There was no record in the CA list. I added one for the CA master with the
ldapadd command. The ipa-ca-install command completed successfully this time!
Thanks a million for your help!
Thanks,
Ross
From: Fraser Tweedale [ftwee...@redhat.com]
Sent:
After a failed ipa-replica-install, I try to uninstall with ipa-server-install
--uninstall. However the uninstall is failing with the following:
[root@ipa-nyc-pci01 ~]# ipa-server-install --uninstall
This is a NON REVERSIBLE operation and will delete all data and configuration!
It is highly
.@redhat.com]
Sent: Thursday, April 26, 2018 1:56 PM
To: Ross Infinger
Cc: FreeIPA users list
Subject: Re: [Freeipa-users] CA install on replica fails - Clone URI does not
match...
Hi Ross,
Could you please also provide the /var/log/pki/pki-tomcat/ca/debug
log files from both master and rep
]
Sent: Thursday, April 26, 2018 1:56 PM
To: Ross Infinger
Cc: FreeIPA users list
Subject: Re: [Freeipa-users] CA install on replica fails - Clone URI does not
match...
Hi Ross,
Could you please also provide the /var/log/pki/pki-tomcat/ca/debug
log files from both master and replica?
T
e URI does not
match...
Hi Ross,
Could you please also provide the /var/log/pki/pki-tomcat/ca/debug
log files from both master and replica?
Thanks,
Fraser
On Thu, Apr 26, 2018 at 05:33:32PM +, Ross Infinger via FreeIPA-users wrote:
> I'm installing the CA service on an existing replica with
; Ross Infinger
Subject: Re: [Freeipa-users] Re: replica - install fails with CA issue
On Thu, Apr 26, 2018 at 12:30:06AM +, Ross Infinger via FreeIPA-users wrote:
> OK I was able to workaround this error and get a replica created. The
> workaround is I ran ipa-server-upgrade on the CA
I get this error when trying to login to the freeipa gui on the CA master.
"Login failed due to an unknow reason"
This started after an attempt to create a new replica failed on another machine.
freeipa version: VERSION: 4.5.0, API_VERSION: 2.228
Snippet from /var/log/httpd/error_log
...
[Wed
- install fails with CA issue
Ross Infinger via FreeIPA-users wrote:
> Thanks for the reply. I tried the workaround but still getting the
> CA_UNREACHABLE error. The umask on the master was already at 0022.
>
> Is there a way to check the health of the CA master? Maybe the issue is wi
I'm trying to promote a new client to a replica. I install the client first
then run ipa-replica-install. The client install goes OK but the
ipa-replica-install command fails with
RuntimeError: Certificate issuance failed (CA_UNREACHABLE)
Seems the client was able to reach the CA so I'm