Hi,
I moved this conversation to freeipa-users instead of freeipa-devel (the devel mailing list is for development topics, not user help).
On Wed, Oct 23, 2024 at 9:04 AM Kao via FreeIPA-devel < freeipa-devel@lists.fedorahosted.org> wrote:
Issue:
I'm deploying FreeIPA replica on azure VM,using Rocky 9.3 on both Master and client(replica) VM, and borh version of FreeIPA is 4.11.0. This two vm is in the same virtual network
master and client deployment is fine, but when installing replica on client vm, it always get error:
[1/3]: configuring TLS for DS instance [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE) Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR Certificate issuance failed (CA_UNREACHABLE) ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
i've already check firewall and access right of the ca file on master.
it have spend two days on this, really need some help!!
Please provide the whole log for /var/log/ipareplica-install.log. Did you use --skip-conncheck argument when installing the replica? What was the umask on the server when it got installed? The replica gets information from the master, can you check the content of /var/log/httpd/error_log? Do you see a line with cert_request from the replica?
flo
-- _______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
freeipa-users@lists.fedorahosted.org