Tank you very much for your response. Adding debugging to /etc/ipa/server.conf did not add any additional information, but I discovered that -d flag to ipa-replica-install gives a lot of information.
After a lot of weird stuff, problems and son on, I decided to scratch the entire server completely and start all over. Now the replica is working again. Server must have had a brain damage at some point. Venlig hilsen Bjarne Blichfeldt Infrastructure Services Direkte +4563636119 Mobile +4521593270 b...@jndata.dk JN Data A/S * Havsteensvej 4 * 4000 Roskilde Telefon 63 63 63 63/ Fax 63 63 63 64 www.jndata.dk -----Original Message----- From: Florence Blanc-Renaud [mailto:f...@redhat.com] Sent: 25. april 2017 10:30 To: Bjarne Blichfeldt <b...@jndata.dk>; firstname.lastname@example.org Subject: Re: [Freeipa-users] ipa-replica-install failes on setup-ca On 04/24/2017 09:37 AM, Bjarne Blichfeldt wrote: > We had problems with one idm replica complaining about different ldap :snip Hi, 1/ you may find more information about the CA installation failure in /var/log/pki/pki-ca-spawn.$date.log To enable debug logs, you can create the file /etc/ipa/server.conf: $ cat /etc/ipa/server.conf [global] debug = True 2/ the error in httpd/error_log may indicate that your certificate expired, could you check if all the certificates are still valid? $ sudo certutil -L -d /etc/httpd/alias/ -n Server-Cert | grep Not Not Before: Thu Apr 20 15:03:40 2017 Not After : Sun Apr 21 15:03:40 2019 3/ I recall CA install issues when an old /root/cacert.p12 was left on a replica between uninstall and install. Can you try to delete this file and re-try the ipa-replica-install? Flo -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project