Jamal Mahmoud via FreeIPA-users wrote: > Hi Rob, > > I've isolated the output on lithium when i ran > ipa-replica-manage del oxygen.eggvfx.ie <http://oxygen.eggvfx.ie> > --force --cleanup > It's quite heavy still but here it is
This is helpful. It shows that oxygen is being looked for in the IPA masters location, cn=masters and is returning err=32, not found. What I don't know is why or where this query is coming from. There are several queries that look like they might originate in the 389-ds topology plugin but I couldn't find where and I'm not familiar with it in general. Queries like: SRCH base="cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" scope=1 filter="(objectClass=top)" attrs="ipaMaxDomainLevel cn ipaMinDomainLevel ipaReplTopoManagedSuffix ipaLocation ipaServiceWeight" I'm not entirely sure when you invoke ipa-replica-manage if it is calling the topology plugin under the hood or not. It almost certainly is when you use the UI. I'm cc'ing someone who knows this better. rob > > [13/Feb/2018:09:14:45.823204160 +0000] conn=192207 fd=155 slot=155 SSL > connection from 192.168.94.4 to 192.168.94.4 > [13/Feb/2018:09:14:46.027998523 +0000] conn=192207 TLS1.2 256-bit AES-GCM > [13/Feb/2018:09:14:46.031226897 +0000] conn=45 op=31409 SRCH > base="dc=eggvfx,dc=ie" scope=2 > filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/eggvfx...@eggvfx.ie > <mailto:eggvfx...@eggvfx.ie>)(krbPrincipalName:caseIgnoreIA5Match:=krbtgt/eggvfx...@eggvfx.ie > <mailto:eggvfx...@eggvfx.ie>)))" attrs="krbPrincipalName > krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference > krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference > krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases > krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount > krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences > krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock > passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink > objectClass" > [13/Feb/2018:09:14:46.031713683 +0000] conn=45 op=31409 RESULT err=0 > tag=101 nentries=1 etime=0 > [13/Feb/2018:09:14:46.032193288 +0000] conn=45 op=31410 SRCH > base="dc=eggvfx,dc=ie" scope=2 > filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/lithium.eggvfx...@eggvfx.ie > <mailto:lithium.eggvfx...@eggvfx.ie>)(krbPrincipalName:caseIgnoreIA5Match:=ldap/lithium.eggvfx...@eggvfx.ie > <mailto:lithium.eggvfx...@eggvfx.ie>)))" attrs="krbPrincipalName > krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference > krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference > krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases > krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount > krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences > krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock > passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink > objectClass" > [13/Feb/2018:09:14:46.032529772 +0000] conn=45 op=31410 RESULT err=0 > tag=101 nentries=1 etime=0 > [13/Feb/2018:09:14:46.032696842 +0000] conn=45 op=31411 SRCH > base="cn=EGGVFX.IE <http://EGGVFX.IE>,cn=kerberos,dc=eggvfx,dc=ie" > scope=0 filter="(objectClass=krbticketpolicyaux)" > attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [13/Feb/2018:09:14:46.032904807 +0000] conn=45 op=31411 RESULT err=0 > tag=101 nentries=1 etime=0 > [13/Feb/2018:09:14:46.033085928 +0000] conn=45 op=31412 SRCH > base="dc=eggvfx,dc=ie" scope=2 > filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=ad...@eggvfx.ie > <mailto:ad...@eggvfx.ie>))" attrs="krbPrincipalName krbCanonicalName > krbUPEnabled krbPrincipalKey krbTicketPolicyReference > krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference > krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases > krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount > krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences > krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock > passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink > objectClass" > [13/Feb/2018:09:14:46.033377257 +0000] conn=45 op=31412 RESULT err=0 > tag=101 nentries=1 etime=0 > [13/Feb/2018:09:14:46.033555617 +0000] conn=45 op=31413 SRCH > base="cn=EGGVFX.IE <http://EGGVFX.IE>,cn=kerberos,dc=eggvfx,dc=ie" > scope=0 filter="(objectClass=krbticketpolicyaux)" > attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [13/Feb/2018:09:14:46.033714662 +0000] conn=45 op=31413 RESULT err=0 > tag=101 nentries=1 etime=0 > [13/Feb/2018:09:14:46.034731567 +0000] conn=192207 op=0 BIND dn="" > method=sasl version=3 mech=GSSAPI > [13/Feb/2018:09:14:46.776688499 +0000] conn=192207 op=0 RESULT err=14 > tag=97 nentries=0 etime=1, SASL bind in progress > [13/Feb/2018:09:14:46.777340050 +0000] conn=192207 op=1 BIND dn="" > method=sasl version=3 mech=GSSAPI > [13/Feb/2018:09:14:46.779800986 +0000] conn=192207 op=1 RESULT err=14 > tag=97 nentries=0 etime=0, SASL bind in progress > [13/Feb/2018:09:14:46.780131803 +0000] conn=192207 op=2 BIND dn="" > method=sasl version=3 mech=GSSAPI > [13/Feb/2018:09:14:46.781745436 +0000] conn=192207 op=2 RESULT err=0 > tag=97 nentries=0 etime=0 > dn="uid=admin,cn=users,cn=accounts,dc=eggvfx,dc=ie" > [13/Feb/2018:09:14:46.782496366 +0000] conn=192207 op=3 SRCH > base="cn=mapping tree,cn=config" scope=2 > filter="(|(&(objectClass=nsds5ReplicationAgreement)(nsDS5ReplicaRoot=dc=eggvfx,dc=ie))(objectClass=nsDSWindowsReplicationAgreement))" > attrs=ALL > [13/Feb/2018:09:14:46.784970100 +0000] conn=192207 op=3 RESULT err=0 > tag=101 nentries=1 etime=0 > [13/Feb/2018:09:14:46.786072700 +0000] conn=192207 op=4 SRCH > base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes > objectClasses" > [13/Feb/2018:09:14:46.992758156 +0000] conn=192207 op=4 RESULT err=0 > tag=101 nentries=1 etime=0 > [13/Feb/2018:09:14:47.274654147 +0000] conn=192208 fd=156 slot=156 > connection from local to /var/run/slapd-EGGVFX-IE.socket > [13/Feb/2018:09:14:47.275257858 +0000] conn=192208 AUTOBIND > dn="cn=Directory Manager" > [13/Feb/2018:09:14:47.275266840 +0000] conn=192208 op=0 BIND > dn="cn=Directory Manager" method=sasl version=3 mech=EXTERNAL > [13/Feb/2018:09:14:47.275307838 +0000] conn=192208 op=0 RESULT err=0 > tag=97 nentries=0 etime=0 dn="cn=Directory Manager" > [13/Feb/2018:09:14:47.286719997 +0000] conn=192208 op=1 SRCH > base="cn=Domain Level,cn=ipa,cn=etc,dc=eggvfx,dc=ie" scope=0 > filter="(objectClass=*)" attrs="ipaDomainLevel" > [13/Feb/2018:09:14:47.286848507 +0000] conn=192208 op=1 RESULT err=0 > tag=101 nentries=1 etime=0 > [13/Feb/2018:09:14:47.287228472 +0000] conn=192208 op=2 SRCH > base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes > objectClasses" > [13/Feb/2018:09:14:47.464093684 +0000] conn=192208 op=2 RESULT err=0 > tag=101 nentries=1 etime=0 > [13/Feb/2018:09:14:47.828827335 +0000] conn=192208 op=3 SRCH > base="cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" scope=1 > filter="(objectClass=top)" attrs="ipaMaxDomainLevel cn ipaMinDomainLevel > ipaReplTopoManagedSuffix ipaLocation ipaServiceWeight" > [13/Feb/2018:09:14:47.829400972 +0000] conn=192208 op=3 RESULT err=0 > tag=101 nentries=3 etime=0 > [13/Feb/2018:09:14:47.834510410 +0000] conn=192208 op=4 SRCH > base="cn=topology,cn=ipa,cn=etc,dc=eggvfx,dc=ie" scope=1 > filter="(objectClass=iparepltopoconf)" attrs="* cn ipaReplTopoConfRoot aci" > [13/Feb/2018:09:14:47.834813555 +0000] conn=192208 op=4 RESULT err=0 > tag=101 nentries=2 etime=0 > [13/Feb/2018:09:14:47.845769945 +0000] conn=192208 op=5 SRCH > base="cn=nitrogen.eggvfx.ie > <http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" > scope=0 filter="(objectClass=*)" attrs="" > [13/Feb/2018:09:14:47.845875163 +0000] conn=192208 op=5 RESULT err=0 > tag=101 nentries=1 etime=0 > [13/Feb/2018:09:14:47.846499455 +0000] conn=192208 op=6 SRCH > base="cn=nitrogen.eggvfx.ie > <http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" > scope=2 filter="(cn=CA)" attrs="ipaConfigString cn" > [13/Feb/2018:09:14:47.846716314 +0000] conn=192208 op=6 RESULT err=0 > tag=101 nentries=1 etime=0 > [13/Feb/2018:09:14:47.847775298 +0000] conn=192208 op=7 SRCH > base="cn=nitrogen.eggvfx.ie > <http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" > scope=2 filter="(|(cn=HTTP)(cn=KDC)(cn=KPASSWD))" attrs="ipaConfigString cn" > [13/Feb/2018:09:14:47.848157025 +0000] conn=192208 op=7 RESULT err=0 > tag=101 nentries=3 etime=0 > [13/Feb/2018:09:14:47.850013297 +0000] conn=192208 op=8 SRCH > base="cn=nitrogen.eggvfx.ie > <http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" > scope=2 filter="(|(cn=DNS)(cn=DNSKeySync))" attrs="ipaConfigString cn" > [13/Feb/2018:09:14:47.850305924 +0000] conn=192208 op=8 RESULT err=0 > tag=101 nentries=2 etime=0 > [13/Feb/2018:09:14:47.851655036 +0000] conn=192208 op=9 SRCH > base="cn=nitrogen.eggvfx.ie > <http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" > scope=2 filter="(cn=NTP)" attrs="ipaConfigString cn" > [13/Feb/2018:09:14:47.851833457 +0000] conn=192208 op=9 RESULT err=0 > tag=101 nentries=1 etime=0 > [13/Feb/2018:09:14:47.852812885 +0000] conn=192208 op=10 SRCH > base="cn=computers,cn=accounts,dc=eggvfx,dc=ie" scope=2 > filter="(&(memberOf=cn=adtrust > agents,cn=sysaccounts,cn=etc,dc=eggvfx,dc=ie)(fqdn=nitrogen.eggvfx.ie > <http://nitrogen.eggvfx.ie>))" attrs="* aci" > [13/Feb/2018:09:14:47.853031311 +0000] conn=192208 op=10 RESULT err=0 > tag=101 nentries=0 etime=0 > [13/Feb/2018:09:14:47.853536363 +0000] conn=192208 op=11 SRCH > base="cn=nitrogen.eggvfx.ie > <http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" > scope=2 filter="(cn=KRA)" attrs="ipaConfigString cn" > [13/Feb/2018:09:14:47.853649454 +0000] conn=192208 op=11 RESULT err=0 > tag=101 nentries=0 etime=0 > [13/Feb/2018:09:14:47.854114915 +0000] conn=192208 op=12 SRCH > base="cn=nitrogen.eggvfx.ie > <http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" > scope=2 filter="(cn=ADTRUST)" attrs="ipaConfigString cn" > [13/Feb/2018:09:14:47.854224953 +0000] conn=192208 op=12 RESULT err=0 > tag=101 nentries=0 etime=0 > [13/Feb/2018:09:14:47.855353962 +0000] conn=192208 op=13 SRCH > base="cn=lithium.eggvfx.ie > <http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" > scope=0 filter="(objectClass=*)" attrs="" > [13/Feb/2018:09:14:47.855449266 +0000] conn=192208 op=13 RESULT err=0 > tag=101 nentries=1 etime=0 > [13/Feb/2018:09:14:47.855936058 +0000] conn=192208 op=14 SRCH > base="cn=lithium.eggvfx.ie > <http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" > scope=2 filter="(cn=CA)" attrs="ipaConfigString cn" > [13/Feb/2018:09:14:47.856125343 +0000] conn=192208 op=14 RESULT err=0 > tag=101 nentries=1 etime=0 > [13/Feb/2018:09:14:47.857152859 +0000] conn=192208 op=15 SRCH > base="cn=lithium.eggvfx.ie > <http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" > scope=2 filter="(|(cn=HTTP)(cn=KDC)(cn=KPASSWD))" attrs="ipaConfigString cn" > [13/Feb/2018:09:14:47.857517597 +0000] conn=192208 op=15 RESULT err=0 > tag=101 nentries=3 etime=0 > [13/Feb/2018:09:14:47.859268273 +0000] conn=192208 op=16 SRCH > base="cn=lithium.eggvfx.ie > <http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" > scope=2 filter="(|(cn=DNS)(cn=DNSKeySync))" attrs="ipaConfigString cn" > [13/Feb/2018:09:14:47.859490110 +0000] conn=192208 op=16 RESULT err=0 > tag=101 nentries=2 etime=0 > [13/Feb/2018:09:14:47.860775424 +0000] conn=192208 op=17 SRCH > base="cn=lithium.eggvfx.ie > <http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" > scope=2 filter="(cn=NTP)" attrs="ipaConfigString cn" > [13/Feb/2018:09:14:47.860938889 +0000] conn=192208 op=17 RESULT err=0 > tag=101 nentries=1 etime=0 > [13/Feb/2018:09:14:47.861949875 +0000] conn=192208 op=18 SRCH > base="cn=computers,cn=accounts,dc=eggvfx,dc=ie" scope=2 > filter="(&(memberOf=cn=adtrust > agents,cn=sysaccounts,cn=etc,dc=eggvfx,dc=ie)(fqdn=lithium.eggvfx.ie > <http://lithium.eggvfx.ie>))" attrs="* aci" > [13/Feb/2018:09:14:47.862121230 +0000] conn=192208 op=18 RESULT err=0 > tag=101 nentries=0 etime=0 > [13/Feb/2018:09:14:47.862930080 +0000] conn=192208 op=19 SRCH > base="cn=lithium.eggvfx.ie > <http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" > scope=2 filter="(cn=KRA)" attrs="ipaConfigString cn" > [13/Feb/2018:09:14:47.863048094 +0000] conn=192208 op=19 RESULT err=0 > tag=101 nentries=0 etime=0 > [13/Feb/2018:09:14:47.863563059 +0000] conn=192208 op=20 SRCH > base="cn=lithium.eggvfx.ie > <http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" > scope=2 filter="(cn=ADTRUST)" attrs="ipaConfigString cn" > [13/Feb/2018:09:14:47.863674190 +0000] conn=192208 op=20 RESULT err=0 > tag=101 nentries=0 etime=0 > [13/Feb/2018:09:14:47.864790724 +0000] conn=192208 op=21 SRCH > base="cn=oxygen.eggvfx.ie > <http://oxygen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" > scope=0 filter="(objectClass=*)" attrs="" > [13/Feb/2018:09:14:47.864996898 +0000] conn=192208 op=21 RESULT err=32 > tag=101 nentries=0 etime=0 > [13/Feb/2018:09:14:47.918001361 +0000] conn=192207 op=5 UNBIND > [13/Feb/2018:09:14:47.918035786 +0000] conn=192207 op=5 fd=155 closed - U1 > [13/Feb/2018:09:14:47.922593141 +0000] conn=192208 op=22 UNBIND > [13/Feb/2018:09:14:47.922617042 +0000] conn=192208 op=22 fd=156 closed - U1 > > For verbosity's sake i haven't done this on nitrogen also, unless it is > required, if so let me know! I've also attached an image of the output > from the command itself to show you the seemingly useless error message. > Thanks again, > Jamal Mahmoud > > <http://www.egg.ie/> > > > > *Jamal Mahmoud* / Pipeline TD > jamal.mahm...@egg.ie <mailto:jamal.mahm...@egg.ie> > > 35 Fitzwilliam Street Upper, Dublin. > P: +353 1 6345440 > > Twitter <https://twitter.com/EggPost> Facebook > <https://www.facebook.com/egg.post/> LinkedIn > <http://www.linkedin.com/in/jamalmahmoud> Vimeo > <https://vimeo.com/user9887735> > > > On 12 February 2018 at 20:27, Rob Crittenden <rcrit...@redhat.com > <mailto:rcrit...@redhat.com>> wrote: > > Jamal Mahmoud wrote: > > Sure thing, > > Output on* lithium*: > > > > [root@lithium ~]# ipa-replica-manage del oxygen.eggvfx.ie > <http://oxygen.eggvfx.ie> > > <http://oxygen.eggvfx.ie> --force --cleanup > > oxygen.eggvfx.ie <http://oxygen.eggvfx.ie> > <http://oxygen.eggvfx.ie>: server not found > > What is baffling me the most is that the string 'server not found' is > not to be found in the IPA source. I can't tell where that is being > generated. > > Can you provide a snippet of the 389-ds access log when you request the > deletion? That is in /var/log/dirsrv/slapd-REALM/access > > Note that the log is write buffered so the content may not appear > immediately. > > Seeing the queries being made and what the responses/errors are might > give me some ideas. > > rob > > > > > > > [root@lithium ~]# ipa domainlevel-get > > ----------------------- > > Current domain level: 1 > > ----------------------- > > > > > > Output on *nitrogen*: > > > > [root@nitrogen ~]# ipa-replica-manage del oxygen.eggvfx.ie > <http://oxygen.eggvfx.ie> > > <http://oxygen.eggvfx.ie> --force --cleanup > > oxygen.eggvfx.ie <http://oxygen.eggvfx.ie> > <http://oxygen.eggvfx.ie>: server not found > > > > > > [root@nitrogen ~]# ipa domainlevel-get > > ----------------------- > > Current domain level: 1 > > ----------------------- > > > > I hope this helps, > > > > Jamal > > > > <http://www.egg.ie/> > > > > > > > > *Jamal Mahmoud* / Pipeline TD > > jamal.mahm...@egg.ie <mailto:jamal.mahm...@egg.ie> > <mailto:jamal.mahm...@egg.ie <mailto:jamal.mahm...@egg.ie>> > > > > 35 Fitzwilliam Street Upper, Dublin. > > P: +353 1 6345440 <tel:%2B353%201%206345440> > > > > Twitter <https://twitter.com/EggPost> Facebook > > <https://www.facebook.com/egg.post/ > <https://www.facebook.com/egg.post/>> LinkedIn > > <http://www.linkedin.com/in/jamalmahmoud > <http://www.linkedin.com/in/jamalmahmoud>> Vimeo > > <https://vimeo.com/user9887735> > > > > > > On 7 February 2018 at 20:34, Rob Crittenden <rcrit...@redhat.com > <mailto:rcrit...@redhat.com> > > <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>>> wrote: > > > > Jamal Mahmoud via FreeIPA-users wrote: > > > Hi Rob, > > > > > > Just wondering if you had time to look at this issue for me? > Still stuck > > > in a state of limbo with this IDM and i have run out of options. > Any > > > help in resolving this issue would be appreciated. > > > > A few more questions. > > > > What is the output of: ipa domainlevel-get > > > > Can you show the full output of ipa-replica-manage del oxygen... > --force > > --cleanup > > > > And on what master are you running that? > > > > rob > > > > > > > > Many Thanks, > > > Jamal > > > > > > > > > On 1 February 2018 at 17:04, Jamal Mahmoud <jamal.mahm...@egg.ie > <mailto:jamal.mahm...@egg.ie> > <mailto:jamal.mahm...@egg.ie <mailto:jamal.mahm...@egg.ie>> > > > <mailto:jamal.mahm...@egg.ie <mailto:jamal.mahm...@egg.ie> > <mailto:jamal.mahm...@egg.ie <mailto:jamal.mahm...@egg.ie>>>> wrote: > > > > > > Sorry about the lack of clarification Rob! > > > > > > I have 3 servers, all running CentOS 7.4, FreeIPA > version 4.5.0. the > > > hostnames are lithium, nitrogen and the recently > deceased oxygen. > > > all are masters under the same Realm which is EGGVFX.IE > <http://EGGVFX.IE> <http://EGGVFX.IE> > > > <http://EGGVFX.IE> > > > > > > The "server not found" error is exactly what shows when > i try to > > > delete the server from command line or the Web UI. > > > > > > When i run ipa-replica-manage list -v `hostname` this is > the output > > > from the servers: > > > > > > Lithium Output: > > > root@lithium# ipa-replica-manage list -v `hostname` > > > nitrogen.eggvfx.ie <http://nitrogen.eggvfx.ie> > <http://nitrogen.eggvfx.ie> > > <http://nitrogen.eggvfx.ie>: replica > > > last init status: 0 Total update succeeded > > > last init ended: 2018-02-01 10:51:14+00:00 > > > last update status: Error (0) Replica acquired > successfully: > > > Incremental update succeeded > > > last update ended: 2018-02-01 16:24:37+00:00 > > > > > > Nitrogen Output: > > > root@nitrogen# ipa-replica-manage list -v `hostname` > > > lithium.eggvfx.ie <http://lithium.eggvfx.ie> > <http://lithium.eggvfx.ie> > > <http://lithium.eggvfx.ie>: replica > > > last init status: None > > > last init ended: 1970-01-01 00:00:00+00:00 > > > last update status: Error (0) Replica acquired > successfully: > > > Incremental update succeeded > > > last update ended: 2018-02-01 10:48:18+00:00 > > > oxygen.eggvfx.ie <http://oxygen.eggvfx.ie> > <http://oxygen.eggvfx.ie> > > <http://oxygen.eggvfx.ie>: replica > > > last init status: None > > > last init ended: 1970-01-01 00:00:00+00:00 > > > last update status: Error (-1) Problem connecting to > replica - > > > LDAP error: Can't contact LDAP server (connection error) > > > last update ended: 1970-01-01 00:00:00+00:00 > > > > > > There is no entries for oxygen in host-find. I hope this > helps clear > > > the story a bit for you. > > > > > > <http://www.egg.ie/> > > > > > > > > > > > > *Jamal Mahmoud* / Pipeline TD > > > jamal.mahm...@egg.ie <mailto:jamal.mahm...@egg.ie> > <mailto:jamal.mahm...@egg.ie <mailto:jamal.mahm...@egg.ie>> > > <mailto:jamal.mahm...@egg.ie <mailto:jamal.mahm...@egg.ie> > <mailto:jamal.mahm...@egg.ie <mailto:jamal.mahm...@egg.ie>>> > > > > > > 35 Fitzwilliam Street Upper, Dublin. > > > P: +353 1 6345440 <tel:%2B353%201%206345440> > <tel:%2B353%201%206345440> > > <tel:+353%201%20634%205440> > > > > > > Twitter <https://twitter.com/EggPost> Facebook > > > <https://www.facebook.com/egg.post/ > <https://www.facebook.com/egg.post/> > > <https://www.facebook.com/egg.post/ > <https://www.facebook.com/egg.post/>>> LinkedIn > > > <http://www.linkedin.com/in/jamalmahmoud > <http://www.linkedin.com/in/jamalmahmoud> > > <http://www.linkedin.com/in/jamalmahmoud > <http://www.linkedin.com/in/jamalmahmoud>>> Vimeo > > > <https://vimeo.com/user9887735 > <https://vimeo.com/user9887735>> > > > > > > > > > On 1 February 2018 at 15:30, Rob Crittenden > <rcrit...@redhat.com <mailto:rcrit...@redhat.com> > <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>> > > > <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com> > <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>>>> wrote: > > > > > > Jamal Mahmoud via FreeIPA-users wrote: > > > > I'm having strange issues with removing one of my > > freeIPA masters, I > > > > managed to mess up the deletion process and my system > > seems to be stuck > > > > in a state of limbo, my current setup is 3 servers ( 1 > > has been > > > > decommissioned) that all share the CA/Domain > > responsibilities. When i > > > > run the command .> > > > > *ipa-replica-manage list* > > > > * > > > > *it produces 3 servers as active masters, when > this is not > > > true as i > > > > have uninstalled ipa-server on one. Trying to > delete it > > through that > > > > command has given me no luck, even using *--force* and > > > *--cleanup* does > > > > not work. the same error output appears: > > > > > > > > *oxygen.eggvfx.ie <http://oxygen.eggvfx.ie> > <http://oxygen.eggvfx.ie> > > <http://oxygen.eggvfx.ie> > > > <http://oxygen.eggvfx.ie>: server not found* > > > > > > I think we need more information. What version of IPA is > > this, what > > > distribution? > > > > > > Is the above error the exact error you are getting? > > > > > > As I understand it you ran ipa-server-install > --uninstall and > > > THEN tried > > > to delete the master? > > > > > > What does ipa-replica-manage list -v `hostname` show > on one of > > > the other > > > masters? > > > > > > > * > > > > * > > > > I'm not very good with ldap tools but after running > > > > > > > > *ldapsearch -x * > > > > * > > > > *there is a reference to the oxygen server still > sitting in > > > there, it > > > > seems that the dirty entry is still hanging around my > > system, i'm > > > > wondering if there is any way to resolve this? > > > > > > > > ldapsearch output: > > > > *defaultServerList: oxygen.eggvfx.ie > <http://oxygen.eggvfx.ie> > > <http://oxygen.eggvfx.ie> <http://oxygen.eggvfx.ie> > > > <http://oxygen.eggvfx.ie> > > > > nitrogen.eggvfx.ie <http://nitrogen.eggvfx.ie> > <http://nitrogen.eggvfx.ie> > > <http://nitrogen.eggvfx.ie> > > > <http://nitrogen.eggvfx.ie> lithium.eggvfx.ie > <http://lithium.eggvfx.ie> > > <http://lithium.eggvfx.ie> > > > <http://lithium.eggvfx.ie> > > > > <http://lithium.eggvfx.ie>* > > > > > > An anonymous LDAP search won't show much. > > > > > > Does it show up in host-find? > > > > > > rob > > > > > > > * > > > > Looking at the topology graph in the web ui i can see > > that there are > > > > still ties between one of my servers and oxygen. > It will > > also not allow > > > > me to delete the server ties ( error: *Server is > > unwilling to > > > perform: > > > > Removal of Segment disconnects topology.Deletion not > > > allowed.)* nor will > > > > the ui allow me to delete the IPA server > > (*oxygen.eggvfx.ie <http://oxygen.eggvfx.ie> > <http://oxygen.eggvfx.ie> > > > <http://oxygen.eggvfx.ie> > > > > <http://oxygen.eggvfx.ie>: server not found*) > > > > > > > > Any help is greatly appreciated, > > > > > > > > Many Thanks, > > > > Jamal Mahmoud > > > > > > > > > > > > > > > > _______________________________________________ > > > > FreeIPA-users mailing list -- > > > freeipa-users@lists.fedorahosted.org > <mailto:freeipa-users@lists.fedorahosted.org> > > <mailto:freeipa-users@lists.fedorahosted.org > <mailto:freeipa-users@lists.fedorahosted.org>> > > > <mailto:freeipa-users@lists.fedorahosted.org > <mailto:freeipa-users@lists.fedorahosted.org> > > <mailto:freeipa-users@lists.fedorahosted.org > <mailto:freeipa-users@lists.fedorahosted.org>>> > > > > To unsubscribe send an email to > > > freeipa-users-le...@lists.fedorahosted.org > <mailto:freeipa-users-le...@lists.fedorahosted.org> > > <mailto:freeipa-users-le...@lists.fedorahosted.org > <mailto:freeipa-users-le...@lists.fedorahosted.org>> > > > <mailto:freeipa-users-le...@lists.fedorahosted.org > <mailto:freeipa-users-le...@lists.fedorahosted.org> > > <mailto:freeipa-users-le...@lists.fedorahosted.org > <mailto:freeipa-users-le...@lists.fedorahosted.org>>> > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > FreeIPA-users mailing list -- > freeipa-users@lists.fedorahosted.org > <mailto:freeipa-users@lists.fedorahosted.org> > > <mailto:freeipa-users@lists.fedorahosted.org > <mailto:freeipa-users@lists.fedorahosted.org>> > > > To unsubscribe send an email to > > freeipa-users-le...@lists.fedorahosted.org > <mailto:freeipa-users-le...@lists.fedorahosted.org> > > <mailto:freeipa-users-le...@lists.fedorahosted.org > <mailto:freeipa-users-le...@lists.fedorahosted.org>> > > > > > > > > > > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org