>>>Does the IPA server host entry still exist? Yes, I see it under Identity>Hosts
Specifying the other server did work. SSSD is working again. [root@gsil-ipa01 etc]# ipa-getkeytab -s gsil-ipa02.idm.x.x -p host/[email protected] -k /etc/krb5.keytab After doing this I restarted the server and tried to run health check again. Now healthcheck has a lot of errors. Where do you suggest I start? I was also reading that "If your IdM topology contains an integrated CA, one server has the role of the Certificate revocation list (CRL) publisher server and one server has the role of the CA renewal server. By default, the first CA server installed fulfills these two roles..." It was my first installed server that failed. Should I move the roles to my replica? (Assuming I can) Here is the healthcheck- I presume that if I can fix dirsrv it will help clear up many of the other issues. Let me know if you think there is something more critical to be fixed first. [root@gsil-ipa01 ~]# ipa-healthcheck --failures-only caSigningCert External CA not found, assuming 3rd party [ { "source": "ipahealthcheck.meta.services", "check": "dirsrv", "result": "ERROR", "uuid": "c7a2bf32-5878-44f5-b7a5-87b69e4149fa", "when": "20230316130703Z", "duration": "498.704933", "kw": { "status": false, "msg": "dirsrv: not running" } }, { "source": "ipahealthcheck.meta.services", "check": "httpd", "result": "ERROR", "uuid": "edf67606-4326-4e37-b860-dc3992eb3bc7", "when": "20230316130703Z", "duration": "0.105259", "kw": { "status": false, "msg": "httpd: not running" } }, { "source": "ipahealthcheck.meta.services", "check": "ipa_custodia", "result": "ERROR", "uuid": "87418dcb-c07c-4914-9296-ae5a2baca99d", "when": "20230316130703Z", "duration": "0.109029", "kw": { "status": false, "msg": "ipa-custodia: not running" } }, { "source": "ipahealthcheck.meta.services", "check": "ipa_dnskeysyncd", "result": "ERROR", "uuid": "97d08885-7dac-4c60-a447-b669a4cc6e09", "when": "20230316130703Z", "duration": "0.100007", "kw": { "status": false, "msg": "ipa-dnskeysyncd: not running" } }, { "source": "ipahealthcheck.meta.services", "check": "ipa_otpd", "result": "ERROR", "uuid": "c83f8cd2-6553-4934-99dd-de4cfa3f515f", "when": "20230316130703Z", "duration": "0.103143", "kw": { "status": false, "msg": "ipa-otpd: not running" } }, { "source": "ipahealthcheck.meta.services", "check": "kadmin", "result": "ERROR", "uuid": "657130bf-396f-48a1-968f-3f89170313a3", "when": "20230316130703Z", "duration": "0.104496", "kw": { "status": false, "msg": "kadmin: not running" } }, { "source": "ipahealthcheck.meta.services", "check": "krb5kdc", "result": "ERROR", "uuid": "5e82b86c-ac90-49f9-a8fe-1a8c35909f91", "when": "20230316130703Z", "duration": "0.097375", "kw": { "status": false, "msg": "krb5kdc: not running" } }, { "source": "ipahealthcheck.meta.services", "check": "named", "result": "ERROR", "uuid": "3ca8751b-803a-46af-a849-fcb309eb65db", "when": "20230316130703Z", "duration": "0.093471", "kw": { "status": false, "msg": "named: not running" } }, { "source": "ipahealthcheck.meta.services", "check": "pki_tomcatd", "result": "ERROR", "uuid": "9c57a360-bd4c-48be-af8a-6e738c79c486", "when": "20230316130703Z", "duration": "0.002969", "kw": { "status": false, "msg": "pki_tomcatd: not running" } }, { "source": "ipahealthcheck.ipa.files", "check": "IPAFileCheck", "result": "WARNING", "uuid": "4a9001d5-1ad5-4a4c-99fd-48273dd9f822", "when": "20230316130707Z", "duration": "0.005756", "kw": { "key": "_var_log_ipaupgrade.log_mode", "path": "/var/log/ipaupgrade.log", "type": "mode", "expected": "0600", "got": "0644", "msg": "Permissions of /var/log/ipaupgrade.log are too permissive: 0644 and should be 0600" } } ] _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
