Apologies, I didn't get the whole debug log message in the email: root : DEBUG Init ldap with: ldap://<a href="http://ipa.test.net:389" target="_blank">ipa.test.net:389</a> root : ERROR LDAP Error: Connect error: Start TLS request accepted. Server willing to negotiate SSL root : DEBUG will use domain: <a href="http://test.net" target="_blank">test.net</a> root : DEBUG will use server: <a href="http://ipa.test.net" target="_blank">ipa.test.net</a> Failed to verify that <a href="http://ipa.test.net/" target="_blank">ipa.test.net</a> is an IPA server This may mean that the remote server is not up or is not reachable due to network or firewall setting Regards, Charlie <div class="gmail_quote">On Wed, Jun 22, 2011 at 10:44 AM, Charlie Derwent <<a href="mailto:shelltoesuperstar@gmail.com" target="_blank">shelltoesuperstar@gmail.com</a>> wrote: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi I'm running FreeIPA server on F14 and connecting to a F14 client. When I run ipa-client-install (via kickstart or after the client has installed) I'm getting the following error message. root : DEBUG root : ERROR LDAP Error: Connect error: Start TLS request accepted. Server willing to negotiate SSL Failed to verify that <a href="http://ipa.test.net" target="_blank">ipa.test.net</a> is an IPA server This may mean that the remote server is not up or is not reachable due to network or firewall settings The ipa server is definately up and running, it's still authenticating other servers in the network and when I rebuild the client with rhel or centos it can enroll (almost) without issue (see below). The second issue was this certmonger related bug where certmonger fails to start on new install (<a href="https://bugzilla.redhat.com/show_bug.cgi?id=636894" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=636894</a>) was it resolved in Red Hat 5 as I think i'm expering the issue with my RH5u6 clients? Thanks Charlie </blockquote></div>