[Freeipa-users] Failed to remove host (Some entries were not deleted)
Hi, I've got an issue where I can't seem to remove a host from my freeipa install. It gives me an error: Certificate operation cannot be completed: EXCEPTION (Certificate serial number 0xfff0006 not found) I thought it might be a replica issue, so I forced sync and also tried re-initializing the replica but no luck. Any suggestions? Thanks, Andrew ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Failed to remove host (Some entries were not deleted)
Andrew Lau wrote: Hi, I've got an issue where I can't seem to remove a host from my freeipa install. It gives me an error: Certificate operation cannot be completed: EXCEPTION (Certificate serial number 0xfff0006 not found) I thought it might be a replica issue, so I forced sync and also tried re-initializing the replica but no luck. Any suggestions? Deleting a host does a number of additional things: - revokes the certificate for the host if it exists - deletes the services for that host, revoking their certificates as needed So in this case the host has a certificate associated with it and revocation is failing because the CA doesn't have a record of this certificate. If you can be sure that the certificate is not in the IPA CA you can clear the value with: # ipa host-mod --certificate= test.example.com This passes an empty value to --certificate which results in removing the value. Then you should be able to delete the host. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Failed to remove host (Some entries were not deleted)
On Wed, Nov 27, 2013 at 12:58 AM, Rob Crittenden rcrit...@redhat.comwrote: Andrew Lau wrote: Hi, I've got an issue where I can't seem to remove a host from my freeipa install. It gives me an error: Certificate operation cannot be completed: EXCEPTION (Certificate serial number 0xfff0006 not found) I thought it might be a replica issue, so I forced sync and also tried re-initializing the replica but no luck. Any suggestions? Deleting a host does a number of additional things: - revokes the certificate for the host if it exists - deletes the services for that host, revoking their certificates as needed So in this case the host has a certificate associated with it and revocation is failing because the CA doesn't have a record of this certificate. If you can be sure that the certificate is not in the IPA CA you can clear the value with: # ipa host-mod --certificate= test.example.com This passes an empty value to --certificate which results in removing the value. Then you should be able to delete the host. rob Thanks that worked. Andrew. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users