<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif">Adding to this, I am able to do ldsearch from the server which I am trying to make replica.</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style=""><div class="gmail_default" style=""><font face="verdana, sans-serif">[root@ipa-inf-prd-ng2-02 ~]# ldapsearch -x -H ldap://<a href="http://ipa-inf-prd-ng2-01.klikpay.int">ipa-inf-prd-ng2-01.klikpay.int</a> -s base -b '' namingContexts</font></div><div class="gmail_default" style=""><font face="verdana, sans-serif"># extended LDIF</font></div><div class="gmail_default" style=""><font face="verdana, sans-serif">#</font></div><div class="gmail_default" style=""><font face="verdana, sans-serif"># LDAPv3</font></div><div class="gmail_default" style=""><font face="verdana, sans-serif"># base <> with scope baseObject</font></div><div class="gmail_default" style=""><font face="verdana, sans-serif"># filter: (objectclass=*)</font></div><div class="gmail_default" style=""><font face="verdana, sans-serif"># requesting: namingContexts </font></div><div class="gmail_default" style=""><font face="verdana, sans-serif">#</font></div><div class="gmail_default" style=""><font face="verdana, sans-serif"><br></font></div><div class="gmail_default" style=""><font face="verdana, sans-serif">#</font></div><div class="gmail_default" style=""><font face="verdana, sans-serif">dn:</font></div><div class="gmail_default" style=""><font face="verdana, sans-serif">namingContexts: cn=changelog</font></div><div class="gmail_default" style=""><font face="verdana, sans-serif">namingContexts: dc=klikpay,dc=int</font></div><div class="gmail_default" style=""><font face="verdana, sans-serif">namingContexts: o=ipaca</font></div><div class="gmail_default" style=""><font face="verdana, sans-serif"><br></font></div><div class="gmail_default" style=""><font face="verdana, sans-serif"># search result</font></div><div class="gmail_default" style=""><font face="verdana, sans-serif">search: 2</font></div><div class="gmail_default" style=""><font face="verdana, sans-serif">result: 0 Success</font></div><div class="gmail_default" style=""><font face="verdana, sans-serif"><br></font></div><div class="gmail_default" style=""><font face="verdana, sans-serif"># numResponses: 2</font></div><div class="gmail_default" style=""><font face="verdana, sans-serif"># numEntries: 1</font></div><div class="gmail_default" style=""><font face="verdana, sans-serif">[root@ipa-inf-prd-ng2-02 ~]# </font></div><div style="font-family:verdana,sans-serif"><br></div></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><i style="font-size:12.8000001907349px"><span style="font-family:verdana,sans-serif">Best Regards,</span></i><br></div><div dir="ltr"><div style="font-size:12.8000001907349px"><div><i><span style="font-family:verdana,sans-serif">__________________________________________<br></span></i></div><i><span style="font-family:verdana,sans-serif">Yogesh Sharma<br></span></i></div><span style="font-size:12.8000001907349px;font-family:verdana,sans-serif"><i>Email: <a href="mailto:yks0000@gmail.com" target="_blank">yks0000@gmail.com</a> | Web: <span style="color:rgb(0,0,0)"><a href="http://www.initd.in/" target="_blank">www.initd.in</a> </span></i></span><br></div><div dir="ltr"><span style="font-size:12.8000001907349px;font-family:verdana,sans-serif"><i><span style="color:rgb(0,0,0)"><br></span></i></span></div><div><span style="font-size:12.8000001907349px;font-family:verdana,sans-serif"><i><span style="color:rgb(0,0,0)">RHCE, VCE-CIA, RACKSPACE CLOUD U Certified</span></i></span></div><div dir="ltr"><br></div><div dir="ltr"><a href="https://www.fb.com/yks0000" target="_blank"><img src="http://i.imgbox.com/ojTDSuw0.gif" alt=""></a>  <a href="http://in.linkedin.com/in/yks0000" target="_blank"><img src="http://i.imgbox.com/fHLDBlyz.gif"></a>  <a href="https://twitter.com/checkwithyogesh" target="_blank"><img src="http://i.imgbox.com/vTX3eOJ5.gif"></a>  <a href="http://google.com/+YogeshSharmaOnGooglePlus" target="_blank"><img src="http://i.imgbox.com/W2bQouRN.gif"></a></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Mon, Nov 2, 2015 at 11:24 AM, Yogesh Sharma <span dir="ltr"><<a href="mailto:yks0000@gmail.com" target="_blank">yks0000@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif">Tried to re-enroll the replica however, getting the same error, though I am able to connect to server.</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">=====</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default"><div class="gmail_default"><font face="verdana, sans-serif">Starting replication, please wait until this has completed.</font></div><div class="gmail_default"><font face="verdana, sans-serif"><br></font></div><div class="gmail_default"><font face="verdana, sans-serif">[<a href="http://ipa-inf-prd-ng2-01.klikpay.int" target="_blank">ipa-inf-prd-ng2-01.klikpay.int</a>] reports: Update failed! Status: [-1  - LDAP error: Can't contact LDAP server]</font></div><div class="gmail_default"><font face="verdana, sans-serif"><br></font></div><div class="gmail_default"><font face="verdana, sans-serif">  [error] RuntimeError: Failed to start replication</font></div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">=====</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif"><div class="gmail_default">[root@ipa-inf-prd-ng2-02 ~]# telnet <a href="http://ipa-inf-prd-ng2-01.klikpay.int" target="_blank">ipa-inf-prd-ng2-01.klikpay.int</a> 389</div><div class="gmail_default">Trying 172.16.32.10...</div><div class="gmail_default">Connected to <a href="http://ipa-inf-prd-ng2-01.klikpay.int" target="_blank">ipa-inf-prd-ng2-01.klikpay.int</a>.</div><div class="gmail_default">Escape character is '^]'.</div><div class="gmail_default">^]</div><div class="gmail_default">telnet> quit</div><div class="gmail_default">Connection closed.</div><div class="gmail_default">[root@ipa-inf-prd-ng2-02 ~]# </div><div><br></div></div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div></div></div><div class="gmail_extra"><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><i style="font-size:12.8000001907349px"><span style="font-family:verdana,sans-serif">Best Regards,</span></i><br></div><div dir="ltr"><div style="font-size:12.8000001907349px"><div><i><span style="font-family:verdana,sans-serif">__________________________________________<br></span></i></div><i><span style="font-family:verdana,sans-serif">Yogesh Sharma<br></span></i></div><span style="font-size:12.8000001907349px;font-family:verdana,sans-serif"><i>Email: <a href="mailto:yks0000@gmail.com" target="_blank">yks0000@gmail.com</a> | Web: <span style="color:rgb(0,0,0)"><a href="http://www.initd.in/" target="_blank">www.initd.in</a> </span></i></span><br></div><div dir="ltr"><span style="font-size:12.8000001907349px;font-family:verdana,sans-serif"><i><span style="color:rgb(0,0,0)"><br></span></i></span></div><div><span style="font-size:12.8000001907349px;font-family:verdana,sans-serif"><i><span style="color:rgb(0,0,0)">RHCE, VCE-CIA, RACKSPACE CLOUD U Certified</span></i></span></div><div dir="ltr"><br></div><div dir="ltr"><a href="https://www.fb.com/yks0000" target="_blank"><img src="http://i.imgbox.com/ojTDSuw0.gif" alt=""></a>  <a href="http://in.linkedin.com/in/yks0000" target="_blank"><img src="http://i.imgbox.com/fHLDBlyz.gif"></a>  <a href="https://twitter.com/checkwithyogesh" target="_blank"><img src="http://i.imgbox.com/vTX3eOJ5.gif"></a>  <a href="http://google.com/+YogeshSharmaOnGooglePlus" target="_blank"><img src="http://i.imgbox.com/W2bQouRN.gif"></a></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Fri, Oct 30, 2015 at 7:05 PM, Rob Crittenden <span dir="ltr"><<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Yogesh Sharma wrote:<br>
> Team,<br>
><br>
> Noticed that user created on IPA Master are not replicating on Replica.<br>
><br>
> Also, we create a new Zone in Master, However we do not see the same in<br>
> replica server.<br>
<br>
You need to figure out why <a href="http://ipa-inf-prd-ng2-01.klikpay.int" rel="noreferrer" target="_blank">ipa-inf-prd-ng2-01.klikpay.int</a> can't contact<br>
port 389 on <a href="http://ipa-inf-prd-ng2-02.klikpay.int" rel="noreferrer" target="_blank">ipa-inf-prd-ng2-02.klikpay.int</a>. It may be someone threw up a<br>
firewall without telling you, or someone tweaked the rules on either of<br>
those boxes.<br>
<br>
Doing re-init, force-sync, etc is always going to fail if one can't talk<br>
to the other.<br>
<br>
rob<br>
<br>
><br>
><br>
> Below is the information:<br>
><br>
> From Master:<br>
><br>
> [root@ipa-inf-prd-ng2-01 ~]# ipa-replica-manage list -v<br>
> <a href="http://ipa-inf-prd-ng2-01.klikpay.int" rel="noreferrer" target="_blank">ipa-inf-prd-ng2-01.klikpay.int</a> <<a href="http://ipa-inf-prd-ng2-01.klikpay.int" rel="noreferrer" target="_blank">http://ipa-inf-prd-ng2-01.klikpay.int</a>><br>
> Directory Manager password:<br>
><br>
> <a href="http://ipa-inf-prd-ng2-02.klikpay.int" rel="noreferrer" target="_blank">ipa-inf-prd-ng2-02.klikpay.int</a> <<a href="http://ipa-inf-prd-ng2-02.klikpay.int" rel="noreferrer" target="_blank">http://ipa-inf-prd-ng2-02.klikpay.int</a>>:<br>
> replica<br>
>   last init status: None<br>
>   last init ended: None<br>
>   last update status: -1 Unable to acquire replicaLDAP error: Can't<br>
> contact LDAP server<br>
>   last update ended: None<br>
> [root@ipa-inf-prd-ng2-01 ~]#<br>
><br>
><br>
><br>
> From Replica:<br>
><br>
><br>
> [root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage list -v<br>
> <a href="http://ipa-inf-prd-ng2-02.klikpay.int" rel="noreferrer" target="_blank">ipa-inf-prd-ng2-02.klikpay.int</a> <<a href="http://ipa-inf-prd-ng2-02.klikpay.int" rel="noreferrer" target="_blank">http://ipa-inf-prd-ng2-02.klikpay.int</a>><br>
> Directory Manager password:<br>
><br>
> <a href="http://ipa-inf-prd-ng2-01.klikpay.int" rel="noreferrer" target="_blank">ipa-inf-prd-ng2-01.klikpay.int</a> <<a href="http://ipa-inf-prd-ng2-01.klikpay.int" rel="noreferrer" target="_blank">http://ipa-inf-prd-ng2-01.klikpay.int</a>>:<br>
> replica<br>
>   last init status: None<br>
>   last init ended: None<br>
>   last update status: 0 Replica acquired successfully: Incremental<br>
> update succeeded<br>
>   last update ended: 2015-10-30 10:36:25+00:00<br>
> [root@ipa-inf-prd-ng2-02 ~]#<br>
><br>
><br>
> Though it says it is replicated (last update ended), We are not seeing<br>
> new users and the new DNS Zone which we created<br>
><br>
><br>
> I also tried force replication, though I can not see the new Changes:<br>
><br>
> [root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage force-sync --from<br>
> <a href="http://ipa-inf-prd-ng2-01.klikpay.int" rel="noreferrer" target="_blank">ipa-inf-prd-ng2-01.klikpay.int</a> <<a href="http://ipa-inf-prd-ng2-01.klikpay.int" rel="noreferrer" target="_blank">http://ipa-inf-prd-ng2-01.klikpay.int</a>><br>
> Directory Manager password:<br>
><br>
> ipa: INFO: Setting agreement cn=<a href="http://meToipa-inf-prd-ng2-02.klikpay.int" rel="noreferrer" target="_blank">meToipa-inf-prd-ng2-02.klikpay.int</a><br>
> <<a href="http://meToipa-inf-prd-ng2-02.klikpay.int" rel="noreferrer" target="_blank">http://meToipa-inf-prd-ng2-02.klikpay.int</a>>,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping<br>
> tree,cn=config schedule to 2358-2359 0 to force synch<br>
> ipa: INFO: Deleting schedule 2358-2359 0 from agreement<br>
> cn=<a href="http://meToipa-inf-prd-ng2-02.klikpay.int" rel="noreferrer" target="_blank">meToipa-inf-prd-ng2-02.klikpay.int</a><br>
> <<a href="http://meToipa-inf-prd-ng2-02.klikpay.int" rel="noreferrer" target="_blank">http://meToipa-inf-prd-ng2-02.klikpay.int</a>>,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping<br>
> tree,cn=config<br>
> [root@ipa-inf-prd-ng2-02 ~]#<br>
><br>
><br>
> Once I do re-initialization, it gives "Can't Contact LDAP Server"<br>
><br>
> [root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage re-initialize --from<br>
> <a href="http://ipa-inf-prd-ng2-01.klikpay.int" rel="noreferrer" target="_blank">ipa-inf-prd-ng2-01.klikpay.int</a> <<a href="http://ipa-inf-prd-ng2-01.klikpay.int" rel="noreferrer" target="_blank">http://ipa-inf-prd-ng2-01.klikpay.int</a>><br>
> Directory Manager password:<br>
><br>
> ipa: INFO: Setting agreement cn=<a href="http://meToipa-inf-prd-ng2-02.klikpay.int" rel="noreferrer" target="_blank">meToipa-inf-prd-ng2-02.klikpay.int</a><br>
> <<a href="http://meToipa-inf-prd-ng2-02.klikpay.int" rel="noreferrer" target="_blank">http://meToipa-inf-prd-ng2-02.klikpay.int</a>>,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping<br>
> tree,cn=config schedule to 2358-2359 0 to force synch<br>
> ipa: INFO: Deleting schedule 2358-2359 0 from agreement<br>
> cn=<a href="http://meToipa-inf-prd-ng2-02.klikpay.int" rel="noreferrer" target="_blank">meToipa-inf-prd-ng2-02.klikpay.int</a><br>
> <<a href="http://meToipa-inf-prd-ng2-02.klikpay.int" rel="noreferrer" target="_blank">http://meToipa-inf-prd-ng2-02.klikpay.int</a>>,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping<br>
> tree,cn=config<br>
><br>
> [<a href="http://ipa-inf-prd-ng2-01.klikpay.int" rel="noreferrer" target="_blank">ipa-inf-prd-ng2-01.klikpay.int</a> <<a href="http://ipa-inf-prd-ng2-01.klikpay.int" rel="noreferrer" target="_blank">http://ipa-inf-prd-ng2-01.klikpay.int</a>>]<br>
> reports: Update failed! Status: [-1  - LDAP error: Can't contact LDAP<br>
> server]<br>
><br>
><br>
><br>
><br>
> /Best Regards,/<br>
> /__________________________________________<br>
> /<br>
> /Yogesh Sharma<br>
> /<br>
> /Email: <a href="mailto:yks0000@gmail.com" target="_blank">yks0000@gmail.com</a> <mailto:<a href="mailto:yks0000@gmail.com" target="_blank">yks0000@gmail.com</a>> | Web: <a href="http://www.initd.in" rel="noreferrer" target="_blank">www.initd.in</a><br>
> <<a href="http://www.initd.in/" rel="noreferrer" target="_blank">http://www.initd.in/</a>> /<br>
> /<br>
> /<br>
> /RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/<br>
><br>
> <<a href="https://www.fb.com/yks0000" rel="noreferrer" target="_blank">https://www.fb.com/yks0000</a>>  <<a href="http://in.linkedin.com/in/yks0000" rel="noreferrer" target="_blank">http://in.linkedin.com/in/yks0000</a>>  <<a href="https://twitter.com/checkwithyogesh" rel="noreferrer" target="_blank">https://twitter.com/checkwithyogesh</a>>  <<a href="http://google.com/+YogeshSharmaOnGooglePlus" rel="noreferrer" target="_blank">http://google.com/+YogeshSharmaOnGooglePlus</a>><br>
><br>
><br>
<br>
</blockquote></div><br></div>
</blockquote></div><br></div>