Petr Vobornik wrote:
On 09/21/2016 05:06 PM, Natxo Asenjo wrote:
hi Petr,

On Wed, Sep 21, 2016 at 4:38 PM, Petr Vobornik <pvobo...@redhat.com
<mailto:pvobo...@redhat.com>> wrote:

     On 09/21/2016 10:50 AM, Natxo Asenjo wrote:

     > When I try to resubmit certificates from certmonger they still hit the 
kdc01 web
     > server, so the requests hang on an status: CA_UNREACHABLE
     >      ca-error: Server failed request, will retry: 4301 (RPC failed at 
server.
     > Certificate operation cannot be completed: Failure decoding Certificate 
Signing
     > Request).

     Where does it happen? On arbitrary client which was installed in a past
     against the removed kdc01?


yes.


     If so could you look into /etc/ipa/default.conf and change host option
     from kdc01 to the 7.2 IPA sever?


ok, done.

In fact, change both the domain as the xmlrpc_uri directives in the global
section was necessary. Now It worked :-)

So, what should be the correct value for dns discovery for both directives using
dns discovery?

I don't think there is a support for DNS discovery in Certmonger. CCing Rob.

That is correct, it uses the value from the ipa config file.

rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to