thanks for the inputs.. the issue was with my network,
I was able to resolve it adding in the NETWORKING_IPV6=no in /etc/sysconfig/network possibly it was using IPv6 resolution and that was failing On Thu, Jul 28, 2016 at 1:37 PM, Petr Spacek <pspa...@redhat.com> wrote: > On 27.7.2016 19:29, Rakesh Rajasekharan wrote: > > Hi, > > > > I am running ipa server 4.2 and set it up without using "--setup-dns=no". > > > > On few clients the installation fails with the below error message. > > > > > > I verified that the ipa master dns is resolvable. Not sure what could be > > wrong here.. > > > > > > Joining realm failed: libcurl failed to execute the HTTP POST > transaction, > > explaining: Could not resolve host: ipa-master-in.xyz.com; Unknown > error > > > > Use ipa-getkeytab to obtain a host principal for this server. > > Please make sure the following ports are opened in the firewall settings: > > TCP: 80, 88, 389 > > UDP: 88 (at least one of TCP/UDP ports 88 has to be open) > > Also note that following ports are necessary for ipa-client working > > properly after enrollment: > > TCP: 464 > > UDP: 464, 123 (if NTP enabled) > > Failed to obtain host TGT: (-1765328203, 'Key table entry not found') > > Installation failed. Force set so not rolling back changes. > > > > > > I tried removeing /etc/ipa/ca.crt and delete any older certificates > > "certutil -D -n 'IPA CA' -d /etc/pki/nssdb" > > > > However, no luck yet.. > > > > any suggestions on how can I debug this.. > > I would start with command: > $ dig ipa-master-in.xyz.com > > It should print IPv4 address of the server ipa-master-in.xyz.com . If it > does > not print it there is a problem with DNS. In that case usual DNS debugging > guides apply. > > I hope it helps. > > -- > Petr^2 Spacek > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project