skipping the con check due to a clock skew error ________________________________________ From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, March 12, 2014 2:39 PM To: Todd Maugh; Simo Sorce; freeipa-users@redhat.com Subject: Re: [Freeipa-users] How to remove the CA cert from an IDM replica
Todd Maugh wrote: > Im seeing this error: > > where is the install log located > > [root@idm-rep02-w1c-aws ipa]# ipa-replica-install --setup-ca > /var/lib/ipa/replica-info-idm-rep02-w1c-aws.ops.boingo.com.gpg > --skip-conncheck > Directory Manager (existing master) password: > > Configuring NTP daemon (ntpd) > [1/4]: stopping ntpd > [2/4]: writing configuration > [3/4]: configuring ntpd to start on boot > [4/4]: starting ntpd > Done configuring NTP daemon (ntpd). > A CA is already configured on this system. # /usr/bin/pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca --force > [root@idm-rep02-w1c-aws ipa]# ipa-replica-install > /var/lib/ipa/replica-info-idm-rep02-w1c-aws.ops.boingo.com.gpg > --skip-conncheck > Directory Manager (existing master) password: > > Configuring NTP daemon (ntpd) > [1/4]: stopping ntpd > [2/4]: writing configuration > [3/4]: configuring ntpd to start on boot > [4/4]: starting ntpd > Done configuring NTP daemon (ntpd). > Configuring directory server (dirsrv): Estimated time 1 minute > [1/31]: creating directory server user > [2/31]: creating directory server instance > [3/31]: adding default schema > [4/31]: enabling memberof plugin > [5/31]: enabling winsync plugin > [6/31]: configuring replication version plugin > [7/31]: enabling IPA enrollment plugin > [8/31]: enabling ldapi > [9/31]: disabling betxn plugins > [10/31]: configuring uniqueness plugin > [11/31]: configuring uuid plugin > [12/31]: configuring modrdn plugin > [13/31]: enabling entryUSN plugin > [14/31]: configuring lockout plugin > [15/31]: creating indices > [16/31]: enabling referential integrity plugin > [17/31]: configuring ssl for ds instance > [18/31]: configuring certmap.conf > [19/31]: configure autobind for root > [20/31]: configure new location for managed entries > [21/31]: restarting directory server > [22/31]: setting up initial replication > Starting replication, please wait until this has completed. > [idm-master-els.ops.boingo.com] reports: Update failed! Status: [-1 - LDAP > error: Can't contact LDAP server] Why are you skipping the conncheck? It looks like there is a firewall issue. rob _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users