<div dir="ltr">Having finished setting up an ipa server and replica, we're trying to test failover to ensure that HA works as expected.  We've been able to verify the replication agreements and auto-discovery are working, and both servers are picked up as expected at install time.<div><br></div><div>That said, we're seeing some oddities with failover.  Once I shut down the ipa service on the main ipa server, I get most requests completing after about a 2 min window.  I am able to:</div><div><br></div><div>1.  Authenticate to our jump server and get a kerberos ticket</div><div>2.  kinit successfully as other users</div><div><br></div><div>However, whenever I try to ssh to another system within our domain, ssh breaks with the following error:</div><div><br></div><div><p style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">$ ssh -vvv automation01</p>
<p style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013</p>
<p style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">debug1: Reading configuration data /etc/ssh/ssh_config</p>
<p style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">debug1: /etc/ssh/ssh_config line 5: Applying options for *</p>
<p style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 22 automation01</p>
<p style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">debug1: permanently_drop_suid: 1587000001</p>
<p style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa type -1</p>
<p style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa-cert type -1</p>
<p style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa type -1</p>
<p style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa-cert type -1</p>
<p style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa type -1</p>
<p style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa-cert type -1</p>
<p style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519 type -1</p>
<p style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519-cert type -1</p>
<p style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">debug1: Enabling compatibility mode for protocol 2.0</p>
<p style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">debug1: Local version string SSH-2.0-OpenSSH_6.6.1</p>
<p style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">ssh_exchange_identification: Connection closed by remote host</p><div><br></div><div><br></div><div>Nothing is logged in either /var/log/messages or /var/log/secure when this happens, so I'm unsure where to begin debugging.  Can you offer any insight?</div><div><br></div><div>Thanks,</div><div><br></div><div>Jeff</div><div><br></div><div><div class="gmail_signature"><div dir="ltr"><span style="font-family:Arial,sans-serif">Jeff Hallyburton</span><span style="font-size:10pt;font-family:Arial,sans-serif"><br></span><span style="font-size:10pt;font-family:Arial,sans-serif">Strategic Systems Engineer<br><span style="">Bloomip Inc.</span></span><span><span style="font-size:10pt;font-family:Arial,sans-serif"><br><span style="">Web: </span></span><a href="http://www.bloomip.com/" style="color:rgb(17,85,204)" target="_blank"><span style="font-size:10pt;font-family:Arial,sans-serif">http://www.bloomip.com</span></a><span style="font-size:10pt;font-family:Arial,sans-serif"><br><br><span style="">Engineering Support: </span></span><a href="mailto:support@bloomip.com" style="color:rgb(17,85,204)" target="_blank"><span style="font-size:10pt;font-family:Arial,sans-serif">support@bloomip.com</span></a><span style="font-size:10pt;font-family:Arial,sans-serif"><br><span style="">Billing Support: </span></span><a href="mailto:billing@bloomip.com" style="color:rgb(17,85,204)" target="_blank"><span style="font-size:10pt;font-family:Arial,sans-serif">billing@bloomip.com</span></a><span style="font-size:10pt;font-family:Arial,sans-serif"><br><span style="">Customer Support Portal:  </span></span><a href="http://my.bloomip.com/" style="color:rgb(17,85,204)" target="_blank"><span style="font-size:10pt;font-family:Arial,sans-serif">https://my.bloomip.com</span></a></span><span style="font-size:10pt;font-family:Arial,sans-serif"><br></span></div></div></div>
</div></div>