Tried to re-enroll the replica however, getting the same error, though I am able to connect to server.
===== Starting replication, please wait until this has completed. [ipa-inf-prd-ng2-01.klikpay.int] reports: Update failed! Status: [-1 - LDAP error: Can't contact LDAP server] [error] RuntimeError: Failed to start replication ===== [root@ipa-inf-prd-ng2-02 ~]# telnet ipa-inf-prd-ng2-01.klikpay.int 389 Trying 172.16.32.10... Connected to ipa-inf-prd-ng2-01.klikpay.int. Escape character is '^]'. ^] telnet> quit Connection closed. [root@ipa-inf-prd-ng2-02 ~]# *Best Regards,* *__________________________________________* *Yogesh Sharma* *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in <http://www.initd.in/> * *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified* <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000> <https://twitter.com/checkwithyogesh> <http://google.com/+YogeshSharmaOnGooglePlus> On Fri, Oct 30, 2015 at 7:05 PM, Rob Crittenden <rcrit...@redhat.com> wrote: > Yogesh Sharma wrote: > > Team, > > > > Noticed that user created on IPA Master are not replicating on Replica. > > > > Also, we create a new Zone in Master, However we do not see the same in > > replica server. > > You need to figure out why ipa-inf-prd-ng2-01.klikpay.int can't contact > port 389 on ipa-inf-prd-ng2-02.klikpay.int. It may be someone threw up a > firewall without telling you, or someone tweaked the rules on either of > those boxes. > > Doing re-init, force-sync, etc is always going to fail if one can't talk > to the other. > > rob > > > > > > > Below is the information: > > > > From Master: > > > > [root@ipa-inf-prd-ng2-01 ~]# ipa-replica-manage list -v > > ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int> > > Directory Manager password: > > > > ipa-inf-prd-ng2-02.klikpay.int <http://ipa-inf-prd-ng2-02.klikpay.int>: > > replica > > last init status: None > > last init ended: None > > last update status: -1 Unable to acquire replicaLDAP error: Can't > > contact LDAP server > > last update ended: None > > [root@ipa-inf-prd-ng2-01 ~]# > > > > > > > > From Replica: > > > > > > [root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage list -v > > ipa-inf-prd-ng2-02.klikpay.int <http://ipa-inf-prd-ng2-02.klikpay.int> > > Directory Manager password: > > > > ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>: > > replica > > last init status: None > > last init ended: None > > last update status: 0 Replica acquired successfully: Incremental > > update succeeded > > last update ended: 2015-10-30 10:36:25+00:00 > > [root@ipa-inf-prd-ng2-02 ~]# > > > > > > Though it says it is replicated (last update ended), We are not seeing > > new users and the new DNS Zone which we created > > > > > > I also tried force replication, though I can not see the new Changes: > > > > [root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage force-sync --from > > ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int> > > Directory Manager password: > > > > ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int > > <http://meToipa-inf-prd-ng2-02.klikpay.int > >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping > > tree,cn=config schedule to 2358-2359 0 to force synch > > ipa: INFO: Deleting schedule 2358-2359 0 from agreement > > cn=meToipa-inf-prd-ng2-02.klikpay.int > > <http://meToipa-inf-prd-ng2-02.klikpay.int > >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping > > tree,cn=config > > [root@ipa-inf-prd-ng2-02 ~]# > > > > > > Once I do re-initialization, it gives "Can't Contact LDAP Server" > > > > [root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage re-initialize --from > > ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int> > > Directory Manager password: > > > > ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int > > <http://meToipa-inf-prd-ng2-02.klikpay.int > >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping > > tree,cn=config schedule to 2358-2359 0 to force synch > > ipa: INFO: Deleting schedule 2358-2359 0 from agreement > > cn=meToipa-inf-prd-ng2-02.klikpay.int > > <http://meToipa-inf-prd-ng2-02.klikpay.int > >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping > > tree,cn=config > > > > [ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>] > > reports: Update failed! Status: [-1 - LDAP error: Can't contact LDAP > > server] > > > > > > > > > > /Best Regards,/ > > /__________________________________________ > > / > > /Yogesh Sharma > > / > > /Email: yks0...@gmail.com <mailto:yks0...@gmail.com> | Web: www.initd.in > > <http://www.initd.in/> / > > / > > / > > /RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/ > > > > <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000> < > https://twitter.com/checkwithyogesh> < > http://google.com/+YogeshSharmaOnGooglePlus> > > > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project