Files_to_be_attached_to_bug_report#

Server instalation failed#

Please be aware that some logs may contain sensitive information and should be sanitized or transported over a secure channel.

ipa-server-install#

Generic failure#

date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log

Directory server failed#

date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
/var/log/dirsrv/slapd-*/errors
/var/log/dirsrv/slapd-*/access
journalctl -xe

Dogtag CA failed#

date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
journalctl -u pki-tomcatd@pki-tomcat.service
/var/log/pki/pki-tomcat/ca/debug
/var/log/pki/pki-ca-spawn..log

Dogtag KRA failed#

date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
journalctl -u pki-tomcatd@pki-tomcat.service
/var/log/pki/pki-tomcat/kra/debug
/var/log/pki/pki-kra-spawn..log

Kerberos (KDC, kadmin) failed#

date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
/var/log/kadmind.log
/var/log/krb5kdc.log

Apache (httpd) failed#

date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
journalctl -u httpd
/var/log/httpd/error_log

Custodia failed#

date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
journalctl -u ipa-custodia
less /var/log/ipa-custodia.audit.log  # from both master and replica

DNS part failed#

date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
journalctl -u named-pkcs11
journalctl -u ipa-dnskeysyncd

AD Trust installation failed#

date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
/var/log/httpd/error_log
/var/log/dirsrv/slapd-*/errors
/var/log/dirsrv/slapd-*/access
journalctl -u smb
journalctl -u winbind

Installation of updates failed#

date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
/var/log/dirsrv/slapd-*/errors

Client part failed#

date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
/var/log/ipaclient-install.log
/var/log/httpd/error_log

ipa-replica-install#

Generic failure#

date -R
/var/log/ipareplica-install.log
ausearch -m AVC > avc.log

In case of failure of any specific component follow list of services from installation section and provide those logs too.

Connection check failed#

Please make sure that firewall and network are correctly set (servers can see each other) before you report issue against replica connection check.

From both master and replica

date -R

/var/log/ipareplica-conncheck.log

ipa-dns-install#

See ipa-server-install DNS part

ipa-ca-install#

date -R

/var/log/ipareplica-ca-install.log

And see ipa-server-install CA part.

ipa-kra-install#

date -R

/var/log/ipaserver-kra-install.log

And see ipa-server-install KRA part.

ipa-adtrust-install#

See ipa-server-install AD Trust part.

I HAVE NO IDEA#

Then provide everything you can ;-)

date -R
/var/log/ipa*.log
ausearch -m AVC > avc.log
/var/log/dirsrv/slapd-*/errors
/var/log/dirsrv/slapd-*/access
journalctl -xe
journalctl -u named-pkcs11
journalctl -u ipa-dnskeysyncd
journalctl -u httpd
journalctl -u pki-tomcatd@pki-tomcat.service
/var/log/pki/pki-tomcat/ca/debug
/var/log/pki/pki-ca-spawn..log
/var/log/pki/pki-tomcat/kra/debug
/var/log/pki/pki-kra-spawn..log
/var/log/httpd/error_log
/var/log/kadmind.log
/var/log/krb5kdc.log

Client installation failed#

date -R
/var/log/ipaclient-install.log
ausearch -m AVC > avc.log

Upgrade failed#

date -R
/var/log/ipaupgrade.log
ausearch -m AVC > avc.log
/var/log/dirsrv/slapd-*/errors

In case of upgrade failure of any specific components follow list of services from installation section and provide those logs too.

FreeIPA CLI failed#

Internal server error#

Please execute steps on the server which is returning an internal error.

Prologue:

set ``\ *``debug=true``*\ `` in ``\ */etc/ipa/default.conf``*

apachectl graceful

Run broken command:

``ipa ``

Provide logs from the server:

| ``date -R``
| ``/var/log/httpd/error_log``
| ``/var/log/dirsrv/slapd-*/access``
| ``/var/log/dirsrv/slapd-*/errors``

Epilogue:

remove ``\ *``debug=true``*\ `` from ``\ */etc/ipa/default.conf``*

apachectl graceful

FreeIPA WebUI failed#

Login failed#

Please execute steps on the server with FreeIPA server installed.

Prologue:

change ``\ *``LogLevel``*\ `` to ``\ *``info``*\ `` in ``\ */etc/httpd/conf.d/nss.conf``*

apachectl graceful

Try to log in again.

Provide logs from the server:

date -R
/var/log/httpd/error_log
/var/log/httpd/access_log
/var/log/krb5kdc.log

Epilogue:

set back ``\ *``LogLevel``*\ `` to ``\ *``warn``*\ `` in ``\ */etc/httpd/conf.d/nss.conf``*

apachectl graceful

Other failures#

Usually seen as 50x HTTP error in WebUI.

date -R
/var/log/httpd/error_log
/var/log/httpd/access_log
journalctl -u httpd

Internal server error#

Please follow FreeIPA CLI failed: Internal server error and execute action in WebUI instead of running an ipa .

Files_to_be_attached_to_bug_report

Contents

Files_to_be_attached_to_bug_report#

Server instalation failed#

ipa-server-install#

Generic failure#

Directory server failed#

Dogtag CA failed#

Dogtag KRA failed#

Kerberos (KDC, kadmin) failed#

Apache (httpd) failed#

Custodia failed#

DNS part failed#

AD Trust installation failed#

Installation of updates failed#

Client part failed#

ipa-replica-install#

Generic failure#

Connection check failed#

ipa-dns-install#

ipa-ca-install#

ipa-kra-install#

ipa-adtrust-install#

I HAVE NO IDEA#

Client installation failed#

Upgrade failed#

FreeIPA CLI failed#

Kerberos related errors#

Internal server error#

FreeIPA WebUI failed#

Login failed#

Other failures#

Internal server error#