[Freeipa-users] Configuring IPA replicas

[Ade Lee]

Hi, 

The replica installation is failing when the replica attempts to contact
the CA on the master to log into the security domain.  According to your
log, this is https://ipa01.ix.test.com:9445

Can the master be resolved and reached from the replica?  Can port 9445
be reached (as well as ports 9444 and 9443?)

You can also check the master's /var/log/pki-ca/debug log to see if any
communication was received from the replica.

Ade

On Mon, 2011-06-13 at 16:17 +0200, Sigbjorn Lie wrote:
> On 06/13/2011 04:12 PM, Simo Sorce wrote:
> > On Mon, 2011-06-13 at 15:23 +0200, Sigbjorn Lie wrote:
> >> Hi,
> >>
> >> I have successfully configured one IPA replica, now I'm trying to
> >> configure a second replica, but I'm not having much success. I've
> >> attached the output of ipa-replica-install -d. I get as far as "[4/11]:
> >> configuring certificate server instance". The machine is configured in
> >> the same way as the 2 first machines. They are all F15, updated with all
> >> available packages from the official repos.
> >>
> >> The installation fails when it's trying to connect to the dogtag server
> >> on the ipa replica it's just configured, with a "Invalid clone_uri"
> >> message. (See the attached file for details).
> >>
> >> I'm not sure where to start looking. The only difference from the 2
> >> first IPA servers, is that this server is located at another subnet,
> >> over a site-to-site VPN connection.
> >>
> >> Any suggestions to what might be wrong?
> > I have never seen this error, have you created a new replica package
> > with ipa-replica-prepare to create the second replica ?
> >
> 
> Yes, a fresh package was created using ipa-replica-prepare and scp'ed to 
> the new ipa server. I've even tried re-creating the package. Still the 
> same error message.
> 
> 
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users