Appendix B. Troubleshooting: Solutions to Specific Problems

download PDF
For troubleshooting advice for:

B.1. Identity Management Servers

B.1.1. External CA Installation Fails

The ipa-server-install --external-ca command fails with the following error:
ipa         : CRITICAL failed to configure ca instance Command '/usr/sbin/pkispawn -s CA -f /tmp/configuration_file' returned non-zero exit status 1
Configuration of CA failed
The env|grep proxy command displays variables such as the following:
env|grep proxy

What this means:

The *_proxy environmental variables are preventing the server from being installed.

To fix the problem:

  1. Use the following shell script to unset the *_proxy environmental variables:
    # for i in ftp http https; do unset ${i}_proxy; done
  2. Run the pkidestroy utility to remove the unsuccessful CA subsystem installation:
    # pkidestroy -s CA -i pki-tomcat; rm -rf /var/log/pki/pki-tomcat  /etc/sysconfig/pki-tomcat  /etc/sysconfig/pki/tomcat/pki-tomcat  /var/lib/pki/pki-tomcat  /etc/pki/pki-tomcat /root/ipa.csr
  3. Remove the failed IdM server installation:
    # ipa-server-install --uninstall
  4. Retry running ipa-server-install --external-ca.

B.1.2. named Daemon Fails to Start

After installing an IdM server with integrated DNS, the named-pkcs11 fails to start. The /var/log/messages file includes an error message related to the named-pkcs11 service and the library:
ipaserver named[6886]: failed to dynamically load driver '': cannot open shared object file: No such file or directory

What this means:

The bind-chroot package is installed and is preventing the named-pkcs11 service from starting.

To fix the problem:

  1. Uninstall the bind-chroot package.
    # yum remove bind-chroot
  2. Restart the IdM server.
    # ipactl restart

B.1.3. Installing a Server Fails on a System with IPv6 Disabled

When attempting to install an IdM server on a system with IPv6 disabled, the following error occurs during the installation process:
CRITICAL Failed to restart the directory server
Command '/bin/systemctl restart dirsrv@EXAMPLE.service' returned non-zero exit status 1

What this means:

Installing and running a server requires IPv6 to be enabled on the network. See Section 2.1.3, “System Requirements”.

To fix the problem:

Enable IPv6 on your system. For details, see How do I disable or enable the IPv6 protocol in Red Hat Enterprise Linux? in Red Hat Knowledgebase.
Note that IPv6 is enabled by default on Red Hat Enterprise Linux 7 systems.
Red Hat logoGithubRedditYoutubeTwitter


Try, buy, & sell


About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.