Hi, I moved this conversation to freeipa-users instead of freeipa-devel (the devel mailing list is for development topics, not user help).
On Wed, Oct 23, 2024 at 9:04 AM Kao via FreeIPA-devel < freeipa-devel@lists.fedorahosted.org> wrote: > Issue: > > I'm deploying FreeIPA replica on azure VM,using Rocky 9.3 on both Master > and client(replica) VM, and borh version of FreeIPA is 4.11.0. This two vm > is in the same virtual network > > master and client deployment is fine, but when installing replica on > client vm, it always get error: > > [1/3]: configuring TLS for DS instance > [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE) > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR > Certificate issuance failed (CA_UNREACHABLE) > ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR > The ipa-replica-install command failed. See > /var/log/ipareplica-install.log for more information > > i've already check firewall and access right of the ca file on master. > > it have spend two days on this, really need some help!! > Please provide the whole log for /var/log/ipareplica-install.log. Did you use --skip-conncheck argument when installing the replica? What was the umask on the server when it got installed? The replica gets information from the master, can you check the content of /var/log/httpd/error_log? Do you see a line with cert_request from the replica? flo > -- > _______________________________________________ > FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org > To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
