Steven Jones wrote:
Hi,
Any ideas? I have moved the CA cert off the original ipam001 to ipam002 and
built a fresh iapm001 when I try and join it to ipam002 I get the error below.
ipam003 was removed off the old ipam001 and added to ipam002 perfectly.
From google it was suggested kerberos might be caching but Ive rebooted all the
IPA servers at least once and ipam002 (it holds the CA) 3 times over 8
hours....no joy.
I also did a search for the principal as suggested by Rob, output below.
==============
[root@vuwunicoipam001 ~]# ipa-replica-install --setup-dns --no-reverse
--forwarder=130.195.85.25
/root/replica/replica-info-vuwunicoipam001.ods.vuw.ac.nz.gpg --skip-conncheck
Directory Manager (existing master) password:
Configuring ntpd
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
done configuring ntpd.
Configuring directory server: Estimated time 1 minute
[1/30]: creating directory server user
[2/30]: creating directory server instance
[3/30]: adding default schema
[4/30]: enabling memberof plugin
[5/30]: enabling referential integrity plugin
[6/30]: enabling winsync plugin
[7/30]: configuring replication version plugin
[8/30]: enabling IPA enrollment plugin
[9/30]: enabling ldapi
[10/30]: configuring uniqueness plugin
[11/30]: configuring uuid plugin
[12/30]: configuring modrdn plugin
[13/30]: enabling entryUSN plugin
[14/30]: configuring lockout plugin
[15/30]: creating indices
[16/30]: configuring ssl for ds instance
[17/30]: configuring certmap.conf
[18/30]: configure autobind for root
[19/30]: configure new location for managed entries
[20/30]: restarting directory server
[21/30]: setting up initial replication
Starting replication, please wait until this has completed.
[vuwunicoipam002.ods.vuw.ac.nz] reports: Update failed! Status: [-2 - System
error]
creation of replica failed: Failed to start replication
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
[root@vuwunicoipam001 ~]#
============
============
[20/30]: restarting directory server
ipa : DEBUG args=/sbin/service dirsrv restart ODS-VUW-AC-NZ
ipa : DEBUG stdout=Shutting down dirsrv:
ODS-VUW-AC-NZ... [ OK ]
Starting dirsrv:
ODS-VUW-AC-NZ... [ OK ]
ipa : DEBUG stderr=
ipa : DEBUG args=/sbin/service dirsrv status ODS-VUW-AC-NZ
ipa : DEBUG stdout=dirsrv ODS-VUW-AC-NZ (pid 10552) is running...
ipa : DEBUG stderr=
ipa : DEBUG duration: 3 seconds
ipa : DEBUG [21/30]: setting up initial replication
[21/30]: setting up initial replication
ipa : DEBUG args=/sbin/service dirsrv restart ODS-VUW-AC-NZ
ipa : DEBUG stdout=Shutting down dirsrv:
ODS-VUW-AC-NZ... [ OK ]
Starting dirsrv:
ODS-VUW-AC-NZ... [ OK ]
ipa : DEBUG stderr=
Starting replication, please wait until this has completed.
[vuwunicoipam002.ods.vuw.ac.nz] reports: Update failed! Status: [-2 - System
error]
creation of replica failed: Failed to start replication
ipa : DEBUG Failed to start replication
File "/usr/sbin/ipa-replica-install", line 496, in <module>
main()
File "/usr/sbin/ipa-replica-install", line 432, in main
ds = install_replica_ds(config)
File "/usr/sbin/ipa-replica-install", line 147, in install_replica_ds
pkcs12_info)
File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py",
line 282, in create_replica
self.start_creation("Configuring directory server", 60)
File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line
257, in start_creation
method()
File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py",
line 295, in __setup_replica
r_bindpw=self.dm_password)
File "/usr/lib/python2.6/site-packages/ipaserver/install/replication.py",
line 748, in setup_replication
raise RuntimeError("Failed to start replication")
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
[root@vuwunicoipam001 ~]#
============
[root@vuwunicoipam002 ~]# ldapsearch -x -b
'cn=services,cn=accounts,dc=ods,dc=vuw,dc=ac,dc=nz'
'(krbprincipalname=*ods-directory*)'
# extended LDIF
#
# LDAPv3
# base <cn=services,cn=accounts,dc=ods,dc=vuw,dc=ac,dc=nz> with scope subtree
# filter: (krbprincipalname=*ods-directory*)
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
[root@vuwunicoipam002 ~]#
This is failing during the initial replication which is a bit strange.
Are you seeing anything logged in errors on either directory server?
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
