Hello,
after Updating my FreeIPA Machine with the following Packages 389-ds-base-1.4.1.8-4.fc30.x86_64 and
389-ds-base-libs-1.4.1.8-4.fc30.x86_64
my IPAServer will not start because of a Dirsrv Error:
[28/Oct/2019:15:24:33.197006547 +0100] - INFO - main - 389-Directory/1.4.1.8 B2019.288.179 starting up
[28/Oct/2019:15:24:33.305073561 +0100] - INFO - main - Setting the maximum file descriptor limit to:
524288
[28/Oct/2019:15:24:34.015432996 +0100] - INFO - PBKDF2_SHA256 - Based on CPU performance, chose 2048
rounds
[28/Oct/2019:15:24:34.148313874 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a
minimal value 512000
[28/Oct/2019:15:24:34.183483952 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a
minimal value 512000
[28/Oct/2019:15:24:34.216059053 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a
minimal value 512000
[28/Oct/2019:15:24:34.249251920 +0100] - NOTICE - ldbm_back_start - found 2034812k physical memory
[28/Oct/2019:15:24:34.271787887 +0100] - NOTICE - ldbm_back_start - found 627800k available
[28/Oct/2019:15:24:34.305153307 +0100] - NOTICE - ldbm_back_start - cache autosizing: db cache: 50870k
[28/Oct/2019:15:24:34.346820319 +0100] - NOTICE - ldbm_back_start - cache autosizing: userRoot entry
cache (3 total): 65536k
[28/Oct/2019:15:24:34.380215639 +0100] - NOTICE - ldbm_back_start - cache autosizing: userRoot dn
cache (3 total): 65536k
[28/Oct/2019:15:24:34.413883565 +0100] - NOTICE - ldbm_back_start - cache autosizing: ipaca entry
cache (3 total): 65536k
[28/Oct/2019:15:24:34.446900772 +0100] - NOTICE - ldbm_back_start - cache autosizing: ipaca dn cache
(3 total): 65536k
[28/Oct/2019:15:24:34.480404651 +0100] - NOTICE - ldbm_back_start - cache autosizing: changelog
entry cache (3 total): 65536k
[28/Oct/2019:15:24:34.513586337 +0100] - NOTICE - ldbm_back_start - cache autosizing: changelog dn
cache (3 total): 65536k
[28/Oct/2019:15:24:34.545455448 +0100] - NOTICE - ldbm_back_start - total cache size: 444326133 B;
[28/Oct/2019:15:24:34.660654207 +0100] - INFO - dblayer_start - Resizing db cache size: 82532761 ->
41672949
[28/Oct/2019:15:24:35.305068723 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for
cipher AES
[28/Oct/2019:15:24:35.346977418 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to
unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the
encrypted contents, keep the wrapped symmetric key value.
[28/Oct/2019:15:24:35.389013473 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for
cipher 3DES
[28/Oct/2019:15:24:35.430350643 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to
unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the
encrypted contents, keep the wrapped symmetric key value.
[28/Oct/2019:15:24:35.472051056 +0100] - ERR - attrcrypt_init - All prepared ciphers are not
available. Please disable attribute encryption.
[28/Oct/2019:15:24:35.712098113 +0100] - ERR - schema-compat-plugin - scheduled schema-compat-plugin
tree scan in about 5 seconds after the server startup!
[28/Oct/2019:15:24:35.767825035 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=groups,cn=compat,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist
[28/Oct/2019:15:24:35.847642467 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=computers,cn=compat,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist
[28/Oct/2019:15:24:35.889335963 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=ng,cn=compat,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist
[28/Oct/2019:15:24:35.906058664 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
ou=sudoers,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist
[28/Oct/2019:15:24:35.922645682 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=users,cn=compat,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist
[28/Oct/2019:15:24:35.939342751 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist
[28/Oct/2019:15:24:35.973017877 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist
[28/Oct/2019:15:24:35.997578015 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist
[28/Oct/2019:15:24:36.047582540 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist
[28/Oct/2019:15:24:36.122682002 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist
[28/Oct/2019:15:24:36.175397700 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist
[28/Oct/2019:15:24:36.222712999 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist
[28/Oct/2019:15:24:36.255979639 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist
[28/Oct/2019:15:24:36.400353621 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist
[28/Oct/2019:15:24:36.464434060 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist
[28/Oct/2019:15:24:36.570672924 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist
[28/Oct/2019:15:24:36.638393241 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=ipatest,dc=intranet,dc=xxx,dc=de does
not exist
[28/Oct/2019:15:24:36.697648930 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=ipatest,dc=intranet,dc=xxx,dc=de does
not exist
[28/Oct/2019:15:24:36.839033805 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=automember rebuild membership,cn=tasks,cn=config does not exist
[28/Oct/2019:15:24:36.903400951 +0100] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition
cn=Password Policy,cn=accounts,dc=ipatest,dc=intranet,dc=xxx,dc=de--no CoS Templates found, which
should be added before the CoS Definition.
[28/Oct/2019:15:24:37.113354944 +0100] - ERR - set_krb5_creds - Could not get initial credentials
for principal [ldap/ipa4.ipatest.intranet.XXX.de(a)IPATEST.INTRANET.XXX.DE] in keytab
[FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested realm)
[28/Oct/2019:15:24:37.132921236 +0100] - ERR - set_krb5_creds - Could not get initial credentials
for principal [ldap/ipa4.ipatest.intranet.XXX.de(a)IPATEST.INTRANET.XXX.DE] in keytab
[FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested realm)
[28/Oct/2019:15:24:37.152041659 +0100] - INFO - slapd_daemon - slapd started. Listening on All
Interfaces port 389 for LDAP requests
[28/Oct/2019:15:24:37.165159407 +0100] - INFO - slapd_daemon - Listening on All Interfaces port 636
for LDAPS requests
[28/Oct/2019:15:24:37.184192580 +0100] - INFO - slapd_daemon - Listening on
/var/run/slapd-IPATEST-INTRANET-XXX-DE.socket for LDAPI requests
[28/Oct/2019:15:24:37.249042042 +0100] - ERR - schema-compat-plugin - schema-compat-plugin tree scan
will start in about 5 seconds!
[28/Oct/2019:15:24:42.261321976 +0100] - ERR - schema-compat-plugin - warning: no entries set up
under cn=ng, cn=compat,dc=ipatest,dc=intranet,dc=XXX,dc=de
[28/Oct/2019:15:24:42.336666961 +0100] - ERR - schema-compat-plugin - warning: no entries set up
under cn=computers, cn=compat,dc=ipatest,dc=intranet,dc=XXX,dc=de
[28/Oct/2019:15:24:42.381915111 +0100] - ERR - schema-compat-plugin - Finished plugin initialization.
[28/Oct/2019:15:51:27.596490424 +0100] - INFO - op_thread_cleanup - slapd shutting down - signaling
operation threads - op stack size 3 max work q size 4 max work q stack size 4
[28/Oct/2019:15:51:27.885286001 +0100] - INFO - slapd_daemon - slapd shutting down - closing down
internal subsystems and plugins
This IPA Server is one of my replica setup here at work at the other works fine. At home after the
update i have the same problems, Any Help?
Regards
Dirk