On Wed, 2014-03-12 at 22:03 +0000, Todd Maugh wrote: > skipping the con check due to a clock skew error
If your clock is wrong you won't have a functional replica anyway. Fix the clock. Simo. > ________________________________________ > From: Rob Crittenden [[email protected]] > Sent: Wednesday, March 12, 2014 2:39 PM > To: Todd Maugh; Simo Sorce; [email protected] > Subject: Re: [Freeipa-users] How to remove the CA cert from an IDM replica > > Todd Maugh wrote: > > Im seeing this error: > > > > where is the install log located > > > > [root@idm-rep02-w1c-aws ipa]# ipa-replica-install --setup-ca > > /var/lib/ipa/replica-info-idm-rep02-w1c-aws.ops.boingo.com.gpg > > --skip-conncheck > > Directory Manager (existing master) password: > > > > Configuring NTP daemon (ntpd) > > [1/4]: stopping ntpd > > [2/4]: writing configuration > > [3/4]: configuring ntpd to start on boot > > [4/4]: starting ntpd > > Done configuring NTP daemon (ntpd). > > A CA is already configured on this system. > > # /usr/bin/pkiremove -pki_instance_root=/var/lib > -pki_instance_name=pki-ca --force > > > [root@idm-rep02-w1c-aws ipa]# ipa-replica-install > > /var/lib/ipa/replica-info-idm-rep02-w1c-aws.ops.boingo.com.gpg > > --skip-conncheck > > Directory Manager (existing master) password: > > > > Configuring NTP daemon (ntpd) > > [1/4]: stopping ntpd > > [2/4]: writing configuration > > [3/4]: configuring ntpd to start on boot > > [4/4]: starting ntpd > > Done configuring NTP daemon (ntpd). > > Configuring directory server (dirsrv): Estimated time 1 minute > > [1/31]: creating directory server user > > [2/31]: creating directory server instance > > [3/31]: adding default schema > > [4/31]: enabling memberof plugin > > [5/31]: enabling winsync plugin > > [6/31]: configuring replication version plugin > > [7/31]: enabling IPA enrollment plugin > > [8/31]: enabling ldapi > > [9/31]: disabling betxn plugins > > [10/31]: configuring uniqueness plugin > > [11/31]: configuring uuid plugin > > [12/31]: configuring modrdn plugin > > [13/31]: enabling entryUSN plugin > > [14/31]: configuring lockout plugin > > [15/31]: creating indices > > [16/31]: enabling referential integrity plugin > > [17/31]: configuring ssl for ds instance > > [18/31]: configuring certmap.conf > > [19/31]: configure autobind for root > > [20/31]: configure new location for managed entries > > [21/31]: restarting directory server > > [22/31]: setting up initial replication > > Starting replication, please wait until this has completed. > > [idm-master-els.ops.boingo.com] reports: Update failed! Status: [-1 - LDAP > > error: Can't contact LDAP server] > > Why are you skipping the conncheck? It looks like there is a firewall issue. > > rob > -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
