James Hogarth wrote:
Hi all,

I was adding and removing the same hosts and a fairly high rate from
IPA and I've managed to get myself into an odd situation...

On trying to delete or unprovision one of the hosts I'm getting IPA
error 401: Certificate operation cannot be completed: EXCEPTION
(Certificate serial number 0x2fff0009 not found)

I suspect I've hit a replication conflict...

Has anyone encountered this before or know a way to resolve it cleanly?

I assume you've got multiple dogtag instances? I'd start there. Use ipa-csreplica-manage --force-sync to be sure all of the updates have gone out. That may unblock something.

This may be something to open a ticket on, perhaps adding a --force.

When you delete a host it tries to delete all its services. When a service is deleted any certificate associated with it is revoked. Once those are all done the host's cert is revoke.

If any of these revocations fail then the delete fails hard.


Freeipa-users mailing list

Reply via email to