Re: [Freeipa-users] Migration fails from 3.0.0 to 3.3.3 on Centos 6/7

Jani West wrote: > On old master apache logs looks like this: > > --- > [Tue Feb 24 23:37:40 2015] [error] [client 192.168.177.8] File does not > exist: /var/www/html/ca > [Tue Feb 24 23:37:41 2015] [error] [client 192.168.177.8] File does not > exist: /var/www/html/ca > [Tue Feb 24 23

Re: [Freeipa-users] Migration fails from 3.0.0 to 3.3.3 on Centos 6/7

On old master apache logs looks like this: --- [Tue Feb 24 23:37:40 2015] [error] [client 192.168.177.8] File does not exist: /var/www/html/ca [Tue Feb 24 23:37:41 2015] [error] [client 192.168.177.8] File does not exist: /var/www/html/ca [Tue Feb 24 23:38:22 2015] [error] [client 192

Re: [Freeipa-users] Migration fails from 3.0.0 to 3.3.3 on Centos 6/7

Jani West wrote: > Re-created replication file and run ipa-replica-install o fresh CentOS 7 > server. > > It is still giving the same error: > > - > 2015-02-24T21:40:54Z DEBUG Process finished, return code=1 > 2015-02-24T21:40:54Z DEBUG stdout=Loading deployment configuration

Re: [Freeipa-users] Migration fails from 3.0.0 to 3.3.3 on Centos 6/7

Re-created replication file and run ipa-replica-install o fresh CentOS 7 server. It is still giving the same error: - 2015-02-24T21:40:54Z DEBUG Process finished, return code=1 2015-02-24T21:40:54Z DEBUG stdout=Loading deployment configuration from /tmp/tmpR56_Ck. Installi

Re: [Freeipa-users] Migration fails from 3.0.0 to 3.3.3 on Centos 6/7

West, Jani wrote: > Thank you for the tip, > > Just created new /root/cacerts.p12. Should I import it to the CA somehow > or just restart the ipa server? > > Will reset the new replicate vm to clean CentOS 7 installation without > any leftovers from ipa-replica-install. > Re-run ipa-replica-pre

Re: [Freeipa-users] Migration fails from 3.0.0 to 3.3.3 on Centos 6/7

Thank you for the tip, Just created new /root/cacerts.p12. Should I import it to the CA somehow or just restart the ipa server? Will reset the new replicate vm to clean CentOS 7 installation without any leftovers from ipa-replica-install. -- -- Jani West On 24.2.2015 17:06, Rob Crittenden w

Re: [Freeipa-users] Migration fails from 3.0.0 to 3.3.3 on Centos 6/7

West, Jani wrote: > Hi, > > Validity, status and serials seems to be fine. One interesting pick: > While the installation is not too old it might be installed initially > with FreeIpa 2.x That's why i have to use ldap port 7389 instead of 398. > > # getcert list |grep expires > expires: 2016-

Re: [Freeipa-users] Migration fails from 3.0.0 to 3.3.3 on Centos 6/7

Hi, Validity, status and serials seems to be fine. One interesting pick: While the installation is not too old it might be installed initially with FreeIpa 2.x That's why i have to use ldap port 7389 instead of 398. # getcert list |grep expires expires: 2016-11-21 13:40:41 UTC

Re: [Freeipa-users] Migration fails from 3.0.0 to 3.3.3 on Centos 6/7

On 02/19/2015 02:54 PM, Jim Richard wrote: Hey guys, for what it's worth, I spent a couple weeks working with Endi Sukma Dewata, edew...@redhat.com , "Re: [Freeipa-users] Redhat/Centos iDM 3.0 to 3.1 upgrade fail". Unfortunately my post subject was not accurate but i

Re: [Freeipa-users] Migration fails from 3.0.0 to 3.3.3 on Centos 6/7

Hi, I can also test If there is any ideas. I have fresh CentOS 7 vm with snapshots. Absolutely this is related to CA / Tomcat PKI as Jim said. I have fidled a bit with the /etc/httpd/conf.d/ipa-pki-proxy.conf on old server to fix LocationMatch/Proxying I changed this # matches for admin po

Re: [Freeipa-users] Migration fails from 3.0.0 to 3.3.3 on Centos 6/7

Hey guys, for what it’s worth, I spent a couple weeks working with Endi Sukma Dewata, edew...@redhat.com, "Re: [Freeipa-users] Redhat/Centos iDM 3.0 to 3.1 upgrade fail”. Unfortunately my post subject was not accurate but in fact, I was attempting the exact same thing and seeing the exact same

Re: [Freeipa-users] Migration fails from 3.0.0 to 3.3.3 on Centos 6/7

Hi, How I can check the cert and test? I did curl -v -k https://xxx/ca/admin/ca/getDomainXML According to that the cert have plenty of time left. On the otherhand https://xxx/ca/admin/ca/updateDomainXML is givin the the same cert but also http 404. On 02/19/2015 06:22 PM, Martin Kosek wrote

Re: [Freeipa-users] Migration fails from 3.0.0 to 3.3.3 on Centos 6/7

On 02/19/2015 05:14 PM, Dmitri Pal wrote: > On 02/19/2015 10:07 AM, Jani West wrote: >> Trying to migrate from CentOS 6.6 with FreeIPA 3.0.0-42 to CentOS 7.0 with >> FreeIPA 3.3.3-28 by using replication. >> >> I have prepared replication file and moved it to the new replica server. >> Configured t

Re: [Freeipa-users] Migration fails from 3.0.0 to 3.3.3 on Centos 6/7

On 02/19/2015 10:07 AM, Jani West wrote: Trying to migrate from CentOS 6.6 with FreeIPA 3.0.0-42 to CentOS 7.0 with FreeIPA 3.3.3-28 by using replication. I have prepared replication file and moved it to the new replica server. Configured the firewalld and installed Ipa and other needed packa

[Freeipa-users] Migration fails from 3.0.0 to 3.3.3 on Centos 6/7

Trying to migrate from CentOS 6.6 with FreeIPA 3.0.0-42 to CentOS 7.0 with FreeIPA 3.3.3-28 by using replication. I have prepared replication file and moved it to the new replica server. Configured the firewalld and installed Ipa and other needed packages via yum. When running "ipa-replica-i