[Freeipa-users] error adding replica (2)

Steven Jones Steven.Jones at vuw.ac.nz
Sun Dec 2 20:02:51 UTC 2012 

Hi,

Any ideas?  I have moved the CA cert off the original ipam001 to ipam002 and built a fresh iapm001 when I try and join it to ipam002 I get the error below.

ipam003 was removed off the old ipam001 and added to ipam002 perfectly.

>From google it was suggested kerberos might be caching but Ive rebooted all the IPA servers at least once and ipam002 (it holds the CA) 3 times over 8 hours....no joy.

I also did a search for the principal as suggested by Rob, output below.

==============
[root at vuwunicoipam001 ~]# ipa-replica-install --setup-dns --no-reverse --forwarder=130.195.85.25 /root/replica/replica-info-vuwunicoipam001.ods.vuw.ac.nz.gpg --skip-conncheck
Directory Manager (existing master) password: 

Configuring ntpd
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
done configuring ntpd.
Configuring directory server: Estimated time 1 minute
  [1/30]: creating directory server user
  [2/30]: creating directory server instance
  [3/30]: adding default schema
  [4/30]: enabling memberof plugin
  [5/30]: enabling referential integrity plugin
  [6/30]: enabling winsync plugin
  [7/30]: configuring replication version plugin
  [8/30]: enabling IPA enrollment plugin
  [9/30]: enabling ldapi
  [10/30]: configuring uniqueness plugin
  [11/30]: configuring uuid plugin
  [12/30]: configuring modrdn plugin
  [13/30]: enabling entryUSN plugin
  [14/30]: configuring lockout plugin
  [15/30]: creating indices
  [16/30]: configuring ssl for ds instance
  [17/30]: configuring certmap.conf
  [18/30]: configure autobind for root
  [19/30]: configure new location for managed entries
  [20/30]: restarting directory server
  [21/30]: setting up initial replication
Starting replication, please wait until this has completed.
[vuwunicoipam002.ods.vuw.ac.nz] reports: Update failed! Status: [-2  - System error]
creation of replica failed: Failed to start replication

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
[root at vuwunicoipam001 ~]# 
============

============
  [20/30]: restarting directory server
ipa         : DEBUG    args=/sbin/service dirsrv restart ODS-VUW-AC-NZ
ipa         : DEBUG    stdout=Shutting down dirsrv: 
    ODS-VUW-AC-NZ...                                       [  OK  ]
Starting dirsrv: 
    ODS-VUW-AC-NZ...                                       [  OK  ]

ipa         : DEBUG    stderr=
ipa         : DEBUG    args=/sbin/service dirsrv status ODS-VUW-AC-NZ
ipa         : DEBUG    stdout=dirsrv ODS-VUW-AC-NZ (pid 10552) is running...

ipa         : DEBUG    stderr=
ipa         : DEBUG      duration: 3 seconds
ipa         : DEBUG      [21/30]: setting up initial replication
  [21/30]: setting up initial replication
ipa         : DEBUG    args=/sbin/service dirsrv restart ODS-VUW-AC-NZ
ipa         : DEBUG    stdout=Shutting down dirsrv: 
    ODS-VUW-AC-NZ...                                       [  OK  ]
Starting dirsrv: 
    ODS-VUW-AC-NZ...                                       [  OK  ]

ipa         : DEBUG    stderr=
Starting replication, please wait until this has completed.
[vuwunicoipam002.ods.vuw.ac.nz] reports: Update failed! Status: [-2  - System error]
creation of replica failed: Failed to start replication
ipa         : DEBUG    Failed to start replication
  File "/usr/sbin/ipa-replica-install", line 496, in <module>
    main()

  File "/usr/sbin/ipa-replica-install", line 432, in main
    ds = install_replica_ds(config)

  File "/usr/sbin/ipa-replica-install", line 147, in install_replica_ds
    pkcs12_info)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py", line 282, in create_replica
    self.start_creation("Configuring directory server", 60)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 257, in start_creation
    method()

  File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py", line 295, in __setup_replica
    r_bindpw=self.dm_password)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/replication.py", line 748, in setup_replication
    raise RuntimeError("Failed to start replication")


Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
[root at vuwunicoipam001 ~]# 

============

[root at vuwunicoipam002 ~]# ldapsearch -x -b 'cn=services,cn=accounts,dc=ods,dc=vuw,dc=ac,dc=nz' '(krbprincipalname=*ods-directory*)'
# extended LDIF
#
# LDAPv3
# base <cn=services,cn=accounts,dc=ods,dc=vuw,dc=ac,dc=nz> with scope subtree
# filter: (krbprincipalname=*ods-directory*)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1
[root at vuwunicoipam002 ~]# 

===========






regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

More information about the Freeipa-users mailing list