Digging a bit deeper, I found this in /var/log/pki-ca/catalina.out: : Could not connect to LDAP server host oldmaster.my.com port 7389 Error netscape.ldap.LDAPException: failed to connect to server ldap:// oldmaster.my.com:7389 (91) Feb 19, 2013 11:46:50 AM org.apache.catalina.startup.Catalina stopServer SEVERE: Catalina.stop: java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) : :
This certainly appears to be a problem, but everyone's authenticating against oldmaster just fine. Thoughts, anyone? * * *Bret Wortman* <http://damascusgrp.com/> http://damascusgrp.com/ <http://bretwortman.com/> http://twitter.com/BretWortman On Tue, Feb 19, 2013 at 11:07 AM, Bret Wortman <bret.wort...@damascusgrp.com > wrote: > Does anyone have an idea why I can't connect, or why this service isn't > running on my freeipa instance? It used to be, because I've created a > replica in the past.... > > > * > * > *Bret Wortman* > <http://damascusgrp.com/> > http://damascusgrp.com/ <http://bretwortman.com/> > http://twitter.com/BretWortman > > > On Tue, Feb 19, 2013 at 9:08 AM, John Dennis <jden...@redhat.com> wrote: > >> On 02/19/2013 06:58 AM, Bret Wortman wrote: >> >>> I have a server running freeipa and I want to migrate it to a new host. >>> I had thought that the easiest way might be to create a replica and load >>> that onto the new host, but this is proving problematic: >>> >>> # ipa-replica-prepare ipamaster.my.com <http://ipamaster.my.com> >>> >>> --ip-address 10.0.0.46 >>> Directory Manager (existing master) password: >>> >>> Preparing replica for ipamaster.my.com <http://ipamaster.my.com> from >>> oldmaster.my.com <http://oldmaster.my.com> >>> >>> Creating SSL certificate for the Directory Server >>> preparation of replica failed: cannot connect to >>> 'https://oldmaster.my.com:**9444/ca/ee/ca/**profileSubmitSSLClient<https://oldmaster.my.com:9444/ca/ee/ca/profileSubmitSSLClient>': >>> [Errno >>> -5985] Cannot resolve oldmaster.my.com <http://oldmaster.my.com> using >>> >>> family PR_AF_INET6 >>> >>> And then a stack trace follows. >>> >>> # netstat -rn | grep 9444 >>> # lsof -i:9444 >>> # >>> _ >>> _ >>> I've also tried connecting to that URL via Firefox without success. It's >>> just not listening there. What do I need to check? Someone else is >>> running some apps (redmine and others) using Passenger on that server as >>> well; could it be obscuring the port somehow? >>> >>> We're not running IPV6, so I'm not sure why it's being referenced.... >>> >> >> I can't comment on why you can't connect but I can explain the error >> message. It's an internal mistake, if we can't connect we try another >> address family, that logic is incorrect and I thought we had fixed in this >> ticket >> https://fedorahosted.org/**freeipa/ticket/2695<https://fedorahosted.org/freeipa/ticket/2695>, >> but apparently we didn't. Anyway the error message is a red herring, your >> connection problems lie elsewhere. >> >> -- >> John Dennis <jden...@redhat.com> >> >> Looking to carve out IT costs? >> www.redhat.com/carveoutcosts/ >> > >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users