<div dir="ltr">HI<div><br></div><div>anyone please help me to fix this.</div><div><br></div><div>Regards,</div><div>Ben</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 4, 2017 at 3:12 PM, Ben .T.George <span dir="ltr"><<a href="mailto:bentech4you@gmail.com" target="_blank">bentech4you@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">HI <div><br></div><div>port 8009 is not listening in master server</div><div><br></div><div>and i added ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 in hosts file.</div><div><br></div><div>still getting same error</div><div><br></div><div><div> [28/44]: restarting directory server</div><span class=""><div>ipa         : CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv@KW-EXAMPLE-COM.service' returned non-zero exit status 1). See the installation log for details.</div><div>  [29/44]: setting up initial replication</div><div>  [error] error: [Errno 111] Connection refused</div><div>Your system may be partly configured.</div><div>Run /usr/sbin/ipa-server-install --uninstall to clean up.</div><div><br></div><div>ipa.ipapython.install.cli.<wbr>install_tool(Replica): ERROR    [Errno 111] Connection refused</div><div>ipa.ipapython.install.cli.<wbr>install_tool(Replica): ERROR    The ipa-replica-install command failed. See /var/log/ipareplica-install.<wbr>log for more information</div></span></div><div><br></div><div><br></div><div>Also  ipv6 is disabled on both nodes</div><div><br></div><div>Regards,</div><div>Ben</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 4, 2017 at 2:05 PM, Petr Vobornik <span dir="ltr"><<a href="mailto:pvoborni@redhat.com" target="_blank">pvoborni@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On 01/04/2017 10:59 AM, Ben .T.George wrote:<br>
> HI<br>
><br>
</span><span>> i tried the method mentioned on that document and it end up with below error. My<br>
> DNS is managed by external box and i dont want to create any DNS record on these<br>
> servers.<br>
><br>
> and the command which i tried is(non client server)<br>
><br>
> ipa-replica-install --principal admin --admin-password P@ssw0rd --domain<br>
</span>> <a href="http://kw.example.com" rel="noreferrer" target="_blank">kw.example.com</a> <<a href="http://kw.example.com" rel="noreferrer" target="_blank">http://kw.example.com</a>> --server <a href="http://zkwipamstr01.kw.example.com" rel="noreferrer" target="_blank">zkwipamstr01.kw.example.com</a><br>
> <<a href="http://zkwipamstr01.kw.example.com" rel="noreferrer" target="_blank">http://zkwipamstr01.kw.exampl<wbr>e.com</a>><br>
<span>><br>
><br>
><br>
> ipa         : CRITICAL Failed to restart the directory server (Command<br>
> '/bin/systemctl restart dirsrv@KW-EXAMPLE-COM.service' returned non-zero exit<br>
> status 1). See the installation log for details.<br>
>    [29/44]: setting up initial replication<br>
>    [error] error: [Errno 111] Connection refused<br>
> Your system may be partly configured.<br>
> Run /usr/sbin/ipa-server-install --uninstall to clean up.<br>
><br>
> ipa.ipapython.install.cli.inst<wbr>all_tool(Replica): ERROR    [Errno 111] Connection<br>
> refused<br>
> ipa.ipapython.install.cli.inst<wbr>all_tool(Replica): ERROR    The<br>
> ipa-replica-install command failed. See /var/log/ipareplica-install.lo<wbr>g for more<br>
> information<br>
<br>
</span>This looks like bug <a href="https://fedorahosted.org/freeipa/ticket/6575" rel="noreferrer" target="_blank">https://fedorahosted.org/freei<wbr>pa/ticket/6575</a><br>
<br>
To verify that, could you check if master server internally listens on<br>
port 8009 or if ipareplica-install.log contains CA_UNREACHABLE string<br>
near  step 27.<br>
<br>
Usual fix is to add following line to /etc/hosts<br>
  ::1         localhost localhost.localdomain localhost6<br>
localhost6.localdomain6<br>
<span><br>
<br>
> [root@zkwiparepa01 ~]# /bin/systemctl restart dirsrv@KW-EXAMPLE-COM.service<br>
> Job for dirsrv@KW-EXAMPLE-COM.service failed because the control process exited<br>
> with error code. See "systemctl status dirsrv@KW-EXAMPLE-COM.service" and<br>
> "journalctl -xe" for details.<br>
><br>
> [root@zkwiparepa01 ~]# systemctl status dirsrv@KW-EXAMPLE-COM.service<br>
> ● dirsrv@KW-EXAMPLE-COM.service - 389 Directory Server KW-EXAMPLE-COM.<br>
>     Loaded: loaded (/usr/lib/systemd/system/dirsr<wbr>v@.service; enabled; vendor<br>
> preset: disabled)<br>
>     Active: failed (Result: exit-code) since Wed 2017-01-04 12:54:46 AST; 13s ago<br>
>    Process: 14893 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i<br>
> /var/run/dirsrv/slapd-%i.pid (code=exited, status=1/FAILURE)<br>
>    Process: 14887 ExecStartPre=/usr/sbin/ds_syst<wbr>emd_ask_password_acl<br>
> /etc/dirsrv/slapd-%i/dse.ldif (code=exited, status=0/SUCCESS)<br>
>   Main PID: 14893 (code=exited, status=1/FAILURE)<br>
><br>
</span>> Jan 04 12:54:46 <a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">zkwiparepa01.kw.example.com</a> <<a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">http://zkwiparepa01.kw.exampl<wbr>e.com</a>><br>
<span>> ns-slapd[14893]: [04/Jan/2017:12:54:46.17761789<wbr>1 +0300] Error:<br>
> betxnpostoperation plu...arted<br>
</span>> Jan 04 12:54:46 <a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">zkwiparepa01.kw.example.com</a> <<a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">http://zkwiparepa01.kw.exampl<wbr>e.com</a>><br>
<span>> ns-slapd[14893]: [04/Jan/2017:12:54:46.17837975<wbr>2 +0300] Error: object plugin<br>
> Roles Pl...arted<br>
</span>> Jan 04 12:54:46 <a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">zkwiparepa01.kw.example.com</a> <<a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">http://zkwiparepa01.kw.exampl<wbr>e.com</a>><br>
<span>> ns-slapd[14893]: [04/Jan/2017:12:54:46.17916234<wbr>0 +0300] Error: preoperation<br>
> plugin su...arted<br>
</span>> Jan 04 12:54:46 <a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">zkwiparepa01.kw.example.com</a> <<a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">http://zkwiparepa01.kw.exampl<wbr>e.com</a>><br>
<span>> ns-slapd[14893]: [04/Jan/2017:12:54:46.17999343<wbr>2 +0300] Error: object plugin USN<br>
> is n...arted<br>
</span>> Jan 04 12:54:46 <a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">zkwiparepa01.kw.example.com</a> <<a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">http://zkwiparepa01.kw.exampl<wbr>e.com</a>><br>
<span>> ns-slapd[14893]: [04/Jan/2017:12:54:46.18130520<wbr>9 +0300] Error: object plugin<br>
> Views is...arted<br>
</span>> Jan 04 12:54:46 <a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">zkwiparepa01.kw.example.com</a> <<a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">http://zkwiparepa01.kw.exampl<wbr>e.com</a>><br>
<span>> ns-slapd[14893]: [04/Jan/2017:12:54:46.18209498<wbr>1 +0300] Error: extendedop plugin<br>
> whoa...arted<br>
</span>> Jan 04 12:54:46 <a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">zkwiparepa01.kw.example.com</a> <<a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">http://zkwiparepa01.kw.exampl<wbr>e.com</a>><br>
<span>> systemd[1]: dirsrv@KW-EXAMPLE-COM.service: main process exited, code=exited,<br>
> status=1/FAILURE<br>
</span>> Jan 04 12:54:46 <a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">zkwiparepa01.kw.example.com</a> <<a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">http://zkwiparepa01.kw.exampl<wbr>e.com</a>><br>
<span>> systemd[1]: Failed to start 389 Directory Server KW-EXAMPLE-COM..<br>
</span>> Jan 04 12:54:46 <a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">zkwiparepa01.kw.example.com</a> <<a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">http://zkwiparepa01.kw.exampl<wbr>e.com</a>><br>
<span>> systemd[1]: Unit dirsrv@KW-EXAMPLE-COM.service entered failed state.<br>
</span>> Jan 04 12:54:46 <a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">zkwiparepa01.kw.example.com</a> <<a href="http://zkwiparepa01.kw.example.com" rel="noreferrer" target="_blank">http://zkwiparepa01.kw.exampl<wbr>e.com</a>><br>
<span class="m_5270652869528505763im m_5270652869528505763HOEnZb">> systemd[1]: dirsrv@KW-EXAMPLE-COM.service failed.<br>
> Hint: Some lines were ellipsized, use -l to show in full.<br>
><br>
><br>
><br>
> Regards,<br>
> Ben<br>
><br>
><br>
> On Wed, Jan 4, 2017 at 11:19 AM, Martin Babinsky <<a href="mailto:mbabinsk@redhat.com" target="_blank">mbabinsk@redhat.com</a><br>
</span><div class="m_5270652869528505763HOEnZb"><div class="m_5270652869528505763h5">> <mailto:<a href="mailto:mbabinsk@redhat.com" target="_blank">mbabinsk@redhat.com</a>>> wrote:<br>
><br>
>     On 01/04/2017 07:21 AM, Ben .T.George wrote:<br>
><br>
>         HI<br>
><br>
>         while trying to create ipa replica, i am getting below error,<br>
><br>
>         Replica creation using 'ipa-replica-prepare' to generate replica file<br>
>         is supported only in 0-level IPA domain.<br>
><br>
>         The current IPA domain level is 1 and thus the replica must<br>
>         be created by promoting an existing IPA client.<br>
><br>
>         To set up a replica use the following procedure:<br>
>              1.) set up a client on the host using 'ipa-client-install'<br>
>              2.) promote the client to replica running 'ipa-replica-install'<br>
>                  *without* replica file specified<br>
><br>
>         'ipa-replica-prepare' is allowed only in domain level 0<br>
>         The ipa-replica-prepare command failed.<br>
><br>
><br>
>         i have IPA master server without AD integration and DNS is managed by<br>
>         3rd party appliances.<br>
><br>
><br>
><br>
>         Regards,<br>
>         Ben<br>
><br>
><br>
><br>
>     Hi Ben,<br>
><br>
>     If you installed IPA 4.4 server then domain level 1 is the default. This<br>
>     domain level uses different mechanism to stand up replicas. See the latest<br>
>     IdM documentation[1] for more details.<br>
><br>
>     [1]<br>
>     <a href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/creating-the-replica.html" rel="noreferrer" target="_blank">https://access.redhat.com/doc<wbr>umentation/en-US/Red_Hat_Enter<wbr>prise_Linux/7/html/Linux_Domai<wbr>n_Identity_Authentication_and_<wbr>Policy_Guide/creating-the-<wbr>replica.html</a><br>
>     <<a href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/creating-the-replica.html" rel="noreferrer" target="_blank">https://access.redhat.com/do<wbr>cumentation/en-US/Red_Hat_Ente<wbr>rprise_Linux/7/html/Linux_Doma<wbr>in_Identity_Authentication_<wbr>and_Policy_Guide/creating-the-<wbr>replica.html</a>><br>
><br>
>     --<br>
>     Martin^3 Babinsky<br>
><br>
>     --<br>
>     Manage your subscription for the Freeipa-users mailing list:<br>
>     <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" rel="noreferrer" target="_blank">https://www.redhat.com/mailma<wbr>n/listinfo/freeipa-users</a><br>
>     <<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" rel="noreferrer" target="_blank">https://www.redhat.com/mailm<wbr>an/listinfo/freeipa-users</a>><br>
>     Go to <a href="http://freeipa.org" rel="noreferrer" target="_blank">http://freeipa.org</a> for more info on the project<br>
><br>
><br>
><br>
><br>
<br>
<br>
</div></div><span class="m_5270652869528505763HOEnZb"><font color="#888888">--<br>
Petr Vobornik<br>
</font></span></blockquote></div><br></div>
</div></div></blockquote></div><br></div>