This is helpful. It shows that oxygen is being looked for in the IPA
masters location, cn=masters and is returning err=32, not found.
What I don't know is why or where this query is coming from.
There are several queries that look like they might originate in the
389-ds topology plugin but I couldn't find where and I'm not familiar
with it in general. Queries like:
SRCH base="cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" scope=1
filter="(objectClass=top)" attrs="ipaMaxDomainLevel cn ipaMinDomainLevel
ipaReplTopoManagedSuffix ipaLocation ipaServiceWeight"
I'm not entirely sure when you invoke ipa-replica-manage if it is
calling the topology plugin under the hood or not. It almost certainly
is when you use the UI.
I'm cc'ing someone who knows this better.
rob
[13/Feb/2018:09:14:45.823204160 +0000] conn=192207 fd=155 slot=155 SSL
connection from 192.168.94.4 to 192.168.94.4
[13/Feb/2018:09:14:46.027998523 +0000] conn=192207 TLS1.2 256-bit AES-GCM
[13/Feb/2018:09:14:46.031226897 +0000] conn=45 op=31409 SRCH
base="dc=eggvfx,dc=ie" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/EGGVFX.IE(a)EGGVFX.IE
<mailto:EGGVFX.IE@EGGVFX.IE>)(krbPrincipalName:caseIgnoreIA5Match:=krbtgt/EGGVFX.IE@EGGVFX.IE
<mailto:EGGVFX.IE@EGGVFX.IE>)))" attrs="krbPrincipalName
krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences
krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink
objectClass"
[13/Feb/2018:09:14:46.031713683 +0000] conn=45 op=31409 RESULT err=0
tag=101 nentries=1 etime=0
[13/Feb/2018:09:14:46.032193288 +0000] conn=45 op=31410 SRCH
base="dc=eggvfx,dc=ie" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/lithium.eggvfx.ie(a)EGGVFX.IE
<mailto:lithium.eggvfx.ie@EGGVFX.IE>)(krbPrincipalName:caseIgnoreIA5Match:=ldap/lithium.eggvfx.ie@EGGVFX.IE
<mailto:lithium.eggvfx.ie@EGGVFX.IE>)))" attrs="krbPrincipalName
krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences
krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink
objectClass"
[13/Feb/2018:09:14:46.032529772 +0000] conn=45 op=31410 RESULT err=0
tag=101 nentries=1 etime=0
[13/Feb/2018:09:14:46.032696842 +0000] conn=45 op=31411 SRCH
base="cn=EGGVFX.IE <
http://EGGVFX.IE>,cn=kerberos,dc=eggvfx,dc=ie"
scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[13/Feb/2018:09:14:46.032904807 +0000] conn=45 op=31411 RESULT err=0
tag=101 nentries=1 etime=0
[13/Feb/2018:09:14:46.033085928 +0000] conn=45 op=31412 SRCH
base="dc=eggvfx,dc=ie" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=admin(a)EGGVFX.IE
<mailto:admin@EGGVFX.IE>))" attrs="krbPrincipalName krbCanonicalName
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences
krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink
objectClass"
[13/Feb/2018:09:14:46.033377257 +0000] conn=45 op=31412 RESULT err=0
tag=101 nentries=1 etime=0
[13/Feb/2018:09:14:46.033555617 +0000] conn=45 op=31413 SRCH
base="cn=EGGVFX.IE <
http://EGGVFX.IE>,cn=kerberos,dc=eggvfx,dc=ie"
scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[13/Feb/2018:09:14:46.033714662 +0000] conn=45 op=31413 RESULT err=0
tag=101 nentries=1 etime=0
[13/Feb/2018:09:14:46.034731567 +0000] conn=192207 op=0 BIND dn=""
method=sasl version=3 mech=GSSAPI
[13/Feb/2018:09:14:46.776688499 +0000] conn=192207 op=0 RESULT err=14
tag=97 nentries=0 etime=1, SASL bind in progress
[13/Feb/2018:09:14:46.777340050 +0000] conn=192207 op=1 BIND dn=""
method=sasl version=3 mech=GSSAPI
[13/Feb/2018:09:14:46.779800986 +0000] conn=192207 op=1 RESULT err=14
tag=97 nentries=0 etime=0, SASL bind in progress
[13/Feb/2018:09:14:46.780131803 +0000] conn=192207 op=2 BIND dn=""
method=sasl version=3 mech=GSSAPI
[13/Feb/2018:09:14:46.781745436 +0000] conn=192207 op=2 RESULT err=0
tag=97 nentries=0 etime=0
dn="uid=admin,cn=users,cn=accounts,dc=eggvfx,dc=ie"
[13/Feb/2018:09:14:46.782496366 +0000] conn=192207 op=3 SRCH
base="cn=mapping tree,cn=config" scope=2
filter="(|(&(objectClass=nsds5ReplicationAgreement)(nsDS5ReplicaRoot=dc=eggvfx,dc=ie))(objectClass=nsDSWindowsReplicationAgreement))"
attrs=ALL
[13/Feb/2018:09:14:46.784970100 +0000] conn=192207 op=3 RESULT err=0
tag=101 nentries=1 etime=0
[13/Feb/2018:09:14:46.786072700 +0000] conn=192207 op=4 SRCH
base="cn=schema" scope=0 filter="(objectClass=*)"
attrs="attributeTypes
objectClasses"
[13/Feb/2018:09:14:46.992758156 +0000] conn=192207 op=4 RESULT err=0
tag=101 nentries=1 etime=0
[13/Feb/2018:09:14:47.274654147 +0000] conn=192208 fd=156 slot=156
connection from local to /var/run/slapd-EGGVFX-IE.socket
[13/Feb/2018:09:14:47.275257858 +0000] conn=192208 AUTOBIND
dn="cn=Directory Manager"
[13/Feb/2018:09:14:47.275266840 +0000] conn=192208 op=0 BIND
dn="cn=Directory Manager" method=sasl version=3 mech=EXTERNAL
[13/Feb/2018:09:14:47.275307838 +0000] conn=192208 op=0 RESULT err=0
tag=97 nentries=0 etime=0 dn="cn=Directory Manager"
[13/Feb/2018:09:14:47.286719997 +0000] conn=192208 op=1 SRCH
base="cn=Domain Level,cn=ipa,cn=etc,dc=eggvfx,dc=ie" scope=0
filter="(objectClass=*)" attrs="ipaDomainLevel"
[13/Feb/2018:09:14:47.286848507 +0000] conn=192208 op=1 RESULT err=0
tag=101 nentries=1 etime=0
[13/Feb/2018:09:14:47.287228472 +0000] conn=192208 op=2 SRCH
base="cn=schema" scope=0 filter="(objectClass=*)"
attrs="attributeTypes
objectClasses"
[13/Feb/2018:09:14:47.464093684 +0000] conn=192208 op=2 RESULT err=0
tag=101 nentries=1 etime=0
[13/Feb/2018:09:14:47.828827335 +0000] conn=192208 op=3 SRCH
base="cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" scope=1
filter="(objectClass=top)" attrs="ipaMaxDomainLevel cn ipaMinDomainLevel
ipaReplTopoManagedSuffix ipaLocation ipaServiceWeight"
[13/Feb/2018:09:14:47.829400972 +0000] conn=192208 op=3 RESULT err=0
tag=101 nentries=3 etime=0
[13/Feb/2018:09:14:47.834510410 +0000] conn=192208 op=4 SRCH
base="cn=topology,cn=ipa,cn=etc,dc=eggvfx,dc=ie" scope=1
filter="(objectClass=iparepltopoconf)" attrs="* cn ipaReplTopoConfRoot
aci"
[13/Feb/2018:09:14:47.834813555 +0000] conn=192208 op=4 RESULT err=0
tag=101 nentries=2 etime=0
[13/Feb/2018:09:14:47.845769945 +0000] conn=192208 op=5 SRCH
base="cn=nitrogen.eggvfx.ie
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
scope=0 filter="(objectClass=*)" attrs=""
[13/Feb/2018:09:14:47.845875163 +0000] conn=192208 op=5 RESULT err=0
tag=101 nentries=1 etime=0
[13/Feb/2018:09:14:47.846499455 +0000] conn=192208 op=6 SRCH
base="cn=nitrogen.eggvfx.ie
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
scope=2 filter="(cn=CA)" attrs="ipaConfigString cn"
[13/Feb/2018:09:14:47.846716314 +0000] conn=192208 op=6 RESULT err=0
tag=101 nentries=1 etime=0
[13/Feb/2018:09:14:47.847775298 +0000] conn=192208 op=7 SRCH
base="cn=nitrogen.eggvfx.ie
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
scope=2 filter="(|(cn=HTTP)(cn=KDC)(cn=KPASSWD))" attrs="ipaConfigString
cn"
[13/Feb/2018:09:14:47.848157025 +0000] conn=192208 op=7 RESULT err=0
tag=101 nentries=3 etime=0
[13/Feb/2018:09:14:47.850013297 +0000] conn=192208 op=8 SRCH
base="cn=nitrogen.eggvfx.ie
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
scope=2 filter="(|(cn=DNS)(cn=DNSKeySync))" attrs="ipaConfigString
cn"
[13/Feb/2018:09:14:47.850305924 +0000] conn=192208 op=8 RESULT err=0
tag=101 nentries=2 etime=0
[13/Feb/2018:09:14:47.851655036 +0000] conn=192208 op=9 SRCH
base="cn=nitrogen.eggvfx.ie
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
scope=2 filter="(cn=NTP)" attrs="ipaConfigString cn"
[13/Feb/2018:09:14:47.851833457 +0000] conn=192208 op=9 RESULT err=0
tag=101 nentries=1 etime=0
[13/Feb/2018:09:14:47.852812885 +0000] conn=192208 op=10 SRCH
base="cn=computers,cn=accounts,dc=eggvfx,dc=ie" scope=2
filter="(&(memberOf=cn=adtrust
agents,cn=sysaccounts,cn=etc,dc=eggvfx,dc=ie)(fqdn=nitrogen.eggvfx.ie
<
http://nitrogen.eggvfx.ie>))" attrs="* aci"
[13/Feb/2018:09:14:47.853031311 +0000] conn=192208 op=10 RESULT err=0
tag=101 nentries=0 etime=0
[13/Feb/2018:09:14:47.853536363 +0000] conn=192208 op=11 SRCH
base="cn=nitrogen.eggvfx.ie
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
scope=2 filter="(cn=KRA)" attrs="ipaConfigString cn"
[13/Feb/2018:09:14:47.853649454 +0000] conn=192208 op=11 RESULT err=0
tag=101 nentries=0 etime=0
[13/Feb/2018:09:14:47.854114915 +0000] conn=192208 op=12 SRCH
base="cn=nitrogen.eggvfx.ie
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
scope=2 filter="(cn=ADTRUST)" attrs="ipaConfigString cn"
[13/Feb/2018:09:14:47.854224953 +0000] conn=192208 op=12 RESULT err=0
tag=101 nentries=0 etime=0
[13/Feb/2018:09:14:47.855353962 +0000] conn=192208 op=13 SRCH
base="cn=lithium.eggvfx.ie
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
scope=0 filter="(objectClass=*)" attrs=""
[13/Feb/2018:09:14:47.855449266 +0000] conn=192208 op=13 RESULT err=0
tag=101 nentries=1 etime=0
[13/Feb/2018:09:14:47.855936058 +0000] conn=192208 op=14 SRCH
base="cn=lithium.eggvfx.ie
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
scope=2 filter="(cn=CA)" attrs="ipaConfigString cn"
[13/Feb/2018:09:14:47.856125343 +0000] conn=192208 op=14 RESULT err=0
tag=101 nentries=1 etime=0
[13/Feb/2018:09:14:47.857152859 +0000] conn=192208 op=15 SRCH
base="cn=lithium.eggvfx.ie
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
scope=2 filter="(|(cn=HTTP)(cn=KDC)(cn=KPASSWD))" attrs="ipaConfigString
cn"
[13/Feb/2018:09:14:47.857517597 +0000] conn=192208 op=15 RESULT err=0
tag=101 nentries=3 etime=0
[13/Feb/2018:09:14:47.859268273 +0000] conn=192208 op=16 SRCH
base="cn=lithium.eggvfx.ie
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
scope=2 filter="(|(cn=DNS)(cn=DNSKeySync))" attrs="ipaConfigString
cn"
[13/Feb/2018:09:14:47.859490110 +0000] conn=192208 op=16 RESULT err=0
tag=101 nentries=2 etime=0
[13/Feb/2018:09:14:47.860775424 +0000] conn=192208 op=17 SRCH
base="cn=lithium.eggvfx.ie
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
scope=2 filter="(cn=NTP)" attrs="ipaConfigString cn"
[13/Feb/2018:09:14:47.860938889 +0000] conn=192208 op=17 RESULT err=0
tag=101 nentries=1 etime=0
[13/Feb/2018:09:14:47.861949875 +0000] conn=192208 op=18 SRCH
base="cn=computers,cn=accounts,dc=eggvfx,dc=ie" scope=2
filter="(&(memberOf=cn=adtrust
agents,cn=sysaccounts,cn=etc,dc=eggvfx,dc=ie)(fqdn=lithium.eggvfx.ie
<
http://lithium.eggvfx.ie>))" attrs="* aci"
[13/Feb/2018:09:14:47.862121230 +0000] conn=192208 op=18 RESULT err=0
tag=101 nentries=0 etime=0
[13/Feb/2018:09:14:47.862930080 +0000] conn=192208 op=19 SRCH
base="cn=lithium.eggvfx.ie
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
scope=2 filter="(cn=KRA)" attrs="ipaConfigString cn"
[13/Feb/2018:09:14:47.863048094 +0000] conn=192208 op=19 RESULT err=0
tag=101 nentries=0 etime=0
[13/Feb/2018:09:14:47.863563059 +0000] conn=192208 op=20 SRCH
base="cn=lithium.eggvfx.ie
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
scope=2 filter="(cn=ADTRUST)" attrs="ipaConfigString cn"
[13/Feb/2018:09:14:47.863674190 +0000] conn=192208 op=20 RESULT err=0
tag=101 nentries=0 etime=0
[13/Feb/2018:09:14:47.864790724 +0000] conn=192208 op=21 SRCH
base="cn=oxygen.eggvfx.ie
<
http://oxygen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
scope=0 filter="(objectClass=*)" attrs=""
[13/Feb/2018:09:14:47.864996898 +0000] conn=192208 op=21 RESULT err=32
tag=101 nentries=0 etime=0
[13/Feb/2018:09:14:47.918001361 +0000] conn=192207 op=5 UNBIND
[13/Feb/2018:09:14:47.918035786 +0000] conn=192207 op=5 fd=155 closed - U1
[13/Feb/2018:09:14:47.922593141 +0000] conn=192208 op=22 UNBIND
[13/Feb/2018:09:14:47.922617042 +0000] conn=192208 op=22 fd=156 closed - U1
For verbosity's sake i haven't done this on nitrogen also, unless it is
required, if so let me know! I've also attached an image of the output
from the command itself to show you the seemingly useless error message.
Thanks again,
Jamal Mahmoud
<
http://www.egg.ie/>
*Jamal Mahmoud* / Pipeline TD
jamal.mahmoud(a)egg.ie <mailto:jamal.mahmoud@egg.ie>
35 Fitzwilliam Street Upper, Dublin.
P: +353 1 6345440
Twitter <
https://twitter.com/EggPost> Facebook
<
https://www.facebook.com/egg.post/> LinkedIn
<
http://www.linkedin.com/in/jamalmahmoud> Vimeo
<
https://vimeo.com/user9887735>
On 12 February 2018 at 20:27, Rob Crittenden <rcritten(a)redhat.com
<mailto:rcritten@redhat.com>> wrote:
Jamal Mahmoud wrote:
> Sure thing,
> Output on* lithium*:
>
> [root@lithium ~]# ipa-replica-manage del oxygen.eggvfx.ie
<
http://oxygen.eggvfx.ie>
> <
http://oxygen.eggvfx.ie> --force --cleanup
> oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie>
<
http://oxygen.eggvfx.ie>: server not found
What is baffling me the most is that the string 'server not found' is
not to be found in the IPA source. I can't tell where that is being
generated.
Can you provide a snippet of the 389-ds access log when you request the
deletion? That is in /var/log/dirsrv/slapd-REALM/access
Note that the log is write buffered so the content may not appear
immediately.
Seeing the queries being made and what the responses/errors are might
give me some ideas.
rob
>
>
> [root@lithium ~]# ipa domainlevel-get
> -----------------------
> Current domain level: 1
> -----------------------
>
>
> Output on *nitrogen*:
>
> [root@nitrogen ~]# ipa-replica-manage del oxygen.eggvfx.ie
<
http://oxygen.eggvfx.ie>
> <
http://oxygen.eggvfx.ie> --force --cleanup
> oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie>
<
http://oxygen.eggvfx.ie>: server not found
>
>
> [root@nitrogen ~]# ipa domainlevel-get
> -----------------------
> Current domain level: 1
> -----------------------
>
> I hope this helps,
>
> Jamal
>
> <
http://www.egg.ie/>
>
>
>
> *Jamal Mahmoud* / Pipeline TD
> jamal.mahmoud(a)egg.ie <mailto:jamal.mahmoud@egg.ie>
<mailto:jamal.mahmoud@egg.ie <mailto:jamal.mahmoud@egg.ie>>
>
> 35 Fitzwilliam Street Upper, Dublin.
> P: +353 1 6345440 <tel:%2B353%201%206345440>
>
> Twitter <
https://twitter.com/EggPost> Facebook
> <
https://www.facebook.com/egg.post/
<
https://www.facebook.com/egg.post/>> LinkedIn
> <
http://www.linkedin.com/in/jamalmahmoud
<
http://www.linkedin.com/in/jamalmahmoud>> Vimeo
> <
https://vimeo.com/user9887735>
>
>
> On 7 February 2018 at 20:34, Rob Crittenden <rcritten(a)redhat.com
<mailto:rcritten@redhat.com>
> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>>
wrote:
>
> Jamal Mahmoud via FreeIPA-users wrote:
> > Hi Rob,
> >
> > Just wondering if you had time to look at this issue for me? Still
stuck
> > in a state of limbo with this IDM and i have run out of options. Any
> > help in resolving this issue would be appreciated.
>
> A few more questions.
>
> What is the output of: ipa domainlevel-get
>
> Can you show the full output of ipa-replica-manage del oxygen... --force
> --cleanup
>
> And on what master are you running that?
>
> rob
>
> >
> > Many Thanks,
> > Jamal
> >
> >
> > On 1 February 2018 at 17:04, Jamal Mahmoud <jamal.mahmoud(a)egg.ie
<mailto:jamal.mahmoud@egg.ie>
<mailto:jamal.mahmoud@egg.ie <mailto:jamal.mahmoud@egg.ie>>
> > <mailto:jamal.mahmoud@egg.ie <mailto:jamal.mahmoud@egg.ie>
<mailto:jamal.mahmoud@egg.ie <mailto:jamal.mahmoud@egg.ie>>>>
wrote:
> >
> > Sorry about the lack of clarification Rob!
> >
> > I have 3 servers, all running CentOS 7.4, FreeIPA
version 4.5.0. the
> > hostnames are lithium, nitrogen and the recently
deceased oxygen.
> > all are masters under the same Realm which is EGGVFX.IE
<
http://EGGVFX.IE> <
http://EGGVFX.IE>
> > <http://EGGVFX.IE>
> >
> > The "server not found" error is exactly what shows when
i try to
> > delete the server from command line or the Web UI.
> >
> > When i run ipa-replica-manage list -v `hostname` this is
the output
> > from the servers:
> >
> > Lithium Output:
> > root@lithium# ipa-replica-manage list -v `hostname`
> > nitrogen.eggvfx.ie <
http://nitrogen.eggvfx.ie>
<
http://nitrogen.eggvfx.ie>
> <http://nitrogen.eggvfx.ie>: replica
> > last init status: 0 Total update succeeded
> > last init ended: 2018-02-01 10:51:14+00:00
> > last update status: Error (0) Replica acquired
successfully:
> > Incremental update succeeded
> > last update ended: 2018-02-01 16:24:37+00:00
> >
> > Nitrogen Output:
> > root@nitrogen# ipa-replica-manage list -v `hostname`
> > lithium.eggvfx.ie <
http://lithium.eggvfx.ie>
<
http://lithium.eggvfx.ie>
> <http://lithium.eggvfx.ie>: replica
> > last init status: None
> > last init ended: 1970-01-01 00:00:00+00:00
> > last update status: Error (0) Replica acquired
successfully:
> > Incremental update succeeded
> > last update ended: 2018-02-01 10:48:18+00:00
> > oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie>
<
http://oxygen.eggvfx.ie>
> <http://oxygen.eggvfx.ie>: replica
> > last init status: None
> > last init ended: 1970-01-01 00:00:00+00:00
> > last update status: Error (-1) Problem connecting to
replica -
> > LDAP error: Can't contact LDAP server (connection error)
> > last update ended: 1970-01-01 00:00:00+00:00
> >
> > There is no entries for oxygen in host-find. I hope this
helps clear
> > the story a bit for you.
> >
> > <http://www.egg.ie/>
> >
> >
> >
> > *Jamal Mahmoud* / Pipeline TD
> > jamal.mahmoud(a)egg.ie <mailto:jamal.mahmoud@egg.ie>
<mailto:jamal.mahmoud@egg.ie <mailto:jamal.mahmoud@egg.ie>>
> <mailto:jamal.mahmoud@egg.ie <mailto:jamal.mahmoud@egg.ie>
<mailto:jamal.mahmoud@egg.ie <mailto:jamal.mahmoud@egg.ie>>>
> >
> > 35 Fitzwilliam Street Upper, Dublin.
> > P: +353 1 6345440 <tel:%2B353%201%206345440>
<tel:%2B353%201%206345440>
> <tel:+353%201%20634%205440>
> >
> > Twitter <
https://twitter.com/EggPost> Facebook
> > <https://www.facebook.com/egg.post/
<
https://www.facebook.com/egg.post/>
> <https://www.facebook.com/egg.post/
<
https://www.facebook.com/egg.post/>>> LinkedIn
> > <http://www.linkedin.com/in/jamalmahmoud
<
http://www.linkedin.com/in/jamalmahmoud>
> <http://www.linkedin.com/in/jamalmahmoud
<
http://www.linkedin.com/in/jamalmahmoud>>> Vimeo
> > <https://vimeo.com/user9887735
<
https://vimeo.com/user9887735>>
> >
> >
> > On 1 February 2018 at 15:30, Rob Crittenden <rcritten(a)redhat.com
<mailto:rcritten@redhat.com>
<mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>
> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>
<mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>>> wrote:
> >
> > Jamal Mahmoud via FreeIPA-users wrote:
> > > I'm having strange issues with removing one of my
> freeIPA masters, I
> > > managed to mess up the deletion process and my system
> seems to be stuck
> > > in a state of limbo, my current setup is 3 servers ( 1
> has been
> > > decommissioned) that all share the CA/Domain
> responsibilities. When i
> > > run the command .>
> > > *ipa-replica-manage list*
> > > *
> > > *it produces 3 servers as active masters, when
this is not
> > true as i
> > > have uninstalled ipa-server on one. Trying to
delete it
> through that
> > > command has given me no luck, even using *--force* and
> > *--cleanup* does
> > > not work. the same error output appears:
> > >
> > > *oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie>
<
http://oxygen.eggvfx.ie>
> <http://oxygen.eggvfx.ie>
> > <http://oxygen.eggvfx.ie>: server not found*
> >
> > I think we need more information. What version of IPA is
> this, what
> > distribution?
> >
> > Is the above error the exact error you are getting?
> >
> > As I understand it you ran ipa-server-install
--uninstall and
> > THEN tried
> > to delete the master?
> >
> > What does ipa-replica-manage list -v `hostname` show
on one of
> > the other
> > masters?
> >
> > > *
> > > *
> > > I'm not very good with ldap tools but after running
> > >
> > > *ldapsearch -x *
> > > *
> > > *there is a reference to the oxygen server still
sitting in
> > there, it
> > > seems that the dirty entry is still hanging around my
> system, i'm
> > > wondering if there is any way to resolve this?
> > >
> > > ldapsearch output:
> > > *defaultServerList: oxygen.eggvfx.ie
<
http://oxygen.eggvfx.ie>
> <http://oxygen.eggvfx.ie> <
http://oxygen.eggvfx.ie>
> > <http://oxygen.eggvfx.ie>
> > > nitrogen.eggvfx.ie <
http://nitrogen.eggvfx.ie>
<
http://nitrogen.eggvfx.ie>
> <http://nitrogen.eggvfx.ie>
> > <http://nitrogen.eggvfx.ie> lithium.eggvfx.ie
<
http://lithium.eggvfx.ie>
> <http://lithium.eggvfx.ie>
> > <http://lithium.eggvfx.ie>
> > > <
http://lithium.eggvfx.ie>*
> >
> > An anonymous LDAP search won't show much.
> >
> > Does it show up in host-find?
> >
> > rob
> >
> > > *
> > > Looking at the topology graph in the web ui i can see
> that there are
> > > still ties between one of my servers and oxygen.
It will
> also not allow
> > > me to delete the server ties ( error: *Server is
> unwilling to
> > perform:
> > > Removal of Segment disconnects topology.Deletion not
> > allowed.)* nor will
> > > the ui allow me to delete the IPA server
> (*oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie>
<
http://oxygen.eggvfx.ie>
> > <http://oxygen.eggvfx.ie>
> > > <
http://oxygen.eggvfx.ie>: server not found*)
> > >
> > > Any help is greatly appreciated,
> > >
> > > Many Thanks,
> > > Jamal Mahmoud
> > >
> > >
> > >
> > > _______________________________________________
> > > FreeIPA-users mailing list --
> > freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>
> > <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>>
> > > To unsubscribe send an email to
> > freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
> <mailto:freeipa-users-leave@lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>>
> > <mailto:freeipa-users-leave@lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
> <mailto:freeipa-users-leave@lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>>>
> > >
> >
> >
> >
> >
> >
> > _______________________________________________
> > FreeIPA-users mailing list --
freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>
> > To unsubscribe send an email to
> freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
> <mailto:freeipa-users-leave@lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>>
> >
>
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org