Bret Wortman wrote: > On the new replica (asipa) I see in the access log almost 5000 entries > like this: > > [21/May/2014:10:30:58 -0400] conn=4 op=4923 EXT > oid="2.16.840.1137184.108.40.206" name="Netscape Replication Total update Entry" > [21/May/2014:10:30:58 -0400] conn=4 op=4923 RESULT err=0 tag=120 > nentries=0 etime=0 > > And these just repeat, increasing the "op" value until they terminate > with this one. The rest of it just looks like informational messages.
How long does this take? Is there time to enable replication debugging? That may provide more output. > > Over on zsipa (the CA master), errors contains: > > [21/May/2014:14:31:06 +0000] NSMMReplciationPlugin - Schema > agmt="cn=meToasipa.foo.net" (asipa:389) must not be overwritten(set > replication log for additional info) > [21/May/2014:14:31:06 +0000] NSMMReplicationPlugin - > agmt="cn=meToasipa.foo.net" (asipa:389) Warning: unable to replicate > schema: rc=1 I don't think this is related. I'd run ipa-replica-manage list -v `hostname` and ipa-csreplica-manage list -v `hostname` on the master you generated the replica install file on to see what agreements it has or thinks it has. rob > > These two lines repeat at intervals for a while. > > Nothing else leapt out at me. > > > > On 05/21/2014 11:04 AM, Rob Crittenden wrote: >> Bret Wortman wrote: >>> This occurs on our first attempt to join as a replica. I've erased this >>> box and rebaselined it but the same thing happens. No network ports >>> being blocked that we know of, and another replica I created at the same >>> time installed its replica file without issue. >>> >>> asipa is the new replica, zsipa is the ca and original master on which >>> the replica file was created. >>> >>> [24/34]: setting up initial replication >>> Starting replication, please wait until this has completed >>> Update in progress, 130 seconds elapsed >>> Update in progress yet not in progress >>> >>> [ipamaster.foo.net] reports: Update failed! Status: [10 Total update >>> abortedLDAP error: Referral] >>> >>> >>> Your system may be partly configured. >>> Run /usr/sbin/ipa-server-install --uninstall to clean up. >>> >>> Failed to start replication >>> # >>> >>> /var/log/ipareplica-install.log contains this: >>> >>> 2014-05-21T145:28:56Z DEBUG retrieving schema for SchemaCache >>> url=ldaps://asipa.fopo.net:636 conn=<ldap.ldapobject.SimpleLDAPObject >>> instance at 0x4faf170> >>> 2014-05-21T14:31:08Z DEBUG File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", >>> line 638, in run_script >>> return_value = main_function() >>> >>> File "/usr/sbin/ipa-replica-install", line 663, in main >>> ds = install_replica_ds(config) >>> >>> File "/usr/sbin/ipa-replica-install", line 188, in install_replica_ds >>> ca_file=config.dir + "/ca.crt", >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line >>> 360 in create_replica >>> self.start_creation(runtime=60) >>> >>> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >>> line 364, in start_creation >>> method() >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line >>> 373, in __setup_replica >>> r_bindpw=self.dm_password() >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", >>> line 961, in setup_replication >>> raise RuntimeError("Failed to start replication") >>> >>> 2014-0521T14:31:08Z DEBUG The ipa-replica-install command failed, >>> exception: RuntimeError: Failed to start replication >>> >>> Any guidance on where to start looking? >> Check the 389-ds access and error logs on both masters. >> >> rob >> > > _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users