No, only "fresh" and updated RHEL 7.3 hosts. Connections are being made, but still ipa-client install. Can't wait forever on a solution of RH Support, they have/had no clue at all, so I'll reinstall - yet the issue intrigues me a bit.
On Mon, Jul 3, 2017 at 4:53 PM Rob Crittenden <rcrit...@redhat.com> wrote: > Pieter Baele via FreeIPA-users wrote: > > Hi, > > > > I've a weird problem with 2 hosts on ipa-client-install registration. > > All my servers are using a 99% alike kickstart profile. > > > > 8 hosts did their registration almost immediately (after submit of admin) > > > > But on 2 servers I am stuck with: > > stderr= > > trying to retrieve CA cert via LDAP from .... > > > > Any idea what the reason could be? I checked: DNS, firewall > > But all verifications and discovery before this step are successful. > > > > It's only possible I did a ipa-client-uninstall on those hosts before. > > (not 100% sure) > > > > Shouldn't matter unless you are running an ancient version of RHEL 6.x. > > I'd start with the 389-ds access log and the KDC log on the IPA master > and see if connections are being made at all, and with what results. > > rob > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org