I think you should now check dirsrv errors logs on both server and the replica.
It should have more info what went wrong with starting the replication.

Please also check

# systemctl status dirsrv@YOUR-REALM.service

to check there are no SASL buffer related error messages.

On 03/10/2015 12:58 AM, Steven Jones wrote:
> ======
> 2015-03-09T21:15:31Z DEBUG flushing ldap://vuwunicoipam002.ods.vuw.ac.nz:389 
> from SchemaCache
> 2015-03-09T21:15:31Z DEBUG retrieving schema for SchemaCache 
> url=ldap://vuwunicoipam002.ods.vuw.ac.nz:389 
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4226cb0>
> 2015-03-09T21:15:31Z DEBUG flushing ldaps://vuwunicoipam004.ods.vuw.ac.nz:636 
> from SchemaCache
> 2015-03-09T21:15:31Z DEBUG retrieving schema for SchemaCache 
> url=ldaps://vuwunicoipam004.ods.vuw.ac.nz:636 
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x3d3d368>
> 2015-03-09T21:17:42Z DEBUG Traceback (most recent call last):
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
> 382, in start_creation
>     run_step(full_msg, method)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
> 372, in run_step
>     method()
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", 
> line 368, in __setup_replica
>     r_bindpw=self.dm_password)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", 
> line 969, in setup_replication
>     raise RuntimeError("Failed to start replication")
> RuntimeError: Failed to start replication
> 
> 2015-03-09T21:17:42Z DEBUG   [error] RuntimeError: Failed to start replication
> 2015-03-09T21:17:42Z DEBUG   File 
> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 
> 646, in run_script
>     return_value = main_function()
> 
>   File "/sbin/ipa-replica-install", line 700, in main
>     ds = install_replica_ds(config)
> 
>   File "/sbin/ipa-replica-install", line 195, in install_replica_ds
>     ca_file=config.dir + "/ca.crt",
> 
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", 
> line 355, in create_replica
>     self.start_creation(runtime=60)
> 
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
> 382, in start_creation
>     run_step(full_msg, method)
> 
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
> 372, in run_step
>     method()
> 
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", 
> line 368, in __setup_replica
>     r_bindpw=self.dm_password)
> 
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", 
> line 969, in setup_replication
>     raise RuntimeError("Failed to start replication")
> 
> 2015-03-09T21:17:42Z DEBUG The ipa-replica-install command failed, exception: 
> RuntimeError: Failed to start replication
> 
> ==========
> 
> 
> replica log.
> 
> 
> ?
> 
> 
> regards
> 
> Steven
> 
> ________________________________
> From: freeipa-users-boun...@redhat.com <freeipa-users-boun...@redhat.com> on 
> behalf of Rich Megginson <rmegg...@redhat.com>
> Sent: Tuesday, 10 March 2015 11:02 a.m.
> To: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] Error in replication while inserting a RHEL7.1 
> server into a RHEL6.6 IPA setup.
> 
> On 03/09/2015 03:35 PM, Steven Jones wrote:
> 
> Any idea what is going on here please?
> 
> 
> ==========
> 
> [root@vuwunicoipam004<mailto:root@vuwunicoipam004> ipa-certs]# 
> ipa-replica-install --setup-dns --forwarder=10.100.32.31 -U 
> replica-info-vuwunicoipam004.ods.vuw.ac.nz.gpg  --skip-conncheck
> Checking forwarders, please wait ...
> WARNING: DNS forwarder 10.100.32.31 does not return DNSSEC signatures in 
> answers
> Please fix forwarder configuration to enable DNSSEC support.
> (For BIND 9 add directive "dnssec-enable yes;" to "options {}")
> WARNING: DNSSEC validation will be disabled
> 
> I don't know if this is a problem, so I will leave it to our DNS gurus to 
> answer.
> 
> 
> Directory Manager (existing master) password:
> 
> Adding [10.100.32.50 vuwunicoipam004.ods.vuw.ac.nz] to your /etc/hosts file
> Using reverse zone(s) 32.100.10.in-addr.arpa.
> Configuring NTP daemon (ntpd)
>   [1/4]: stopping ntpd
>   [2/4]: writing configuration
>   [3/4]: configuring ntpd to start on boot
>   [4/4]: starting ntpd
> Done configuring NTP daemon (ntpd).
> Configuring directory server (dirsrv): Estimated time 1 minute
>   [1/35]: creating directory server user
>   [2/35]: creating directory server instance
>   [3/35]: adding default schema
>   [4/35]: enabling memberof plugin
>   [5/35]: enabling winsync plugin
>   [6/35]: configuring replication version plugin
>   [7/35]: enabling IPA enrollment plugin
>   [8/35]: enabling ldapi
>   [9/35]: configuring uniqueness plugin
>   [10/35]: configuring uuid plugin
>   [11/35]: configuring modrdn plugin
>   [12/35]: configuring DNS plugin
>   [13/35]: enabling entryUSN plugin
>   [14/35]: configuring lockout plugin
>   [15/35]: creating indices
>   [16/35]: enabling referential integrity plugin
>   [17/35]: configuring ssl for ds instance
>   [18/35]: configuring certmap.conf
>   [19/35]: configure autobind for root
>   [20/35]: configure new location for managed entries
>   [21/35]: configure dirsrv ccache
>   [22/35]: enable SASL mapping fallback
>   [23/35]: restarting directory server
>   [24/35]: setting up initial replication
> Starting replication, please wait until this has completed.
> Update in progress, 128 seconds elapsed
> [vuwunicoipam002.ods.vuw.ac.nz] reports: Update failed! Status: [10 Total 
> update abortedLDAP error: Referral]
> 
> If the client got back a referral, it means the replica was being 
> re-initialized at this time.  Sounds like either the client is not checking 
> to see if the initialization is complete, or the server is reporting back 
> erroneously that initialization is complete.
> 
> 
> 
>   [error] RuntimeError: Failed to start replication
> 
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> 
> Failed to start replication
> [root@vuwunicoipam004<mailto:root@vuwunicoipam004> ipa-certs]#
> ========
> 
> 
> No firewalls are active and the network is a simple vyos virtual router.
> 
> 
> =====
> 
> [root@vuwunicoipam002<mailto:root@vuwunicoipam002> etc]# iptables -L -n
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> [root@vuwunicoipam002<mailto:root@vuwunicoipam002> etc]#
> =====
> 
> =====
> 
> 
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> [root@vuwunicoipam004<mailto:root@vuwunicoipam004> ipa-certs]#
> =====
> 
> 
> 
> 
> 
> regards
> Steven
> 
> 
> 
> 
> 
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to