Hello I am running CentOS 7.9 FreeIPA 4.6.8 Installed with integrated DNS and CA A replica will be installed after the trust is established with the AD domain.
When trying to create a trust with AD i get the following error message (it seems to be somewhat random but goes back and forth between these two) Fetching domains from trusted forest failed OR ipa: ERROR: cannot connect to 'https://<server>/ipa/session/json': Gateway Timeout I have done the following to troubleshoot: - disable Selinux, which makes no difference - check firewall ports. for your reference I have the following defined services: freeipa-ldap, freeiipa-ldaps, http, https, kerberos, ntp, dns, ssh ports: 749/tcp, 7389/tcp, 8005/tcp, 8009/tcp - check DNS, it all verifies properly according to 5.2.1.2 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/trust-during#trust-set-up-idm - enabled debugging per https://www.freeipa.org/page/Active_Directory_trust_setup#Establish_and_verify_cross-forest_trust - disabled DNSSEC per https://access.redhat.com/solutions/2263991 I do see something of interest in the error_log but I am not sure if this is the problem. wsgi:error Timeout when reading response headers from daemon process 'ipa': /usr/share/ipa/wsgi.py ipa: ERROR: Failed to call com.redhat.idm.trust.fetch_domains helper. DBus exception is org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. ipa: ERROR: Helper fetch_domain was called for forest <forest_name_here>, return code is 2 Any assistance you can provide is appreciated! _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure