On 08/01/2017 03:11 PM, Mark Haney via FreeIPA-users wrote:
On 08/01/2017 03:26 AM, Florence Blanc-Renaud wrote:
another user hit the same problem as you (ipa-replica-install
--setup-ca fails during pkispawn and the PKI debug log shows an error
related to updateNumberRange). He managed to workaround the issue by
un-enrolling the failing replica and revoking all the certificates
that were created during replica setup attempts (you can find the mail
thread here ).
I still don't know what is the root cause of the issue or why the
workaround succeeded, but it's worth giving it a try.
The logs do look similar to me, so I can give this a shot, what I don't
know is how to revoke all the certificates on the replica server (at
least I'm assuming it's the replica getting the revokations.
you can connect to IPA web UI on the server to revoke the cert:
https://server.ipadomain.com/ipa/ui, then navigate to Authentication >
Certificates, click on the certificate corresponding to the replica
which failed installation (CN=<replica>,o=DOM...) and then Actions >
Revoke Certificate (superseded).
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org