-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
> > > > Whether related or not I am getting the following in my RHEL 6.5 > IPA instance /var/log/dirsrv/slapd-PKI-CA/debug log: > > [26/Jul/2014:20:23:23 +0000] slapi_ldap_bind - Error: could not > send startTLS re quest: error -1 (Can't contact LDAP server) errno > 107 (Transport endpoint is not connected) [26/Jul/2014:20:23:23 > +0000] NSMMReplicationPlugin - agmt="cn=masterAgreement1-i > pa2.example.com-pki-ca" (ipa2:7389): Replication bind with SIMPLE > auth failed: LD AP error -1 (Can't contact LDAP server) ((null)) > [26/Jul/2014:20:23:37 +0000] slapi_ldap_bind - Error: could not > send startTLS re quest: error -1 (Can't contact LDAP server) errno > 107 (Transport endpoint is not connected) [26/Jul/2014:20:23:48 > +0000] slapi_ldap_bind - Error: could not send startTLS re quest: > error -1 (Can't contact LDAP server) errno 107 (Transport endpoint > is not connected) > > And these errors just continue to be logged. > > When attempting to run ipa-ca-install -d on the RHEL 7 replica > (all other services are on there running fine) I receive the > following: > > ipa : CRITICAL failed to configure ca instance Command > '/usr/sbin/pkispawn -vv -s CA -f /tmp/tmpqd0WwF' returned non-zero > exit status 1 ipa : DEBUG File > "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", > > line 638, in run_script > return_value = main_function() > > File "/usr/sbin/ipa-ca-install", line 179, in main CA = > cainstance.install_replica_ca(config, postinstall=True) > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", > > line 1678, in install_replica_ca > subject_base=config.subject_base) > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", > > line 478, in configure_instance > self.start_creation(runtime=210) > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 364, in start_creation method() > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", > > line 604, in __spawn_instance > raise RuntimeError('Configuration of CA failed') > > ipa : DEBUG The ipa-ca-install command failed, > exception: RuntimeError: Configuration of CA failed > > Your system may be partly configured. Run > /usr/sbin/ipa-server-install --uninstall to clean up. > > Configuration of CA failed > > > So this behavior changed after restarting the IPA service on the > RHEL 6.5 system. > > So at this point I have a RHEL 6.5 system and a RHEL 7 replica of > everything except the CA. The RHEL 6.5 system, when the IPA service > is restarted throws an error, perhaps from schema change? > > Any ideas? > > -Erinn > > I went in and debugged this a bit further by changing the verbosity for nsslapd-errorlog-level. It appears that the rhel 6.5 system is attempting to connect to the RHEL 7 system on port 7389 and since the RHEL 7 system does not have the CA installed this would obviously fail. This leads me to believe that there is cruft in the directory that is pointing to the wrong place. I don't think this will fix my second group of errors, but how does one view the replication agreements specifically for the ca? As well I omitted to lines from the ipa-ca-install error which are probably pertinent: ERROR: Unable to access directory server: Server is unwilling to perform ipa : DEBUG stderr= - -Erinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJT3vPJAAoJEFg7BmJL2iPOv+MH/iRgdN+7R5q3BtQE9RcoZHss eMoUIEwAji/I1ddHklZc03p9fU5HTHlKKqRcfRGLA5nka5q3g4ZKlqh+N4BVoZrq 2wGxhD4Qh1Ye3TzwuB2Ex2oXQmRqrd96irdUnu/nf5LoFz0eBMPOcdAGRX6uMyoa lRF91cLX4HlA3neL0cSGsAp376WGMnU/EWdnriGmORkkoIqmYkR/38GYPCC3qoYG hYJK/YjInQxv1B5bXCJ/IQC3xgKkeXlzDiChp4rLNSJXWByxX3hcxTZ51YqTE49d t+yNIGkQk73yojW7WBluw2IidYXFEqqO/ORTMsd2mWUHDaGID+G3q9VCLdRHp/s= =Qv14 -----END PGP SIGNATURE----- -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project