Installing fresh 4.5.0 replica when other servers are still on 4.4.0
by doug.kelly@wipro.com
Hi,
I have a situation where the virtualisation platform our two replicated IPA servers are running on doesn't support proper snapshotting, so I'm unable to restore a snapshot if anything should go awry in any software update, which is hugely helpful of course...!
With this in mind I am wondering if I can do the following, as I know it is ok to run one of the two servers (in this instance) on 4.5.0 for a period of time but the other should be done fairly shortly afterwards (days) – Can I bring on a third, totally fresh VM running 4.5.0 and add it as a replica to the two existing servers running 4.4.0 and then upgrade the existing ones after that?
Hope someone can help.
Regards,
Doug
Wipro Limited (Company Regn No in UK FC 019088) Address: Level 2, West wing, 3 Sheldon Square, London W2 6PS, United Kingdom. Tel +44 20 7432 8500 Fax: +44 20 7286 5703 VAT Number: 563 1964 27 (Branch of Wipro Limited (Incorporated in India at Bangalore with limited liability vide Reg no L99999KA1945PLC02800 with Registrar of Companies at Bangalore, India. Authorized share capital Rs 5550 mn)) Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
6 years, 7 months
CA install fails
by pgb205
I've tried installing in two different waysfirst as a part of full replica install. IE ipa-replica-install --setup-ca --no-forwarders -p <password> replica.gpg this failed on step 8 [8/27]: starting certificate server instanceipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart the Dogtag instance.See the installation log for details. [9/27]: creating RA agent certificate database [10/27]: importing CA chain to RA certificate database [error] RuntimeError: Unable to retrieve CA chain: request failed with HTTP status 500
I then tried installing just the replica (no --setup-ca option) which succeeded and then ipa-ca-install -w -p replica.gpg which again failed with the same error
ca/debug log shows the following when I grep for errors
[22/Aug/2017:17:01:06][http-bio-8443-exec-3]: SystemConfigService: request: ConfigurationRequest [pin=XXXX, token=Internal Key Storage Token, tokenPassword=XXXX, securityDomainType=existingdomain, securityDomainUri=https://server1:443, securityDomainName=null, securityDomainUser=admin, securityDomainPassword=XXXX, isClone=true, cloneUri=https://server1:443, subsystemName=CA server2 8443, p12File=/tmp/ca.p12, p12Password=XXXX, hierarchy=root, dsHost=server2, dsPort=389, baseDN=o=ipaca, bindDN=cn=Directory Manager, bindpwd=XXXX, database=ipaca, secureConn=false, removeData=true, replicateSchema=false, masterReplicationPort=389, cloneReplicationPort=389, replicationSecurity=TLS, systemCertsImported=false, systemCerts=[com.netscape.certsrv.system.SystemCertData@8ffc78b], issuingCA=https://server1:443, backupKeys=true, backupPassword=XXXX, backupFile=/etc/pki/pki-tomcat/alias/ca_backup_keys.p12, adminUID=null, adminPassword=XXXX, adminEmail=null, adminCertRequest=null, adminCertRequestType=null, adminSubjectDN=null, adminName=null, adminProfileID=null, adminCert=null, importAdminCert=false, generateServerCert=true, external=false, standAlone=false, stepTwo=false, authdbBaseDN=null, authdbHost=null, authdbPort=null, authdbSecureConn=null, caUri=null, kraUri=null, tksUri=null, enableServerSideKeyGen=null, importSharedSecret=null, generateSubsystemCert=null, sharedDB=false, sharedDBUserDN=null, createNewDB=true, setupReplication=True, subordinateSecurityDomainName=null, reindexData=False, startingCrlNumber=0, createSigningCertRecord=true, signingCertSerialNumber=1][22/Aug/2017:17:01:07][http-bio-8443-exec-3]: updateNumberRange start host=server1 adminPort=443 eePort=443[22/Aug/2017:17:01:07][http-bio-8443-exec-3]: ConfigurationUtils: POST https://server1:443/ca/admin/ca/updateNumberRange[22/Aug/2017:17:01:07][h...: updateNumberRange(): status=0[22/Aug/2017:17:01:07][http-bio-8443-exec-3]: updateNumberRange start host=server1 adminPort=443 eePort=443[22/Aug/2017:17:01:07][http-bio-8443-exec-3]: ConfigurationUtils: POST https://server1:443/ca/admin/ca/updateNumberRange[22/Aug/2017:17:01:07][h...: updateNumberRange(): status=0[22/Aug/2017:17:01:07][http-bio-8443-exec-3]: updateNumberRange start host=server1 adminPort=443 eePort=443[22/Aug/2017:17:01:07][http-bio-8443-exec-3]: ConfigurationUtils: POST https://server1:443/ca/admin/ca/updateNumberRange[22/Aug/2017:17:01:07][h...: updateNumberRange(): status=0[22/Aug/2017:17:01:09][http-bio-8443-exec-3]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:01:09][http-bio-8443-exec-3]: makeConnection: errorIfDown false[22/Aug/2017:17:01:09][http-bio-8443-exec-3]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:01:09][http-bio-8443-exec-3]: makeConnection: errorIfDown false[22/Aug/2017:17:02:08][http-bio-8443-exec-3]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:02:08][http-bio-8443-exec-3]: makeConnection: errorIfDown false[22/Aug/2017:17:02:09][http-bio-8443-exec-3]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:02:09][http-bio-8443-exec-3]: makeConnection: errorIfDown false[22/Aug/2017:17:02:09][http-bio-8443-exec-3]: enableReplication: Failed to modify cn=replica,cn="o=ipaca",cn=mapping tree,cn=config entry. Exception: netscape.ldap.LDAPException: error result (68)[22/Aug/2017:17:02:51][http-bio-8443-exec-3]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:02:51][http-bio-8443-exec-3]: makeConnection: errorIfDown false[22/Aug/2017:17:02:52][http-bio-8443-exec-3]: importLDIFS(): LDAP Errors in importing /var/lib/pki/pki-tomcat/ca/conf/manager.ldif[22/Aug/2017:17:02:52][http-bio-8443-exec-3]: LDAPUtil:importLDIF: exception in adding entry ou=csusers,cn=config:netscape.ldap.LDAPException: error result (68)[22/Aug/2017:17:02:52][http-bio-8443-exec-3]: LDAPUtil:importLDIF: exception in modifying entry o=ipaca:netscape.ldap.LDAPException: error result (20)[22/Aug/2017:17:02:52][http-bio-8443-exec-3]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:02:52][http-bio-8443-exec-3]: makeConnection: errorIfDown false[22/Aug/2017:17:02:57][http-bio-8443-exec-3]: init: before makeConnection errorIfDown is true[22/Aug/2017:17:02:57][http-bio-8443-exec-3]: makeConnection: errorIfDown true[22/Aug/2017:17:02:57][http-bio-8443-exec-3]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:02:57][http-bio-8443-exec-3]: makeConnection: errorIfDown false[22/Aug/2017:17:02:57][http-bio-8443-exec-3]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:02:57][http-bio-8443-exec-3]: makeConnection: errorIfDown false[22/Aug/2017:17:02:58][http-bio-8443-exec-3]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:02:58][http-bio-8443-exec-3]: makeConnection: errorIfDown false[22/Aug/2017:17:03:07][localhost-startStop-1]: init: before makeConnection errorIfDown is true[22/Aug/2017:17:03:07][localhost-startStop-1]: makeConnection: errorIfDown true[22/Aug/2017:17:03:07][localhost-startStop-1]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:03:07][localhost-startStop-1]: makeConnection: errorIfDown false[22/Aug/2017:17:03:08][localhost-startStop-1]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:03:08][localhost-startStop-1]: makeConnection: errorIfDown false[22/Aug/2017:17:03:08][localhost-startStop-1]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:03:08][localhost-startStop-1]: makeConnection: errorIfDown false[22/Aug/2017:17:03:08][profileChangeMonitor]: Start Profile Creation - caDirUserRenewal caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile[22/Aug/2017:17:03:08][profileChangeMonitor]: Done Profile Creation - caDirUserRenewal[22/Aug/2017:17:03:08][profileChangeMonitor]: Start Profile Creation - IECUserRoles caEnrollImpl com.netscape.cms.profile.common.CAEnrollProfile[22/Aug/2017:17:03:08][profileChangeMonitor]: Done Profile Creation - IECUserRoles[22/Aug/2017:17:03:08][localhost-startStop-1]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:03:08][localhost-startStop-1]: makeConnection: errorIfDown false[22/Aug/2017:17:03:09][localhost-startStop-1]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:03:09][localhost-startStop-1]: makeConnection: errorIfDown false[22/Aug/2017:17:03:09][localhost-startStop-1]: init: before makeConnection errorIfDown is false[22/Aug/2017:17:03:09][localhost-startStop-1]: makeConnection: errorIfDown false[22/Aug/2017:17:03:09][localhost-startStop-1]: DBSubsystem: getNextRange. Unable to provide next range :netscape.ldap.LDAPException: error result (68)[22/Aug/2017:17:13:08][SerialNumberUpdateTask]: DBSubsystem: getNextRange. Unable to provide next range :netscape.ldap.LDAPException: error result (68)
this has failed on every Centos 7 and Fedora 26 server that we have available so doesn't seem like problem with particular versions.
Can someone please suggest as to what the problem might be here.
6 years, 7 months
Certificate renewals with external CA
by Rob Foehl
I've got a test instance of FreeIPA 4.4.4 running on F25 that was
installed with --external-ca, and the resulting CSR signed with a validity
period of 30 days to test behavior around expirations.
Upon booting that instance today, certmonger decided to preemptively renew
every IPA cert -- which is a good thing -- but did so without waiting for
renewal of the IPA CA cert first, which is less good. Now that instance
has a pile of certs that expire in two weeks, since they were signed with
and thus tied to the expiration of the old IPA CA cert.
While I'm guessing certmonger will figure this out and do the right thing
within a couple weeks -- and with the expectation that this would only
happen once per IPA CA renewal with a "real" deployment -- is this the
intended behavior?
Logs are a bit of a mess between this and a potentially-resolved SELinux
issue with certmonger, but I'll wedge them all into a proper bug report if
desired.
-Rob
6 years, 7 months
IPA + AIX + sudo
by saraiva.joao@gmail.com
Hi,
I have followed the how-to https://www.freeipa.org/page/SUDO_Integration_for_AIX.
As I understand from this how-to, sudo was configured to not ask for the user's password, I guess by using the "!authenticate" option in the IPA sudo rule. At least that's what I did and it worked perfectly.
On the other hand if I remove that option so that the user has to provide it's password when running sudo it doesn't work, the password fails every time. The user is able to login through ssh.
Has anyone been able to have this working with the user password?
Tks
6 years, 7 months
AWS FreeIPA install killed ?
by Outback Dingo
Done configuring directory server (dirsrv).
Configuring Kerberos KDC (krb5kdc)
[1/10]: adding kerberos container to the directory
[2/10]: configuring KDC
[3/10]: initialize kerberos container
[4/10]: adding default ACIs
[5/10]: creating a keytab for the directory
[6/10]: creating a keytab for the machine
[7/10]: adding the password extension to the directory
[8/10]: creating anonymous principal
[9/10]: starting the KDC
[10/10]: configuring KDC to start on boot
Done configuring Kerberos KDC (krb5kdc).
Configuring kadmin
[1/2]: starting kadmin
[2/2]: configuring kadmin to start on boot
Done configuring kadmin.
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
[1/29]: configuring certificate server instance
[2/29]: exporting Dogtag certificate store pin
[3/29]: stopping certificate server instance to update CS.cfg
[4/29]: backing up CS.cfg
[5/29]: disabling nonces
[6/29]: set up CRL publishing
[7/29]: enable PKIX certificate path discovery and validation
[8/29]: starting certificate server instance
[9/29]: configure certmonger for renewals
[10/29]: requesting RA certificate from CA
Killed
6 years, 7 months
Dead master, replica with no CA dying, need to migration to new machine.
by Rob Morin
Hello all...
FreeIPA newbie here.
I have inherited a freeipa infrastructure. It consists of 12 servers all authign to freeipa fro ssh and some ftp. My problem is as follows;
Original master(Dunlop) is dead, there remains a replica(freeipa) that barley works on a VM in virtualbox on a linux server.
I am trying to setup a new freeipa server(Auth-1) to replace both of the current freeipa servers in vmware.
SO in the current working serve(freeipa) i run this in debug mode....
[root@freeipa /]# ipa-replica-prepare --debug auth-1.domain.com
ipa: DEBUG: Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
ipa: DEBUG: importing all plugin modules in ipaserver.plugins...
ipa: DEBUG: importing plugin module ipaserver.plugins.aci
ipa: DEBUG: importing plugin module ipaserver.plugins.automember
ipa: DEBUG: importing plugin module ipaserver.plugins.automount
ipa: DEBUG: importing plugin module ipaserver.plugins.baseldap
ipa: DEBUG: ipaserver.plugins.baseldap is not a valid plugin module
ipa: DEBUG: importing plugin module ipaserver.plugins.baseuser
ipa: DEBUG: importing plugin module ipaserver.plugins.batch
ipa: DEBUG: importing plugin module ipaserver.plugins.ca
ipa: DEBUG: importing plugin module ipaserver.plugins.caacl
ipa: DEBUG: importing plugin module ipaserver.plugins.cert
ipa: DEBUG: importing plugin module ipaserver.plugins.certprofile
ipa: DEBUG: importing plugin module ipaserver.plugins.config
ipa: DEBUG: importing plugin module ipaserver.plugins.delegation
ipa: DEBUG: importing plugin module ipaserver.plugins.dns
ipa: DEBUG: importing plugin module ipaserver.plugins.dnsserver
ipa: DEBUG: importing plugin module ipaserver.plugins.dogtag
ipa: DEBUG: importing plugin module ipaserver.plugins.domainlevel
ipa: DEBUG: importing plugin module ipaserver.plugins.group
ipa: DEBUG: importing plugin module ipaserver.plugins.hbac
ipa: DEBUG: ipaserver.plugins.hbac is not a valid plugin module
ipa: DEBUG: importing plugin module ipaserver.plugins.hbacrule
ipa: DEBUG: importing plugin module ipaserver.plugins.hbacsvc
ipa: DEBUG: importing plugin module ipaserver.plugins.hbacsvcgroup
ipa: DEBUG: importing plugin module ipaserver.plugins.hbactest
ipa: DEBUG: importing plugin module ipaserver.plugins.host
ipa: DEBUG: importing plugin module ipaserver.plugins.hostgroup
ipa: DEBUG: importing plugin module ipaserver.plugins.idrange
ipa: DEBUG: importing plugin module ipaserver.plugins.idviews
ipa: DEBUG: importing plugin module ipaserver.plugins.internal
ipa: DEBUG: importing plugin module ipaserver.plugins.join
ipa: DEBUG: importing plugin module ipaserver.plugins.krbtpolicy
ipa: DEBUG: importing plugin module ipaserver.plugins.ldap2
ipa: DEBUG: importing plugin module ipaserver.plugins.location
ipa: DEBUG: importing plugin module ipaserver.plugins.migration
ipa: DEBUG: importing plugin module ipaserver.plugins.misc
ipa: DEBUG: importing plugin module ipaserver.plugins.netgroup
ipa: DEBUG: importing plugin module ipaserver.plugins.otp
ipa: DEBUG: ipaserver.plugins.otp is not a valid plugin module
ipa: DEBUG: importing plugin module ipaserver.plugins.otpconfig
ipa: DEBUG: importing plugin module ipaserver.plugins.otptoken
ipa: DEBUG: importing plugin module ipaserver.plugins.passwd
ipa: DEBUG: importing plugin module ipaserver.plugins.permission
ipa: DEBUG: importing plugin module ipaserver.plugins.ping
ipa: DEBUG: importing plugin module ipaserver.plugins.pkinit
ipa: DEBUG: ipaserver.plugins.pkinit is not a valid plugin module
ipa: DEBUG: importing plugin module ipaserver.plugins.privilege
ipa: DEBUG: importing plugin module ipaserver.plugins.pwpolicy
ipa: DEBUG: Starting external process
ipa: DEBUG: args=klist -V
ipa: DEBUG: Process finished, return code=0
ipa: DEBUG: stdout=Kerberos 5 version 1.14.1
ipa: DEBUG: stderr=
ipa: DEBUG: importing plugin module ipaserver.plugins.rabase
ipa: DEBUG: ipaserver.plugins.rabase is not a valid plugin module
ipa: DEBUG: importing plugin module ipaserver.plugins.radiusproxy
ipa: DEBUG: importing plugin module ipaserver.plugins.realmdomains
ipa: DEBUG: importing plugin module ipaserver.plugins.role
ipa: DEBUG: importing plugin module ipaserver.plugins.schema
ipa: DEBUG: importing plugin module ipaserver.plugins.selfservice
ipa: DEBUG: importing plugin module ipaserver.plugins.selinuxusermap
ipa: DEBUG: importing plugin module ipaserver.plugins.server
ipa: DEBUG: importing plugin module ipaserver.plugins.serverrole
ipa: DEBUG: importing plugin module ipaserver.plugins.serverroles
ipa: DEBUG: importing plugin module ipaserver.plugins.service
ipa: DEBUG: importing plugin module ipaserver.plugins.servicedelegation
ipa: DEBUG: importing plugin module ipaserver.plugins.session
ipa: DEBUG: importing plugin module ipaserver.plugins.stageuser
ipa: DEBUG: importing plugin module ipaserver.plugins.sudo
ipa: DEBUG: ipaserver.plugins.sudo is not a valid plugin module
ipa: DEBUG: importing plugin module ipaserver.plugins.sudocmd
ipa: DEBUG: importing plugin module ipaserver.plugins.sudocmdgroup
ipa: DEBUG: importing plugin module ipaserver.plugins.sudorule
ipa: DEBUG: importing plugin module ipaserver.plugins.topology
ipa: DEBUG: importing plugin module ipaserver.plugins.trust
ipa: DEBUG: importing plugin module ipaserver.plugins.user
ipa: DEBUG: importing plugin module ipaserver.plugins.vault
ipa: DEBUG: importing plugin module ipaserver.plugins.virtual
ipa: DEBUG: ipaserver.plugins.virtual is not a valid plugin module
ipa: DEBUG: importing plugin module ipaserver.plugins.xmlserver
ipa.ipapython.ipaldap.SchemaCache: DEBUG: flushing ldapi://%2fvar%2frun%2fslapd-DOMAIN-COM.socket from SchemaCache
ipa.ipapython.ipaldap.SchemaCache: DEBUG: retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-DOMAIN-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4c178c0>
Directory Manager (existing master) password:
ipa.ipaserver.plugins.ldap2.ldap2: DEBUG: Created connection context.ldap2_49561488
ipa.ipaserver.plugins.cert.ca_is_enabled: DEBUG: raw: ca_is_enabled(version=u'2.213')
ipa.ipaserver.plugins.cert.ca_is_enabled: DEBUG: ca_is_enabled(version=u'2.213')
ipa.ipaserver.plugins.ldap2.ldap2: DEBUG: Destroyed connection context.ldap2_49561488
ipa: DEBUG: Search DNS for auth-1.domain.com
ipa: DEBUG: Check if auth-1.domain.com is not a CNAME
ipa: DEBUG: Check reverse address of 192.168.2.251
ipa: DEBUG: Found reverse name: auth-1.domain.com
ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: INFO: If you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.
ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 169, in execute
self.ask_for_options()
File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_replica_prepare.py", line 342, in ask_for_options
raise admintool.ScriptError("The replica must be created on the "
ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: The ipa-replica-prepare command failed, exception: ScriptError: The replica must be created on the primary IPA server.
ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: ERROR: The replica must be created on the primary IPA server.
ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: ERROR: The ipa-replica-prepare command failed.
So if i cannot create a replica prepare file i cannot create a new replica and hence not migrate the current dying vm server(freeipa) to the new vmware vm.
What can i do?? I am running freeipa v4 on current replica.
I have too many servers and user to start from scratch..
Any help appreciated...
Thanks to all!
6 years, 7 months
problem installing 3rd party(trusted cert)
by Rob Morin
Hello all...
So i have a wildcard cert from geotrust.
I am running freeipa V4.4 fresh install no users yet
I downloaded and installed their GeoTrust Primary Certification Authority root cert from here --> https://www.geotrust.com/resources/root-certificates/
I ran this command to import it...
ipa-cacert-manage -p password -n httpcrt -t C,, install root_ca.crt
I get back this ;
Installing CA certificate, please wait
CA certificate successfully installed
The ipa-cacert-manage command was successful
Then i go to install just the http cert for freeipa as dictated by company policy
Then I run this...
ipa-certupdate
Then i go to add the cert like this...
ipa-server-certinstall -w star_domain_com.key star_domain_com.crt
Directory Manager password:
Enter private key unlock password:
I get this back....
The full certificate chain is not present in star_domain_com.key, star_domain_com.crt
The ipa-server-certinstall command failed.
So I combined the bundle and cert into one file, still a no go , i tried bot ways cert first then bundle, and bundle first then cert, still a no go.
Any ideas?
Thanks..
6 years, 7 months
No FreeIPA on AWS / Red Hat Enterprise Linux 7.4
by Outback Dingo
Red Hat Enterprise Linux 7.4 (HVM), SSD Volume Type - ami-c998b6b2
Red Hat Enterprise Linux version 7.4 (HVM), EBS General Purpose (SSD)
Volume Type
yum install ipa-server bind-dyndb-ldap
Loaded plugins: priorities, update-motd, upgrade-helper
1054 packages excluded due to repository priority protections
No package ipa-server available.
No package bind-dyndb-ldap available.
Error: Nothing to do
what gives.... ?
6 years, 7 months
Missing CSNs after upgrade
by John Jeffers
Hello.
I recently upgraded from 4.2.0 to 4.4.0 (CentOS 7), and am now seeing
missing CSN errors, such as:
[26/Aug/2017:21:39:32.891818412 +0000] NSMMReplicationPlugin - changelog
program - agmt="cn=meTo******.com" (******:389): CSN 597276fb0005000a0000
not found, we aren't as up to date, or we purged
[26/Aug/2017:21:39:32.893279073 +0000] NSMMReplicationPlugin -
agmt="cn=meTo******.com" (******:389): Data required to update replica has
been purged from the changelog. The replica must be reinitialized.
(server names removed)
These errors are showing up all over the place, and I have been "fixing"
the problem by removing the broken links and setting up replication with a
different partner just to get things flowing again.
I tried to re-initialize as the error suggests, but that didn't solve the
problem. Is there a recommended process for resolving missing CSN errors?
Thank you in advance!
6 years, 7 months