6:21 a.m.
Hi,
I am trying to create a replica, but somehow I keep getting this error:
[26/39]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 14 seconds elapsed
[ldap://free02.ipa.local:389] reports: Update failed! Status: [Error
(-1) - LDAP error: Can't contact LDAP server - no response received]
I am joining it this way:
sudo ipa-replica-install -w mypass -n ipa.local --server
free02.ipa.local --hostname freeipa02.francis.local --ntp-pool
ntp.uio.no --force-join --setup-dns --auto-forwarders --skip-conncheck
What can I do to investigate it?
I see that the 389 port is reachable from the server on which I want to
install a replica.
Any tips would be welcome!
Best,
--
Francis Augusto Medeiros-Logeay
Oslo, Norway
7:05 a.m.
New subject: Replica install: LDAP error: Can't contact LDAP server - no response received
Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
Hi,
I am trying to create a replica, but somehow I keep getting this error:
[26/39]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 14 seconds elapsed
[ldap://free02.ipa.local:389] reports: Update failed! Status: [Error
(-1) - LDAP error: Can't contact LDAP server - no response received]
I am joining it this way:
sudo ipa-replica-install -w mypass -n ipa.local --server
free02.ipa.local --hostname freeipa02.francis.local --ntp-pool
ntp.uio.no --force-join --setup-dns --auto-forwarders --skip-conncheck
What can I do to investigate it?
I see that the 389 port is reachable from the server on which I want to
install a replica.
Why are you using --skip-conncheck?
rob
7:11 a.m.
New subject: Replica install: LDAP error: Can't contact LDAP server - no response received
---
Francis Augusto Medeiros-Logeay
Oslo, Norway
On 2023-01-06 14:05, Rob Crittenden via FreeIPA-users wrote:
Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
> Hi,
>
> I am trying to create a replica, but somehow I keep getting this
> error:
>
> [26/39]: setting up initial replication
> Starting replication, please wait until this has completed.
> Update in progress, 14 seconds elapsed
> [ldap://free02.ipa.local:389] reports: Update failed! Status: [Error
> (-1) - LDAP error: Can't contact LDAP server - no response received]
>
>
> I am joining it this way:
>
> sudo ipa-replica-install -w mypass -n ipa.local --server
> free02.ipa.local --hostname freeipa02.francis.local --ntp-pool
> ntp.uio.no --force-join --setup-dns --auto-forwarders --skip-conncheck
>
> What can I do to investigate it?
>
> I see that the 389 port is reachable from the server on which I want
> to
> install a replica.
>
Why are you using --skip-conncheck?
It fails when not using it:
Client configuration complete.
The ipa-client-install command was successful
Lookup failed: Preferred host freeipa02.francis.local does not provide
DNS.
Could not resolve hostname freeipa02.francis.local using DNS. Clients
may not function properly. Please check your DNS setup. (Note that this
check queries IPA DNS directly and ignores /etc/hosts.)
Continue? [no]: yes
Checking DNS forwarders, please wait ...
Run connection check to master
Removing client side components
Unenrolling client from IPA server
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
/etc/sssd/sssd.conf.deleted
Restoring client configuration files
Restoring ipa.local as NIS domain.
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Systemwide CA database updated.
Client uninstall complete.
The ipa-client-install command was successful
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
Connection check failed!
Best,
Francis
> rob
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to
> freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
7:53 a.m.
New subject: Replica install: LDAP error: Can't contact LDAP server - no response received
On Fri, Jan 6, 2023 at 10:30 AM Francis Augusto Medeiros-Logeay via
FreeIPA-users <freeipa-users(a)lists.fedorahosted.org> wrote:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
---
Francis Augusto Medeiros-Logeay
Oslo, Norway
On 2023-01-06 14:05, Rob Crittenden via FreeIPA-users wrote:
> Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
>> Hi,
>>
>> I am trying to create a replica, but somehow I keep getting this
>> error:
>>
>> [26/39]: setting up initial replication
>> Starting replication, please wait until this has completed.
>> Update in progress, 14 seconds elapsed
>> [ldap://free02.ipa.local:389] reports: Update failed! Status: [Error
>> (-1) - LDAP error: Can't contact LDAP server - no response received]
>>
>>
>> I am joining it this way:
>>
>> sudo ipa-replica-install -w mypass -n ipa.local --server
>> free02.ipa.local --hostname freeipa02.francis.local --ntp-pool
>> ntp.uio.no --force-join --setup-dns --auto-forwarders --skip-conncheck
>>
>> What can I do to investigate it?
>>
>> I see that the 389 port is reachable from the server on which I want
>> to
>> install a replica.
>>
>
> Why are you using --skip-conncheck?
It fails when not using it:
Client configuration complete.
The ipa-client-install command was successful
Lookup failed: Preferred host freeipa02.francis.local does not provide
DNS.
Could not resolve hostname freeipa02.francis.local using DNS. Clients
may not function properly. Please check your DNS setup. (Note that this
check queries IPA DNS directly and ignores /etc/hosts.)
Continue? [no]: yes
Checking DNS forwarders, please wait ...
Run connection check to master
Removing client side components
Unenrolling client from IPA server
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
/etc/sssd/sssd.conf.deleted
Restoring client configuration files
Restoring ipa.local as NIS domain.
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Systemwide CA database updated.
Client uninstall complete.
The ipa-client-install command was successful
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
Connection check failed!
I'm assuming you are using IPA DNS, as it seems the issue is a DNS
misconfiguration (happens a lot to me).
Please, provide "--ip-address=IP_ADDRESS" on the command line.
This will add an entry to IPA DNS for the host, and you will not have to
skip connection check. It may also fix the issue for the replica
installation.
Rafael
Best,
Francis
> rob
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to
> freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
--
Rafael Guterres Jeffman
Senior Software Engineer
FreeIPA - Red Hat
10:05 a.m.
New subject: Replica install: LDAP error: Can't contact LDAP server - no response received
On 6 Jan 2023, at 14:53, Rafael Jeffman <rjeffman(a)redhat.com>
wrote:
On Fri, Jan 6, 2023 at 10:30 AM Francis Augusto Medeiros-Logeay via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>> wrote:
>
>
>
> ---
> Francis Augusto Medeiros-Logeay
> Oslo, Norway
>
> On 2023-01-06 14:05, Rob Crittenden via FreeIPA-users wrote:
> > Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
> >> Hi,
> >>
> >> I am trying to create a replica, but somehow I keep getting this
> >> error:
> >>
> >> [26/39]: setting up initial replication
> >> Starting replication, please wait until this has completed.
> >> Update in progress, 14 seconds elapsed
> >> [ldap://free02.ipa.local:389] reports: Update failed! Status: [Error
> >> (-1) - LDAP error: Can't contact LDAP server - no response received]
> >>
> >>
> >> I am joining it this way:
> >>
> >> sudo ipa-replica-install -w mypass -n ipa.local --server
> >> free02.ipa.local --hostname freeipa02.francis.local --ntp-pool
> >> ntp.uio.no <http://ntp.uio.no/> --force-join --setup-dns
--auto-forwarders --skip-conncheck
> >>
> >> What can I do to investigate it?
> >>
> >> I see that the 389 port is reachable from the server on which I want
> >> to
> >> install a replica.
> >>
> >
> > Why are you using --skip-conncheck?
>
> It fails when not using it:
>
> Client configuration complete.
> The ipa-client-install command was successful
>
> Lookup failed: Preferred host freeipa02.francis.local does not provide
> DNS.
> Could not resolve hostname freeipa02.francis.local using DNS. Clients
> may not function properly. Please check your DNS setup. (Note that this
> check queries IPA DNS directly and ignores /etc/hosts.)
> Continue? [no]: yes
> Checking DNS forwarders, please wait ...
> Run connection check to master
> Removing client side components
> Unenrolling client from IPA server
> Removing Kerberos service principals from /etc/krb5.keytab
> Disabling client Kerberos and LDAP configurations
> Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
> /etc/sssd/sssd.conf.deleted
> Restoring client configuration files
> Restoring ipa.local as NIS domain.
> nscd daemon is not installed, skip configuration
> nslcd daemon is not installed, skip configuration
> Systemwide CA database updated.
> Client uninstall complete.
> The ipa-client-install command was successful
>
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> Connection check failed!
>
I'm assuming you are using IPA DNS, as it seems the issue is a DNS
misconfiguration (happens a lot to me).
Please, provide "--ip-address=IP_ADDRESS" on the command line.
This will add an entry to IPA DNS for the host, and you will not have to
skip connection check. It may also fix the issue for the replica
installation.
It works now - I restarted the server, added the DNS records (A, reverse and @), and the
only issue was that it didn’t resolve a second replica:
unable to resolve host name free02.ipa.local. to IP address, ipa-ca DNS record will be
incomplete
But it seems to work nevertheless.
Best,
Francis
11:49 a.m.
New subject: Replica install: LDAP error: Can't contact LDAP server - no response received
On Fri, Jan 6, 2023 at 1:25 PM Francis Augusto Medeiros-Logeay via
FreeIPA-users <freeipa-users(a)lists.fedorahosted.org> wrote:
On 6 Jan 2023, at 14:53, Rafael Jeffman <rjeffman(a)redhat.com> wrote:
On Fri, Jan 6, 2023 at 10:30 AM Francis Augusto Medeiros-Logeay via
FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
>
>
>
> ---
> Francis Augusto Medeiros-Logeay
> Oslo, Norway
>
> On 2023-01-06 14:05, Rob Crittenden via FreeIPA-users wrote:
> > Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
> >> Hi,
> >>
> >> I am trying to create a replica, but somehow I keep getting this
> >> error:
> >>
> >> [26/39]: setting up initial replication
> >> Starting replication, please wait until this has completed.
> >> Update in progress, 14 seconds elapsed
> >> [ldap://free02.ipa.local:389] reports: Update failed! Status: [Error
> >> (-1) - LDAP error: Can't contact LDAP server - no response received]
> >>
> >>
> >> I am joining it this way:
> >>
> >> sudo ipa-replica-install -w mypass -n ipa.local --server
> >> free02.ipa.local --hostname freeipa02.francis.local --ntp-pool
> >> ntp.uio.no --force-join --setup-dns --auto-forwarders
--skip-conncheck
> >>
> >> What can I do to investigate it?
> >>
> >> I see that the 389 port is reachable from the server on which I want
> >> to
> >> install a replica.
> >>
> >
> > Why are you using --skip-conncheck?
>
> It fails when not using it:
>
> Client configuration complete.
> The ipa-client-install command was successful
>
> Lookup failed: Preferred host freeipa02.francis.local does not provide
> DNS.
> Could not resolve hostname freeipa02.francis.local using DNS. Clients
> may not function properly. Please check your DNS setup. (Note that this
> check queries IPA DNS directly and ignores /etc/hosts.)
> Continue? [no]: yes
> Checking DNS forwarders, please wait ...
> Run connection check to master
> Removing client side components
> Unenrolling client from IPA server
> Removing Kerberos service principals from /etc/krb5.keytab
> Disabling client Kerberos and LDAP configurations
> Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
> /etc/sssd/sssd.conf.deleted
> Restoring client configuration files
> Restoring ipa.local as NIS domain.
> nscd daemon is not installed, skip configuration
> nslcd daemon is not installed, skip configuration
> Systemwide CA database updated.
> Client uninstall complete.
> The ipa-client-install command was successful
>
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> Connection check failed!
>
I'm assuming you are using IPA DNS, as it seems the issue is a DNS
misconfiguration (happens a lot to me).
Please, provide "--ip-address=IP_ADDRESS" on the command line.
This will add an entry to IPA DNS for the host, and you will not have to
skip connection check. It may also fix the issue for the replica
installation.
It works now - I restarted the server, added the DNS records (A, reverse
and @),
and the only issue was that it didn’t resolve a second replica:
unable to resolve host name free02.ipa.local. to IP address, ipa-ca DNS
record will
be incomplete
But it seems to work nevertheless.
Best,
Francis
Good to see that it works for you.
There might be other reasons, but when a replica installation fails for me,
almost always, it is related to some DNS issue.
Rafael
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
--
Rafael Guterres Jeffman
Senior Software Engineer
FreeIPA - Red Hat
7:14 a.m.
New subject: Replica install: LDAP error: Can't contact LDAP server - no response received
On Fri, Jan 6, 2023 at 9:40 AM Francis Augusto Medeiros-Logeay via
FreeIPA-users <freeipa-users(a)lists.fedorahosted.org> wrote:
Hi,
I am trying to create a replica, but somehow I keep getting this error:
[26/39]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 14 seconds elapsed
[ldap://free02.ipa.local:389] reports: Update failed! Status: [Error
(-1) - LDAP error: Can't contact LDAP server - no response received]
I am joining it this way:
sudo ipa-replica-install -w mypass -n ipa.local --server
free02.ipa.local --hostname freeipa02.francis.local --ntp-pool
ntp.uio.no --force-join --setup-dns --auto-forwarders --skip-conncheck
What can I do to investigate it?
I see that the 389 port is reachable from the server on which I want to
install a replica.
Any tips would be welcome!
I'd start with /varr/log/ipareplica-install.log on the replica node.
I would also not use --force-join and --skip-conncheck, unless I really
need, as they might mask other issues.
Rafael
Best,
--
Francis Augusto Medeiros-Logeay
Oslo, Norway
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
--
Rafael Guterres Jeffman
Senior Software Engineer
FreeIPA - Red Hat
7:24 a.m.
New subject: Replica install: LDAP error: Can't contact LDAP server - no response received
It does work without --force-join, but I still keep having this:
Hostname (freeipa02.francis.local) does not have A/AAAA record.
Failed to update DNS records.
Missing A/AAAA record(s) for host freeipa02.francis.local: 10.120.41.21.
Missing reverse record(s) for address(es): 10.120.41.21.
And when starting replication:
Lookup failed: Preferred host freeipa02.francis.local does not provide
DNS.
Could not resolve hostname freeipa02.francis.local using DNS. Clients
may not function properly. Please check your DNS setup. (Note that this
check queries IPA DNS directly and ignores /etc/hosts.)
Joining is not creating the DNS entries. I got this error even when
adding DNS records beforehand.
Best,
Francis
On 2023-01-06 14:14, Rafael Jeffman via FreeIPA-users wrote:
On Fri, Jan 6, 2023 at 9:40 AM Francis Augusto Medeiros-Logeay via
FreeIPA-users <freeipa-users(a)lists.fedorahosted.org> wrote:
>
> Hi,
>
> I am trying to create a replica, but somehow I keep getting this
> error:
>
> [26/39]: setting up initial replication
> Starting replication, please wait until this has completed.
> Update in progress, 14 seconds elapsed
> [ldap://free02.ipa.local:389] reports: Update failed! Status: [Error
> (-1) - LDAP error: Can't contact LDAP server - no response received]
>
>
> I am joining it this way:
>
> sudo ipa-replica-install -w mypass -n ipa.local --server
> free02.ipa.local --hostname freeipa02.francis.local --ntp-pool
> ntp.uio.no [1] --force-join --setup-dns --auto-forwarders
> --skip-conncheck
>
> What can I do to investigate it?
>
> I see that the 389 port is reachable from the server on which I want
> to
> install a replica.
>
> Any tips would be welcome!
>
I'd start with /varr/log/ipareplica-install.log on the replica node.
I would also not use --force-join and --skip-conncheck, unless I really
need, as they might mask other issues.
Rafael
It d
Links:
------
[1] http://ntp.uio.no
495
days inactive
495
days old
freeipa-users@lists.fedorahosted.org
7 comments
3 participants
participants (3)
-
Francis Augusto Medeiros-Logeay -
Rafael Jeffman -
Rob Crittenden