<div dir="ltr">Can anyone help? At this point I'm stuck and I may have to consider alternatives :(<div class="gmail_extra"><br><div class="gmail_quote">On 21 February 2017 at 09:37, Tiemen Ruiten <span dir="ltr"><<a href="mailto:t.ruiten@rdmedia.com" target="_blank">t.ruiten@rdmedia.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Flo,<div><br></div><div>Do you have any pointers?</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On 20 February 2017 at 10:05, Tiemen Ruiten <span dir="ltr"><<a href="mailto:t.ruiten@rdmedia.com" target="_blank">t.ruiten@rdmedia.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hello Flo,</div><div><br></div>Thanks for your response. I ran that command and I seem to have a different problem (connectors are defined as you indicated):<div><br></div><div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">[tiemen@copernicum ~]$ sudo getcert list -d /etc/dirsrv/slapd-IPA-RDMEDIA-<wbr>COM/<br>[sudo] password for tiemen: <br>Number of certificates and requests being tracked: 2.<br>Request ID '20170217130857':<br><span class="m_-3252368020138142412m_-6868722775529461789gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>status: CA_UNREACHABLE<br><span class="m_-3252368020138142412m_-6868722775529461789gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>ca-error: Server at <a href="https://moscovium.ipa.rdmedia.com/ipa/xml" target="_blank">https://moscovium.ipa.rdmedia.<wbr>com/ipa/xml</a> failed request, will retry: 4301 (RPC failed at server. Certificate operation cannot be completed: FAILURE (<b>CA not found: 1ba8130c-56b8-4bd9-ae8a-8b0333<wbr>d71b80</b>)).<br><span class="m_-3252368020138142412m_-6868722775529461789gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>stuck: no<br><span class="m_-3252368020138142412m_-6868722775529461789gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>key pair storage: type=NSSDB,location='/etc/dirs<wbr>rv/slapd-IPA-RDMEDIA-COM',nick<wbr>name='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd<wbr>-IPA-RDMEDIA-COM//pwdfile.txt'<br><span class="m_-3252368020138142412m_-6868722775529461789gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>certificate: type=NSSDB,location='/etc/dirs<wbr>rv/slapd-IPA-RDMEDIA-COM',nick<wbr>name='Server-Cert'<br><span class="m_-3252368020138142412m_-6868722775529461789gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>CA: IPA<br><span class="m_-3252368020138142412m_-6868722775529461789gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>issuer: <br><span class="m_-3252368020138142412m_-6868722775529461789gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>subject: <br><span class="m_-3252368020138142412m_-6868722775529461789gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>expires: unknown<br><span class="m_-3252368020138142412m_-6868722775529461789gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>pre-save command: <br><span class="m_-3252368020138142412m_-6868722775529461789gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>post-save command: <br><span class="m_-3252368020138142412m_-6868722775529461789gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>track: yes<br><span class="m_-3252368020138142412m_-6868722775529461789gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>auto-renew: yes</blockquote></div><div><br></div><div><br></div><div><br><div><br></div><div><br></div></div></div></div><div class="m_-3252368020138142412HOEnZb"><div class="m_-3252368020138142412h5"><div class="gmail_extra"><br><div class="gmail_quote">On 20 February 2017 at 09:28, Florence Blanc-Renaud <span dir="ltr"><<a href="mailto:flo@redhat.com" target="_blank">flo@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On 02/17/2017 10:36 AM, Tiemen Ruiten wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
I went through that bugreport, particularly this section...<br>
<br>
OK, I think I found the error. On the logs I get something like this<br>
*before* the failing dirsrv restart:<br>
<br>
2017-01-14T03:41:28Z DEBUG [27/44]: retrieving DS Certificate<br>
2017-01-14T03:41:28Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysre<wbr>store.index'<br>
2017-01-14T03:41:28Z DEBUG Starting external process<br></span>
2017-01-14T03:41:28Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L -n <a href="http://EXAMPLE.COM" rel="noreferrer" target="_blank">EXAMPLE.COM</a> <<a href="http://EXAMPLE.COM" rel="noreferrer" target="_blank">http://EXAMPLE.COM</a>> IPA CA -a<span><br>
2017-01-14T03:41:28Z DEBUG Process finished, return code=255<br>
2017-01-14T03:41:28Z DEBUG stdout=<br></span>
2017-01-14T03:41:28Z DEBUG stderr=certutil: Could not find cert: <a href="http://EXAMPLE.COM" rel="noreferrer" target="_blank">EXAMPLE.COM</a> <<a href="http://EXAMPLE.COM" rel="noreferrer" target="_blank">http://EXAMPLE.COM</a>> IPA CA<br>
: PR_FILE_NOT_FOUND_ERROR: File not found<br>
<br>
</blockquote>
<br>
Hi,<br>
<br>
this error shows that the server certificate for the LDAP server is not present in the NSS database. I am pretty sure that if you run<br>
$ getcert list -d /etc/dirsrv/slapd-DOMAIN<br>
you will get an error like this one:<br>
status: CA_UNREACHABLE<br>
ca-error: Server at <a href="https://ipa.EXAMPLE.COM/ipa/xml" rel="noreferrer" target="_blank">https://ipa.EXAMPLE.COM/ipa/xm<wbr>l</a> failed request, will retry: 4301 (RPC failed at server. Certificate operation cannot be completed: Unable to communicate with CMS (503)).<br>
<br>
Make sure that the file /etc/pki/pki-tomcat/server.xml (on all the masters) defines the AJP connector like this:<br>
<Connector port="8009"<br>
protocol="AJP/1.3"<br>
redirectPort="8443"<br>
address="localhost" /><br>
and that the /etc/hosts file (on all the masters) properly defines localhost:<br>
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4<br>
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6<br>
Then restart the PKI service on the masters:<br>
systemctl stop pki-tomcatd@pki-tomcat.service<br>
<br>
After this, you should be able to re-run ipa-replica-install without any problem.<br>
HTH,<br>
Flo.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
So, when the process stopped, I run the command again:<br>
<br></span>
# /usr/bin/certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L -n <a href="http://EXAMPLE.COM" rel="noreferrer" target="_blank">EXAMPLE.COM</a> <<a href="http://EXAMPLE.COM" rel="noreferrer" target="_blank">http://EXAMPLE.COM</a>> IPA CA -a<br>
certutil: Could not find cert: <a href="http://EXAMPLE.COM" rel="noreferrer" target="_blank">EXAMPLE.COM</a> <<a href="http://EXAMPLE.COM" rel="noreferrer" target="_blank">http://EXAMPLE.COM</a>><span><br>
: PR_FILE_NOT_FOUND_ERROR: File not found<br>
<br>
and thought "wait... something is missing there":<br>
<br></span>
# /usr/bin/certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L -n "<a href="http://EXAMPLE.COM" rel="noreferrer" target="_blank">EXAMPLE.COM</a> <<a href="http://EXAMPLE.COM" rel="noreferrer" target="_blank">http://EXAMPLE.COM</a>> IPA CA" -a<span><br>
-----BEGIN CERTIFICATE-----<br>
<strip><br>
-----END CERTIFICATE-----<br>
<br>
So, could this be the problem?<br>
<br>
<br>
...and indeed when I run<br>
<br>
[tiemen@copernicum ipapython]$ sudo /usr/bin/certutil -d<br>
/etc/dirsrv/slapd-IPA-RDMEDIA-<wbr>COM/ -L -n <a href="http://IPA.RDMEDIA.COM" rel="noreferrer" target="_blank">IPA.RDMEDIA.COM</a><br></span>
<<a href="http://IPA.RDMEDIA.COM" rel="noreferrer" target="_blank">http://IPA.RDMEDIA.COM</a>> IPA CA -a<br>
[sudo] password for tiemen:<br>
certutil: Could not find cert: <a href="http://IPA.RDMEDIA.COM" rel="noreferrer" target="_blank">IPA.RDMEDIA.COM</a> <<a href="http://IPA.RDMEDIA.COM" rel="noreferrer" target="_blank">http://IPA.RDMEDIA.COM</a>><span><br>
: PR_FILE_NOT_FOUND_ERROR: File not found<br>
<br>
<br>
and when I run<br>
<br>
[tiemen@copernicum ipapython]$ sudo /usr/bin/certutil -d<br>
/etc/dirsrv/slapd-IPA-RDMEDIA-<wbr>COM/ -L -n "<a href="http://IPA.RDMEDIA.COM" rel="noreferrer" target="_blank">IPA.RDMEDIA.COM</a><br></span>
<<a href="http://IPA.RDMEDIA.COM" rel="noreferrer" target="_blank">http://IPA.RDMEDIA.COM</a>> IPA CA" -a<span><br>
-----BEGIN CERTIFICATE-----<br>
<snip><br>
-----END CERTIFICATE-----<br>
<br>
valid certificate output. Where can I change this command to quote this<br>
string?<br>
<br>
<br>
On 16 February 2017 at 17:29, Jeff Goddard <<a href="mailto:jgoddard@emerlyn.com" target="_blank">jgoddard@emerlyn.com</a><br></span><span>
<mailto:<a href="mailto:jgoddard@emerlyn.com" target="_blank">jgoddard@emerlyn.com</a>>> wrote:<br>
<br>
Might be another instance of this:<br>
<a href="https://fedorahosted.org/freeipa/ticket/6613" rel="noreferrer" target="_blank">https://fedorahosted.org/freei<wbr>pa/ticket/6613</a><br>
<<a href="https://fedorahosted.org/freeipa/ticket/6613" rel="noreferrer" target="_blank">https://fedorahosted.org/free<wbr>ipa/ticket/6613</a>><br>
<br>
Jeff<br>
<br>
On Thu, Feb 16, 2017 at 11:21 AM, Tiemen Ruiten<br></span><div><div class="m_-3252368020138142412m_-6868722775529461789h5">
<<a href="mailto:t.ruiten@rdmedia.com" target="_blank">t.ruiten@rdmedia.com</a> <mailto:<a href="mailto:t.ruiten@rdmedia.com" target="_blank">t.ruiten@rdmedia.com</a>>> wrote:<br>
<br>
Hello,<br>
<br>
I'm trying to add a third replica to a FreeIPA 4.4 domain (level<br>
1), but I'm getting this error:<br>
<br>
[tiemen@copernicum ~]$ sudo ipa-replica-install -P admin -w<br>
"XXXXXXXXXX" --mkhomedir --setup-dns --forwarder 8.8.8.8<br>
--forwarder 8.8.4.4<br>
Checking DNS forwarders, please wait ...<br>
Run connection check to master<br>
Connection check OK<br>
Configuring NTP daemon (ntpd)<br>
[1/4]: stopping ntpd<br>
[2/4]: writing configuration<br>
[3/4]: configuring ntpd to start on boot<br>
[4/4]: starting ntpd<br>
Done configuring NTP daemon (ntpd).<br>
Configuring directory server (dirsrv). Estimated time: 1 minute<br>
[1/44]: creating directory server user<br>
[2/44]: creating directory server instance<br>
[3/44]: updating configuration in dse.ldif<br>
[4/44]: restarting directory server<br>
[5/44]: adding default schema<br>
[6/44]: enabling memberof plugin<br>
[7/44]: enabling winsync plugin<br>
[8/44]: configuring replication version plugin<br>
[9/44]: enabling IPA enrollment plugin<br>
[10/44]: enabling ldapi<br>
[11/44]: configuring uniqueness plugin<br>
[12/44]: configuring uuid plugin<br>
[13/44]: configuring modrdn plugin<br>
[14/44]: configuring DNS plugin<br>
[15/44]: enabling entryUSN plugin<br>
[16/44]: configuring lockout plugin<br>
[17/44]: configuring topology plugin<br>
[18/44]: creating indices<br>
[19/44]: enabling referential integrity plugin<br>
[20/44]: configuring certmap.conf<br>
[21/44]: configure autobind for root<br>
[22/44]: configure new location for managed entries<br>
[23/44]: configure dirsrv ccache<br>
[24/44]: enabling SASL mapping fallback<br>
[25/44]: restarting directory server<br>
[26/44]: creating DS keytab<br>
[27/44]: retrieving DS Certificate<br>
[28/44]: restarting directory server<br>
ipa : CRITICAL Failed to restart the directory<br>
server (Command '/bin/systemctl restart<br>
dirsrv@IPA-RDMEDIA-COM.service<wbr>' returned non-zero exit<br>
status 1). See the installation log for details.<br>
[29/44]: setting up initial replication<br>
[error] error: [Errno 111] Connection refused<br>
Your system may be partly configured.<br>
Run /usr/sbin/ipa-server-install --uninstall to clean up.<br>
ipa.ipapython.install.cli.inst<wbr>all_tool(Replica): ERROR<br>
[Errno 111] Connection refused<br>
ipa.ipapython.install.cli.inst<wbr>all_tool(Replica): ERROR<br>
The ipa-replica-install command failed. See<br>
/var/log/ipareplica-install.lo<wbr>g for more information<br>
<br>
<br>
In /var/log/ipareplica-install.lo<wbr>g we find:<br>
<br>
2017-02-16T15:53:59Z DEBUG [27/44]: retrieving DS Certificate<br>
2017-02-16T15:53:59Z DEBUG Loading Index file from<br>
'/var/lib/ipa/sysrestore/sysre<wbr>store.index'<br>
2017-02-16T15:53:59Z DEBUG Starting external process<br>
2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d<br>
/etc/dirsrv/slapd-IPA-RDMEDIA-<wbr>COM/ -L -n <a href="http://IPA.RDMEDIA.COM" rel="noreferrer" target="_blank">IPA.RDMEDIA.COM</a><br></div></div>
<<a href="http://IPA.RDMEDIA.COM" rel="noreferrer" target="_blank">http://IPA.RDMEDIA.COM</a>> IPA CA -a<span><br>
2017-02-16T15:53:59Z DEBUG Process finished, return code=255<br>
2017-02-16T15:53:59Z DEBUG stdout=<br></span>
*2017-02-16T15:53:59Z DEBUG stderr=certutil: Could not find<br>
cert: <a href="http://IPA.RDMEDIA.COM" rel="noreferrer" target="_blank">IPA.RDMEDIA.COM</a> <<a href="http://IPA.RDMEDIA.COM" rel="noreferrer" target="_blank">http://IPA.RDMEDIA.COM</a>> IPA CA<br>
: PR_FILE_NOT_FOUND_ERROR: File not found*<span><br>
2017-02-16T15:53:59Z DEBUG Starting external process<br>
2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d<br>
/etc/dirsrv/slapd-IPA-RDMEDIA-<wbr>COM/ -N -f<br>
/etc/dirsrv/slapd-IPA-RDMEDIA-<wbr>COM//pwdfile.txt<br>
2017-02-16T15:53:59Z DEBUG Process finished, return code=0<br>
2017-02-16T15:53:59Z DEBUG stdout=<br>
2017-02-16T15:53:59Z DEBUG stderr=<br>
2017-02-16T15:53:59Z DEBUG Starting external process<br>
2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d<br>
/etc/dirsrv/slapd-IPA-RDMEDIA-<wbr>COM/ -A -n <a href="http://IPA.RDMEDIA.COM" rel="noreferrer" target="_blank">IPA.RDMEDIA.COM</a><br></span>
<<a href="http://IPA.RDMEDIA.COM" rel="noreferrer" target="_blank">http://IPA.RDMEDIA.COM</a>> IPA CA -t CT,C,C -a<div><div class="m_-3252368020138142412m_-6868722775529461789h5"><br>
2017-02-16T15:53:59Z DEBUG Process finished, return code=0<br>
2017-02-16T15:53:59Z DEBUG stdout=<br>
2017-02-16T15:53:59Z DEBUG stderr=<br>
2017-02-16T15:53:59Z DEBUG certmonger request is in state<br>
dbus.String(u'NEWLY_ADDED_READ<wbr>ING_KEYINFO', variant_level=1)<br>
2017-02-16T15:54:04Z DEBUG certmonger request is in state<br>
dbus.String(u'CA_UNREACHABLE', variant_level=1)<br>
2017-02-16T15:54:04Z DEBUG flushing<br>
ldapi://%2fvar%2frun%2fslapd-I<wbr>PA-RDMEDIA-COM.socket from<br>
SchemaCache<br>
2017-02-16T15:54:04Z DEBUG retrieving schema for SchemaCache<br>
url=ldapi://%2fvar%2frun%2fsla<wbr>pd-IPA-RDMEDIA-COM.socket<br>
conn=<ldap.ldapobject.SimpleLD<wbr>APObject instance at 0x74efd40><br>
2017-02-16T15:54:05Z DEBUG duration: 5 seconds<br>
2017-02-16T15:54:05Z DEBUG [28/44]: restarting directory<br>
server<br>
2017-02-16T15:54:05Z DEBUG Starting external process<br>
2017-02-16T15:54:05Z DEBUG args=/bin/systemctl --system<br>
daemon-reload<br>
2017-02-16T15:54:05Z DEBUG Process finished, return code=0<br>
2017-02-16T15:54:05Z DEBUG stdout=<br>
2017-02-16T15:54:05Z DEBUG stderr=<br>
2017-02-16T15:54:05Z DEBUG Starting external process<br>
2017-02-16T15:54:05Z DEBUG args=/bin/systemctl restart<br>
dirsrv@IPA-RDMEDIA-COM.service<br>
2017-02-16T15:54:06Z DEBUG Process finished, return code=1<br>
2017-02-16T15:54:06Z DEBUG stdout=<br>
2017-02-16T15:54:06Z DEBUG stderr=Job for<br>
dirsrv@IPA-RDMEDIA-COM.service failed because the control<br>
process exited with error code. See "systemctl status<br>
dirsrv@IPA-RDMEDIA-COM.service<wbr>" and "journalctl -xe" for<br>
details.<br>
2017-02-16T15:54:06Z CRITICAL Failed to restart the<br>
directory server (Command '/bin/systemctl restart<br>
dirsrv@IPA-RDMEDIA-COM.service<wbr>' returned non-zero exit<br>
status 1). See the installation log for details.<br>
2017-02-16T15:54:06Z DEBUG duration: 1 seconds<br>
2017-02-16T15:54:06Z DEBUG [29/44]: setting up initial<br>
replication<br>
2017-02-16T15:54:16Z DEBUG Traceback (most recent call last):<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/install/service.<wbr>py",<br>
line 449, in start_creation<br>
run_step(full_msg, method)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/install/service.<wbr>py",<br>
line 439, in run_step<br>
method()<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/install/dsinstan<wbr>ce.py",<br>
line 405, in __setup_replica<br>
self.dm_password)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/install/replicat<wbr>ion.py",<br>
line 118, in enable_replication_version_che<wbr>cking<br>
conn.do_simple_bind(bindpw=dir<wbr>man_passwd)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/ipaldap.py",<br>
line 1665, in do_simple_bind<br>
self.__bind_with_wait(self.sim<wbr>ple_bind, timeout, binddn,<br>
bindpw)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/ipaldap.py",<br>
line 1660, in __bind_with_wait<br>
self.__wait_for_connection(tim<wbr>eout)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/ipaldap.py",<br>
line 1643, in __wait_for_connection<br>
wait_for_open_socket(lurl.host<wbr>port, timeout)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/ipautil.py",<br>
line 1286, in wait_for_open_socket<br>
raise e<br>
error: [Errno 111] Connection refused<br>
2017-02-16T15:54:16Z DEBUG [error] error: [Errno 111]<br>
Connection refused<br>
2017-02-16T15:54:16Z DEBUG Destroyed connection<br>
context.ldap2_78478480<br>
2017-02-16T15:54:16Z DEBUG File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/admintool.py",<br>
line 171, in execute<br>
return_value = self.run()<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/cli.py",<br>
line 318, in run<br>
cfgr.run()<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/core.py"<wbr>, line<br>
310, in run<br>
self.execute()<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/core.py"<wbr>, line<br>
332, in execute<br>
for nothing in self._executor():<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/core.py"<wbr>, line<br>
372, in __runner<br>
self._handle_exception(exc_inf<wbr>o)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/core.py"<wbr>, line<br>
394, in _handle_exception<br>
six.reraise(*exc_info)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/core.py"<wbr>, line<br>
362, in __runner<br>
step()<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/core.py"<wbr>, line<br>
359, in <lambda><br>
step = lambda: next(self.__gen)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/util.py"<wbr>, line<br>
81, in run_generator_with_yield_from<br>
six.reraise(*exc_info)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/util.py"<wbr>, line<br>
59, in run_generator_with_yield_from<br>
value = gen.send(prev_value)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/core.py"<wbr>, line<br>
586, in _configure<br>
next(executor)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/core.py"<wbr>, line<br>
372, in __runner<br>
self._handle_exception(exc_inf<wbr>o)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/core.py"<wbr>, line<br>
449, in _handle_exception<br>
self.__parent._handle_exceptio<wbr>n(exc_info)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/core.py"<wbr>, line<br>
394, in _handle_exception<br>
six.reraise(*exc_info)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/core.py"<wbr>, line<br>
446, in _handle_exception<br>
super(ComponentBase, self)._handle_exception(exc_in<wbr>fo)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/core.py"<wbr>, line<br>
394, in _handle_exception<br>
six.reraise(*exc_info)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/core.py"<wbr>, line<br>
362, in __runner<br>
step()<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/core.py"<wbr>, line<br>
359, in <lambda><br>
step = lambda: next(self.__gen)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/util.py"<wbr>, line<br>
81, in run_generator_with_yield_from<br>
six.reraise(*exc_info)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/util.py"<wbr>, line<br>
59, in run_generator_with_yield_from<br>
value = gen.send(prev_value)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/install/common.p<wbr>y",<br>
line 63, in _install<br>
for nothing in self._installer(self.parent):<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/install/server/r<wbr>eplicainstall.py",<br>
line 1714, in main<br>
promote(self)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/install/server/r<wbr>eplicainstall.py",<br>
line 364, in decorated<br>
func(installer)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/install/server/r<wbr>eplicainstall.py",<br>
line 1415, in promote<br>
promote=True, pkcs12_info=dirsrv_pkcs12_info<wbr>)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/install/server/r<wbr>eplicainstall.py",<br>
line 127, in install_replica_ds<br>
api=remote_api,<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/install/dsinstan<wbr>ce.py",<br>
line 399, in create_replica<br>
self.start_creation(runtime=60<wbr>)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/install/service.<wbr>py",<br>
line 449, in start_creation<br>
run_step(full_msg, method)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/install/service.<wbr>py",<br>
line 439, in run_step<br>
method()<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/install/dsinstan<wbr>ce.py",<br>
line 405, in __setup_replica<br>
self.dm_password)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/install/replicat<wbr>ion.py",<br>
line 118, in enable_replication_version_che<wbr>cking<br>
conn.do_simple_bind(bindpw=dir<wbr>man_passwd)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/ipaldap.py",<br>
line 1665, in do_simple_bind<br>
self.__bind_with_wait(self.sim<wbr>ple_bind, timeout, binddn,<br>
bindpw)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/ipaldap.py",<br>
line 1660, in __bind_with_wait<br>
self.__wait_for_connection(tim<wbr>eout)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/ipaldap.py",<br>
line 1643, in __wait_for_connection<br>
wait_for_open_socket(lurl.host<wbr>port, timeout)<br>
File<br>
"/usr/lib/python2.7/site-packa<wbr>ges/ipapython/ipautil.py",<br>
line 1286, in wait_for_open_socket<br>
raise e<br>
2017-02-16T15:54:16Z DEBUG The ipa-replica-install command<br>
failed, exception: error: [Errno 111] Connection refused<br>
2017-02-16T15:54:16Z ERROR [Errno 111] Connection refused<br>
2017-02-16T15:54:16Z ERROR The ipa-replica-install command<br>
failed. See /var/log/ipareplica-install.lo<wbr>g for more information<br>
<br>
<br>
How can I troubleshoot this?<br>
<br>
<br>
<br>
--<br>
Tiemen Ruiten<br>
Systems Engineer<br>
R&D Media<br>
<br>
--<br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" rel="noreferrer" target="_blank">https://www.redhat.com/mailman<wbr>/listinfo/freeipa-users</a><br>
<<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" rel="noreferrer" target="_blank">https://www.redhat.com/mailma<wbr>n/listinfo/freeipa-users</a>><br>
Go to <a href="http://freeipa.org" rel="noreferrer" target="_blank">http://freeipa.org</a> for more info on the project<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
--<br>
Tiemen Ruiten<br>
Systems Engineer<br>
R&D Media<br>
<br>
<br>
</div></div></blockquote>
<br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="m_-3252368020138142412m_-6868722775529461789gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Tiemen Ruiten<br>Systems Engineer<br>R&D Media<br></div></div>
</div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="m_-3252368020138142412gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Tiemen Ruiten<br>Systems Engineer<br>R&D Media<br></div></div>
</div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Tiemen Ruiten<br>Systems Engineer<br>R&D Media<br></div></div>
</div></div>