYb/
My procedure was to run 389-console with the above command line, click "Manage Certificates" in the directory server on the same host as the admin server ("host1"), then close that and click "Manage Certificates" in the directory server on the other host ("host2").
Just from reading along as I clicked buttons, it appears that the console is trying to itself talk to an admin server on host2. There is no admin server running on that host since I registered the directory server on host2 with the admin server on host1.
Even if you use setup-ds-admin.pl to create a directory server and register it with another configuration directory server, there always has to be one admin server running on each machine. The admin server executes CGIs, such as the log viewer, server process management, etc. - tasks that must be done outside of the directory server process.
ResourceSet: found in cache loader9690857:com.netscape.management.client.security.securityResource CommManager> New CommRecord (http://host2.mycompany.com:3389/admin-serv/tasks/configuration/SecurityOp) java.net.ConnectException: Connection refused
The admin server should always be running, unless you explicitly shut it down.
In my case (host1 having admin/ds and host2 just having ds), I registered host2's directory server with host1's config directory server. However, host2's admin server failed to start. From /var/log/dirsrv/admin-serv/error when I try to start it manually:
[root@host2 admin-serv]# cat /var/log/dirsrv/admin-serv/error [Wed Feb 09 13:01:29 2011] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) Configuration Failed [Thu Feb 10 09:22:51 2011] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) Configuration Failed
Start the admin server like this: /usr/sbin/start-ds-admin -e debug then post the admin server error log
From /tmp/setuphtlOC3.log on host2 (I chose a "Typical" (2) setup):
[11/02/09:13:01:28] - [Setup] Info Starting admin server . . . [11/02/09:13:01:29] - [Setup] Fatal Failed to create and configure the admin server [11/02/09:13:01:29] - [Setup] Fatal Exiting . . .
That happened every time when in the setup-ds-admin.pl stage on something other than host1 where I would pick ldaps://host1/o=NetscapeRoot as the configuration directory server url. Of course, for the setup on host1 I set everything up with basically defaults and added the encryption later. Not certain if that's pertinent, though.
I'm starting to think that I've misread something in the install docs, will re-read.
admserv version = null
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 02/10/2011 08:23 AM, Christopher Wood wrote:
On Thu, Feb 10, 2011 at 08:11:09AM -0700, Rich Megginson wrote:
On 02/10/2011 07:45 AM, Christopher Wood wrote:
11;rgb:0000/0000/0000On Wed, Feb 09, 2011 at 05:49:28PM -0700, Rich Megginson wrote:
On 02/09/2011 07:59 AM, Christopher Wood wrote:
On Tue, Feb 08, 2011 at 06:14:27PM -0700, Rich Megginson wrote:
On 02/08/2011 04:11 PM, Christopher Wood wrote: > These bugs are almost exactly the issue I'm experiencing: > > https://bugzilla.redhat.com/show_bug.cgi?id=430499 > https://bugzilla.redhat.com/show_bug.cgi?id=442103 > > In my case, the admin server on host1 can use the "Manage Certificates" button on the admin server, and the directory server installed on the same host. So the bug is not happening to me. > > However, I get "java.net.ConnectException: Connection refused" when I use the "Manage Certificates" button on host2's directory server that I registered with host1's admin server. > > I don't get any output on the console when I repeat this procedure having run 389-console from the command line. I don't see anything immediately obvious under /var/log/dirsrv/*/errors on both servers. I can run ldapsearch against ldaps://host1 and ldaps://host2. > > Would you list denizens possibly have any hints as to how to troubleshoot this? 389-console -D 9 -f console.log - paste the log to fpaste.org or similar - be sure to remove or obscure any sensitive information - post the link here
Thank you, I appreciate it.
The full paste: http://fpaste.org/mgYb/
My procedure was to run 389-console with the above command line, click "Manage Certificates" in the directory server on the same host as the admin server ("host1"), then close that and click "Manage Certificates" in the directory server on the other host ("host2").
Just from reading along as I clicked buttons, it appears that the console is trying to itself talk to an admin server on host2. There is no admin server running on that host since I registered the directory server on host2 with the admin server on host1.
Even if you use setup-ds-admin.pl to create a directory server and register it with another configuration directory server, there always has to be one admin server running on each machine. The admin server executes CGIs, such as the log viewer, server process management, etc. - tasks that must be done outside of the directory server process.
ResourceSet: found in cache loader9690857:com.netscape.management.client.security.securityResource CommManager> New CommRecord (http://host2.mycompany.com:3389/admin-serv/tasks/configuration/SecurityOp) java.net.ConnectException: Connection refused
The admin server should always be running, unless you explicitly shut it down.
In my case (host1 having admin/ds and host2 just having ds), I registered host2's directory server with host1's config directory server. However, host2's admin server failed to start. From /var/log/dirsrv/admin-serv/error when I try to start it manually:
[root@host2 admin-serv]# cat /var/log/dirsrv/admin-serv/error [Wed Feb 09 13:01:29 2011] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) Configuration Failed [Thu Feb 10 09:22:51 2011] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) Configuration Failed
Start the admin server like this: /usr/sbin/start-ds-admin -e debug then post the admin server error log
Can you paste your /etc/dirsrv/admin-serv/adm.conf and local.conf?
From /tmp/setuphtlOC3.log on host2 (I chose a "Typical" (2) setup):
[11/02/09:13:01:28] - [Setup] Info Starting admin server . . . [11/02/09:13:01:29] - [Setup] Fatal Failed to create and configure the admin server [11/02/09:13:01:29] - [Setup] Fatal Exiting . . .
That happened every time when in the setup-ds-admin.pl stage on something other than host1 where I would pick ldaps://host1/o=NetscapeRoot as the configuration directory server url. Of course, for the setup on host1 I set everything up with basically defaults and added the encryption later. Not certain if that's pertinent, though.
I'm starting to think that I've misread something in the install docs, will re-read.
admserv version = null
> -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On Thu, Feb 10, 2011 at 08:42:45AM -0700, Rich Megginson wrote:
On 02/10/2011 08:23 AM, Christopher Wood wrote:
On Thu, Feb 10, 2011 at 08:11:09AM -0700, Rich Megginson wrote:
On 02/10/2011 07:45 AM, Christopher Wood wrote:
11;rgb:0000/0000/0000On Wed, Feb 09, 2011 at 05:49:28PM -0700, Rich Megginson wrote:
On 02/09/2011 07:59 AM, Christopher Wood wrote:
On Tue, Feb 08, 2011 at 06:14:27PM -0700, Rich Megginson wrote: >On 02/08/2011 04:11 PM, Christopher Wood wrote: >>These bugs are almost exactly the issue I'm experiencing: >> >>https://bugzilla.redhat.com/show_bug.cgi?id=430499 >>https://bugzilla.redhat.com/show_bug.cgi?id=442103 >> >>In my case, the admin server on host1 can use the "Manage Certificates" button on the admin server, and the directory server installed on the same host. So the bug is not happening to me. >> >>However, I get "java.net.ConnectException: Connection refused" when I use the "Manage Certificates" button on host2's directory server that I registered with host1's admin server. >> >>I don't get any output on the console when I repeat this procedure having run 389-console from the command line. I don't see anything immediately obvious under /var/log/dirsrv/*/errors on both servers. I can run ldapsearch against ldaps://host1 and ldaps://host2. >> >>Would you list denizens possibly have any hints as to how to troubleshoot this? >389-console -D 9 -f console.log - paste the log to fpaste.org or >similar - be sure to remove or obscure any sensitive information - >post the link here Thank you, I appreciate it.
The full paste: http://fpaste.org/mgYb/
My procedure was to run 389-console with the above command line, click "Manage Certificates" in the directory server on the same host as the admin server ("host1"), then close that and click "Manage Certificates" in the directory server on the other host ("host2").
Just from reading along as I clicked buttons, it appears that the console is trying to itself talk to an admin server on host2. There is no admin server running on that host since I registered the directory server on host2 with the admin server on host1.
Even if you use setup-ds-admin.pl to create a directory server and register it with another configuration directory server, there always has to be one admin server running on each machine. The admin server executes CGIs, such as the log viewer, server process management, etc. - tasks that must be done outside of the directory server process.
ResourceSet: found in cache loader9690857:com.netscape.management.client.security.securityResource CommManager> New CommRecord (http://host2.mycompany.com:3389/admin-serv/tasks/configuration/SecurityOp) java.net.ConnectException: Connection refused
The admin server should always be running, unless you explicitly shut it down.
In my case (host1 having admin/ds and host2 just having ds), I registered host2's directory server with host1's config directory server. However, host2's admin server failed to start. From /var/log/dirsrv/admin-serv/error when I try to start it manually:
[root@host2 admin-serv]# cat /var/log/dirsrv/admin-serv/error [Wed Feb 09 13:01:29 2011] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) Configuration Failed [Thu Feb 10 09:22:51 2011] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) Configuration Failed
Start the admin server like this: /usr/sbin/start-ds-admin -e debug then post the admin server error log
Can you paste your /etc/dirsrv/admin-serv/adm.conf and local.conf?
adm.conf from host2: http://pastebin.com/HqL8c1hK local.conf from host2: http://pastebin.com/xGpYJyUs
Also, I should say that I used host1's "Configuration directory server admin domain" when I was filling in configuration directory server details in host2's setup-ds-admin.pl. (It seemed sensible at the time.)
From /tmp/setuphtlOC3.log on host2 (I chose a "Typical" (2) setup):
[11/02/09:13:01:28] - [Setup] Info Starting admin server . . . [11/02/09:13:01:29] - [Setup] Fatal Failed to create and configure the admin server [11/02/09:13:01:29] - [Setup] Fatal Exiting . . .
That happened every time when in the setup-ds-admin.pl stage on something other than host1 where I would pick ldaps://host1/o=NetscapeRoot as the configuration directory server url. Of course, for the setup on host1 I set everything up with basically defaults and added the encryption later. Not certain if that's pertinent, though.
I'm starting to think that I've misread something in the install docs, will re-read.
admserv version = null
On 02/10/2011 08:57 AM, Christopher Wood wrote:
On Thu, Feb 10, 2011 at 08:42:45AM -0700, Rich Megginson wrote:
On 02/10/2011 08:23 AM, Christopher Wood wrote:
On Thu, Feb 10, 2011 at 08:11:09AM -0700, Rich Megginson wrote:
On 02/10/2011 07:45 AM, Christopher Wood wrote:
11;rgb:0000/0000/0000On Wed, Feb 09, 2011 at 05:49:28PM -0700, Rich Megginson wrote:
On 02/09/2011 07:59 AM, Christopher Wood wrote: > On Tue, Feb 08, 2011 at 06:14:27PM -0700, Rich Megginson wrote: >> On 02/08/2011 04:11 PM, Christopher Wood wrote: >>> These bugs are almost exactly the issue I'm experiencing: >>> >>> https://bugzilla.redhat.com/show_bug.cgi?id=430499 >>> https://bugzilla.redhat.com/show_bug.cgi?id=442103 >>> >>> In my case, the admin server on host1 can use the "Manage Certificates" button on the admin server, and the directory server installed on the same host. So the bug is not happening to me. >>> >>> However, I get "java.net.ConnectException: Connection refused" when I use the "Manage Certificates" button on host2's directory server that I registered with host1's admin server. >>> >>> I don't get any output on the console when I repeat this procedure having run 389-console from the command line. I don't see anything immediately obvious under /var/log/dirsrv/*/errors on both servers. I can run ldapsearch against ldaps://host1 and ldaps://host2. >>> >>> Would you list denizens possibly have any hints as to how to troubleshoot this? >> 389-console -D 9 -f console.log - paste the log to fpaste.org or >> similar - be sure to remove or obscure any sensitive information - >> post the link here > Thank you, I appreciate it. > > The full paste: http://fpaste.org/mgYb/ > > My procedure was to run 389-console with the above command line, click "Manage Certificates" in the directory server on the same host as the admin server ("host1"), then close that and click "Manage Certificates" in the directory server on the other host ("host2"). > > Just from reading along as I clicked buttons, it appears that the console is trying to itself talk to an admin server on host2. There is no admin server running on that host since I registered the directory server on host2 with the admin server on host1. Even if you use setup-ds-admin.pl to create a directory server and register it with another configuration directory server, there always has to be one admin server running on each machine. The admin server executes CGIs, such as the log viewer, server process management, etc. - tasks that must be done outside of the directory server process. > ResourceSet: found in cache loader9690857:com.netscape.management.client.security.securityResource > CommManager> New CommRecord (http://host2.mycompany.com:3389/admin-serv/tasks/configuration/SecurityOp) > java.net.ConnectException: Connection refused The admin server should always be running, unless you explicitly shut it down.
In my case (host1 having admin/ds and host2 just having ds), I registered host2's directory server with host1's config directory server. However, host2's admin server failed to start. From /var/log/dirsrv/admin-serv/error when I try to start it manually:
[root@host2 admin-serv]# cat /var/log/dirsrv/admin-serv/error [Wed Feb 09 13:01:29 2011] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) Configuration Failed [Thu Feb 10 09:22:51 2011] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) Configuration Failed
Start the admin server like this: /usr/sbin/start-ds-admin -e debug then post the admin server error log
Can you paste your /etc/dirsrv/admin-serv/adm.conf and local.conf?
adm.conf from host2: http://pastebin.com/HqL8c1hK
ldapurl: ldaps://host1/o=NetscapeRoot
host1 has to be the fqdn of host1 since you're using ldaps.
Did you install, into the cert db in /etc/dirsrv/admin-serv, the CA certificate of the CA that issued the server cert of host1?
If the above are "yes", paste excerpts from the access log of host1 showing the connection attempts from host2.
local.conf from host2: http://pastebin.com/xGpYJyUs
Also, I should say that I used host1's "Configuration directory server admin domain" when I was filling in configuration directory server details in host2's setup-ds-admin.pl. (It seemed sensible at the time.)
From /tmp/setuphtlOC3.log on host2 (I chose a "Typical" (2) setup):
[11/02/09:13:01:28] - [Setup] Info Starting admin server . . . [11/02/09:13:01:29] - [Setup] Fatal Failed to create and configure the admin server [11/02/09:13:01:29] - [Setup] Fatal Exiting . . .
That happened every time when in the setup-ds-admin.pl stage on something other than host1 where I would pick ldaps://host1/o=NetscapeRoot as the configuration directory server url. Of course, for the setup on host1 I set everything up with basically defaults and added the encryption later. Not certain if that's pertinent, though.
I'm starting to think that I've misread something in the install docs, will re-read.
> admserv version = null
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On Thu, Feb 10, 2011 at 09:01:52AM -0700, Rich Megginson wrote:
On 02/10/2011 08:57 AM, Christopher Wood wrote:
On Thu, Feb 10, 2011 at 08:42:45AM -0700, Rich Megginson wrote:
On 02/10/2011 08:23 AM, Christopher Wood wrote:
On Thu, Feb 10, 2011 at 08:11:09AM -0700, Rich Megginson wrote:
On 02/10/2011 07:45 AM, Christopher Wood wrote:
11;rgb:0000/0000/0000On Wed, Feb 09, 2011 at 05:49:28PM -0700, Rich Megginson wrote: >On 02/09/2011 07:59 AM, Christopher Wood wrote: >>On Tue, Feb 08, 2011 at 06:14:27PM -0700, Rich Megginson wrote: >>>On 02/08/2011 04:11 PM, Christopher Wood wrote: >>>>These bugs are almost exactly the issue I'm experiencing: >>>> >>>>https://bugzilla.redhat.com/show_bug.cgi?id=430499 >>>>https://bugzilla.redhat.com/show_bug.cgi?id=442103 >>>> >>>>In my case, the admin server on host1 can use the "Manage Certificates" button on the admin server, and the directory server installed on the same host. So the bug is not happening to me. >>>> >>>>However, I get "java.net.ConnectException: Connection refused" when I use the "Manage Certificates" button on host2's directory server that I registered with host1's admin server. >>>> >>>>I don't get any output on the console when I repeat this procedure having run 389-console from the command line. I don't see anything immediately obvious under /var/log/dirsrv/*/errors on both servers. I can run ldapsearch against ldaps://host1 and ldaps://host2. >>>> >>>>Would you list denizens possibly have any hints as to how to troubleshoot this? >>>389-console -D 9 -f console.log - paste the log to fpaste.org or >>>similar - be sure to remove or obscure any sensitive information - >>>post the link here >>Thank you, I appreciate it. >> >>The full paste: http://fpaste.org/mgYb/ >> >>My procedure was to run 389-console with the above command line, click "Manage Certificates" in the directory server on the same host as the admin server ("host1"), then close that and click "Manage Certificates" in the directory server on the other host ("host2"). >> >>Just from reading along as I clicked buttons, it appears that the console is trying to itself talk to an admin server on host2. There is no admin server running on that host since I registered the directory server on host2 with the admin server on host1. >Even if you use setup-ds-admin.pl to create a directory server and >register it with another configuration directory server, there >always has to be one admin server running on each machine. The >admin server executes CGIs, such as the log viewer, server process >management, etc. - tasks that must be done outside of the directory >server process. >>ResourceSet: found in cache loader9690857:com.netscape.management.client.security.securityResource >>CommManager> New CommRecord (http://host2.mycompany.com:3389/admin-serv/tasks/configuration/SecurityOp) >>java.net.ConnectException: Connection refused >The admin server should always be running, unless you explicitly >shut it down. In my case (host1 having admin/ds and host2 just having ds), I registered host2's directory server with host1's config directory server. However, host2's admin server failed to start. From /var/log/dirsrv/admin-serv/error when I try to start it manually:
[root@host2 admin-serv]# cat /var/log/dirsrv/admin-serv/error [Wed Feb 09 13:01:29 2011] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) Configuration Failed [Thu Feb 10 09:22:51 2011] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) Configuration Failed
Start the admin server like this: /usr/sbin/start-ds-admin -e debug then post the admin server error log
Can you paste your /etc/dirsrv/admin-serv/adm.conf and local.conf?
adm.conf from host2: http://pastebin.com/HqL8c1hK
ldapurl: ldaps://host1/o=NetscapeRoot
host1 has to be the fqdn of host1 since you're using ldaps.
In the original it is the fqdn.
Did you install, into the cert db in /etc/dirsrv/admin-serv, the CA certificate of the CA that issued the server cert of host1?
Aha. Before running the setup-ds-admin.pl script I did not manually install the CA certs into the dirsrv/admin-serv cert dbs on host2. That appears to be my skipped step. I will try this again with that step included.
If the above are "yes", paste excerpts from the access log of host1 showing the connection attempts from host2.
local.conf from host2: http://pastebin.com/xGpYJyUs
Also, I should say that I used host1's "Configuration directory server admin domain" when I was filling in configuration directory server details in host2's setup-ds-admin.pl. (It seemed sensible at the time.)
> From /tmp/setuphtlOC3.log on host2 (I chose a "Typical" (2) setup): [11/02/09:13:01:28] - [Setup] Info Starting admin server . . . [11/02/09:13:01:29] - [Setup] Fatal Failed to create and configure the admin server [11/02/09:13:01:29] - [Setup] Fatal Exiting . . .
That happened every time when in the setup-ds-admin.pl stage on something other than host1 where I would pick ldaps://host1/o=NetscapeRoot as the configuration directory server url. Of course, for the setup on host1 I set everything up with basically defaults and added the encryption later. Not certain if that's pertinent, though.
I'm starting to think that I've misread something in the install docs, will re-read.
>>admserv version = null
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On Thu, Feb 10, 2011 at 11:10:19AM -0500, Christopher Wood wrote:
On Thu, Feb 10, 2011 at 09:01:52AM -0700, Rich Megginson wrote:
On 02/10/2011 08:57 AM, Christopher Wood wrote:
On Thu, Feb 10, 2011 at 08:42:45AM -0700, Rich Megginson wrote:
On 02/10/2011 08:23 AM, Christopher Wood wrote:
On Thu, Feb 10, 2011 at 08:11:09AM -0700, Rich Megginson wrote:
On 02/10/2011 07:45 AM, Christopher Wood wrote: >11;rgb:0000/0000/0000On Wed, Feb 09, 2011 at 05:49:28PM -0700, Rich Megginson wrote: >>On 02/09/2011 07:59 AM, Christopher Wood wrote: >>>On Tue, Feb 08, 2011 at 06:14:27PM -0700, Rich Megginson wrote: >>>>On 02/08/2011 04:11 PM, Christopher Wood wrote: >>>>>These bugs are almost exactly the issue I'm experiencing: >>>>> >>>>>https://bugzilla.redhat.com/show_bug.cgi?id=430499 >>>>>https://bugzilla.redhat.com/show_bug.cgi?id=442103 >>>>> >>>>>In my case, the admin server on host1 can use the "Manage Certificates" button on the admin server, and the directory server installed on the same host. So the bug is not happening to me. >>>>> >>>>>However, I get "java.net.ConnectException: Connection refused" when I use the "Manage Certificates" button on host2's directory server that I registered with host1's admin server. >>>>> >>>>>I don't get any output on the console when I repeat this procedure having run 389-console from the command line. I don't see anything immediately obvious under /var/log/dirsrv/*/errors on both servers. I can run ldapsearch against ldaps://host1 and ldaps://host2. >>>>> >>>>>Would you list denizens possibly have any hints as to how to troubleshoot this? >>>>389-console -D 9 -f console.log - paste the log to fpaste.org or >>>>similar - be sure to remove or obscure any sensitive information - >>>>post the link here >>>Thank you, I appreciate it. >>> >>>The full paste: http://fpaste.org/mgYb/ >>> >>>My procedure was to run 389-console with the above command line, click "Manage Certificates" in the directory server on the same host as the admin server ("host1"), then close that and click "Manage Certificates" in the directory server on the other host ("host2"). >>> >>>Just from reading along as I clicked buttons, it appears that the console is trying to itself talk to an admin server on host2. There is no admin server running on that host since I registered the directory server on host2 with the admin server on host1. >>Even if you use setup-ds-admin.pl to create a directory server and >>register it with another configuration directory server, there >>always has to be one admin server running on each machine. The >>admin server executes CGIs, such as the log viewer, server process >>management, etc. - tasks that must be done outside of the directory >>server process. >>>ResourceSet: found in cache loader9690857:com.netscape.management.client.security.securityResource >>>CommManager> New CommRecord (http://host2.mycompany.com:3389/admin-serv/tasks/configuration/SecurityOp) >>>java.net.ConnectException: Connection refused >>The admin server should always be running, unless you explicitly >>shut it down. >In my case (host1 having admin/ds and host2 just having ds), I registered host2's directory server with host1's config directory server. However, host2's admin server failed to start. From /var/log/dirsrv/admin-serv/error when I try to start it manually: > >[root@host2 admin-serv]# cat /var/log/dirsrv/admin-serv/error >[Wed Feb 09 13:01:29 2011] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) >Configuration Failed >[Thu Feb 10 09:22:51 2011] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = ) >Configuration Failed Start the admin server like this: /usr/sbin/start-ds-admin -e debug then post the admin server error log
Can you paste your /etc/dirsrv/admin-serv/adm.conf and local.conf?
adm.conf from host2: http://pastebin.com/HqL8c1hK
ldapurl: ldaps://host1/o=NetscapeRoot
host1 has to be the fqdn of host1 since you're using ldaps.
In the original it is the fqdn.
Did you install, into the cert db in /etc/dirsrv/admin-serv, the CA certificate of the CA that issued the server cert of host1?
Aha. Before running the setup-ds-admin.pl script I did not manually install the CA certs into the dirsrv/admin-serv cert dbs on host2. That appears to be my skipped step. I will try this again with that step included.
Oddly, that didn't help either (due to time constraints I've only gotten back to this now). Also, I get more debug output on the console than the log file, but neither is giving me a really good hint.
[root@cwtmp-01 admin-serv]# tail /tmp/setupC5b4yV.log [11/03/11:16:00:43] - [Setup] Info Updating adm.conf . . . [11/03/11:16:00:43] - [Setup] Info Updating admpw . . . [11/03/11:16:00:43] - [Setup] Info Registering admin server with the configuration directory server . . . [11/03/11:16:00:43] - [Setup] Info Updating adm.conf with information from configuration directory server . . . [11/03/11:16:00:43] - [Setup] Info Updating the configuration for the httpd engine . . . [11/03/11:16:00:49] - [Setup] Info Starting admin server . . . [11/03/11:16:00:50] - [Setup] Fatal Failed to create and configure the admin server [11/03/11:16:00:50] - [Setup] Fatal Exiting . . . Log file is '/tmp/setupC5b4yV.log'
[root@cwtmp-01 admin-serv]# tail /tmp/setup10Kboe.log [11/03/14:14:53:58] - [Setup] Info Creating Admin Server files and directories . . . [11/03/14:14:53:58] - [Setup] Info Updating adm.conf . . . [11/03/14:14:53:58] - [Setup] Info Updating admpw . . . [11/03/14:14:53:58] - [Setup] Info Registering admin server with the configuration directory server . . . [11/03/14:14:53:58] - [Setup] Info Updating adm.conf with information from configuration directory server . . . [11/03/14:14:53:58] - [Setup] Info Updating the configuration for the httpd engine . . . [11/03/14:14:53:58] - [Setup] Fatal Failed to create and configure the admin server [11/03/14:14:53:58] - [Setup] Fatal Exiting . . . Log file is '/tmp/setup10Kboe.log'
If the above are "yes", paste excerpts from the access log of host1 showing the connection attempts from host2.
That's the whole thing, slightly redacted for private names.
cdnfqdn is the configuration directory server's fqdn fqdn is the log file server's fqdn
local.conf from host2: http://pastebin.com/xGpYJyUs
Also, I should say that I used host1's "Configuration directory server admin domain" when I was filling in configuration directory server details in host2's setup-ds-admin.pl. (It seemed sensible at the time.)
>> From /tmp/setuphtlOC3.log on host2 (I chose a "Typical" (2) setup): >[11/02/09:13:01:28] - [Setup] Info Starting admin server . . . >[11/02/09:13:01:29] - [Setup] Fatal Failed to create and configure the admin server >[11/02/09:13:01:29] - [Setup] Fatal Exiting . . . > >That happened every time when in the setup-ds-admin.pl stage on something other than host1 where I would pick ldaps://host1/o=NetscapeRoot as the configuration directory server url. Of course, for the setup on host1 I set everything up with basically defaults and added the encryption later. Not certain if that's pertinent, though. > >I'm starting to think that I've misread something in the install docs, will re-read. > >>>admserv version = null
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org
-
Christopher Wood -
Rich Megginson