On Mon, 2011-06-13 at 17:29 +0200, Sigbjorn Lie wrote: > On 06/13/2011 04:41 PM, Ade Lee wrote: > > Hi, > > > > The replica installation is failing when the replica attempts to contact > > the CA on the master to log into the security domain. According to your > > log, this is https://ipa01.ix.test.com:9445 > > > > Can the master be resolved and reached from the replica? Can port 9445 > > be reached (as well as ports 9444 and 9443?) > > > > You can also check the master's /var/log/pki-ca/debug log to see if any > > communication was received from the replica. > > > > There was an additional DNS A record added to the existing IPA server > hostname! This additional DNS A record pointed at the IP address of the > replica IPA server I'm attempting to configure! I removed this A record > and the replica installed successfully. > > When I initially ran the ipa-replica-prepare command, I added the > "--ip-address" option to get the DNS records for this host created. (I > have a seperate dns domain for the IPA environment.) In this process > ipa-replica-prepare created an additional reverse zone on the server. > (The new ipa replica resides on a subnet which sits at a AD DNS server, > but it's still resolvable from the IPA dns servers). > > After the replica finished I tried to run the ipa-replica-prepare > command again with a new hostname, and adding an IP address using > --ip-address on a subnet not known to the IPA DNS. The same error was > re-produced, the DNS A record was added to the master IPA server. > > I would also like to note that I cannot see the second DNS entry using > the web gui, only using "ipa dnsrecord-find". Bug opened in bugzilla for > ipa-replica-prepare: > > https://bugzilla.redhat.com/show_bug.cgi?id=712920 >
This looks like it's probably related to https://fedorahosted.org/freeipa/ticket/1223 > > Rgds, > Siggi > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users