I never thought to dissect the ipa_check_consistency script.
I wasn’t going to add the SRV record until everything tested perfectly - didn’t want authorizations going
to server that wasn’t functioning.
added the SRV record. now THAT was an easy fix.
grant@ef-idm03:~[20181219-11:37][#111]$ ipa_check_consistency -d
PRODUCTION.EFILM.COM -W ********
FreeIPA servers: ef-idm01 ef-idm02 ef-idm03 STATE
=============================================================
Active Users 129 129 129 OK
Stage Users 7 7 7 OK
Preserved Users 0 0 0 OK
User Groups 22 22 22 OK
Hosts 158 158 158 OK
Host Groups 16 16 16 OK
HBAC Rules 5 5 5 OK
SUDO Rules 14 14 14 OK
DNS Zones ERROR ERROR ERROR OK
LDAP Conflicts NO NO NO OK
Ghost Replicas NO NO NO OK
Anonymous BIND YES YES YES OK
Replication Status ef-idm02 0 ef-idm01 0 ef-idm01 0
ef-idm03 0
=============================================================
grant@ef-idm03:~[20181220-5:42][#112]$
thanx
& merry christmas
- grant
This e-mail and any attachments are intended only for use by the addressee(s) named herein and may contain confidential information. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of
this email and any attachments is strictly prohibited. If you receive this email in error, please immediately notify the sender by return email and permanently delete the original, any copy and any printout thereof. The integrity and security of e-mail cannot
be guaranteed.