That was the /var/log/ipareplica-conncheck.log log file it does looks like a DNs issue, but im not sure where.
dns resolves the host fine on the host [root@ipa011 ~]# host ipa011 ipa011.ad.companyx.fm has address 10.32.225.7 [root@ipa011 ~]# grep ipa /etc/ipa/default.conf host = ipa011.ad.companyx.fm xmlrpc_uri = https://ipa011.ad.companyx.fm/ipa/xml ca_host = ipa010.ad.companyx.fm it's odd as i run the connection check before the start of the install, to check ports and routes. it works fine. replica install works. dns install works. just the ca installer comes back with this error. As an additional test i added the dns record for this host into IPA before the install. Normally we don't need to, but just as a test, but it made no difference. We do have new DNS forwarders on the network - these are in front of the IPA servers. They are there just take the load from the k8s clusters away from IPA DNS. Would the CA install break if the DNS lookups are "proxied" by the DNS forwarders? All DNS tests i can think of work via the forwarders. The IPA clients (100s) are all fine with them. I will update the client to ignore the forwarders, but if you can think of anything else to try? thanks, Nick _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
