Hi,
my IPA system consists of 2 masters (ipa1 and ipa2, both on FreeIPA
4.6.4) with their own self-signed CAs, one of them being the certificate
renewal master (ipa1). The system has been running for years and has
been migrated from an IPA 3 system. Both IPA servers are on domain level 1.
Problem: CS replication failed, probably months ago.
--- ipa1 ---
$ ipa-csreplica-manage -v list
ipa1.example.com
ipa2.example.com
last init status: None
last init ended: 1970-01-01 00:00:00+00:00
last update status: Error (-1) Problem connecting to replica - LDAP
error: Can't contact LDAP server (connection error)
last update ended: 1970-01-01 00:00:00+00:00
--
$ ipa-csreplica-manage -v list
ipa2.example.com
[no output]
----
Same on ipa2.
Probably related:
---
ERR - slapi_ldap_bind - Error: could not send startTLS request: error -1
(Can't contact LDAP server) errno 107 (Transport endpoint is not connected)
---
Every 5 mins in /var/log/dirsrv/slapd-EXAMPLE-COM/errors. However, these
error messages could refer to
ipa3.example.com, a master i deleted long
(> 2 years) ago:
---
$ ipa-replica-manage list-ruv
Replica Update Vectors:
ipa2.example.com:389: 10
ipa1.example.com:389: 9
Certificate Server Replica Update Vectors:
ipa2.example.com:389: 11
ipa1.example.com:389: 91
ipa2.example.com:7389: 96
ipa3.example.com:7389: 97
---
How do i track this down and resolve the problem?
Hi,
please find more information re. 389-ds troubleshooting:
Mit freundlichen Gruessen/With best regards,
--Daniel.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...