On Wed, Jul 5, 2017 at 7:28 PM Rob Crittenden <rcrit...@redhat.com> wrote:
> Pieter Baele via FreeIPA-users wrote:
> > No, only "fresh" and updated RHEL 7.3 hosts.
> Ok, you were the one that brought up re-installing...
> > Connections are being made, but still ipa-client install.
> > Can't wait forever on a solution of RH Support, they have/had no clue at
> > all, so I'll reinstall - yet the issue intrigues me a bit.
> You haven't provided any information here that would allow us to help.
Yes indeed, I was the one that brought up reinstalling 2 of our hosts.
I have a deadline, so there is no choice. Those are 2 management hosts we
Also I never got a request, "please, this looks intriguing for us at well"
I could have reinstalled right away instead of trying to debug the ipa
registration process. But all my other 99% similar hosts registered without
We lost precious time also because I had to explain that the engineer was
looking in the wrong direction. Not something a customer should do (!).
But I am still interested in what happened and in IPA in general, hope
there is nothing wrong with that?
Thats why I also submitted some limited information to the mailinglist. It
is not the first time a mailinglist or IRC is more direct.... instead of
going to several support people first.
As demanded I provided an strace as well, and it was clear that the
freeipa-client-install was hanging at the point as explained before.
No explanations from logs and traces IMO.
The only thing that was changed on those 2 hosts was the hostname - but
BEFORE the install of the client. Which was also misunderstood by the
> > On Mon, Jul 3, 2017 at 4:53 PM Rob Crittenden <rcrit...@redhat.com
> > <mailto:rcrit...@redhat.com>> wrote:
> > Pieter Baele via FreeIPA-users wrote:
> > > Hi,
> > >
> > > I've a weird problem with 2 hosts on ipa-client-install
> > > All my servers are using a 99% alike kickstart profile.
> > >
> > > 8 hosts did their registration almost immediately (after submit of
> > admin)
> > >
> > > But on 2 servers I am stuck with:
> > > stderr=
> > > trying to retrieve CA cert via LDAP from ....
> > >
> > > Any idea what the reason could be? I checked: DNS, firewall
> > > But all verifications and discovery before this step are
> > >
> > > It's only possible I did a ipa-client-uninstall on those hosts
> > > (not 100% sure)
> > >
> > Shouldn't matter unless you are running an ancient version of RHEL
> > I'd start with the 389-ds access log and the KDC log on the IPA
> > and see if connections are being made at all, and with what results.
> > rob
> > _______________________________________________
> > FreeIPA-users mailing list -- firstname.lastname@example.org
> > To unsubscribe send an email to
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org