Hello, Unfortunately, I haven't made any progress so far. It probably depends on which version was used during installation. My replica server was installed with 9.5, and the upgrade to 9.6 worked without any errors.
Unfortunately, I don't really understand what the "patch" does, but I would always make a backup. Since everything runs on a Proxmox server, it's pretty easy, but it's not a permanent solution if you can't install any more updates. I hope to get an answer from the FreeIPA experts that I can understand. Am Montag, 9. Juni 2025, 11:49:22 Mitteleuropäische Sommerzeit schrieb alexey safonov via FreeIPA-users: > what is the current status of that issue? since Rocky 9.6 was released > is it safe to update from 9.5? > > вт, 27 мая 2025 г. в 21:45, Rob Crittenden via FreeIPA-users > <freeipa-users@lists.fedorahosted.org>: > > > > > > > Günther J. Niederwimmer via FreeIPA-users wrote: > > > > > Hello, > > > > > > > > > > > > Am Montag, 26. Mai 2025, 10:14:09 Mitteleuropäische Sommerzeit schrieb > > > Florence Blanc-Renaud via FreeIPA-users: > > > > > >> Hi, > > >> > > >> > > >> > > >> On Fri, May 23, 2025 at 6:29 PM Günther J. Niederwimmer via > > >> FreeIPA-users < > >> > > >> > > >> > > >> freeipa-users@lists.fedorahosted.org> wrote: > > >> > > >>> Hallo Liste, > > >>> > > >>> > > >>> > > >>> I'm running Oracle 9.5, but since updating to 9.6, FreeIPA hasn't > > >>> worked > > >>> anymore. The replica server survived the upgrade. I've tried it three > > >>> times > > >>> now, restoring a backup and updating to 9.6, with the same result. The > > >>> IPA > > >>> server is the older installation, around 9.2. > > >>> > > >>> > > >>> > > >>> How can I fix this? Any help is appreciated. > > >> > > >> > > >> > > >> Which component is failing? If it's the PKI Certificate server you may > > >> be > > >> hitting this issue: > > >> https://bugzilla.redhat.com/show_bug.cgi?id=2350322 > > >> https://issues.redhat.com/browse/RHEL-88370 > > > > > > > > > > > > ipactl status > > > Directory Service: RUNNING > > > krb5kdc Service: STOPPED > > > kadmin Service: STOPPED > > > httpd Service: RUNNING > > > ipa-custodia Service: STOPPED > > > pki-tomcatd Service: RUNNING > > > ipa-otpd Service: STOPPED > > > > > > > > I'd recommend running: ipactl restart --skip-version-check > > > > > > > > Then look to see what services are running. If only pki-tomcatd isn't > > running then it's like you've run into the bug Flo mentioned. > > > > > > > > > When I change this to the Bugreports I have a Broken LDAP Database ? > > > > > > > > I don't understand. Any changes in the BZ would only affect pki-tomcat. > > > > > > > > > > > > > > > In the Moment I stopped the Update/Upgrade on this Server is not the > > > best :-( > > > > > > > The upgrade is likely failing because of the bug. The missing > > configuration file is causing the CA to properly redirect requests hence > > the 404. > > > > > > > > > > > > > > > Can I change the Replica to a Master and then install the old Master > > > NEW? > > > > > > > > Sure. Look in the documentation for promoting a server. There are a > > number of steps you'll need to take. > > > > > > > > rob > > > > > > > > > > > > > > >> Other users implemented the workaround described in this comment > > >> <https://bugzilla.redhat.com/show_bug.cgi?id=2350322#c3> and managed > > >> to > > >> have IPA start. > > >> HTH, > > >> flo > > >> > > >> > > >> > > >>> mit freundlichen Grüßen / best regards > > >>> > > >>> > > >>> > > >>> Günther J. Niederwimmer > > >>> > > >>> > > >>> > > >>> -- > > >>> _______________________________________________ > > >>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > >>> To unsubscribe send an email to > > >>> freeipa-users-le...@lists.fedorahosted.org > > >>> Fedora Code of Conduct: > > >>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > >>> List Guidelines: > > >>> https://fedoraproject.org/wiki/Mailing_list_guidelines > > >>> List Archives: > > >>> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedor > > >>> ahos > > >>> ted.org Do not reply to spam, report it: > > >>> https://pagure.io/fedora-infrastructure/new_issue > > > > > > > > > > > > > > > > > -- > > _______________________________________________ > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > To unsubscribe send an email to > > freeipa-users-le...@lists.fedorahosted.org > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List > > Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List > > Archives: > > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho > > sted.org Do not reply to spam, report it: > > https://pagure.io/fedora-infrastructure/new_issue -- mit freundlichen Grüßen / best regards Günther J. Niederwimmer -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
