[Freeipa-users] Problems after upgrade

Some time ago we upgraded our IPA servers from CentOS 7.x to Oracle Linux 8.3. We did it exactly as recommended in the respective documentation. A few days ago we found out that two out of our eight servers do not work as they should. On both of them pki-tomcatd refuses to start. The two servers are ipa2 and ipa6 - both have the CA feature installed. Additionally, on ipa6 configuration is not replicated to the other servers. ipa2 seems to have even more problems. kinit does not work, neither does the WebGUI. My first question is addressed to Rob. Is ipa-healthcheck checking the whole IPA server landscape or does it check only the server where the command is issued? What would probably be the best way to make these two servers work normal again? (I am thinking of just ripping these two servers out of the topology and setting them up from scratch again?) Cheers, Ronald