[Freeipa-users] krb5kdc service not starting

Ludwig Krispenz lkrispen at redhat.com
Thu May 12 08:25:04 UTC 2016 

On 05/12/2016 05:28 AM, Prasun Gera wrote:
> Hi everyone,
> I had a pretty similar failure on my replica yesterday. The replica 
> was not reachable, and I asked someone to have a look at the system. 
> They presumably rebooted it. When it came back up, ipactl wouldn't 
> start, and the symptoms were pretty similar to those described in this 
> thread. I followed the solution of copying dse.ldif.startOK 
> to dse.ldif, and that started everything.
This is very strange, it should not be possible to loose a dse.ldif, 
although you are now teh second person reporting this. I have seen 0 
length dse.ldif.tmp if a VM was powerd off while ds was active, but from 
DS  point of view it is not possible to complete loos the dse.ldif.
The dse.ldif stores the configuration information including replication 
agreements and and when ever this is updated the new state is written to 
disk. The procedure is like this:
-create a dse.ldif.tmp (this is the only time a 0 byte dse.ldif* file exists
-write the config to dse.ldif.tmp
-rename dse.ldif to dse.ldif.bak
-rename dse.ldif.tmp to dse.ldif

So, if the machine or the server crashes during this process there 
should be always a dse.ldif.tmp or dse.ldif.bak containing the current 
or latest information. If anyone has an idea how on a VM when powering 
it off can completely loose these files I would like to know.
> However, I see some errors in dirsrv's logs. It is constantly printing 
> lines like "DSRetroclPlugin - delete_changerecord: could not delete 
> change record 418295". Is that normal ?
Unfortunately it can be. If after a crash the beginning of the retro cl 
is incorrectly calculated, changelog trimming might try to remov no 
longer existing records, it is annoying but harmless, so far we have not 
further investigated how to prevent this.
> How do I confirm that the replica is back and fully functional ? Why 
> did this happen in the first place ?
>
> On Wed, Apr 27, 2016 at 1:41 PM, Gady Notrica <gnotrica at candeal.com 
> <mailto:gnotrica at candeal.com>> wrote:
>
>     All good!!!
>
>     Gady
>
>     -----Original Message-----
>     From: Alexander Bokovoy [mailto:abokovoy at redhat.com
>     <mailto:abokovoy at redhat.com>]
>     Sent: April 27, 2016 1:19 PM
>     To: Gady Notrica
>     Cc: Ludwig Krispenz; freeipa-users at redhat.com
>     <mailto:freeipa-users at redhat.com>
>     Subject: Re: [Freeipa-users] krb5kdc service not starting
>
>     On Wed, 27 Apr 2016, Gady Notrica wrote:
>     >Hello Ludwig,
>     >
>     >Is there a reason why my AD show offline?
>     >
>     >[root at cd-p-ipa1 /]# wbinfo --online-status BUILTIN : online IPA :
>     >online CD-PRD : offline
>     wbinfo output is irrelevant for RHEL 7.2-based IPA trusts.
>
>     You need to make sure that 'getent passwd CD-PRD\\Administrator'
>     resolves via SSSD.
>
>     --
>     / Alexander Bokovoy
>
>     --
>     Manage your subscription for the Freeipa-users mailing list:
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>     Go to http://freeipa.org for more info on the project
>
>
>
>

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160512/dbfd5d9b/attachment.htm>

More information about the Freeipa-users mailing list