Thanks Rob for pointing out that pki-tps-tomcat is not required. After taking a 
snapshot we remove the RPM and upgraded FreeIPA.

We hit the bug 1436268 <>  , 
so we removed the entry for server_id in /etc/named.conf and all worked out 



From: Rob Crittenden <>
Sent: Monday, July 24, 2017 7:46 AM
To: FreeIPA users list
Cc: Bhavin Vaidya
Subject: Re: [Freeipa-users] FreeIPA upgrade

Bhavin Vaidya via FreeIPA-users wrote:
> Hello,
> We are trying to upgrade FreeIPA- v4.1.3-1.el7 on our master server
> which is CentOS 7.0.1406.
> We were getting other conflict issues, which were fixed with updating yum.
> We are not able to go further without following Error, while both RPMs
> in questions are already present and I can same message if tried to
> update pki-server, while for pki-tps-tomcat it says nothing to update.
> We have CA certificate on our server ds01.
> We are also not able to add a replica, because of some certificate issue.

I'd fix the certificate issue(s) before trying to upgrade. You are
asking for more trouble trying to upgrade an install that has issues.

> [root@ds01 pki-ca]# yum update freeipa-server
> <SNIP>
> --> Finished Dependency Resolution
> Error: Package: pki-tps-tomcat-10.1.2-7.1.el7.centos.noarch
> (@mkosek-freeipa)
>            Requires: pki-server = 10.1.2-7.1.el7.centos
>            Removing: pki-server-10.1.2-7.1.el7.centos.noarch
> (@mkosek-freeipa)

I don't believe that pki-tps-tomcat is required for IPA. I'm concerned
that you have unofficial bits installed though. Was this to temporarily
work around some issue?


>                pki-server = 10.1.2-7.1.el7.centos
>            Updated By: pki-server-10.3.3-19.el7_3.noarch (updates)
>                pki-server = 10.3.3-19.el7_3
>            Available: pki-server-10.3.3-10.el7.noarch (base)
>                pki-server = 10.3.3-10.el7
>            Available: pki-server-10.3.3-14.el7_3.noarch (updates)
>                pki-server = 10.3.3-14.el7_3
>            Available: pki-server-10.3.3-16.el7_3.noarch (updates)
>                pki-server = 10.3.3-16.el7_3
>            Available: pki-server-10.3.3-17.el7_3.noarch (updates)
>                pki-server = 10.3.3-17.el7_3
>            Available: pki-server-10.3.3-18.el7_3.noarch (updates)
>                pki-server = 10.3.3-18.el7_3
>  You could try using --skip-broken to work around the problem
>  You could try running: rpm -Va --nofiles --nodigest
> [root@ds01 pki-ca]# rpm -qa | grep pki-server
> pki-server-10.1.2-7.1.el7.centos.noarch
> dogtag-pki-server-theme-10.1.1-1.el7.centos.noarch
> [root@ds01 pki-ca]# rpm -qa | grep pki-tps-tomcat
> pki-tps-tomcat-10.1.2-7.1.el7.centos.noarch
> Thank you and with regards,
> Bhavin
> _______________________________________________
> FreeIPA-users mailing list --
> To unsubscribe send an email to

FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to