<div dir="ltr"><div>Some error i found :</div><div><br></div><div><br></div><div><a href="http://server1.abc.com:636">server1.abc.com:636</a> (/etc/dirsrv/slapd-abc-COM)</div><div><br></div><div>[29/Jun/2014:02:00:56 +0800] - 389-Directory/<a href="http://1.2.11.25">1.2.11.25</a> B2013.325.1951 starting up</div>
<div>[29/Jun/2014:02:00:56 +0800] attrcrypt - attrcrypt_unwrap_key: failed to unwrap key for cipher AES</div><div>[29/Jun/2014:02:00:56 +0800] attrcrypt - attrcrypt_cipher_init: symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value.</div>
<div>[29/Jun/2014:02:00:56 +0800] attrcrypt - attrcrypt_unwrap_key: failed to unwrap key for cipher 3DES</div><div>[29/Jun/2014:02:00:56 +0800] attrcrypt - attrcrypt_cipher_init: symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value.</div>
<div>[29/Jun/2014:02:00:56 +0800] attrcrypt - All prepared ciphers are not available. Please disable attribute encryption.</div><div>[29/Jun/2014:02:00:56 +0800] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=abc,dc=com</div>
<div>[29/Jun/2014:02:00:57 +0800] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=abc,dc=com</div><div>[29/Jun/2014:02:00:57 +0800] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=abc,dc=com</div>
<div>[29/Jun/2014:02:00:57 +0800] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=abc,dc=com--no CoS Templates found, which should be added before the CoS Definition.</div><div>[29/Jun/2014:02:00:57 +0800] set_krb5_creds - Could not get initial credentials for principal [ldap/server1.abc.com@abc.COM] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested realm)</div>
<div>[29/Jun/2014:02:00:58 +0800] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=abc,dc=com--no CoS Templates found, which should be added before the CoS Definition.</div><div>[29/Jun/2014:02:00:58 +0800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache file '/tmp/krb5cc_492' not found)) errno 0 (Success)</div>
<div>[29/Jun/2014:02:00:58 +0800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error)</div><div>[29/Jun/2014:02:00:58 +0800] NSMMReplicationPlugin - agmt="cn=<a href="http://meToserver2.abc.com">meToserver2.abc.com</a>" (server2:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache file '/tmp/krb5cc_492' not found))</div>
<div>[29/Jun/2014:02:00:58 +0800] - slapd started. Listening on All Interfaces port 389 for LDAP requests</div><div>[29/Jun/2014:02:00:58 +0800] - Listening on All Interfaces port 636 for LDAPS requests</div><div><br></div>
<div><br></div><div><div>389-Directory/<a href="http://1.2.11.15">1.2.11.15</a> B2013.240.174</div><div><a href="http://server2.abc.com:636">server2.abc.com:636</a> (/etc/dirsrv/slapd-abc-COM)</div><div><br></div><div>[30/Jun/2014:12:51:31 +0800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) errno 0 (Success)</div>
<div>[30/Jun/2014:12:51:31 +0800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) errno 0 (Success)</div>
<div>[30/Jun/2014:12:51:31 +0800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error)</div><div>[30/Jun/2014:12:51:31 +0800] NSMMReplicationPlugin - agmt="cn=<a href="http://meToserver1.abc.com">meToserver1.abc.com</a>" (server1:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired))</div>
<div>[30/Jun/2014:12:51:34 +0800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) errno 0 (Success)</div>
<div>[30/Jun/2014:12:51:35 +0800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) errno 0 (Success)</div>
<div>[30/Jun/2014:12:51:35 +0800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error)</div><div>[30/Jun/2014:12:51:40 +0800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) errno 0 (Success)</div>
<div>[30/Jun/2014:12:51:40 +0800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) errno 0 (Success)</div>
<div>[30/Jun/2014:12:51:40 +0800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error)</div><div>[30/Jun/2014:12:51:52 +0800] NSMMReplicationPlugin - agmt="cn=<a href="http://meToserver1.abc.com">meToserver1.abc.com</a>" (server1:389): Replication bind with GSSAPI auth resumed</div>
</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-07-09 10:55 GMT+08:00 <span dir="ltr"><<a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div>FYI..</div><div>160: [04/Jul/2014:12:35:30 +0800] conn=936207 fd=73 slot=73 connection from 192.168.156.89 to 192.168.156.89</div><div>163: [04/Jul/2014:12:35:30 +0800] conn=936207 op=-1 fd=73 closed - B1</div>
<div><br></div><div>There is not abt binding but i unsure how to fix ..</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-07-09 2:01 GMT+08:00 Rich Megginson <span dir="ltr"><<a href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>:<div>
<div class="h5"><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><div>
<div>On 07/08/2014 02:16 AM,
<a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a> wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Resent as size limit.
<div><br>
<div><br>
</div>
<div>
<div style="font-family:arial,sans-serif;font-size:14px">Here
u are server1 's access log seem one side broken<br>
</div>
<div style="font-family:arial,sans-serif;font-size:14px">
<br>
</div>
<div style="font-family:arial,sans-serif;font-size:14px">the
problem is how to make it replicate again.</div>
<div style="font-family:arial,sans-serif;font-size:14px"><br>
</div>
<div style="font-family:arial,sans-serif;font-size:14px">
At server 1</div>
<div style="font-family:arial,sans-serif;font-size:14px">
<div><br>
</div>
<div>it is ok master server1 master server2 <br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div style="font-family:arial,sans-serif;font-size:14px">
Another side server 2 contains 2 ip replication.</div>
<div style="font-family:arial,sans-serif;font-size:14px">
<div><br>
</div>
<div>ipa-replica-manage list shown Can't contact LDAP
server<br>
</div>
<div><br>
</div>
</div>
<div style="font-family:arial,sans-serif;font-size:14px">I
dont know why but the prolematic server is sever 2 not
server 1</div>
<div style="font-family:arial,sans-serif;font-size:14px"><br>
</div>
<div style="font-family:arial,sans-serif;font-size:14px">
log of server2</div>
<div style="font-family:arial,sans-serif;font-size:14px">[08/Jul/2014:16:02:40
+0800] conn=3299731 fd=69 slot=69 connection from
192.168.15.89 (server1) to 192.168.15.88(server2)<br>
</div>
<div style="font-family:arial,sans-serif;font-size:14px">
<div>[08/Jul/2014:16:02:40 +0800] conn=3299731 op=-1 fd=69
closed - B1</div>
<div>[08/Jul/2014:16:02:40 +0800] conn=3299732 fd=69
slot=69 connection from 192.168.15.89 to 192.168.15.88</div>
<div>[08/Jul/2014:16:02:40 +0800] conn=3299732 op=-1 fd=69
closed - B1</div>
<div>[08/Jul/2014:16:02:41 +0800] conn=3299733 fd=69
slot=69 connection from 192.168.15.89 to 192.168.15.88</div>
<div>[08/Jul/2014:16:02:41 +0800] conn=3299733 op=-1 fd=69
closed - B1</div>
</div>
</div>
</div>
</div>
</blockquote>
<br></div>
You never answered my question below. "Are you sure that this
connection is a replication session? Can you post all of the
operations from the access log from conn=936207?"<br>
<br>
In the future, please avoid spamming the list with large log files.
In general, it's better to provide excerpts from the log files
showing the problem, paste them to <a href="http://fpaste.org" target="_blank">fpaste.org</a>, and post the link to
the mailing list. If for some reason you need to post a large file,
please use a file sharing service and post the link to the file.<br>
<br>
Can you take a look at your errors log from server 1 and server 2
and see if there are any relevant errors?<br>
<br>
If I had to guess, I would say that there is some sort of network
error between server 1 and server 2 that causes the excessive closed
- B1. Perhaps there will be more information in the errors log.<div><div><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div style="font-family:arial,sans-serif;font-size:14px">
<div><br>
</div>
</div>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">2014-07-07 22:21 GMT+08:00 Rich
Megginson <span dir="ltr"><<a href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>
<div>On 07/04/2014 03:28 AM, <a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">FOUND something strange that server 1
replicate to itself rather than server2
<div><br>
</div>
<div>
<div>Server1 access log > Wrong</div>
<div>[04/Jul/2014:12:35:30 +0800] conn=936207
fd=73 slot=73 connection from 192.168.15.89(
server1 ) to 192.168.15.89 (server1)</div>
</div>
</div>
</blockquote>
<br>
</div>
Are you sure that this connection is a replication
session? Can you post all of the operations from the
access log from conn=936207?
<div>
<div><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div><br>
</div>
<div><br>
</div>
<div>Server 2 access log > OK</div>
<div>[04/Jul/2014:12:35:30 +0800] conn=936208
fd=74 slot=74 connection from
192.168.15.89(server2) to 192.168.15.88
(server2)</div>
</div>
</div>
<div class="gmail_extra"> <br>
<br>
<div class="gmail_quote">2014-07-04 9:25 GMT+08:00
<span dir="ltr"><<a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>Just sure now one side flow is broken,
if u update server1 , it 100% work server2
will upgrade.<br>
</div>
<div>but if u update server2 there is chance
non-syn e.g it create username in server1
with posfix grp >ok</div>
<div>but in server2 it only created posfix
grp but no username /attribute it occur
serveral times. I have to use command line
grp del ...etc. to force del them and
recreate them.,.</div>
<div><br>
</div>
<div>Result below:</div>
<div><br>
</div>
<div><a href="http://server2.abc.com" target="_blank">server2.abc.com</a>:
replica</div>
<div> last init status: None</div>
<div> last init ended: None</div>
<div> last update status: 0 Replica
acquired successfully: Incremental update
succeeded</div>
<div> last update ended: 2014-07-04
00:33:18+00:00</div>
<div><br>
</div>
<div>Directory Manager password:</div>
<div><br>
</div>
<div><a href="http://server1.abc.com" target="_blank">server1.abc.com</a>:
replica</div>
<div> last init status: 0 Total update
succeeded</div>
<div> last init ended: 2014-06-20
10:07:02+00:00</div>
<div> last update status: 0 Replica
acquired successfully: Incremental update
succeeded</div>
<div> last update ended: 2014-07-04
01:14:19+00:00</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>[root@(LIVE)server2 ~]$ ipactl status</div>
<div>Directory Service: RUNNING</div>
<div>KDC Service: RUNNING</div>
<div>KPASSWD Service: RUNNING</div>
<div>MEMCACHE Service: RUNNING</div>
<div> HTTP Service: RUNNING</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">2014-07-04 1:34
GMT+08:00 Rob Crittenden <span dir="ltr"><<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>></span>:
<div>
<div><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>
wrote:<br>
> Yes they are running. Server
1 can syn to server2 but error at
server 2<br>
> like this.<br>
<br>
</div>
How do you know server 1 is syncing
with server 2?<br>
<br>
On server 1 I'd run:<br>
<br>
ipa-replica-manage list -v
`hostname`<br>
<br>
This will show the replication
status.<br>
<br>
And what does ipactl status show on
server 2?<br>
<br>
rob<br>
<div><br>
><br>
> 2014/7/3 下午10:14 於 "Rob
Crittenden" <<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a><br>
</div>
> <mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>>>
寫道:<br>
<div>><br>
> Please keep relies on the
list.<br>
><br>
</div>
<div>> <a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>
<mailto:<a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>>
wrote:<br>
> > I saw the error
beloe and errpr log is it related
?<br>
> ><br>
> > 29/Jun/2014:02:00:58
+0800]
slapd_ldap_sasl_interactive_bind -
Error:<br>
> > could not perform
interactive bind for id [] mech
[GSSAPI]: LDAP error<br>
> > -2 (Local error)
(SASL(-1): generic failure: GSSAPI
Error: Unspecified<br>
> > GSS failure. Minor
code may provide more information
(Credentials<br>
> cache<br>
> > file
'/tmp/krb5cc_492' not found))
errno 0 (Success)<br>
> >
[29/Jun/2014:02:00:58 +0800]
slapi_ldap_bind - Error: could not<br>
> perform<br>
> > interactive bind for
id [] mech [GSSAPI]: error -2
(Local error)<br>
><br>
> I believe this is fairly
normal on a new startup. It has to
start<br>
> somewhere. The expired
ticket errors below are unexpected
since there<br>
> are so many of them. Is
your KDC running?<br>
><br>
> ipactl status<br>
><br>
> rob<br>
><br>
> ><br>
> ><br>
> > 2014-07-02 14:15
GMT+08:00 <<a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a><br>
</div>
> <mailto:<a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>>
<mailto:<a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a><br>
<div>
<div>> <mailto:<a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>>>>:<br>
> ><br>
> ><br>
> > this is the
error log i found at <a href="http://2.abc.com" target="_blank">2.abc.com</a>
<<a href="http://2.abc.com" target="_blank">http://2.abc.com</a>><br>
> <<a href="http://2.abc.com" target="_blank">http://2.abc.com</a>><br>
> ><br>
> >
[30/Jun/2014:12:51:31 +0800]
slapd_ldap_sasl_interactive_bind
-<br>
> > Error: could
not perform interactive bind for
id [] mech [GSSAPI]:<br>
> > LDAP error -2
(Local error) (SASL(-1): generic
failure: GSSAPI<br>
> > Error:
Unspecified GSS failure. Minor
code may provide more<br>
> > information
(Ticket expired)) errno 0
(Success)<br>
> >
[30/Jun/2014:12:51:31 +0800]
slapd_ldap_sasl_interactive_bind
-<br>
> > Error: could
not perform interactive bind for
id [] mech [GSSAPI]:<br>
> > LDAP error -2
(Local error) (SASL(-1): generic
failure: GSSAPI<br>
> > Error:
Unspecified GSS failure. Minor
code may provide more<br>
> > information
(Ticket expired)) errno 0
(Success)<br>
> >
[30/Jun/2014:12:51:31 +0800]
slapi_ldap_bind - Error: could
not<br>
> > perform
interactive bind for id [] mech
[GSSAPI]: error -2<br>
> (Local error)<br>
> >
[30/Jun/2014:12:51:31 +0800]
NSMMReplicationPlugin -<br>
> > agmt="cn=<a href="http://meTo1.abc.com" target="_blank">meTo1.abc.com</a>
<<a href="http://meTo1.abc.com" target="_blank">http://meTo1.abc.com</a>><br>
> <<a href="http://meTo1.abc.com" target="_blank">http://meTo1.abc.com</a>>"
(central:389):<br>
> > Replication
bind with GSSAPI auth failed:
LDAP error -2 (Local<br>
> > error)
(SASL(-1): generic failure:
GSSAPI Error: Unspecified GSS<br>
> > failure.
Minor code may provide more
information (Ticket<br>
> expired))<br>
> >
[30/Jun/2014:12:51:34 +0800]
slapd_ldap_sasl_interactive_bind
-<br>
> > Error: could
not perform interactive bind for
id [] mech [GSSAPI]:<br>
> > LDAP error -2
(Local error) (SASL(-1): generic
failure: GSSAPI<br>
> > Error:
Unspecified GSS failure. Minor
code may provide more<br>
> > information
(Ticket expired)) errno 0
(Success)<br>
> >
[30/Jun/2014:12:51:35 +0800]
slapd_ldap_sasl_interactive_bind
-<br>
> > Error: could
not perform interactive bind for
id [] mech [GSSAPI]:<br>
> > LDAP error -2
(Local error) (SASL(-1): generic
failure: GSSAPI<br>
> > Error:
Unspecified GSS failure. Minor
code may provide more<br>
> > information
(Ticket expired)) errno 0
(Success)<br>
> >
[30/Jun/2014:12:51:35 +0800]
slapi_ldap_bind - Error: could
not<br>
> > perform
interactive bind for id [] mech
[GSSAPI]: error -2<br>
> (Local error)<br>
> >
[30/Jun/2014:12:51:40 +0800]
slapd_ldap_sasl_interactive_bind
-<br>
> > Error: could
not perform interactive bind for
id [] mech [GSSAPI]:<br>
> > LDAP error -2
(Local error) (SASL(-1): generic
failure: GSSAPI<br>
> > Error:
Unspecified GSS failure. Minor
code may provide more<br>
> > information
(Ticket expired)) errno 0
(Success)<br>
> >
[30/Jun/2014:12:51:40 +0800]
slapd_ldap_sasl_interactive_bind
-<br>
> > Error: could
not perform interactive bind for
id [] mech [GSSAPI]:<br>
> > LDAP error -2
(Local error) (SASL(-1): generic
failure: GSSAPI<br>
> > Error:
Unspecified GSS failure. Minor
code may provide more<br>
> > information
(Ticket expired)) errno 0
(Success)<br>
> >
[30/Jun/2014:12:51:40 +0800]
slapi_ldap_bind - Error: could
not<br>
> > perform
interactive bind for id [] mech
[GSSAPI]: error -2<br>
> (Local error)<br>
> ><br>
> ><br>
> > 2014-07-02
12:32 GMT+08:00 <<a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a><br>
> <mailto:<a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>><br>
</div>
</div>
> > <mailto:<a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>
<mailto:<a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>>>>:<br>
<div>> ><br>
> > yes on node
1 it is happening only node2 fail
connect<br>
> ><br>
> >
ipa-replica-manage list <a href="http://2.abc.com" target="_blank">2.abc.com</a>
<<a href="http://2.abc.com" target="_blank">http://2.abc.com</a>><br>
> <<a href="http://2.abc.com" target="_blank">http://2.abc.com</a>><br>
> > Directory
Manager password:<br>
> ><br>
</div>
> > <a href="http://1.abc.com" target="_blank">1.abc.com</a> <<a href="http://1.abc.com" target="_blank">http://1.abc.com</a>>
<<a href="http://1.abc.com" target="_blank">http://1.abc.com</a>>:
replica<br>
<div>> ><br>
> ><br>
> ><br>
> > 2014-06-30
20:59 GMT+08:00 Rob Crittenden<br>
> <<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>><br>
</div>
> > <mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>
<mailto:<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>>>>:<br>
<div>
<div>> ><br>
> > Barry
wrote:<br>
> > >
Hi:<br>
> > ><br>
> > >
Server 1 and Sever 2 is cluster
master master<br>
> orginally ,<br>
> > but
server 2<br>
> > >
fail to connect server1 ,.<br>
> > ><br>
> > >
ipa-replica-manage list shown
Can't contact LDAP server<br>
> > ><br>
> > >
But as server1 it is ok master
server1 master server2 ,<br>
> > ><br>
> > >
It seem affect if update on
server 1 then it syn to<br>
> >
server2 no problem<br>
> > >
but sometimes if modfy in
server2 if fail to update<br>
> server1.<br>
> > ><br>
> > >
Any idea to rebuild mutual
relationship.?<br>
> ><br>
> > The
first step is to diagnose what
is wrong. I've already<br>
> >
suggested a<br>
> > few
things,<br>
> ><br>
> <a href="https://www.redhat.com/archives/freeipa-users/2014-June/msg00105.html" target="_blank">https://www.redhat.com/archives/freeipa-users/2014-June/msg00105.html</a><br>
> ><br>
> > rob<br>
> ><br>
> > --<br>
> > Manage
your subscription for the
Freeipa-users mailing<br>
> list:<br>
> > <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
> > Go To
<a href="http://freeipa.org" target="_blank">http://freeipa.org</a>
for more info on the project<br>
> ><br>
> ><br>
> ><br>
> ><br>
><br>
<br>
</div>
</div>
</blockquote>
</div>
</div>
</div>
<br>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div></div></div><br></div>
</blockquote></div><br></div>