Hey there - 

I¹m working a FreeIPA box (ipa-server-3.0.0-42) - Our original PKI ³master²
was nuked a while ago and I have a suspicion that none of the other ³master²
freeipa replicas were ³promoted² (sorry for the over-use of ³ )


So we went ahead and ran through these instructions and are currently in a
weird state:
http://www.freeipa.org/page/IPA_2x_Certificate_Renewal

krb5 won¹t start and the getcert list command is returning CA_UNREACHABLE

krb5kdc: Server error - while fetching master key K/M for realm

status: CA_UNREACHABLE
ca-error: Error setting up ccache for "host" service on client using default
keytab: Cannot contact any KDC for realm


So I don¹t think I can promote another master/replica ?


Thanks, 

‹Mike



Attachment: smime.p7s
Description: S/MIME cryptographic signature

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to