Tank you very much for your response.

Adding debugging to /etc/ipa/server.conf did not add any additional 
information, but I discovered that -d flag to
ipa-replica-install gives a lot of information.

After a lot of weird stuff, problems and son on, I decided to scratch the 
entire server completely and start all over. 
Now the replica is working again. Server must have had a brain damage at some 
point.



Venlig hilsen

Bjarne Blichfeldt
Infrastructure Services


Direkte +4563636119
Mobile +4521593270
b...@jndata.dk

JN Data A/S * Havsteensvej 4 * 4000 Roskilde
Telefon 63 63 63 63/ Fax 63 63 63 64
www.jndata.dk




-----Original Message-----
From: Florence Blanc-Renaud [mailto:f...@redhat.com] 
Sent: 25. april 2017 10:30
To: Bjarne Blichfeldt <b...@jndata.dk>; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] ipa-replica-install failes on setup-ca

On 04/24/2017 09:37 AM, Bjarne Blichfeldt wrote:
> We had problems with one idm replica complaining about different ldap 
:snip

Hi,

1/ you may find more information about the CA installation failure in 
/var/log/pki/pki-ca-spawn.$date.log

To enable debug logs, you can create the file /etc/ipa/server.conf:
$ cat /etc/ipa/server.conf
[global]
debug = True


2/ the error in httpd/error_log may indicate that your certificate expired, 
could you check if all the certificates are still valid?
$ sudo certutil -L -d /etc/httpd/alias/ -n Server-Cert | grep  Not
             Not Before: Thu Apr 20 15:03:40 2017
             Not After : Sun Apr 21 15:03:40 2019

3/ I recall CA install issues when an old /root/cacert.p12 was left on a 
replica between uninstall and install. Can you try to delete this file and 
re-try the ipa-replica-install?

Flo

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to