Well now that sounds a daunting endeavor.  It would definitely be a last resort 
type situation for sure.  Thank you both for laying it out and I definitely 
didn't expect it to be possible at all so at least its something.

I think the big problem we're having is the fact that we can't seem to create 
new CA replicas against our old IPA 3.0 CA.  I've upgraded the servers to the 
latest and greatest multiple times over the last year (which caused its own set 
of problems which are in a different thread) and each time it fails with a 
different error.  I can generally find the same problem in a bugzilla but even 
after patching to the recommended version it still fails with a new error.

The latest being:

[14/Jun/2017:06:49:45][http-bio-8443-exec-3]: ConfigurationUtils: 
updateDomainXML: status=1
[14/Jun/2017:06:49:45][http-bio-8443-exec-3]: Unable to update security domain: 
java.io.IOException: Unable to update security domain: 2
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to