[Freeipa-users] ipa-client install failurres, Could not resolve host: ipa-master-in.xyz.com; Unknown error
Petr Spacek
pspacek at redhat.com
Thu Jul 28 08:07:24 UTC 2016
On 27.7.2016 19:29, Rakesh Rajasekharan wrote:
> Hi,
>
> I am running ipa server 4.2 and set it up without using "--setup-dns=no".
>
> On few clients the installation fails with the below error message.
>
>
> I verified that the ipa master dns is resolvable. Not sure what could be
> wrong here..
>
>
> Joining realm failed: libcurl failed to execute the HTTP POST transaction,
> explaining: Could not resolve host: ipa-master-in.xyz.com; Unknown error
>
> Use ipa-getkeytab to obtain a host principal for this server.
> Please make sure the following ports are opened in the firewall settings:
> TCP: 80, 88, 389
> UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
> Also note that following ports are necessary for ipa-client working
> properly after enrollment:
> TCP: 464
> UDP: 464, 123 (if NTP enabled)
> Failed to obtain host TGT: (-1765328203, 'Key table entry not found')
> Installation failed. Force set so not rolling back changes.
>
>
> I tried removeing /etc/ipa/ca.crt and delete any older certificates
> "certutil -D -n 'IPA CA' -d /etc/pki/nssdb"
>
> However, no luck yet..
>
> any suggestions on how can I debug this..
I would start with command:
$ dig ipa-master-in.xyz.com
It should print IPv4 address of the server ipa-master-in.xyz.com . If it does
not print it there is a problem with DNS. In that case usual DNS debugging
guides apply.
I hope it helps.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list