The logs are attached in the email chain. If you need fresh ones, I can try to 
replicate it again.


Change is the only Constant !

On Tuesday, February 18, 2014 11:19 AM, Rob Crittenden <> 
Shree wrote:
> Rob
> I am giving it a fresh start and I notice similar issues.
> 1) I wasn't able to use the "--setup-ca" while running the
> ipa-replica-install on the replica. It stopped the install after the
> ntpd step see below.
> Done configuring NTP daemon (ntpd).
> A CA is already configured on this system.

This is left over from a previous failed installation. If the CA install 
fails early enough we don't log the fact that it was installed so the 
uninstall doesn't clean it up.

> 2) So I tried my install command again without the --setup-ca option. It
> went furthur although it completed it show one error see below.
>   MY COMMAND: --> ipa-replica-install
> /var/tmp/ --skip-conncheck
> the skip-conncheck was needed to complete the install. Connections
> checks were manually done.
> 14/31]: configuring lockout plugin
>    [15/31]: creating indices
>    [16/31]: enabling referential integrity plugin
>    [17/31]: configuring ssl for ds instance
> ipa         : ERROR    certmonger failed starting to track certificate:
> Command '/usr/bin/ipa-getcert start-tracking -d
> /etc/dirsrv/slapd-MYDOMAIN.COM -n Server-Cert -p
> /etc/dirsrv/slapd-MYDOMAIN.COM/pwdfile.txt -C
> /usr/lib64/ipa/certmonger/restart_dirsrv MYDOMAIN.COM' returned non-zero
> exit status 1
>    [18/31]: configuring certmap.conf
>    [19/31]: configure autobind for root
> .........................................

Without logs there is no way to diagnose. This could leave you in a 
situation where the certificate fails to renew in 2 years and IPA 
suddenly stops working.

> 3) The replica installed fine I can access the same database from the
> replica's website.
> 4) I cannot add new clients.
> MY COMMAND: --> ipa-client-install
> -d
> = master
> = replica

No idea without seeing the logs.

Freeipa-users mailing list

Reply via email to