We have a pair of FreeIPA servers (1 master and 1 replica)

Freeipa server version 4.6.8

Recently when we are trying to enroll any new freeipa client to the server, the installation goes successful, but AD user login does not work. Even the client fails to retrieve AD user information using id command. This works fine on the FreeIPA server.

Freeipa local user login is working fine on the client. 

There are other FreeIPA clients, where the AD user login is working fine. We generally use Ansible to join FreeIPA. So the installation process is also the same for all servers. Not sure why, recently it does not work. Any advice would be really helpful.

Freeipa client version 4.8.6

In the logs mostly I am seeing below error -

[ipa_s2n_get_user_done] (0x0040): s2n exop request failed.

Thanks

Suchi