<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">On 06/21/2013 02:39 PM, Joshua J. Kugler wrote: </div> <blockquote cite="mid:1392279.d0LL815NkN@hosanna" type="cite"> <pre wrap="">On Friday, June 21, 2013 09:26:36 Rob Crittenden wrote: </pre> <blockquote type="cite"> <pre wrap="">We'd need to see /var/log/ipareplica-install.log to see what the LDAP error is. If you look on the remote master DS access log it may have additional information on what was requested. </pre> </blockquote> <pre wrap=""> Logs attached. 10.10.0.50 is the new replica. No metion the new replica in the error logs. At least not that I can see.</pre> </blockquote> 2013-06-21T20:12:12Z INFO The ipa-replica-install command failed, exception: PROTOCOL_ERROR: {'info': 'unsupported extended operation', 'desc': 'Protocol error'} This is from here: slapd-PKI-CA.access.log [21/Jun/2013:13:26:54 -0700] conn=53 fd=64 slot=64 connection from 10.10.0.50 to 10.10.0.4 [21/Jun/2013:13:26:54 -0700] conn=53 op=0 EXT oid="1.3.6.1.4.1.1466.20037" [21/Jun/2013:13:26:54 -0700] conn=53 op=0 RESULT err=2 tag=120 nentries=0 etime=0 [21/Jun/2013:13:26:54 -0700] conn=53 op=1 UNBIND The server cannot respond to the startTLS request - which means the server has not been configured for TLS/SSL. <blockquote cite="mid:1392279.d0LL815NkN@hosanna" type="cite"> <pre wrap=""> </pre> <fieldset class="mimeAttachmentHeader"></fieldset> <pre wrap="">_______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> </body> </html>