<div dir="ltr">Thank you for the response Martin.  Server1 had no flags upon install however CA, DNS were selected during the installation.  Server2 was joined and then the 'ipa-replica-install --skip-conn-check' used to join it.  Manual tests of the ports showed all was good but not in the installation so I had to use the '--skip-conn-check'.<div>Server1 - </div><div><div>  Maximum username length: 32</div><div>  Home directory base: /home</div><div>  Default shell: /bin/sh</div><div>  Default users group: ipausers</div><div>  Default e-mail domain: <a href="http://lci.devdomain.com">lci.devdomain.com</a></div><div>  Search time limit: 2</div><div>  Search size limit: 100</div><div>  User search fields: uid,givenname,sn,telephonenumber,ou,title</div><div>  Group search fields: cn,description</div><div>  Enable migration mode: FALSE</div><div>  Certificate Subject base: O=<a href="http://LCI.DEVDOMAIN.COM">LCI.DEVDOMAIN.COM</a></div><div>  Password Expiration Notification (days): 4</div><div>  Password plugin features: AllowNThash</div><div>  SELinux user map order: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023</div><div>  Default SELinux user: unconfined_u:s0-s0:c0.c1023</div><div>  Default PAC types: nfs:NONE, MS-PAC</div><div>  IPA masters: <a href="http://server1.lci.devdomain.com">server1.lci.devdomain.com</a>, <a href="http://server2.lci.devdomain.com">server2.lci.devdomain.com</a></div><div>  IPA CA servers: <a href="http://server1.lci.devdomain.com">server1.lci.devdomain.com</a></div><div>  IPA NTP servers: <a href="http://server1.lci.devdomain.com">server1.lci.devdomain.com</a>, <a href="http://server2.lci.devdomain.com">server2.lci.devdomain.com</a></div><div>  IPA CA renewal master: <a href="http://server1.lci.devdomain.com">server1.lci.devdomain.com</a></div></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Mar 2, 2017 at 12:39 AM Martin Basti <<a href="mailto:mbasti@redhat.com">mbasti@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000" class="gmail_msg">
    <p class="gmail_msg"><br class="gmail_msg">
    </p>
    <br class="gmail_msg">
    <div class="m_4674723430626567125moz-cite-prefix gmail_msg">On 01.03.2017 22:00, Matt Wells wrote:<br class="gmail_msg">
    </div>
    <blockquote type="cite" class="gmail_msg">
      <div dir="ltr" class="gmail_msg">
        <div class="gmail_msg">
          <div class="m_4674723430626567125gmail_signature gmail_msg" data-smartmail="gmail_signature">
            <div dir="ltr" class="gmail_msg">
              <div class="gmail_msg">I have two new IPA 4.4 servers on CentOS7 installed
                in a lab.  I built the first, joined the second and
                promoted it to be a master.  Thus far all went well.  </div>
              <div class="gmail_msg"><br class="gmail_msg">
              </div>
              <div class="gmail_msg">I then ran the ipa-ca-install and when I log back in
                I see that it has "domain,CA" attached to it.  However
                when I hit the main IPA page it informs me I only have
                one server in the CA role. </div>
              <div class="gmail_msg"> Drilling down into server2 I see it does not have
                that role assigned.  <br class="gmail_msg">
              </div>
              <div class="gmail_msg">I'm certain I missed an easy step but I've been
                unable to locate it.  </div>
              <div class="gmail_msg"><br class="gmail_msg">
              </div>
              <div class="gmail_msg">Any guidance would be greatly appreciated. </div>
            </div>
          </div>
        </div>
      </div>
      <br class="gmail_msg">
      <fieldset class="m_4674723430626567125mimeAttachmentHeader gmail_msg"></fieldset>
      <br class="gmail_msg">
    </blockquote>
    <br class="gmail_msg"></div><div bgcolor="#FFFFFF" text="#000000" class="gmail_msg">
    Hello,<br class="gmail_msg">
    <br class="gmail_msg">
    can you provide more info? How did you install servers (options
    used), on which server you ran ipa-ca-install ?</div><div bgcolor="#FFFFFF" text="#000000" class="gmail_msg"><br class="gmail_msg">
    <br class="gmail_msg">
    Martin<br class="gmail_msg">
  </div></blockquote></div><div dir="ltr">-- <br></div><div data-smartmail="gmail_signature"><div dir="ltr"><b style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px">Matt Wells</b><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><a href="https://www.redhat.com/rhtapps/certification/badge/verify/V3WMPVPAQ6I67AJBGN6FZU6N2YAEQU3CUPSQX2KSDXT6RW46LQ3U7PJCSIXUILAFHEDCMJS26CYXW4U5NQYTCNA62RUWOCM34WWBUYQ=" target="_blank"><b>Lead Systems Architect</b></a></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><a href="https://www.bridgevine.com/" target="_blank"><img width="96" height="24" src="https://docs.google.com/uc?export=download&id=0B3TGGx2GMVt1TDMtT3huTEVHNDA&revid=0B3TGGx2GMVt1TkwxQ0ozSlMrRFFzTW04cWdSUzA0aEl4b1pZPQ"></a></div></div></div>