Re: [Freeipa-users] How to remove the CA cert from an IDM replica

Wed, 12 Mar 2014 14:42:35 -0700 

Todd Maugh wrote:

Im seeing this error:

where is the install log located

[root@idm-rep02-w1c-aws ipa]# ipa-replica-install --setup-ca 
/var/lib/ipa/replica-info-idm-rep02-w1c-aws.ops.boingo.com.gpg --skip-conncheck
Directory Manager (existing master) password:

Configuring NTP daemon (ntpd)
   [1/4]: stopping ntpd
   [2/4]: writing configuration
   [3/4]: configuring ntpd to start on boot
   [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
A CA is already configured on this system.
# /usr/bin/pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca --force 


[root@idm-rep02-w1c-aws ipa]# ipa-replica-install  
/var/lib/ipa/replica-info-idm-rep02-w1c-aws.ops.boingo.com.gpg --skip-conncheck
Directory Manager (existing master) password:

Configuring NTP daemon (ntpd)
   [1/4]: stopping ntpd
   [2/4]: writing configuration
   [3/4]: configuring ntpd to start on boot
   [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
   [1/31]: creating directory server user
   [2/31]: creating directory server instance
   [3/31]: adding default schema
   [4/31]: enabling memberof plugin
   [5/31]: enabling winsync plugin
   [6/31]: configuring replication version plugin
   [7/31]: enabling IPA enrollment plugin
   [8/31]: enabling ldapi
   [9/31]: disabling betxn plugins
   [10/31]: configuring uniqueness plugin
   [11/31]: configuring uuid plugin
   [12/31]: configuring modrdn plugin
   [13/31]: enabling entryUSN plugin
   [14/31]: configuring lockout plugin
   [15/31]: creating indices
   [16/31]: enabling referential integrity plugin
   [17/31]: configuring ssl for ds instance
   [18/31]: configuring certmap.conf
   [19/31]: configure autobind for root
   [20/31]: configure new location for managed entries
   [21/31]: restarting directory server
   [22/31]: setting up initial replication
Starting replication, please wait until this has completed.
[idm-master-els.ops.boingo.com] reports: Update failed! Status: [-1  - LDAP 
error: Can't contact LDAP server]


Why are you skipping the conncheck? It looks like there is a firewall issue.

rob

_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to