[Freeipa-users] IPA Replication not working for User and DNS

Yogesh Sharma yks0000 at gmail.com
Mon Nov 2 05:54:58 UTC 2015 

Tried to re-enroll the replica however, getting the same error, though I am
able to connect to server.

=====

Starting replication, please wait until this has completed.

[ipa-inf-prd-ng2-01.klikpay.int] reports: Update failed! Status: [-1  -
LDAP error: Can't contact LDAP server]

  [error] RuntimeError: Failed to start replication

=====


[root at ipa-inf-prd-ng2-02 ~]# telnet ipa-inf-prd-ng2-01.klikpay.int 389
Trying 172.16.32.10...
Connected to ipa-inf-prd-ng2-01.klikpay.int.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
[root at ipa-inf-prd-ng2-02 ~]#



*Best Regards,*

*__________________________________________*

*Yogesh Sharma*
*Email: yks0000 at gmail.com <yks0000 at gmail.com> | Web: www.initd.in
<http://www.initd.in/> *

*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

<https://www.fb.com/yks0000>   <http://in.linkedin.com/in/yks0000>
<https://twitter.com/checkwithyogesh>
<http://google.com/+YogeshSharmaOnGooglePlus>

On Fri, Oct 30, 2015 at 7:05 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Yogesh Sharma wrote:
> > Team,
> >
> > Noticed that user created on IPA Master are not replicating on Replica.
> >
> > Also, we create a new Zone in Master, However we do not see the same in
> > replica server.
>
> You need to figure out why ipa-inf-prd-ng2-01.klikpay.int can't contact
> port 389 on ipa-inf-prd-ng2-02.klikpay.int. It may be someone threw up a
> firewall without telling you, or someone tweaked the rules on either of
> those boxes.
>
> Doing re-init, force-sync, etc is always going to fail if one can't talk
> to the other.
>
> rob
>
> >
> >
> > Below is the information:
> >
> > From Master:
> >
> > [root at ipa-inf-prd-ng2-01 ~]# ipa-replica-manage list -v
> > ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>
> > Directory Manager password:
> >
> > ipa-inf-prd-ng2-02.klikpay.int <http://ipa-inf-prd-ng2-02.klikpay.int>:
> > replica
> >   last init status: None
> >   last init ended: None
> >   last update status: -1 Unable to acquire replicaLDAP error: Can't
> > contact LDAP server
> >   last update ended: None
> > [root at ipa-inf-prd-ng2-01 ~]#
> >
> >
> >
> > From Replica:
> >
> >
> > [root at ipa-inf-prd-ng2-02 ~]# ipa-replica-manage list -v
> > ipa-inf-prd-ng2-02.klikpay.int <http://ipa-inf-prd-ng2-02.klikpay.int>
> > Directory Manager password:
> >
> > ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>:
> > replica
> >   last init status: None
> >   last init ended: None
> >   last update status: 0 Replica acquired successfully: Incremental
> > update succeeded
> >   last update ended: 2015-10-30 10:36:25+00:00
> > [root at ipa-inf-prd-ng2-02 ~]#
> >
> >
> > Though it says it is replicated (last update ended), We are not seeing
> > new users and the new DNS Zone which we created
> >
> >
> > I also tried force replication, though I can not see the new Changes:
> >
> > [root at ipa-inf-prd-ng2-02 ~]# ipa-replica-manage force-sync --from
> > ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>
> > Directory Manager password:
> >
> > ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int
> > <http://meToipa-inf-prd-ng2-02.klikpay.int
> >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> > tree,cn=config schedule to 2358-2359 0 to force synch
> > ipa: INFO: Deleting schedule 2358-2359 0 from agreement
> > cn=meToipa-inf-prd-ng2-02.klikpay.int
> > <http://meToipa-inf-prd-ng2-02.klikpay.int
> >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> > tree,cn=config
> > [root at ipa-inf-prd-ng2-02 ~]#
> >
> >
> > Once I do re-initialization, it gives "Can't Contact LDAP Server"
> >
> > [root at ipa-inf-prd-ng2-02 ~]# ipa-replica-manage re-initialize --from
> > ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>
> > Directory Manager password:
> >
> > ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int
> > <http://meToipa-inf-prd-ng2-02.klikpay.int
> >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> > tree,cn=config schedule to 2358-2359 0 to force synch
> > ipa: INFO: Deleting schedule 2358-2359 0 from agreement
> > cn=meToipa-inf-prd-ng2-02.klikpay.int
> > <http://meToipa-inf-prd-ng2-02.klikpay.int
> >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> > tree,cn=config
> >
> > [ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>]
> > reports: Update failed! Status: [-1  - LDAP error: Can't contact LDAP
> > server]
> >
> >
> >
> >
> > /Best Regards,/
> > /__________________________________________
> > /
> > /Yogesh Sharma
> > /
> > /Email: yks0000 at gmail.com <mailto:yks0000 at gmail.com> | Web: www.initd.in
> > <http://www.initd.in/> /
> > /
> > /
> > /RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/
> >
> > <https://www.fb.com/yks0000>  <http://in.linkedin.com/in/yks0000>  <
> https://twitter.com/checkwithyogesh>  <
> http://google.com/+YogeshSharmaOnGooglePlus>
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151102/56354eb5/attachment.htm>

More information about the Freeipa-users mailing list