<div dir="ltr">Thank you for the response Martin. Server1 had no flags upon install however CA, DNS were selected during the installation. Server2 was joined and then the 'ipa-replica-install --skip-conn-check' used to join it. Manual tests of the ports showed all was good but not in the installation so I had to use the '--skip-conn-check'.<div>Server1 - </div><div><div> Maximum username length: 32</div><div> Home directory base: /home</div><div> Default shell: /bin/sh</div><div> Default users group: ipausers</div><div> Default e-mail domain: <a href="http://lci.devdomain.com">lci.devdomain.com</a></div><div> Search time limit: 2</div><div> Search size limit: 100</div><div> User search fields: uid,givenname,sn,telephonenumber,ou,title</div><div> Group search fields: cn,description</div><div> Enable migration mode: FALSE</div><div> Certificate Subject base: O=<a href="http://LCI.DEVDOMAIN.COM">LCI.DEVDOMAIN.COM</a></div><div> Password Expiration Notification (days): 4</div><div> Password plugin features: AllowNThash</div><div> SELinux user map order: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023</div><div> Default SELinux user: unconfined_u:s0-s0:c0.c1023</div><div> Default PAC types: nfs:NONE, MS-PAC</div><div> IPA masters: <a href="http://server1.lci.devdomain.com">server1.lci.devdomain.com</a>, <a href="http://server2.lci.devdomain.com">server2.lci.devdomain.com</a></div><div> IPA CA servers: <a href="http://server1.lci.devdomain.com">server1.lci.devdomain.com</a></div><div> IPA NTP servers: <a href="http://server1.lci.devdomain.com">server1.lci.devdomain.com</a>, <a href="http://server2.lci.devdomain.com">server2.lci.devdomain.com</a></div><div> IPA CA renewal master: <a href="http://server1.lci.devdomain.com">server1.lci.devdomain.com</a></div></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Mar 2, 2017 at 12:39 AM Martin Basti <<a href="mailto:mbasti@redhat.com">mbasti@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000" class="gmail_msg">
<p class="gmail_msg"><br class="gmail_msg">
</p>
<br class="gmail_msg">
<div class="m_4674723430626567125moz-cite-prefix gmail_msg">On 01.03.2017 22:00, Matt Wells wrote:<br class="gmail_msg">
</div>
<blockquote type="cite" class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div class="m_4674723430626567125gmail_signature gmail_msg" data-smartmail="gmail_signature">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">I have two new IPA 4.4 servers on CentOS7 installed
in a lab. I built the first, joined the second and
promoted it to be a master. Thus far all went well. </div>
<div class="gmail_msg"><br class="gmail_msg">
</div>
<div class="gmail_msg">I then ran the ipa-ca-install and when I log back in
I see that it has "domain,CA" attached to it. However
when I hit the main IPA page it informs me I only have
one server in the CA role. </div>
<div class="gmail_msg"> Drilling down into server2 I see it does not have
that role assigned. <br class="gmail_msg">
</div>
<div class="gmail_msg">I'm certain I missed an easy step but I've been
unable to locate it. </div>
<div class="gmail_msg"><br class="gmail_msg">
</div>
<div class="gmail_msg">Any guidance would be greatly appreciated. </div>
</div>
</div>
</div>
</div>
<br class="gmail_msg">
<fieldset class="m_4674723430626567125mimeAttachmentHeader gmail_msg"></fieldset>
<br class="gmail_msg">
</blockquote>
<br class="gmail_msg"></div><div bgcolor="#FFFFFF" text="#000000" class="gmail_msg">
Hello,<br class="gmail_msg">
<br class="gmail_msg">
can you provide more info? How did you install servers (options
used), on which server you ran ipa-ca-install ?</div><div bgcolor="#FFFFFF" text="#000000" class="gmail_msg"><br class="gmail_msg">
<br class="gmail_msg">
Martin<br class="gmail_msg">
</div></blockquote></div><div dir="ltr">-- <br></div><div data-smartmail="gmail_signature"><div dir="ltr"><b style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px">Matt Wells</b><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><a href="https://www.redhat.com/rhtapps/certification/badge/verify/V3WMPVPAQ6I67AJBGN6FZU6N2YAEQU3CUPSQX2KSDXT6RW46LQ3U7PJCSIXUILAFHEDCMJS26CYXW4U5NQYTCNA62RUWOCM34WWBUYQ=" target="_blank"><b>Lead Systems Architect</b></a></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><a href="https://www.bridgevine.com/" target="_blank"><img width="96" height="24" src="https://docs.google.com/uc?export=download&id=0B3TGGx2GMVt1TDMtT3huTEVHNDA&revid=0B3TGGx2GMVt1TkwxQ0ozSlMrRFFzTW04cWdSUzA0aEl4b1pZPQ"></a></div></div></div>