Hi,
my IPA system consists of 2 masters (ipa1 and ipa2, both on FreeIPA 4.6.4)
with their own self-signed CAs, one of them being the certificate renewal
master (ipa1). The system has been running for years and has been migrated
from an IPA 3 system. Both IPA servers are on domain level 1.
Problem: CS replication failed, probably months ago.
--- ipa1 ---
$ ipa-csreplica-manage -v list ipa1.example.com
ipa2.example.com
last init status: None
last init ended: 1970-01-01 00:00:00+00:00
last update status: Error (-1) Problem connecting to replica - LDAP error:
Can't contact LDAP server (connection error)
last update ended: 1970-01-01 00:00:00+00:00
--
$ ipa-csreplica-manage -v list ipa2.example.com
[no output]
----
Same on ipa2.
Probably related:
---
ERR - slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't
contact LDAP server) errno 107 (Transport endpoint is not connected)
---
Every 5 mins in /var/log/dirsrv/slapd-EXAMPLE-COM/errors. However, these
error messages could refer to ipa3.example.com, a master i deleted long (>
2 years) ago:
---
$ ipa-replica-manage list-ruv
Replica Update Vectors:
ipa2.example.com:389: 10
ipa1.example.com:389: 9
Certificate Server Replica Update Vectors:
ipa2.example.com:389: 11
ipa1.example.com:389: 91
ipa2.example.com:7389: 96
ipa3.example.com:7389: 97
---
How do i track this down and resolve the problem?
Mit freundlichen Gruessen/With best regards,
--Daniel.
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
