There was no record in the CA list. I added one for the CA master with the
ldapadd command. The ipa-ca-install command completed successfully this time!
Thanks a million for your help!
Thanks,
Ross
From: Fraser Tweedale [ftwee...@redhat.com]
Sent: Tuesd
After a failed ipa-replica-install, I try to uninstall with ipa-server-install
--uninstall. However the uninstall is failing with the following:
[root@ipa-nyc-pci01 ~]# ipa-server-install --uninstall
This is a NON REVERSIBLE operation and will delete all data and configuration!
It is highly re
e [ftwee...@redhat.com]
Sent: Thursday, April 26, 2018 1:56 PM
To: Ross Infinger
Cc: FreeIPA users list
Subject: Re: [Freeipa-users] CA install on replica fails - Clone URI does not
match...
Hi Ross,
Could you please also provide the /var/log/pki/pki-tomcat/ca/debug
log files from both mast
t.com]
Sent: Thursday, April 26, 2018 1:56 PM
To: Ross Infinger
Cc: FreeIPA users list
Subject: Re: [Freeipa-users] CA install on replica fails - Clone URI does not
match...
Hi Ross,
Could you please also provide the /var/log/pki/pki-tomcat/ca/debug
log files from both master and replica?
T
e URI does not
match...
Hi Ross,
Could you please also provide the /var/log/pki/pki-tomcat/ca/debug
log files from both master and replica?
Thanks,
Fraser
On Thu, Apr 26, 2018 at 05:33:32PM +, Ross Infinger via FreeIPA-users wrote:
> I'm installing the CA service on an existing replica
I'm installing the CA service on an existing replica with command
ipa-ca-install. It fails with this error in the log:
Installation failed:
com.netscape.certsrv.base.BadRequestException: Clone URI does not match
available subsystems: https://pci-mgmt-ipa01.pci.xx.com:443
Version of both ca
; Ross Infinger
Subject: Re: [Freeipa-users] Re: replica - install fails with CA issue
On Thu, Apr 26, 2018 at 12:30:06AM +, Ross Infinger via FreeIPA-users wrote:
> OK I was able to workaround this error and get a replica created. The
> workaround is I ran ipa-server-upgrade on the CA
th CA issue
Ross Infinger via FreeIPA-users wrote:
> Thanks for the reply. I tried the workaround but still getting the
> CA_UNREACHABLE error. The umask on the master was already at 0022.
>
> Is there a way to check the health of the CA master? Maybe the issue is with
> the
I get this error when trying to login to the freeipa gui on the CA master.
"Login failed due to an unknow reason"
This started after an attempt to create a new replica failed on another machine.
freeipa version: VERSION: 4.5.0, API_VERSION: 2.228
Snippet from /var/log/httpd/error_log
...
[Wed A
plica - install fails with CA issue
Ross Infinger via FreeIPA-users wrote:
> Thanks for the reply. I tried the workaround but still getting the
> CA_UNREACHABLE error. The umask on the master was already at 0022.
>
> Is there a way to check the health of the CA master? Maybe the issue is w
dy at 0022.
Is there a way to check the health of the CA master? Maybe the issue is with
the CA and not with the replica install?
Thanks,
Ross
From: Florence Blanc-Renaud [f...@redhat.com]
Sent: Tuesday, April 24, 2018 1:37 AM
To: FreeIPA users list
Cc: Ross Infinger
Subject: Re: [Freeipa-users]
I'm trying to promote a new client to a replica. I install the client first
then run ipa-replica-install. The client install goes OK but the
ipa-replica-install command fails with
RuntimeError: Certificate issuance failed (CA_UNREACHABLE)
Seems the client was able to reach the CA so I'm puzzle
12 matches
Mail list logo
