Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

SOLVED! Thank you Flo! That did the trick. Once I made the change to the certificate and restarted the IPA services everything came back up like it was supposed to. High five! *Mike Plemmons | Senior DevOps Engineer | CROSSCHX* 614.427.2411 mike.plemm...@crosschx.com www.crosschx.com On

Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

On 05/18/2017 03:49 PM, Michael Plemmons wrote: *Mike Plemmons | Senior DevOps Engineer | CROSSCHX * 614.427.2411 mike.plemm...@crosschx.com www.crosschx.com On Thu, May 18, 2017 at 8:02 AM, Florence Blanc-Renaud

Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

*Mike Plemmons | Senior DevOps Engineer | CROSSCHX* 614.427.2411 mike.plemm...@crosschx.com www.crosschx.com On Thu, May 18, 2017 at 8:02 AM, Florence Blanc-Renaud wrote: > On 05/15/2017 08:33 PM, Michael Plemmons wrote: > >> I have done more searching in my logs and I see the

Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

On 05/15/2017 08:33 PM, Michael Plemmons wrote: I have done more searching in my logs and I see the following errors. This is in the localhost log file /var/lib/pki/pki-tomcat/logs May 15, 2017 3:08:08 PM org.apache.catalina.core.ApplicationContext log SEVERE: StandardWrapper.Throwable

Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

Michael Plemmons wrote: > I just realized that I sent the reply directly to Rob and not to the > list. My response is inline Ok, this is actually good news. I made a similar proposal in another case and I was completely wrong. Flo had the user do something and it totally fixed their auth error,

Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

I just realized that I sent the reply directly to Rob and not to the list. My response is inline *Mike Plemmons | Senior DevOps Engineer | CROSSCHX* 614.427.2411 mike.plemm...@crosschx.com www.crosschx.com On Thu, May 4, 2017 at 9:39 AM, Michael Plemmons < michael.plemm...@crosschx.com>

Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

Michael Plemmons wrote: > I realized that I was not very clear in my statement about testing with > ldapsearch. I had initially run it without logging in with a DN. I was > just running the local ldapsearch -x command. I then tested on > ipa12.mgmt and ipa11.mgmt logging in with a full DN for

Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

I also looked at RUVs and here is what I found. I do not know if anything here is helpful. ldapsearch -ZZ -h ipa11.mgmt.crosschx.com -D "cn=Directory Manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=---))" | grep "nsds50ruv\|nsDS5ReplicaId"

Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

I ran another test. I started IPA with the ignore service failure option and I tired doing ldap searches like this. ldapsearch -H ldaps://ipa12.mgmt.crosschx.com from both my laptop and from ipa11.mgmt and I get successful returns when logging in as the admin user and as the directory manager.

Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

I realized that I was not very clear in my statement about testing with ldapsearch. I had initially run it without logging in with a DN. I was just running the local ldapsearch -x command. I then tested on ipa12.mgmt and ipa11.mgmt logging in with a full DN for the admin and "cn=Directory

[Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

I have a three node IPA cluster. ipa11.mgmt - was a master over 6 months ago ipa13.mgmt - current master ipa12.mgmt ipa13 has agreements with ipa11 and ipa12. ipa11 and ipa12 do not have agreements between each other. It appears that either ipa12.mgmt lost some level of its replication