Hello Ludwig, Thanks for the help.
Am Dienstag, 25. Oktober 2016, 17:20:44 schrieb Ludwig Krispenz: > On 10/25/2016 04:41 PM, Günther J. Niederwimmer wrote: > > Hello Ludwig, > > > > Thanks for the answer and help, > >>>> - attrlist_replace errors: looks like you have recreated a replica on a > >>>> machine and not cleaned the RUV, please see: > >>>> http://www.freeipa.org/page/Troubleshooting#Obsolete_RUV_records > >>> > >>> I don't have add or remove a replica ? this two servers running now I > >>> mean > >>> over three month ? > >> > >> that is strange, could you perform step 1] and 2] of this recipe: > >> https://www.redhat.com/archives/freeipa-users/2016-May/msg00043.html > >> but add the option "-o ldif-wrap=no" to the ldapsearch to get the full > >> ruv > > > > OK. > > The first is > > > > ipa-csreplica-manage list > > Directory Manager password: > > > > ipa.example.com: master > > ipa1.example.com: master > > > > The second is: > > nsDS5ReplicaId: 96 > > nsds50ruv: {replicageneration} 5706b1a3000000600000 > > nsds50ruv: {replica 96 ldap://ipa.example.com:389} 5706b1ab000000600000 > > 580f6a5f000000600000 > > nsds50ruv: {replica 91 ldap://ipa1.example.com:389} 5714ad010000005b0000 > > 575c65140005005b0000 > > nsds50ruv: {replica 97 ldap://ipa1.example.com:389} 5706b1bd000000610000 > > 570803a9000000610000 > you should do the same search on ipa1, it looks like you have to > replicaids: 91 and 97 for the sane server: ipa1.example.com > from the timestamps in the RUV I think you recreated the instance on > ipa1 between Apr,8th and Apr,18th and since then have this in teh RUV. > but it looks like changes on ipa1 for the o=ipaca suffix are rare (ruv > output from ipa1 would tell more) and maybe missed the error messages so > far. but I don't remember to recreate ipa1 ? But it could be, I have a Error on creating the Replica (?). OK, ipa1 is this nsDS5ReplicaId: 91 nsds50ruv: {replicageneration} 5706b1a3000000600000 nsds50ruv: {replica 91 ldap://ipa1.example.com:389} 5714ad010000005b0000 575c65140005005b0000 nsds50ruv: {replica 96 ldap://ipa.example.com:389} 5706b1ab000000600000 580f6a5f000000600000 nsds50ruv: {replica 97 ldap://ipa1.example.com:389} 5706b1bd000000610000 570803a9000000610000 > I would suggest you follow the next steps in the doc abou cleaning the > no longer active replicaID from the ruv OK, I test it out and hope this is working ! But for me it is not really understandable why this is created ? > > The domain is changed !! > > > >>> The last I remember I add a 3rd Party Certificate ? > >>> > >>> but I don't found before so much Errors :-(. > >>> > >>> Is there a possible way to check a freeIPA Installation, to find out for > >>> a > >>> "normal" user to have a consistent System ? > >>> > >>>> - keep-alive already exists: this is also an indication of a new > >>>> replica, the keep alive entry was in the database, but the supplier > >>>> tries to send it again, this should also disappear once some real > >>>> changes from replica 4 are replicated > >>>> > >>>>> but now I have on the changed master this 100... Errors > >>>>> > >>>>> [23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord: > >>>>> could > >>>>> not delete change record 396504 (rc: 32) > >>>>> [23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord: > >>>>> could > >>>>> not delete change record 396505 (rc: 32) > >>>>> [23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord: > >>>>> could > >>>>> not delete change record 396506 (rc: 32) > >>>>> [23/Oct/2016:13:37:08 +0200] NSMMReplicationPlugin - replication keep > >>>>> alive > >>>>> entry <cn=repl keep alive 4,dc=example,dc=com> already exists > >>>>> > >>>>> and on the replica (Master) this 1000....Errors > >>>>> > >>>>> [23/Oct/2016:13:42:50 +0200] DSRetroclPlugin - delete_changerecord: > >>>>> could > >>>>> not delete change record 240846 (rc: 32) > >>>>> What is wrong with my changes, or have I to add my changes also on the > >>>>> Replicas ? > >>>>> > >>>>> Thanks for a answer, -- mit freundlichen Grüßen / best regards, Günther J. Niederwimmer -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
