Hello again,

Just to keep your Tuesday fun, is this possible:

16 servers.
ipa-replica-manage list  <---- shows all 16

1 of the servers broke a couple of weeks ago and was removed with
"clean-ruv" but STILL shows up in the replica list, but not a single
master has a replica agreement with it, so there is no way to delete it since trying to do "ipa-replica-manage del" with any options, including force, from ANY servers says there is no replica agreement. How is this
possible and how do I get rid of the phantom replica? and I did try
--cleanup and it took it, but did nothing. And there is NOTHING in the

To further clarify, it is not a CA either, and never was.

Very confusing indeed. I just like to keep the developers on their toes.
don't know if I want to know the answer, but is it contained in the ruvs ?
No. That is why I am baffled. I want to re-add the server to help with loading, but obviously if it still shows up - so weird. Looks like ldapmodify is going to be required. I don't even have any strange CSN/replicas that can't be decoded in list-ruv
you probably did run into this issue: https://fedorahosted.org/freeipa/ticket/5019

ioa-replica-manage del failed to delete the master because it did not remove all services before. If you want to do it by ldapmodify, check what services are there below the master entry and remove these befor removing the master


list shows the those entries in cn=masters,cn=ipa,cn=etc,$SUFFIX. It doesn't show agreements or topology.

What output do you see when --cleanup is used?

You should check the 389-ds access log after this is run as well to see what searches and mods were attempted.


