[Freeipa-users] 3.0.0-42 Replication issue after Centos6.5->6.6 upgrade

Dmitri Pal dpal at redhat.com
Fri Nov 7 06:01:15 UTC 2014 

On 11/07/2014 12:18 AM, Will Sheldon wrote:
>
> Hello all :)
>
> On the whole we are loving FreeIPA, Many thanks and much respect to 
> all involved, we've had a great 12-18 months hassle free use out of it 
>  - it is a fantastically stable trouble free solution... however now 
> we've run into a small issue we (as mere mortals) are finding it hard 
> to resolve :-/
>
> We upgraded our ipa servers (3.0.0-42) to Centos 6.6. everything seems 
> to go well, but one server is behaving oddly. It's likely not an IPA 
> issue, it also reset it's hostname somehow after the upgrade (it's an 
> image in an openstack environment)
>
> If anyone has any pointers as to how to debug I'd be hugely 
> appreciative :)
>
> Two servers, server1.domain.com and server2.domain.com
>
> Server1 can't push data to server2, there are updates and new records 
> on server1 that do not exist on server2.
>
>
> from the logs on server1:
>
> [07/Nov/2014:01:33:42 +0000] NSMMReplicationPlugin - 
> agmt="cn=meToserver2.domain.com" (server2:389): Warning: unable to 
> send endReplication extended operation (Can't contact LDAP server)
> [07/Nov/2014:01:33:47 +0000] NSMMReplicationPlugin - 
> agmt="cn=meToserver2.domain.com" (server2:389): Replication bind with 
> GSSAPI auth resumed
> [07/Nov/2014:01:33:48 +0000] NSMMReplicationPlugin - 
> agmt="cn=meToserver2.domain.com" (server2:389): Warning: unable to 
> replicate schema: rc=2
> [07/Nov/2014:01:33:48 +0000] NSMMReplicationPlugin - 
> agmt="cn=meToserver2.domain.com" (server2:389): Consumer failed to 
> replay change (uniqueid (null), CSN (null)): Can't contact LDAP 
> server(-1). Will retry later.

Try to see
a) Server 1 properly resolves server 2
b) You can connect from server 1 to server 2 using ldapsearch
c) your firewall has proper ports open
d) dirserver on server 2 is actually running

Check logs on server 2 to see whether it actually sees an attempt to 
connect, I suspect not, so it is most likely a DNS/FW issue or dir 
server is not running on 2.
>
>
> and the servers:
>
> [root at server1 ~]# ipa-replica-manage list -v `hostname`
> Directory Manager password:
>
> server2.domain.com: replica
>   last init status: None
>   last init ended: None
>   last update status: 0 Replica acquired successfully: Incremental 
> update started
>   last update ended: 2014-11-07 01:35:58+00:00
> [root at server1 ~]#
>
>
>
> [root at server2 ~]# ipa-replica-manage list -v `hostname`
> Directory Manager password:
>
> server1.domain.com: replica
>   last init status: None
>   last init ended: None
>   last update status: 0 Replica acquired successfully: Incremental 
> update succeeded
>   last update ended: 2014-11-07 01:35:43+00:00
> [root at server2 ~]#
>
>
>
>
> Will Sheldon
>
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141107/38d5cbc3/attachment.htm>

More information about the Freeipa-users mailing list