LHEUREUX Bernard via FreeIPA-users wrote: > Hello all, > > > > I desperately try to migrate my infrastructure containing 3 FreeIPA > Servers 4.9.13-16 running under RHEL8 without any problems, for this I > completely uninstall server3, I remove it from the FreeIPA > infrastructure, and then install a fresh new RHEL9 FreeIPA Machine with > version 4.12.2-1, the ipa-replica-install --setup-ca --setup-dns > --auto-forwarders --auto-reverse works perfectly well, then I try the > ipa-replica-install, but constantly get an error > > > > The /var/log/ipaserver-kra-install.log gives: > > "Error" : "Unable to add KRA connector for > https://server3.domain.local:8443: KRA connector already exists" > > > > I found a similar problem in that page, > https://forums.rockylinux.org/t/freeipa-kra-install-fails-on-rocky-9-replica-from-rocky-8-cluster/18187/2 > I tried, but that didnt solve the issue > > Could you help me finding a solution ?
I'd start by removing the new RHEL 9 replica (ipa server-del) and running: pki securitydomain-show on a different server. You should be prompted about an untrusted certificate. Select y to trust it. Look in the output to see if server3 is listed in the output. If it does and particularly if the KRA is listed you can remove those old entries using directions at https://rcritten.wordpress.com/2023/04/28/dogtag-pki-security-domain-management/ rob > > > > > > > > *Bernard LHEUREUX * > Linux & System Engineer > Mob. +32 475 530 311 <tel:+32475530311> > *win.be*** <https://www.win.be/> > > > > facebook <http://www.youtube.com/channel/UC-rXMcRf_tMl5K4EBHKWpGg> > linkedin <https://www.linkedin.com/company/win-s-a-/> twitter > <https://twitter.com/win_ICTpartner> > > > > > > > > > ------------------------------------------------------------------------ > 1/Conformément à notre certification ISO 27001, ce message et toute > pièce jointe sont la propriété exclusive de Win. Linformation contenue > dans cet e- mail peut savérer confidentielle et dès lors protégée de > toute divulgation. Si vous avez reçu cette communication par erreur, > veuillez nous en informer immédiatement en répondant à ce message et en > le supprimant de votre ordinateur, sans le copier ni le divulguer. > 2/Lacceptation de toute offre commerciale (quel quen soit le support) > emporte ladhésion aux descriptifs (notamment techniques) inhérents aux > solutions offertes, ainsi quaux conditions commerciales générales de > Win, consultables via https://www.win.be/cgv > DISCLAIMER : https://www.win.be/fr-win/disclaimer.htm > -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
