[Freeipa-users] Re: FreeIPA CS replication issues

Wed, 06 Feb 2019 01:17:09 -0800 

On 2/5/19 4:17 PM, dbischof--- via FreeIPA-users wrote:

Hi,
my IPA system consists of 2 masters (ipa1 and ipa2, both on FreeIPA 4.6.4) with their own self-signed CAs, one of them being the certificate renewal master (ipa1). The system has been running for years and has been migrated from an IPA 3 system. Both IPA servers are on domain level 1. 

Problem: CS replication failed, probably months ago.

--- ipa1 ---
$ ipa-csreplica-manage -v list ipa1.example.com

ipa2.example.com
   last init status: None
   last init ended: 1970-01-01 00:00:00+00:00
  last update status: Error (-1) Problem connecting to replica - LDAP error: Can't contact LDAP server (connection error) 
   last update ended: 1970-01-01 00:00:00+00:00

--
$ ipa-csreplica-manage -v list ipa2.example.com

[no output]
----

Same on ipa2.

Probably related:

---
ERR - slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) 
---
Every 5 mins in /var/log/dirsrv/slapd-EXAMPLE-COM/errors. However, these error messages could refer to ipa3.example.com, a master i deleted long (> 2 years) ago: 

---
$ ipa-replica-manage list-ruv

Replica Update Vectors:
         ipa2.example.com:389: 10
         ipa1.example.com:389: 9
Certificate Server Replica Update Vectors:
         ipa2.example.com:389: 11
         ipa1.example.com:389: 91
         ipa2.example.com:7389: 96
         ipa3.example.com:7389: 97
---

How do i track this down and resolve the problem?



Hi,
please find more information re. 389-ds troubleshooting:
https://www.freeipa.org/page/Troubleshooting/Directory_Server

HTH,
flo


Mit freundlichen Gruessen/With best regards,

--Daniel.
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/[email protected] 
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]

Reply via email to