On Wed, Jul 5, 2017 at 7:28 PM Rob Crittenden <rcrit...@redhat.com> wrote:
> Pieter Baele via FreeIPA-users wrote: > > No, only "fresh" and updated RHEL 7.3 hosts. > > Ok, you were the one that brought up re-installing... > > > Connections are being made, but still ipa-client install. > > Can't wait forever on a solution of RH Support, they have/had no clue at > > all, so I'll reinstall - yet the issue intrigues me a bit. > Y > You haven't provided any information here that would allow us to help. > > rob > > Yes indeed, I was the one that brought up reinstalling 2 of our hosts. I have a deadline, so there is no choice. Those are 2 management hosts we need. Also I never got a request, "please, this looks intriguing for us at well" .... I could have reinstalled right away instead of trying to debug the ipa registration process. But all my other 99% similar hosts registered without a problem..... We lost precious time also because I had to explain that the engineer was looking in the wrong direction. Not something a customer should do (!). But I am still interested in what happened and in IPA in general, hope there is nothing wrong with that? Thats why I also submitted some limited information to the mailinglist. It is not the first time a mailinglist or IRC is more direct.... instead of going to several support people first. As demanded I provided an strace as well, and it was clear that the freeipa-client-install was hanging at the point as explained before. No explanations from logs and traces IMO. The only thing that was changed on those 2 hosts was the hostname - but BEFORE the install of the client. Which was also misunderstood by the way.... -- Pieter > > > > On Mon, Jul 3, 2017 at 4:53 PM Rob Crittenden <rcrit...@redhat.com > > <mailto:rcrit...@redhat.com>> wrote: > > > > Pieter Baele via FreeIPA-users wrote: > > > Hi, > > > > > > I've a weird problem with 2 hosts on ipa-client-install > registration. > > > All my servers are using a 99% alike kickstart profile. > > > > > > 8 hosts did their registration almost immediately (after submit of > > admin) > > > > > > But on 2 servers I am stuck with: > > > stderr= > > > trying to retrieve CA cert via LDAP from .... > > > > > > Any idea what the reason could be? I checked: DNS, firewall > > > But all verifications and discovery before this step are > successful. > > > > > > It's only possible I did a ipa-client-uninstall on those hosts > before. > > > (not 100% sure) > > > > > > > Shouldn't matter unless you are running an ancient version of RHEL > 6.x. > > > > I'd start with the 389-ds access log and the KDC log on the IPA > master > > and see if connections are being made at all, and with what results. > > > > rob > > > > > > > > _______________________________________________ > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org > > > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org