Digging a bit deeper, I found this in /var/log/pki-ca/catalina.out:
:
Could not connect to LDAP server host oldmaster.my.com port 7389 Error
netscape.ldap.LDAPException: failed to connect to server ldap://
oldmaster.my.com:7389 (91)
Feb 19, 2013 11:46:50 AM org.apache.catalina.startup.Catalina stopServer
SEVERE: Catalina.stop:
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
:
:
This certainly appears to be a problem, but everyone's authenticating
against oldmaster just fine. Thoughts, anyone?
*
*
*Bret Wortman*
<http://damascusgrp.com/>
http://damascusgrp.com/ <http://bretwortman.com/>
http://twitter.com/BretWortman
On Tue, Feb 19, 2013 at 11:07 AM, Bret Wortman <bret.wort...@damascusgrp.com
> wrote:
> Does anyone have an idea why I can't connect, or why this service isn't
> running on my freeipa instance? It used to be, because I've created a
> replica in the past....
>
>
> *
> *
> *Bret Wortman*
> <http://damascusgrp.com/>
> http://damascusgrp.com/ <http://bretwortman.com/>
> http://twitter.com/BretWortman
>
>
> On Tue, Feb 19, 2013 at 9:08 AM, John Dennis <jden...@redhat.com> wrote:
>
>> On 02/19/2013 06:58 AM, Bret Wortman wrote:
>>
>>> I have a server running freeipa and I want to migrate it to a new host.
>>> I had thought that the easiest way might be to create a replica and load
>>> that onto the new host, but this is proving problematic:
>>>
>>> # ipa-replica-prepare ipamaster.my.com <http://ipamaster.my.com>
>>>
>>> --ip-address 10.0.0.46
>>> Directory Manager (existing master) password:
>>>
>>> Preparing replica for ipamaster.my.com <http://ipamaster.my.com> from
>>> oldmaster.my.com <http://oldmaster.my.com>
>>>
>>> Creating SSL certificate for the Directory Server
>>> preparation of replica failed: cannot connect to
>>> 'https://oldmaster.my.com:**9444/ca/ee/ca/**profileSubmitSSLClient<https://oldmaster.my.com:9444/ca/ee/ca/profileSubmitSSLClient>':
>>> [Errno
>>> -5985] Cannot resolve oldmaster.my.com <http://oldmaster.my.com> using
>>>
>>> family PR_AF_INET6
>>>
>>> And then a stack trace follows.
>>>
>>> # netstat -rn | grep 9444
>>> # lsof -i:9444
>>> #
>>> _
>>> _
>>> I've also tried connecting to that URL via Firefox without success. It's
>>> just not listening there. What do I need to check? Someone else is
>>> running some apps (redmine and others) using Passenger on that server as
>>> well; could it be obscuring the port somehow?
>>>
>>> We're not running IPV6, so I'm not sure why it's being referenced....
>>>
>>
>> I can't comment on why you can't connect but I can explain the error
>> message. It's an internal mistake, if we can't connect we try another
>> address family, that logic is incorrect and I thought we had fixed in this
>> ticket
>> https://fedorahosted.org/**freeipa/ticket/2695<https://fedorahosted.org/freeipa/ticket/2695>,
>> but apparently we didn't. Anyway the error message is a red herring, your
>> connection problems lie elsewhere.
>>
>> --
>> John Dennis <jden...@redhat.com>
>>
>> Looking to carve out IT costs?
>> www.redhat.com/carveoutcosts/
>>
>
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
