Hi,
I'm having problem with my multi-master replication.
I have on 389DS server in multi-master replication with a Windows DC (everything work fine).
I try to put another 389DS in multi-master replication over startTLS (just to have redundancy).
When I do the consumer initialization i've got this error:
The consumer initializatiion has unsuccessfully completed. The error received by the replica is: -11 - System error.
When I go to the /var/log/dirsrv/slapd-389ds/errors:
slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error)
Just an indication, I went in "manage certificate" on both 389DS server and I put the server cert and the CA cert, do I miss something ?
Thanks, Alex
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/...
Please look in this doc and increase the log verbosity. This might help. 10 kwi 2013 13:15, "alexandre" axel0felix@gmail.com napisał(a):
Hi,
I'm having problem with my multi-master replication.
I have on 389DS server in multi-master replication with a Windows DC (everything work fine).
I try to put another 389DS in multi-master replication over startTLS (just to have redundancy).
When I do the consumer initialization i've got this error:
The consumer initializatiion has unsuccessfully completed. The error received by the replica is: -11 - System error.
When I go to the /var/log/dirsrv/slapd-389ds/errors:
slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error)
Just an indication, I went in "manage certificate" on both 389DS server and I put the server cert and the CA cert, do I miss something ?
Thanks, Alex
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hello,
Thanks Grzegorz Dwornicki.
I found the solution, but someone can explain me why this option gave me an error.
I uncheck the box "Check hostname against name certificate for outboun SSL connections" in the "Encryption" tab (on both server side).
Just to exemple, I have one server name "lab.go.local" and the second server name is "labbis.go.local". May be because I don't put all information in my "/etc/hosts" but I use a Windows DNS to resolve.
Many thanks, Alex
2013/4/10 Grzegorz Dwornicki gd1100@gmail.com
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/...
Please look in this doc and increase the log verbosity. This might help. 10 kwi 2013 13:15, "alexandre" axel0felix@gmail.com napisał(a):
Hi,
I'm having problem with my multi-master replication.
I have on 389DS server in multi-master replication with a Windows DC (everything work fine).
I try to put another 389DS in multi-master replication over startTLS (just to have redundancy).
When I do the consumer initialization i've got this error:
The consumer initializatiion has unsuccessfully completed. The error received by the replica is: -11 - System error.
When I go to the /var/log/dirsrv/slapd-389ds/errors:
slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error)
Just an indication, I went in "manage certificate" on both 389DS server and I put the server cert and the CA cert, do I miss something ?
Thanks, Alex
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Do you have a PTR record on windows DNS? I had read somewhere that ssl checks forward and backwards queries. Altrough I didn't check it... The other possibility is as small as one character error in certificate vs name resolution. 10 kwi 2013 13:36, "alexandre" axel0felix@gmail.com napisał(a):
Hello,
Thanks Grzegorz Dwornicki.
I found the solution, but someone can explain me why this option gave me an error.
I uncheck the box "Check hostname against name certificate for outboun SSL connections" in the "Encryption" tab (on both server side).
Just to exemple, I have one server name "lab.go.local" and the second server name is "labbis.go.local". May be because I don't put all information in my "/etc/hosts" but I use a Windows DNS to resolve.
Many thanks, Alex
2013/4/10 Grzegorz Dwornicki gd1100@gmail.com
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/...
Please look in this doc and increase the log verbosity. This might help. 10 kwi 2013 13:15, "alexandre" axel0felix@gmail.com napisał(a):
Hi,
I'm having problem with my multi-master replication.
I have on 389DS server in multi-master replication with a Windows DC (everything work fine).
I try to put another 389DS in multi-master replication over startTLS (just to have redundancy).
When I do the consumer initialization i've got this error:
The consumer initializatiion has unsuccessfully completed. The error received by the replica is: -11 - System error.
When I go to the /var/log/dirsrv/slapd-389ds/errors:
slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error)
Just an indication, I went in "manage certificate" on both 389DS server and I put the server cert and the CA cert, do I miss something ?
Thanks, Alex
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
I don't have PTR on my DNS, but I continue to look that way and I found the reason. When I put a "new replication agreement", I made a mistake with the consumer name, I put "labbis.go.local" and I just have to put "labbis".
Thanks a lot Grzegorz Dwornicki !
Have a good day !
2013/4/10 Grzegorz Dwornicki gd1100@gmail.com
Do you have a PTR record on windows DNS? I had read somewhere that ssl checks forward and backwards queries. Altrough I didn't check it... The other possibility is as small as one character error in certificate vs name resolution. 10 kwi 2013 13:36, "alexandre" axel0felix@gmail.com napisał(a):
Hello,
Thanks Grzegorz Dwornicki.
I found the solution, but someone can explain me why this option gave me an error.
I uncheck the box "Check hostname against name certificate for outboun SSL connections" in the "Encryption" tab (on both server side).
Just to exemple, I have one server name "lab.go.local" and the second server name is "labbis.go.local". May be because I don't put all information in my "/etc/hosts" but I use a Windows DNS to resolve.
Many thanks, Alex
2013/4/10 Grzegorz Dwornicki gd1100@gmail.com
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/...
Please look in this doc and increase the log verbosity. This might help. 10 kwi 2013 13:15, "alexandre" axel0felix@gmail.com napisał(a):
Hi,
I'm having problem with my multi-master replication.
I have on 389DS server in multi-master replication with a Windows DC (everything work fine).
I try to put another 389DS in multi-master replication over startTLS (just to have redundancy).
When I do the consumer initialization i've got this error:
The consumer initializatiion has unsuccessfully completed. The error received by the replica is: -11 - System error.
When I go to the /var/log/dirsrv/slapd-389ds/errors:
slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error)
Just an indication, I went in "manage certificate" on both 389DS server and I put the server cert and the CA cert, do I miss something ?
Thanks, Alex
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org
-
alexandre -
Grzegorz Dwornicki