[Freeipa-users] CSN not found

[lejeczek]

hi everybody

my three IPAs have gone haywire, two things I recall: one - 
one server was on ScientificL with slightly lower minor 
version of IPA, two - another server (of the two identical 
CEntOSes) had skewed time.
Not all there servers are in time-sync and all run same 
version of IPA but replication broke with errors like:


$ ipa-replica-manage re-initialize --from rider --force

..
[03/Nov/2016:13:21:08 +0000] NSACLPlugin - The ACL target 
cn=casigningcert 
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=dc=xx,dc=xx,dc=dc=xx,dc=xx,dc=x 
does not exist
[03/Nov/2016:13:21:08 +0000] NSACLPlugin - The ACL target 
cn=casigningcert 
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=dc=xx,dc=xx,dc=dc=xx,dc=xx,dc=x 
does not exist
[03/Nov/2016:13:21:09 +0000] 
agmt="cn=meToswir.xx.xx.xx.xx.x" (swir:389) - Can't locate 
CSN 581b120f000500040000 in the changelog (DB rc=-30988). If 
replication stops, the consumer may need to be reinitialized.
[03/Nov/2016:13:21:09 +0000] NSMMReplicationPlugin - 
changelog program - agmt="cn=meToswir.xx.xx.xx.xx.x" 
(swir:389): CSN 581b120f000500040000 not found, we aren't as 
up to date, or we purged
[03/Nov/2016:13:21:09 +0000] NSMMReplicationPlugin - 
agmt="cn=meToswir.xx.xx.xx.xx.x" (swir:389): Data required 
to update replica has been purged. The replica must be 
reinitialized.
[03/Nov/2016:13:21:09 +0000] NSMMReplicationPlugin - 
agmt="cn=meToswir.xx.xx.xx.xx.x" (swir:389): Incremental 
update failed and requires administrator action

I did dbscan -f /var.../cb941....db on all three servers and 
greped but cannot see that 581b120f000500040000

where to troubleshoot?
many thanks.
L