On 30.10.2015 11:54, Yogesh Sharma wrote:
Additionally, On Replica UI, I am getting below Error Message:
IPA Error 4301: CertificateOperationError
Certificate operation cannot be completed: Unable to communicate with
CMS (Not Found)
Hello, can you check /var/log/httpd/error_log if there is a detailed info?
Martin
/Best Regards,/
/__________________________________________
/
/Yogesh Sharma
/
/Email: yks0...@gmail.com <mailto:yks0...@gmail.com> | Web:
www.initd.in <http://www.initd.in/> /
/
/
/RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/
<https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000>
<https://twitter.com/checkwithyogesh>
<http://google.com/+YogeshSharmaOnGooglePlus>
On Fri, Oct 30, 2015 at 4:16 PM, Yogesh Sharma <yks0...@gmail.com
<mailto:yks0...@gmail.com>> wrote:
Team,
Noticed that user created on IPA Master are not replicating on
Replica.
Also, we create a new Zone in Master, However we do not see the
same in replica server.
Below is the information:
From Master:
[root@ipa-inf-prd-ng2-01 ~]# ipa-replica-manage list -v
ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>
Directory Manager password:
ipa-inf-prd-ng2-02.klikpay.int
<http://ipa-inf-prd-ng2-02.klikpay.int>: replica
last init status: None
last init ended: None
last update status: -1 Unable to acquire replicaLDAP error:
Can't contact LDAP server
last update ended: None
[root@ipa-inf-prd-ng2-01 ~]#
From Replica:
[root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage list -v
ipa-inf-prd-ng2-02.klikpay.int <http://ipa-inf-prd-ng2-02.klikpay.int>
Directory Manager password:
ipa-inf-prd-ng2-01.klikpay.int
<http://ipa-inf-prd-ng2-01.klikpay.int>: replica
last init status: None
last init ended: None
last update status: 0 Replica acquired successfully: Incremental
update succeeded
last update ended: 2015-10-30 10:36:25+00:00
[root@ipa-inf-prd-ng2-02 ~]#
Though it says it is replicated (last update ended), We are not
seeing new users and the new DNS Zone which we created
I also tried force replication, though I can not see the new Changes:
[root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage force-sync --from
ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>
Directory Manager password:
ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int
<http://meToipa-inf-prd-ng2-02.klikpay.int>,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
tree,cn=config schedule to 2358-2359 0 to force synch
ipa: INFO: Deleting schedule 2358-2359 0 from agreement
cn=meToipa-inf-prd-ng2-02.klikpay.int
<http://meToipa-inf-prd-ng2-02.klikpay.int>,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
tree,cn=config
[root@ipa-inf-prd-ng2-02 ~]#
Once I do re-initialization, it gives "Can't Contact LDAP Server"
[root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage re-initialize
--from ipa-inf-prd-ng2-01.klikpay.int
<http://ipa-inf-prd-ng2-01.klikpay.int>
Directory Manager password:
ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int
<http://meToipa-inf-prd-ng2-02.klikpay.int>,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
tree,cn=config schedule to 2358-2359 0 to force synch
ipa: INFO: Deleting schedule 2358-2359 0 from agreement
cn=meToipa-inf-prd-ng2-02.klikpay.int
<http://meToipa-inf-prd-ng2-02.klikpay.int>,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
tree,cn=config
[ipa-inf-prd-ng2-01.klikpay.int
<http://ipa-inf-prd-ng2-01.klikpay.int>] reports: Update failed!
Status: [-1 - LDAP error: Can't contact LDAP server]
/Best Regards,/
/__________________________________________
/
/Yogesh Sharma
/
/Email: yks0...@gmail.com <mailto:yks0...@gmail.com> | Web:
www.initd.in <http://www.initd.in/> /
/
/
/RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/
<https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000>
<https://twitter.com/checkwithyogesh>
<http://google.com/+YogeshSharmaOnGooglePlus>
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
