<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Okay. This morning, I turned back time to 4/1 and started up IPA. It
didn't work, but I got something new and interesting in the debug
log, which I've posted to <a class="moz-txt-link-freetext" href="http://pastebin.com/M9VGCS8A">http://pastebin.com/M9VGCS8A</a>. Lots of
garbled junk came pouring out which doesn't happen when I'm set to
real time. Is <i>this</i> significant?<br>
<br>
<br>
<div class="moz-cite-prefix">On 04/27/2016 02:24 PM, Bret Wortman
wrote:<br>
</div>
<blockquote cite="mid:572103CE.6030404@damascusgrp.com" type="cite">I
put excerpts from the ca logs in <a class="moz-txt-link-freetext" href="http://pastebin.com/gYgskU79">http://pastebin.com/gYgskU79</a>. It
looks logical to me, but I can't spot anything that looks like a
root cause error. The selftests are all okay, I think. The debug
log might have something, but it might also just be complaining
about ldap not being up because it's not.
<br>
<br>
<br>
On 04/27/2016 01:11 PM, Rob Crittenden wrote:
<br>
<blockquote type="cite">Bret Wortman wrote:
<br>
<blockquote type="cite">So in lieu of fixing these certs, is
there an acceptable way to dump
<br>
them all and start over /without losing the contents of the
IPA
<br>
database/? Or otherwise really screwing ourselves?
<br>
</blockquote>
<br>
I don't believe there is a way.
<br>
<br>
<blockquote type="cite">We have a replica that's still up and
running and we've switched
<br>
everyone over to talking to it, but we're at risk with just
the one.
<br>
</blockquote>
<br>
I'd ignore the two unknown certs for now. They look like someone
was experimenting with issuing a cert and didn't quite get
things working.
<br>
<br>
The CA seems to be throwing an error. I'd check the syslog for
messages from certmonger and look at the CA debug log and
selftest log.
<br>
<br>
rob
<br>
<br>
</blockquote>
[snip]
<br>
<br>
</blockquote>
<br>
</body>
</html>