<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 16.02.2017 17:21, Tiemen Ruiten
wrote:<br>
</div>
<blockquote
cite="mid:CAAegNz27JJ+_v+By_ZwKsFvtxnF3RUKtKP+aJTH1Hnig-f5cvA@mail.gmail.com"
type="cite">
<div dir="ltr">Hello,
<div><br>
</div>
<div>I'm trying to add a third replica to a FreeIPA 4.4 domain
(level 1), but I'm getting this error:</div>
<div><br>
</div>
<div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">[tiemen@copernicum ~]$
sudo ipa-replica-install -P admin -w "XXXXXXXXXX"
--mkhomedir --setup-dns --forwarder 8.8.8.8 --forwarder
8.8.4.4<br>
Checking DNS forwarders, please wait ...<br>
Run connection check to master<br>
Connection check OK<br>
Configuring NTP daemon (ntpd)<br>
[1/4]: stopping ntpd<br>
[2/4]: writing configuration<br>
[3/4]: configuring ntpd to start on boot<br>
[4/4]: starting ntpd<br>
Done configuring NTP daemon (ntpd).<br>
Configuring directory server (dirsrv). Estimated time: 1
minute<br>
[1/44]: creating directory server user<br>
[2/44]: creating directory server instance<br>
[3/44]: updating configuration in dse.ldif<br>
[4/44]: restarting directory server<br>
[5/44]: adding default schema<br>
[6/44]: enabling memberof plugin<br>
[7/44]: enabling winsync plugin<br>
[8/44]: configuring replication version plugin<br>
[9/44]: enabling IPA enrollment plugin<br>
[10/44]: enabling ldapi<br>
[11/44]: configuring uniqueness plugin<br>
[12/44]: configuring uuid plugin<br>
[13/44]: configuring modrdn plugin<br>
[14/44]: configuring DNS plugin<br>
[15/44]: enabling entryUSN plugin<br>
[16/44]: configuring lockout plugin<br>
[17/44]: configuring topology plugin<br>
[18/44]: creating indices<br>
[19/44]: enabling referential integrity plugin<br>
[20/44]: configuring certmap.conf<br>
[21/44]: configure autobind for root<br>
[22/44]: configure new location for managed entries<br>
[23/44]: configure dirsrv ccache<br>
[24/44]: enabling SASL mapping fallback<br>
[25/44]: restarting directory server<br>
[26/44]: creating DS keytab<br>
[27/44]: retrieving DS Certificate<br>
[28/44]: restarting directory server<br>
ipa : CRITICAL Failed to restart the directory
server (Command '/bin/systemctl restart
<a class="moz-txt-link-abbreviated" href="mailto:dirsrv@IPA-RDMEDIA-COM.service">dirsrv@IPA-RDMEDIA-COM.service</a>' returned non-zero exit
status 1). See the installation log for details.<br>
[29/44]: setting up initial replication<br>
[error] error: [Errno 111] Connection refused<br>
Your system may be partly configured.<br>
Run /usr/sbin/ipa-server-install --uninstall to clean up.<br>
ipa.ipapython.install.cli.install_tool(Replica): ERROR
[Errno 111] Connection refused<br>
ipa.ipapython.install.cli.install_tool(Replica): ERROR
The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information</blockquote>
</div>
<div><br>
</div>
<div>In /var/log/ipareplica-install.log we find:</div>
<div><br>
</div>
<div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">2017-02-16T15:53:59Z
DEBUG [27/44]: retrieving DS Certificate<br>
2017-02-16T15:53:59Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'<br>
2017-02-16T15:53:59Z DEBUG Starting external process<br>
2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d
/etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -L -n <a
moz-do-not-send="true" href="http://IPA.RDMEDIA.COM">IPA.RDMEDIA.COM</a>
IPA CA -a<br>
2017-02-16T15:53:59Z DEBUG Process finished, return code=255<br>
2017-02-16T15:53:59Z DEBUG stdout=<br>
<b>2017-02-16T15:53:59Z DEBUG stderr=certutil: Could not
find cert: <a moz-do-not-send="true"
href="http://IPA.RDMEDIA.COM">IPA.RDMEDIA.COM</a> IPA CA<br>
: PR_FILE_NOT_FOUND_ERROR: File not found</b><br>
2017-02-16T15:53:59Z DEBUG Starting external process<br>
2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d
/etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -N -f
/etc/dirsrv/slapd-IPA-RDMEDIA-COM//pwdfile.txt<br>
2017-02-16T15:53:59Z DEBUG Process finished, return code=0<br>
2017-02-16T15:53:59Z DEBUG stdout=<br>
2017-02-16T15:53:59Z DEBUG stderr=<br>
2017-02-16T15:53:59Z DEBUG Starting external process<br>
2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d
/etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -A -n <a
moz-do-not-send="true" href="http://IPA.RDMEDIA.COM">IPA.RDMEDIA.COM</a>
IPA CA -t CT,C,C -a<br>
2017-02-16T15:53:59Z DEBUG Process finished, return code=0<br>
2017-02-16T15:53:59Z DEBUG stdout=<br>
2017-02-16T15:53:59Z DEBUG stderr=<br>
2017-02-16T15:53:59Z DEBUG certmonger request is in state
dbus.String(u'NEWLY_ADDED_READING_KEYINFO', variant_level=1)<br>
2017-02-16T15:54:04Z DEBUG certmonger request is in state
dbus.String(u'CA_UNREACHABLE', variant_level=1)<br>
2017-02-16T15:54:04Z DEBUG flushing
ldapi://%2fvar%2frun%2fslapd-IPA-RDMEDIA-COM.socket from
SchemaCache<br>
2017-02-16T15:54:04Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-IPA-RDMEDIA-COM.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at
0x74efd40><br>
2017-02-16T15:54:05Z DEBUG duration: 5 seconds<br>
2017-02-16T15:54:05Z DEBUG [28/44]: restarting directory
server<br>
2017-02-16T15:54:05Z DEBUG Starting external process<br>
2017-02-16T15:54:05Z DEBUG args=/bin/systemctl --system
daemon-reload<br>
2017-02-16T15:54:05Z DEBUG Process finished, return code=0<br>
2017-02-16T15:54:05Z DEBUG stdout=<br>
2017-02-16T15:54:05Z DEBUG stderr=<br>
2017-02-16T15:54:05Z DEBUG Starting external process<br>
2017-02-16T15:54:05Z DEBUG args=/bin/systemctl restart
<a class="moz-txt-link-abbreviated" href="mailto:dirsrv@IPA-RDMEDIA-COM.service">dirsrv@IPA-RDMEDIA-COM.service</a><br>
2017-02-16T15:54:06Z DEBUG Process finished, return code=1<br>
2017-02-16T15:54:06Z DEBUG stdout=<br>
2017-02-16T15:54:06Z DEBUG stderr=Job for
<a class="moz-txt-link-abbreviated" href="mailto:dirsrv@IPA-RDMEDIA-COM.service">dirsrv@IPA-RDMEDIA-COM.service</a> failed because the control
process exited with error code. See "systemctl status
<a class="moz-txt-link-abbreviated" href="mailto:dirsrv@IPA-RDMEDIA-COM.service">dirsrv@IPA-RDMEDIA-COM.service</a>" and "journalctl -xe" for
details.<br>
2017-02-16T15:54:06Z CRITICAL Failed to restart the
directory server (Command '/bin/systemctl restart
<a class="moz-txt-link-abbreviated" href="mailto:dirsrv@IPA-RDMEDIA-COM.service">dirsrv@IPA-RDMEDIA-COM.service</a>' returned non-zero exit
status 1). See the installation log for details.<br>
2017-02-16T15:54:06Z DEBUG duration: 1 seconds<br>
2017-02-16T15:54:06Z DEBUG [29/44]: setting up initial
replication<br>
2017-02-16T15:54:16Z DEBUG Traceback (most recent call
last):<br>
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 449, in start_creation<br>
run_step(full_msg, method)<br>
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 439, in run_step<br>
method()<br>
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
line 405, in __setup_replica<br>
self.dm_password)<br>
File
"/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
line 118, in enable_replication_version_checking<br>
conn.do_simple_bind(bindpw=dirman_passwd)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
line 1665, in do_simple_bind<br>
self.__bind_with_wait(self.simple_bind, timeout, binddn,
bindpw)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
line 1660, in __bind_with_wait<br>
self.__wait_for_connection(timeout)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
line 1643, in __wait_for_connection<br>
wait_for_open_socket(lurl.hostport, timeout)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/ipautil.py",
line 1286, in wait_for_open_socket<br>
raise e<br>
error: [Errno 111] Connection refused<br>
2017-02-16T15:54:16Z DEBUG [error] error: [Errno 111]
Connection refused<br>
2017-02-16T15:54:16Z DEBUG Destroyed connection
context.ldap2_78478480<br>
2017-02-16T15:54:16Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py",
line 171, in execute<br>
return_value = self.run()<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/cli.py",
line 318, in run<br>
cfgr.run()<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 310, in run<br>
self.execute()<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 332, in execute<br>
for nothing in self._executor():<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 372, in __runner<br>
self._handle_exception(exc_info)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 394, in _handle_exception<br>
six.reraise(*exc_info)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 362, in __runner<br>
step()<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 359, in <lambda><br>
step = lambda: next(self.__gen)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from<br>
six.reraise(*exc_info)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from<br>
value = gen.send(prev_value)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 586, in _configure<br>
next(executor)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 372, in __runner<br>
self._handle_exception(exc_info)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 449, in _handle_exception<br>
self.__parent._handle_exception(exc_info)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 394, in _handle_exception<br>
six.reraise(*exc_info)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 446, in _handle_exception<br>
super(ComponentBase, self)._handle_exception(exc_info)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 394, in _handle_exception<br>
six.reraise(*exc_info)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 362, in __runner<br>
step()<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 359, in <lambda><br>
step = lambda: next(self.__gen)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from<br>
six.reraise(*exc_info)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from<br>
value = gen.send(prev_value)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 63, in _install<br>
for nothing in self._installer(self.parent):<br>
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1714, in main<br>
promote(self)<br>
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 364, in decorated<br>
func(installer)<br>
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1415, in promote<br>
promote=True, pkcs12_info=dirsrv_pkcs12_info)<br>
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 127, in install_replica_ds<br>
api=remote_api,<br>
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
line 399, in create_replica<br>
self.start_creation(runtime=60)<br>
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 449, in start_creation<br>
run_step(full_msg, method)<br>
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 439, in run_step<br>
method()<br>
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
line 405, in __setup_replica<br>
self.dm_password)<br>
File
"/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
line 118, in enable_replication_version_checking<br>
conn.do_simple_bind(bindpw=dirman_passwd)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
line 1665, in do_simple_bind<br>
self.__bind_with_wait(self.simple_bind, timeout, binddn,
bindpw)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
line 1660, in __bind_with_wait<br>
self.__wait_for_connection(timeout)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
line 1643, in __wait_for_connection<br>
wait_for_open_socket(lurl.hostport, timeout)<br>
File
"/usr/lib/python2.7/site-packages/ipapython/ipautil.py",
line 1286, in wait_for_open_socket<br>
raise e<br>
2017-02-16T15:54:16Z DEBUG The ipa-replica-install command
failed, exception: error: [Errno 111] Connection refused<br>
2017-02-16T15:54:16Z ERROR [Errno 111] Connection refused<br>
2017-02-16T15:54:16Z ERROR The ipa-replica-install command
failed. See /var/log/ipareplica-install.log for more
information<br>
</blockquote>
<div><br>
</div>
<div>How can I troubleshoot this? </div>
</div>
<div><br>
</div>
<div>
<div><br>
</div>
<div><br>
</div>
-- <br>
<div class="gmail_signature">
<div dir="ltr">Tiemen Ruiten<br>
Systems Engineer<br>
R&D Media<br>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
Hello,<br>
<br>
please check /var/log/dirsrv/slapd-*/errors log on both master and
replica<br>
<br>
Martin<br>
</body>
</html>