The replica installation is failing when the replica attempts to contact
the CA on the master to log into the security domain. According to your
log, this is https://ipa01.ix.test.com:9445
Can the master be resolved and reached from the replica? Can port 9445
be reached (as well as ports 9444 and 9443?)
You can also check the master's /var/log/pki-ca/debug log to see if any
communication was received from the replica.
On Mon, 2011-06-13 at 16:17 +0200, Sigbjorn Lie wrote:
> On 06/13/2011 04:12 PM, Simo Sorce wrote:
> > On Mon, 2011-06-13 at 15:23 +0200, Sigbjorn Lie wrote:
> >> Hi,
> >> I have successfully configured one IPA replica, now I'm trying to
> >> configure a second replica, but I'm not having much success. I've
> >> attached the output of ipa-replica-install -d. I get as far as "[4/11]:
> >> configuring certificate server instance". The machine is configured in
> >> the same way as the 2 first machines. They are all F15, updated with all
> >> available packages from the official repos.
> >> The installation fails when it's trying to connect to the dogtag server
> >> on the ipa replica it's just configured, with a "Invalid clone_uri"
> >> message. (See the attached file for details).
> >> I'm not sure where to start looking. The only difference from the 2
> >> first IPA servers, is that this server is located at another subnet,
> >> over a site-to-site VPN connection.
> >> Any suggestions to what might be wrong?
> > I have never seen this error, have you created a new replica package
> > with ipa-replica-prepare to create the second replica ?
> Yes, a fresh package was created using ipa-replica-prepare and scp'ed to
> the new ipa server. I've even tried re-creating the package. Still the
> same error message.
> Freeipa-users mailing list
Freeipa-users mailing list