Solutions
Archived

OpenDJ 2.6.0, 2.6.1 or 2.6.2 server fails to restart and then shuts itself down again

Last updated Jan 5, 2021

The purpose of this article is to provide assistance if the reason for the shutdown was caused by the following error while trying to start the Directory Server: "CryptoManager failed to publish the instance-key-pair public-key-certificate entry in ADS: Failed to add entry "ds-cfg-key-id=<instance key>,cn=instance keys,cn=admin data".


1 reader recommends this article

Archived

This article has been archived and is no longer maintained by ForgeRock.

Symptoms

The following error is shown in the errors log when the OpenDJ server fails to restart and shuts itself down again:

[11/Apr/2015:16:33:19 +0000] category=CORE severity=NOTICE msgID=458891 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerShutdown, alert ID 458893): The Directory Server has started the shutdown process. The shutdown was initiated by an instance of class org.opends.server.core.DirectoryServer and the reason provided for the shutdown was An error occurred while trying to start the Directory Server: CryptoManager failed to publish the instance-key-pair public-key-certificate entry in ADS: Failed to add entry "ds-cfg-key-id=731D73895DEF42AD8A7A5AC1C0005062,cn=instance keys,cn=admin data" (id=262812) [11/Apr/2015:16:33:19 +0000] category=BACKEND severity=NOTICE msgID=9896306 msg=The backend userRoot is now taken offline [11/Apr/2015:16:33:19 +0000] category=CORE severity=NOTICE msgID=458955 msg=The Directory Server is now stopped

Recent Changes

N/A

Causes

The admin-backend.ldif file (located in the /path/to/opendj/config directory) is either missing, corrupt or empty (zero length). The most common cause for this is the server running out of disk space.

Solution

This issue can be resolved by upgrading to OpenDJ 2.6.3 or later; you can download this from BackStage.

Workaround

Alternatively, you can overwrite the admin-backend.ldif file with a copy of the admin-backend.ldif.old file (also in the /path/to/opendj/config directory) providing the old file is valid.

If the old file is invalid, for example, it is also zero length, you can copy the admin-backend.ldif file from another replicated server or a backup. If this is not an option, you can create a generic admin-backend.ldif file containing the following:

dn: cn=admin data objectClass: top objectClass: ds-cfg-branch cn: admin data dn: cn=instance keys,cn=admin data objectClass: top objectClass: ds-cfg-branch cn: instance keys dn: cn=secret keys,cn=admin data objectClass: top objectClass: ds-cfg-branch cn: secret keys dn: cn=Server Groups,cn=admin data objectClass: top objectClass: ds-cfg-branch cn: Server Groups

If you have to use this generic admin-backend.ldif file, you should disable replication on all servers and then set it up again once you have restarted the OpenDJ server.

See Also

How do I design and implement my backup and restore strategies for DS (All versions)?

FAQ: Backup and restore in DS 5.x and 6.x

Related Training

N/A

Related Issue Tracker IDs

OPENDJ-1764 (admin-backend.ldif can end up empty)


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.