[Freeipa-users] replica added, but clients still try renewing certificates with old master
Natxo Asenjo
natxo.asenjo at gmail.com
Wed Sep 21 15:06:09 UTC 2016
hi Petr,
On Wed, Sep 21, 2016 at 4:38 PM, Petr Vobornik <pvoborni at redhat.com> wrote:
> On 09/21/2016 10:50 AM, Natxo Asenjo wrote:
>
> > When I try to resubmit certificates from certmonger they still hit the
> kdc01 web
> > server, so the requests hang on an status: CA_UNREACHABLE
> > ca-error: Server failed request, will retry: 4301 (RPC failed at
> server.
> > Certificate operation cannot be completed: Failure decoding Certificate
> Signing
> > Request).
>
> Where does it happen? On arbitrary client which was installed in a past
> against the removed kdc01?
>
yes.
>
> If so could you look into /etc/ipa/default.conf and change host option
> from kdc01 to the 7.2 IPA sever?
>
>
ok, done.
In fact, change both the domain as the xmlrpc_uri directives in the global
section was necessary. Now It worked :-)
So, what should be the correct value for dns discovery for both directives
using dns discovery?
thanks!
--
Groeten,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160921/dbbcac5a/attachment.htm>
More information about the Freeipa-users
mailing list