Pieter Baele via FreeIPA-users wrote:
Hi,
I've a weird problem with 2 hosts on ipa-client-install registration.
All my servers are using a 99% alike kickstart profile.
8 hosts did their registration almost immediately (after submit of admin)
But on 2 servers I am stuck with:
stderr=
trying to retrieve CA cert via LDAP from ....
Any idea what the reason could be? I checked: DNS, firewall
But all verifications and discovery before this step are successful.
It's only possible I did a ipa-client-uninstall on those hosts before.
(not 100% sure)
Shouldn't matter unless you are running an ancient version of RHEL 6.x.
I'd start with the 389-ds access log and the KDC log on the IPA master
and see if connections are being made at all, and with what results.
rob