[Pki-users] Unable to retrieve CA chain: request failed with HTTP status 500

I have an install that fails at the following stage:importing CA chain to RA certificate database  [error] RuntimeError: Unable to retrieve CA chain: request failed with HTTP status 500 the logs are not showing anything obvious22/Aug/2017:17:02:52][http-bio-8443-exec-3]: importLDIFS(): LDAP Errors in importing /var/lib/pki/pki-tomcat/ca/conf/manager.ldif[22/Aug/2017:17:02:52][http-bio-8443-exec-3]: LDAPUtil:importLDIF: exception in adding entry ou=csusers,cn=config:netscape.ldap.LDAPException: error result (68)[22/Aug/2017:17:02:52][http-bio-8443-exec-3]: LDAPUtil:importLDIF: exception in modifying entry o=ipaca:netscape.ldap.LDAPException: error result (20)[22/Aug/2017:17:02:52][http-bio-8443-exec-3]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:02:52][http-bio-8443-exec-3]: makeConnection: errorIfDown false[22/Aug/2017:17:02:57][http-bio-8443-exec-3]: init: before makeConnection errorIfDown is true[22/Aug/2017:17:02:57][http-bio-8443-exec-3]: makeConnection: errorIfDown true[22/Aug/2017:17:02:57][http-bio-8443-exec-3]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:02:57][http-bio-8443-exec-3]: makeConnection: errorIfDown false[22/Aug/2017:17:02:57][http-bio-8443-exec-3]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:02:57][http-bio-8443-exec-3]: makeConnection: errorIfDown false[22/Aug/2017:17:02:58][http-bio-8443-exec-3]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:02:58][http-bio-8443-exec-3]: makeConnection: errorIfDown false[22/Aug/2017:17:03:07][localhost-startStop-1]: init: before makeConnection errorIfDown is true[22/Aug/2017:17:03:07][localhost-startStop-1]: makeConnection: errorIfDown true[22/Aug/2017:17:03:07][localhost-startStop-1]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:03:07][localhost-startStop-1]: makeConnection: errorIfDown false[22/Aug/2017:17:03:08][localhost-startStop-1]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:03:08][localhost-startStop-1]: makeConnection: errorIfDown false[22/Aug/2017:17:03:08][localhost-startStop-1]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:03:08][localhost-startStop-1]: makeConnection: errorIfDown false[22/Aug/2017:17:03:08][profileChangeMonitor]: Start Profile Creation - caDirUserRenewal caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile[22/Aug/2017:17:03:08][profileChangeMonitor]: Done Profile Creation - caDirUserRenewal[22/Aug/2017:17:03:08][profileChangeMonitor]: Start Profile Creation - IECUserRoles caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile[22/Aug/2017:17:03:08][profileChangeMonitor]: Done Profile Creation - IECUserRoles[22/Aug/2017:17:03:08][localhost-startStop-1]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:03:08][localhost-startStop-1]: makeConnection: errorIfDown false[22/Aug/2017:17:03:09][localhost-startStop-1]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:03:09][localhost-startStop-1]: makeConnection: errorIfDown false[22/Aug/2017:17:03:09][localhost-startStop-1]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:03:09][localhost-startStop-1]: makeConnection: errorIfDown false[22/Aug/2017:17:03:09][localhost-startStop-1]: DBSubsystem: getNextRange. Unable to provide next range :netscape.ldap.LDAPException: error result (68)[22/Aug/2017:17:13:08][SerialNumberUpdateTask]: DBSubsystem: getNextRange. Unable to provide next range :netscape.ldap.LDAPException: error result (68) and [23/Aug/2017:15:24:09][CertStatusUpdateTask]: returnConn: mNumConns now 5[23/Aug/2017:15:24:09][CertStatusUpdateTask]: DBVirtualList: searching for entry 20170823152409Z[23/Aug/2017:15:24:09][CertStatusUpdateTask]: DBVirtualList.getEntries()[23/Aug/2017:15:24:09][CertStatusUpdateTask]: DBVirtualList: entries: 1[23/Aug/2017:15:24:09][CertStatusUpdateTask]: DBVirtualList: top: 0[23/Aug/2017:15:24:09][CertStatusUpdateTask]: DBVirtualList: size: 640[23/Aug/2017:15:24:09][CertStatusUpdateTask]: transitRevokedExpiredCertificates: list size: 640[23/Aug/2017:15:24:09][CertStatusUpdateTask]: transitRevokedExpiredCertificates: ltSize 1[23/Aug/2017:15:24:09][CertStatusUpdateTask]: transitRevokedExpired: curRec: 0 CertRecord:     76[23/Aug/2017:15:24:09][CertStatusUpdateTask]: Record does not qualify,notAfter Mon Aug 28 16:47:53 UTC 2017 date Wed Aug 23 15:24:09 UTC 2017[23/Aug/2017:15:24:09][CertStatusUpdateTask]: transitCertList REVOKED_EXPIRED[23/Aug/2017:15:24:09][CertStatusUpdateTask]: updateCertStatus done I have full logs if necessary. but I'm unable to determine the  cause for the failure. Asking on freeipa forums this is a problem on the CA server but thats as far as I got with this.