I tried with the --skip-conncheck option, however the same error (-11) every time. The firewall was disabled and also tested.
error on replica /var/log/dirsrv/slapd-MY.DOMAIN.COM/error [25/May/2023:15:18:45.460057564 +0200] - ERR - NSMMReplicationPlugin - update_consumer_schema - [S] Schema agmt="cn= meTofreeipa-replica.mydomain.com" (freeipa-replica:389) must not be overwritten (set replication log for additional info) [25/May/2023:15:18:46.104681271 +0200] - INFO - NSMMReplicationPlugin - repl5_tot_run - Beginning total update of replica "agmt="cn=meTofreeipa-mydomain.com" (freeipa-replica:389)". [25/May/2023:15:18:58.638287655 +0200] - ERR - NSMMReplicationPlugin - repl5_tot_log_operation_failure - agmt="cn=meTofreeipa-replica.mydomain.com" (freeipa-replica:389): Received error -1 (Can't contact LDAP server): for total update operation [25/May/2023:15:18:58.640550244 +0200] - ERR - NSMMReplicationPlugin - release_replica - agmt="cn= meTofreeipa-replica.mydomain.com" (freeipa-replica:389): Unable to send endReplication extended operation (Can't contact LDAP server) [25/May/2023:15:18:58.642048003 +0200] - ERR - NSMMReplicationPlugin - repl5_tot_run - Total update failed for replica "agmt="cn= meTofreeipa-replica.mydomain.com" (freeipa-replica:389)", error (-11) [25/May/2023:15:18:58.659305226 +0200] - INFO - NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=meTofreeipa-replica.mydomain.com" (freeipa-replica:389): Replication bind with GSSAPI auth resumed [25/May/2023:15:18:59.607038328 +0200] - WARN - NSMMReplicationPlugin - repl5_inc_run - agmt="cn=meTofreeipa-replica.mydomain.com" (freeipa-replica:389): The remote replica has a different database generation ID than the local database. You may have to reinitialize the remote replica, or the local replica. [25/May/2023:15:19:02.995509460 +0200] - WARN - NSMMReplicationPlugin - repl5_inc_run - agmt="cn= meTofreeipa-replica.mydomain.com" (freeipa-replica:389): The remote replica has a different database generation ID than the local database. You may have to reinitialize the remote replica, or the local replica. czw., 25 maj 2023 o 09:46 Florence Blanc-Renaud <[email protected]> napisał(a): > Hi, > > replica installation failures are often related to either a wrong DNS > configuration or firewall preventing the communication. > Did you run ipa-replica-installation with or without the option > --skip-conncheck? Without the option you may have some hints if the issue > is related to the firewall. > You can find more info in Host name and DNS requirements for IdM [1] and > Opening the ports required by IdM [2]. > > The timestamp for replica installation is 2023-05-24T*10:15:04Z* but the > master logs don't match (24/May/2023:*11:47:29.382502138 +0200*). > Difficult to draw any conclusion with that, do you have the master logs > from the same time? > > flo > > [1] > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/installing_identity_management/preparing-the-system-for-ipa-server-installation_installing-identity-management#host-name-and-dns-requirements-for-ipa_preparing-the-system-for-ipa-server-installation > [2] > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/installing_identity_management/preparing-the-system-for-ipa-server-installation_installing-identity-management#opening-the-ports-required-by-idm_preparing-the-system-for-ipa-server-installation > > > On Wed, May 24, 2023 at 12:34 PM Jakub Werwiński via FreeIPA-users < > [email protected]> wrote: > >> Hi i have problem with freeipa replica installation log: >> >> Starting replication, please wait until this has completed. >> Update in progress, 12 seconds elapsed >> [ldap://freeipa.mydomain.com:389] reports: Update failed! Status: [Error >> (-11) connection error: Unknown connection error (-11) - Total update >> aborted] >> >> [error] RuntimeError: Failed to start replication >> Your system may be partly configured. >> Run /usr/sbin/ipa-server-install --uninstall to clean up. >> >> Failed to start replication >> The ipa-replica-install command failed. See >> /var/log/ipareplica-install.log for more information >> >> >> >> ---------------------------------------- var/log/ipareplica-install.log >> ------------------------------------------------------- >> >> 2023-05-24T10:14:50Z DEBUG Waiting up to 300 seconds for replication >> (ldapi://%2Frun%2Fslapd-MY-DOMAIN.COM.socket) >> cn=meTofreeipa.mydomain.com,cn=replica,cn=dc\=xxx-poland\,dc\=com\,dc\=pl,cn=mapping >> tree,cn=config (objectclass=*) >> 2023-05-24T10:14:50Z DEBUG Entry found [LDAPEntry(ipapython.dn.DN('cn= >> meTofreeipa.mydomain.com,cn=replica,cn=dc\=xxx-com\,dc\=com\,dc\=pl,cn=mapping >> tree,cn=config'), {'objectClass': [b'nsds5replicationagreement', b'top'], >> 'cn': [b'meTofreeipa.mydomain.com'], 'nsDS5ReplicaHost': [b' >> freeipa.mydomain.com'], 'nsDS5ReplicaPort': [b'389'], >> 'nsds5replicaTimeout': [b'120'], 'nsDS5ReplicaRoot': >> [b'dc=mydomain,dc=com,dc=pl'], 'description': [b'me to >> freeipa.mydomain.com'], 'nsDS5ReplicatedAttributeList': >> [b'(objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn >> krblastsuccessfulauth krblastfailedauth krbloginfailedcount >> passwordgraceusertime'], 'nsDS5ReplicaTransportInfo': [b'LDAP'], >> 'nsDS5ReplicaBindMethod': [b'SASL/GSSAPI'], 'nsds5ReplicaStripAttrs': >> [b'modifiersName modifyTimestamp internalModifiersName >> internalModifyTimestamp'], 'nsDS5ReplicatedAttributeListTotal': >> [b'(objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth >> krblastfailedauth krbloginfailedcount passwordgraceusertime'], >> 'nsds5replicareapactive': [b'0'], 'nsds5replicaLastUpdateStart': >> [b'19700101000000Z'], 'nsds5replicaLastUpdateEnd': [b'19700101000000Z'], >> 'nsds5replicaChangesSentSinceStartup': [b''], >> 'nsds5replicaLastUpdateStatus': [b'Error (0) No replication sessions >> started since server startup'], 'nsds5replicaLastUpdateStatusJSON': >> [b'{"state": "green", "ldap_rc": "0", "ldap_rc_text": "success", "repl_rc": >> "0", "repl_rc_text": "replica acquired", "date": "2023-05-24T10:14:50Z", >> "message": "Error (0) No replication sessions started since server >> startup"}'], 'nsds5replicaUpdateInProgress': [b'FALSE'], >> 'nsds5replicaLastInitStart': [b'19700101000000Z'], >> 'nsds5replicaLastInitEnd': [b'19700101000000Z']})] >> 2023-05-24T10:15:04Z DEBUG Traceback (most recent call last): >> File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", >> line 686, in start_creation >> run_step(full_msg, method) >> File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", >> line 672, in run_step >> method() >> File >> "/usr/lib/python3.9/site-packages/ipaserver/install/dsinstance.py", line >> 430, in __setup_replica >> repl.setup_promote_replication( >> File >> "/usr/lib/python3.9/site-packages/ipaserver/install/replication.py", line >> 1930, in setup_promote_replication >> raise RuntimeError("Failed to start replication") >> RuntimeError: Failed to start replication >> >> 2023-05-24T10:15:04Z DEBUG [error] RuntimeError: Failed to start >> replication >> 2023-05-24T10:15:04Z DEBUG Destroyed connection >> context.ldap2_140645096151696 >> 2023-05-24T10:15:04Z DEBUG Backing up system configuration file >> '/etc/ipa/default.conf' >> 2023-05-24T10:15:04Z DEBUG Saving Index File to >> '/var/lib/ipa/sysrestore/sysrestore.index' >> 2023-05-24T10:15:04Z DEBUG Writing configuration file >> /etc/ipa/default.conf >> 2023-05-24T10:15:04Z DEBUG [global] >> basedn = dc=mydomain,dc=com,dc=pl >> host = freeipa-replica.mydomain.com >> realm = My.REALM.COM >> domain = mydomain.com >> xmlrpc_uri = https://freeipa-replica.mydomain.com/ipa/xml >> ldap_uri = ldapi://%2Frun%2Fslapd-MY-DOMAIN-COM.socket >> mode = production >> enable_ra = True >> ra_plugin = dogtag >> dogtag_version = 10 >> ca_host = freeipa.mydomain.com >> >> >> >> 2023-05-24T10:15:04Z DEBUG File >> "/usr/lib/python3.9/site-packages/ipapython/admintool.py", line 180, in >> execute >> return_value = self.run() >> File "/usr/lib/python3.9/site-packages/ipapython/install/cli.py", line >> 344, in run >> return cfgr.run() >> File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line >> 360, in run >> return self.execute() >> File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line >> 386, in execute >> for rval in self._executor(): >> File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line >> 431, in __runner >> exc_handler(exc_info) >> File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line >> 460, in _handle_execute_exception >> self._handle_exception(exc_info) >> File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line >> 450, in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise >> raise value >> File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line >> 421, in __runner >> step() >> File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line >> 418, in <lambda> >> step = lambda: next(self.__gen) >> File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line >> 81, in run_generator_with_yield_from >> six.reraise(*exc_info) >> File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise >> raise value >> File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line >> 59, in run_generator_with_yield_from >> value = gen.send(prev_value) >> File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line >> 655, in _configure >> next(executor) >> File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line >> 431, in __runner >> exc_handler(exc_info) >> File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line >> 460, in _handle_execute_exception >> self._handle_exception(exc_info) >> File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line >> 518, in _handle_exception >> self.__parent._handle_exception(exc_info) >> File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line >> 450, in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise >> raise value >> File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line >> 515, in _handle_exception >> super(ComponentBase, self)._handle_exception(exc_info) >> File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line >> 450, in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise >> raise value >> File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line >> 421, in __runner >> step() >> File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line >> 418, in <lambda> >> step = lambda: next(self.__gen) >> File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line >> 81, in run_generator_with_yield_from >> six.reraise(*exc_info) >> File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise >> raise value >> File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line >> 59, in run_generator_with_yield_from >> value = gen.send(prev_value) >> File "/usr/lib/python3.9/site-packages/ipapython/install/common.py", >> line 65, in _install >> for unused in self._installer(self.parent): >> File >> "/usr/lib/python3.9/site-packages/ipaserver/install/server/__init__.py", >> line 599, in main >> replica_install(self) >> File >> "/usr/lib/python3.9/site-packages/ipaserver/install/server/replicainstall.py", >> line 401, in decorated >> func(installer) >> File >> "/usr/lib/python3.9/site-packages/ipaserver/install/server/replicainstall.py", >> line 1267, in install >> ds = install_replica_ds(config, options, ca_enabled, >> File >> "/usr/lib/python3.9/site-packages/ipaserver/install/server/replicainstall.py", >> line 100, in install_replica_ds >> ds.create_replica( >> File >> "/usr/lib/python3.9/site-packages/ipaserver/install/dsinstance.py", line >> 398, in create_replica >> self.start_creation(runtime=30) >> File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", >> line 686, in start_creation >> run_step(full_msg, method) >> File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", >> line 672, in run_step >> method() >> File >> "/usr/lib/python3.9/site-packages/ipaserver/install/dsinstance.py", line >> 430, in __setup_replica >> repl.setup_promote_replication( >> File >> "/usr/lib/python3.9/site-packages/ipaserver/install/replication.py", line >> 1930, in setup_promote_replication >> raise RuntimeError("Failed to start replication") >> >> 2023-05-24T10:15:04Z DEBUG The ipa-replica-install command failed, >> exception: RuntimeError: Failed to start replication >> 2023-05-24T10:15:04Z ERROR Failed to start replication >> 2023-05-24T10:15:04Z ERROR The ipa-replica-install command failed. See >> /var/log/ipareplica-install.log for more information >> >> ---------------------------------------- master: /var/log/dirsrv/slapd-MY- >> DOMAIN.COM/error ------------------------------------------------------- >> >> [24/May/2023:11:47:02.653622389 +0200] - ERR - NSMMReplicationPlugin - >> bind_and_check_pwp - agmt="cn=meTofreeipa-replica.mydomain.com" >> (freeipa-replica:389) - Replication bind >> with GSSAPI auth failed: LDAP error 49 (Invalid >> credentials) () >> [24/May/2023:11:47:08.700315039 +0200] - ERR - NSMMReplicationPlugin - >> bind_and_check_pwp - agmt="cn=meTofreeipa-replica.mydomain.com" >> (freeipa-replica:389) - Replication bind >> with GSSAPI auth failed: LDAP error -1 (Can't contact >> LDAP server) () >> [24/May/2023:11:47:16.774918557 +0200] - INFO - NSMMReplicationPlugin - >> bind_and_check_pwp - agmt="cn=meTofreeipa-replica.mydomain.com" >> (freeipa-replica:389): Replication bind >> with GSSAPI auth resumed >> [24/May/2023:11:47:17.035351907 +0200] - INFO - NSMMReplicationPlugin - >> repl5_tot_run - Beginning total update of replica "agmt="cn= >> meTofreeipa-replica.mydomain.com" (freeipa-r >> eplica:389)". >> [24/May/2023:11:47:29.357889007 +0200] - ERR - NSMMReplicationPlugin - >> repl5_tot_log_operation_failure - agmt="cn= >> meTofreeipa-replica.mydomain.com" (freeipa-replica:389): Recei >> ved error -1 (Can't contact >> LDAP server): for total update operation >> [24/May/2023:11:47:29.361891385 +0200] - ERR - NSMMReplicationPlugin - >> release_replica - agmt="cn=meTofreeipa-replica.mydomain.com" >> (freeipa-replica:389): Unable to send endRep >> lication extended operation (Can't contact LDAP >> server) >> [24/May/2023:11:47:29.363050079 +0200] - ERR - NSMMReplicationPlugin - >> repl5_tot_run - Total update failed for replica "agmt="cn= >> meTofreeipa-replica.mydomain.com" (freeipa-repl >> ica:389)", error (-11) >> [24/May/2023:11:47:29.382502138 +0200] - INFO - NSMMReplicationPlugin - >> bind_and_check_pwp - agmt="cn=meTofreeipa-replica.mydomain.com" >> (freeipa-replica:389): Replication bind >> with GSSAPI auth resumed >> >> >> ---------------------------------------- About system >> ------------------------------------------------------- >> Mater and Replica: >> Os: Rocky Linux 9.2 >> IPA: 4.10.1 >> _______________________________________________ >> FreeIPA-users mailing list -- [email protected] >> To unsubscribe send an email to >> [email protected] >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> Do not reply to spam, report it: >> https://pagure.io/fedora-infrastructure/new_issue >> >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
