Thanks Flo. I have indeed done that, but I didn't start with only source of truth and just one replica.
Will try that and report back. On Fri, Nov 7, 2025, 4:50 AM Florence Blanc-Renaud <[email protected]> wrote: > Hi, > > On Thu, Nov 6, 2025 at 11:32 PM Russell Jones via FreeIPA-users < > [email protected]> wrote: > >> Hi all, >> >> I have a replication issue that I have been unable to resolve with my >> 4-node cluster. Steps I have tried: >> >> - One by one reinitializing all of the replicas >> - One by one completely removing and reinstalling all of the replicas >> - Lowering the changelog max age to 5 minutes (dsconf... >> replication set-changelog) hoping that the problematic entry would just get >> expired out. >> > > The max age governs how long a server keeps a change in the changelog > before purging it (and the changes in the changelog are the crucial pieces > of information for replication). So if the max age is 5min and a replica > gets disconnected for more than 5 minutes, it won't be able to get the > changes older than 5 minutes and it will show this error with Can't locate > CSN. A small value for max age is a greater risk of losing information, and > a large value implies bigger database, bigger disk space. > > I would start by resetting the max age to the default value, then identify > which server contains the source of truth. > Try to re-initialize one replica from this source of trust. > - remove the replica following > https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/8/html-single/installing_identity_management/index#managing-topology-remove-cli > - remove obsolete ruv records (if any) > https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/8/html-single/installing_identity_management/index#managing-topology-remove-cli > - re-install the replica with ipa-replica-manage install ... > Then check if replication works. > > flo > > >> >> Nothing has worked. Below is the error I am getting, and it happens on >> all of the nodes. It does not seem to be limited to just one problematic >> node. How do I fix this? Replication has been working just fine otherwise. >> Users and nodes are replicated without an issue. The "cipa" tool reports >> everything passes. >> >> [06/Nov/2025:16:20:25.409077016 -0600] - ERR - >> agmt="cn=freeipa3.cluster-to-freeipa2.us.ep.corp.local" (freeipa2:389) - >> clcache_load_buffer - Can't locate CSN 690d206b000000260000 in the >> changelog (DB rc=-12797). If replication stops, the consumer may need to be >> reinitialized. >> >> [06/Nov/2025:16:20:25.409713350 -0600] - ERR - >> agmt="cn=freeipa3.cluster-to-freeipa1.us.ep.corp.local" (freeipa1:389) - >> clcache_load_buffer - Can't locate CSN 690d206b000000260000 in the >> changelog (DB rc=-12797). If replication stops, the consumer may need to be >> reinitialized. >> >> [06/Nov/2025:16:21:03.774688925 -0600] - ERR - >> agmt="cn=freeipa3.cluster-to-freeipa1.us.ep.corp.local" (freeipa1:389) - >> clcache_load_buffer - Can't locate CSN 690d2091000000260000 in the >> changelog (DB rc=-12797). If replication stops, the consumer may need to be >> reinitialized. >> >> [06/Nov/2025:16:21:03.775486850 -0600] - ERR - >> agmt="cn=freeipa3.cluster-to-freeipa2.us.ep.corp.local" (freeipa2:389) - >> clcache_load_buffer - Can't locate CSN 690d2091000000260000 in the >> changelog (DB rc=-12797). If replication stops, the consumer may need to be >> reinitialized. >> >> [06/Nov/2025:16:21:03.776066865 -0600] - ERR - >> agmt="cn=freeipa3.cluster-to-freeipa4.cluster" (freeipa4:389) - >> clcache_load_buffer - Can't locate CSN 690d2091000000260000 in the >> changelog (DB rc=-12797). If replication stops, the consumer may need to be >> reinitialized. >> -- >> _______________________________________________ >> FreeIPA-users mailing list -- [email protected] >> To unsubscribe send an email to >> [email protected] >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> Do not reply to spam, report it: >> https://pagure.io/fedora-infrastructure/new_issue >> >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
