Hi All,
Trying to install a replica for an already running ipa-server but it fails.

IPA Main server is already running and properly configured. I'm trying to setup 
the second server and replicate with the main server. 
This is the command what i'm using:

ipa-replica-install --principal admin --admin-password 'password' --setup-ca 
--setup-dns --auto-forwarders --server ipa-server.domain.local --domain 

Everything is going well until this:

Done configuring kadmin.
Configuring directory server (dirsrv)
  [1/3]: configuring TLS for DS instance
  [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE)
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    
Certificate issuance failed (CA_UNREACHABLE)
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    
The ipa-replica-install command failed. See /var/log/ipareplica-install.log for 
more information

The getcert list command is getting this;
Number of certificates and requests being tracked: 1.
Request ID '20180905101554':
        status: CA_UNREACHABLE
        ca-error: Server at https://ipa-server2.domain.local/ipa/xml failed 
request, will retry: -504 (libcurl failed to execute the HTTP POST transaction, 
explaining:  Failed connect to ipa-server2.domain.local:443; Connection 

[ipa-server2] # netstat -lnp | grep 443 - is not getting anything back.

httpd server is running by listening 80 port only.

[root@host user]# ipa --version
VERSION: 4.5.4, API_VERSION: 2.228

cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"

How can i make the replica working?
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 

Reply via email to