[Freeipa-users] FreeIPA & Windows AD Replication

[Matt]

Hi,

Any ideas on where to look for more information? I have been unable to 
make any progress on this.

Thanks

On 22/05/2012 10:18, Matt wrote:
> Hi,
>
> I am attempting to run replication between Windows AD (2008R2) and a 
> FreeIPA (2.2.0) server (fc-17) in a test setup.
>
> I have bound FreeIPA to the AD server 'sucessfully'
>
> [root at ipa2 cacerts]# ipa-replica-manage connect --winsync --binddn 
> "CN=Administrator,CN=Users,DC=IPA,DC=100it,DC=net" --bindpw <Password> 
> --passsync <Password> --cacert /etc/openldap/cacerts/AD.cer -v 
> ipa.100it.net -p <Password>
> Added CA certificate /etc/openldap/cacerts/AD.cer to certificate 
> database for ipa2.100it.net
> ipa: INFO: AD Suffix is: DC=IPA,DC=100it,DC=net
> The user for the Windows PassSync service is 
> uid=passsync,cn=sysaccounts,cn=etc,dc=100it,dc=net
> Windows PassSync entry exists, not resetting password
> ipa: INFO: Added new sync agreement, waiting for it to become ready . . .
> ipa: INFO: Replication Update in progress: FALSE: status: -11  - 
> System error: start: 0: end: 0
> ipa: INFO: Agreement is ready, starting replication . . .
> Starting replication, please wait until this has completed.
> [ipa2.100it.net] reports: Update failed! Status: [-11  - System error]
> Failed to start replication
>
>
>
> The server now shows in the replica list:
>
> [root at ipa2 ~]# ipa-replica-manage list -p <password>
> ipa.100it.net: winsync
> ipa2.100it.net: master
>
>
> But any attemps to re-initialise the connection result in the same 
> "[-11  - System error]" message:
>
> [root at ipa2 ~]# ipa-replica-manage re-initialize --from ipa.100it.net 
> -p <password>
> [ipa2.100it.net] reports: Update failed! Status: [-11  - System error]
>
>
> There are no messages that relate to the connection in event viewer 
> and nothing other then "[-11  - System error]" in any of the freeIPA 
> log files.
>
> Thanks
> Matt