[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

On Mon, Mar 18, 2019 at 4:53 PM Rob Crittenden wrote: > > > ipa-replica-manage del --cleanup --force will clean these > entries up, and others. > > rob Rob, I tried this. It didn't work. The command itself failed with the same error message: PKINIT enabled server': all masters must have IPA

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

Dmitry Perets via FreeIPA-users wrote: >> >> Exactly as the others report, I can no longer login to the WebUI. It says >> "invalid >> 'PKINIT enabled server': all masters must have IPA master role enabled" and >> then throws an exception: >> > > UPDATE: To resolve it, you can delete the

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

> > Exactly as the others report, I can no longer login to the WebUI. It says > "invalid > 'PKINIT enabled server': all masters must have IPA master role enabled" and > then throws an exception: > UPDATE: To resolve it, you can delete the following subtree entirely: DN:

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

On ma, 18 maalis 2019, Dmitry Perets via FreeIPA-users wrote: Sorry, this was actually my response to another thread, but due to some issue, it was posted like a separate thread... I think it was caused by GMAIL that popped up when I tried to reply. @moderators, if possible, please delete

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

Sorry, this was actually my response to another thread, but due to some issue, it was posted like a separate thread... I think it was caused by GMAIL that popped up when I tried to reply. @moderators, if possible, please delete this... ___

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

Hi, I have the same issue right now... I had two working replicas, and I tried to add the third one. But due to some issues with ansible playbook, the installation of that third replica failed in the middle (I believe ansible lost SSH connection somewhere in the middle). That obviously left the

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

Also, I think one of the replicas got interrupted during the installation. I see this: ipa server-find --all ... Managed suffixes: domain Min domain level: 0 Max domain level: 1 Enabled server roles: NTP server ... ___ FreeIPA-users mailing

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

I just bumped into this as well. I think I've tried every permutation of commands+options, but I'm getting the "invalid 'PKINIT enabled server': all masters must have IPA master role enabled" message as well when running "ipa-replica-manage del --force -c ". Any ideas on how to resolve this?

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

I located every entry in LDAP that referenced the failed server and removed each of them. I know that the entries in the etc ipa masters hierarchies wouldn't go until I'd removed several of the others, which know included the custodia entries. I think there weren't any topology entries by that

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

> On Jan 8, 2019, at 3:12 PM, Rob Crittenden wrote: > > You didn't happen to keep a list of the entries/values you removed did you? > > rob In my experience, there were dozens of them and I gave up before the thing finally recovered. Since others were successful, I’m sure it was possible,

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

K. M. Peterson via FreeIPA-users wrote: > I'm going to reply to myself, after several more hours of digging, I > discovered that although it wasn't true at the time I posted the above > question, eventually, as with the original post from Lachlan Musicman >

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

I'm going to reply to myself, after several more hours of digging, I discovered that although it wasn't true at the time I posted the above question, eventually, as with the original post from Lachlan Musicman ,

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

Hate _hate_ to open old threads, but... I'm also seeing this. I've been trying to add another replica to our topology (this would be on a different subnet than the current pair); the ipa-replica-install command has been failing for various reasons that I've been fixing or circumventing and I've

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

Oh, forgot to mention, current domain level is `1`... ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct:

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

Oddly, I am having the same problem not too many days later, so I thought I would just reply here. I was in the middle of bringing up a new replica when the hardware panicked or something. Last messages to console: ``` Upgrading IPA:. Estimated time: 1 minute 30 seconds [1/9]: stopping

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

Ralph Crongeyer wrote: > Well I got it fixed by using ApacheDirectoryStudio and searching for the > old stuck replica and deleted all of it's entries, which fixed the issues, > I wish I would have gotten this email sooner, I would have tried what > you suggested. > > Thanks for your help with

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

Well I got it fixed by using ApacheDirectoryStudio and searching for the old stuck replica and deleted all of it's entries, which fixed the issues, I wish I would have gotten this email sooner, I would have tried what you suggested. Thanks for your help with this. Ralph On Wed, Oct 24, 2018 at

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

Ralph Crongeyer via FreeIPA-users wrote: > So it does allow me to login, however there is a popup that says: > "Some operations failed.", and a link "View details", when I click on > that it shows: > "invalid 'PKINIT enabled server': all masters must have IPA master role"   > And there is a button

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

So it does allow me to login, however there is a popup that says: "Some operations failed.", and a link "View details", when I click on that it shows: "invalid 'PKINIT enabled server': all masters must have IPA master role" And there is a button that says "OK", when I click on that it shows this:

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

Ralph Crongeyer via FreeIPA-users wrote: > Can this be manually removed? W currently can't login to the web portal > due to this issue. I don't understand how one master is affecting the web server of another. By design they are independent. Can you provide details on how login is failing? rob

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

On 10/23/18 12:54 PM, Ralph Crongeyer via FreeIPA-users wrote: Can this be manually removed? W currently can't login to the web portal due to this issue. http://www.port389.org/docs/389ds/howto/howto-cleanruv.html#cleanallruv Or you can run:   cleanallruv.pl -h HTH, Mark On Fri, Oct 19,

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

Can this be manually removed? W currently can't login to the web portal due to this issue. On Fri, Oct 19, 2018 at 8:42 AM Ralph Crongeyer wrote: > The goal is to remove the replica server from the master. No split brain. > I need to remove this as we can't login to the portal because of this.

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

The goal is to remove the replica server from the master. No split brain. I need to remove this as we can't login to the portal because of this. On Thu, Oct 18, 2018 at 5:23 PM Rob Crittenden wrote: > Ralph Crongeyer via FreeIPA-users wrote: > > Hi List, > > I have a master server that had a

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

Ralph Crongeyer via FreeIPA-users wrote: > Hi List, > I have a master server that had a replica installed. The replica has > been uninstalled. When I try to run "ipa-replica-manage del --force > replica.server" it fails with: > invalid 'PKINIT enabled server': all masters must have IPA master role