Thanks jochen for your response!
So far, we could quite well identify whos the master and the replica and 
identify how and where we should re-initialize.

Still there is good news at our side, we could further identify an issue and by 
fixing that (see below) also remove the replica and reinstall it. We had to 
"isolate" the second server (it was still reachable by ICMP ping) and were then 
able to just execute "ipa-replica-manage del uspidm02.[domain].[tld] --force 
--cleanup" and afterwards add it again.

After a small duplicate RUV issue (documented at we're now up again and have a 
running IdM setup.

Still, at our end there's one question left: for now, we have different 
passwords for the "admin" user and the directory manager password. Is this 
normal? Or do we have a broken setup now?

Best regards,

Ps: here's what we did to fix our issue:

1. copied uspidm01 and run isolated (offline) tests => we could identify this 
way all is well
2. after already doing reboots on uspidm02 disconnected that server and removed 
it on uspidm01 via ipa-replica-manage
3. by this identified an error in hosts entry of uspidm01 (listing uspidm02 
with a wrong ip conflicting DNS information)
4. reinstalled uspidm02 according documentation from redhat

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to