HI Team,

We are migrating from our current Directory Service 389DS to FreeIPA. Our all 
servers at present authenticated by 389DS server.

Our infra hosted on AWS cloud. Please find below setup of FreeIPA & Client on 
which we are performing tests & getting issue.

FreeIPA Servers
Primary Master Server = Region 1
Secondary Master Server = Region 2

OS = CentOS Linux release 8.3.2011
IPA Version = 4.8.7, API_VERSION: 2.239

FreeIPA Client
OS = CentOS release 6.9 (Final)
Kernel Version = Linux drxlceco6app01 2.6.32-696.1.1.el6.x86_64 #1 SMP Tue Apr 
11 17:13:24 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
IPA Client version = 3.0.0-51.el6.centos

Our DNS getting managed from "/etc/hosts" file by manually adding DNS entries 
of server.

On centos 6 client installation gets stuck after SSSD setup completes. Below 
output for details.

NOTE = For security reason we have masked our Domain nme to "XYZ.com" & other 
details with Capital "X".
case "$env" in
echo 'This is US DR'
This is US DR
++ hostname
ipa-client-install --mkhomedir --no-krb5-offline-passwords 
--hostname=drxlceco6app01.XYZ.com --force-join --fixed-primary 
--server=drxipaco8lds01.XYZ.com --server=prdipaco8ldm01.XYZ.com --domain 
XYZ.com --realm XYZ.COM
Autodiscovery of servers for failover cannot work with this configuration.
If you proceed with the installation, services will be configured to always 
access the discovered server for all operations and will not fail over to other 
servers in case of failure.
Proceed with fixed values and no DNS discovery? [no]: yes
Hostname: drxlceco6app01.XYZ.com
Realm: XYZ.COM
DNS Domain: XYZ.com
IPA Server: prdipaco8ldm01.XYZ.com, drxipaco8lds01.XYZ.com
BaseDN: dc=XYZ,dc=com
Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: admin
Synchronizing time with KDC...
Unable to sync time with IPA NTP server, assuming the time is in sync. Please 
check that 123 UDP port is opened.
Password for ad...@xyz.com:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=XYZ.COM
Issuer: CN=Certificate Authority,O=XYZ.COM
Valid From: Mon Apr 19 14:35:38 2021 UTC
Valid Until: Fri Apr 19 14:35:38 2041 UTC

Enrolled in IPA realm XYZ.COM
Attempting to get host TGT...
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm XYZ.COM
trying https://prdipaco8ldm01.XYZ.com/ipa/xml
Forwarding 'env' to server u'https://prdipaco8ldm01.XYZ.com/ipa/xml'
Hostname (drxlceco6app01.XYZ.com) not found in DNS
Failed to update DNS records.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Forwarding 'host_mod' to server u'https://prdipaco8ldm01.XYZ.com/ipa/xml'
Could not update DNS SSHFP records.
SSSD enabled
Configuring XYZ.com as NIS domain

Current /etc/nsswitch.conf entries as below.
passwd: files ldap
shadow: files ldap
group: files ldap

hosts: files dns

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files

netgroup: nisplus

publickey: nisplus

automount: files nisplus
aliases: files nisplus

Complete client installation logs as below.
2021-06-01T17:25:40Z DEBUG /usr/sbin/ipa-client-install was invoked with 
options: {'domain': 'XYZ.com', 'force': False, 'realm_name': 'XYZ.COM', 
'krb5_offline_passwords': False, 'primary': True, 'mkhomedir': True, 
'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, 'on_master': False, 
'ntp_server': None, 'nisdomain': None, 'no_nisdomain': False, 'principal': 
None, 'hostname': 'drxlceco6app01.XYZ.com', 'no_ac': False, 'unattended': None, 
'sssd': True, 'trust_sshfp': False, 'kinit_attempts': 5, 'dns_updates': False, 
'conf_sudo': True, 'conf_ssh': True, 'force_join': True, 'ca_cert_file': None, 
'server': ['drxipaco8lds01.XYZ.com', 'prdipaco8ldm01.XYZ.com'], 
'prompt_password': False, 'permit': False, 'debug': False, 'preserve_sssd': 
False, 'uninstall': False}
2021-06-01T17:25:40Z DEBUG missing options might be asked for interactively 
2021-06-01T17:25:40Z DEBUG Loading Index file from 
2021-06-01T17:25:40Z DEBUG Loading StateFile from 
2021-06-01T17:25:40Z DEBUG [IPA Discovery]
2021-06-01T17:25:40Z DEBUG Starting IPA discovery with domain=XYZ.com, 
servers=['drxipaco8lds01.XYZ.com', 'prdipaco8ldm01.XYZ.com'], 
2021-06-01T17:25:40Z DEBUG Server and domain forced
2021-06-01T17:25:40Z DEBUG [Kerberos realm search]
2021-06-01T17:25:40Z DEBUG Kerberos realm forced
2021-06-01T17:25:40Z DEBUG Search DNS for SRV record of _kerberos._udp.XYZ.com.
2021-06-01T17:25:40Z DEBUG No DNS record found
2021-06-01T17:25:40Z DEBUG SRV record for KDC not found! Domain: XYZ.com
2021-06-01T17:25:40Z DEBUG [LDAP server check]
2021-06-01T17:25:40Z DEBUG Verifying that drxipaco8lds01.XYZ.com (realm 
XYZ.COM) is an IPA server
2021-06-01T17:25:40Z DEBUG Init LDAP connection with: 
2021-06-01T17:25:40Z DEBUG Search LDAP server for IPA base DN
2021-06-01T17:25:40Z DEBUG Check if naming context 'dc=XYZ,dc=com' is for IPA
2021-06-01T17:25:40Z DEBUG LDAP Error: Anonymous access not allowed
2021-06-01T17:25:40Z DEBUG Verifying that prdipaco8ldm01.XYZ.com (realm 
XYZ.COM) is an IPA server
2021-06-01T17:25:40Z DEBUG Init LDAP connection with: 
2021-06-01T17:25:40Z DEBUG Search LDAP server for IPA base DN
2021-06-01T17:25:40Z DEBUG Check if naming context 'dc=XYZ,dc=com' is for IPA
2021-06-01T17:25:40Z DEBUG LDAP Error: Anonymous access not allowed
2021-06-01T17:25:40Z DEBUG Generated basedn from realm: dc=XYZ,dc=com
2021-06-01T17:25:40Z DEBUG Discovery result: NO_ACCESS_TO_LDAP; server=None, 
domain=XYZ.com, kdc=None, basedn=dc=XYZ,dc=com
2021-06-01T17:25:40Z DEBUG Validated servers: 
2021-06-01T17:25:40Z DEBUG will use discovered domain: XYZ.com
2021-06-01T17:25:40Z DEBUG Using servers from command line, disabling DNS 
2021-06-01T17:25:40Z DEBUG will use provided server: drxipaco8lds01.XYZ.com, 
2021-06-01T17:25:40Z INFO Autodiscovery of servers for failover cannot work 
with this configuration.
2021-06-01T17:25:40Z INFO If you proceed with the installation, services will 
be configured to always access the discovered server for all operations and 
will not fail over to other servers in case of failure.
2021-06-01T17:26:20Z DEBUG will use discovered realm: XYZ.COM
2021-06-01T17:26:20Z DEBUG will use discovered basedn: dc=XYZ,dc=com
2021-06-01T17:26:20Z INFO Hostname: drxlceco6app01.XYZ.com
2021-06-01T17:26:20Z DEBUG Hostname source: Provided as option
2021-06-01T17:26:20Z INFO Realm: XYZ.COM
2021-06-01T17:26:20Z DEBUG Realm source: Forced
2021-06-01T17:26:20Z INFO DNS Domain: XYZ.com
2021-06-01T17:26:20Z DEBUG DNS Domain source: Forced
2021-06-01T17:26:20Z INFO IPA Server: prdipaco8ldm01.XYZ.com, 
2021-06-01T17:26:20Z DEBUG IPA Server source: Provided as option
2021-06-01T17:26:20Z INFO BaseDN: dc=XYZ,dc=com
2021-06-01T17:26:20Z DEBUG BaseDN source: Generated from Kerberos realm
2021-06-01T17:26:45Z DEBUG args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r 
2021-06-01T17:26:45Z DEBUG stdout=
2021-06-01T17:26:45Z DEBUG stderr=Failed to open keytab '/etc/krb5.keytab': No 
such file or directory

2021-06-01T17:26:45Z DEBUG args=/bin/hostname drxlceco6app01.XYZ.com
2021-06-01T17:26:45Z DEBUG stdout=
2021-06-01T17:26:45Z DEBUG stderr=
2021-06-01T17:26:45Z DEBUG Backing up system configuration file 
2021-06-01T17:26:45Z DEBUG Saving Index File to 
2021-06-01T17:26:45Z DEBUG args=/usr/sbin/selinuxenabled
2021-06-01T17:26:45Z DEBUG stdout=
2021-06-01T17:26:45Z DEBUG stderr=
2021-06-01T17:26:45Z DEBUG Saving StateFile to 
2021-06-01T17:26:51Z DEBUG will use principal provided as option: admin
2021-06-01T17:26:51Z INFO Synchronizing time with KDC...
2021-06-01T17:26:51Z DEBUG Search DNS for SRV record of _ntp._udp.XYZ.com.
2021-06-01T17:26:51Z DEBUG No DNS record found
2021-06-01T17:26:55Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v 
2021-06-01T17:26:55Z DEBUG stdout=
2021-06-01T17:26:55Z DEBUG stderr=
2021-06-01T17:26:59Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v 
2021-06-01T17:26:59Z DEBUG stdout=
2021-06-01T17:26:59Z DEBUG stderr=
2021-06-01T17:27:03Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v 
2021-06-01T17:27:03Z DEBUG stdout=
2021-06-01T17:27:03Z DEBUG stderr=
2021-06-01T17:27:03Z WARNING Unable to sync time with IPA NTP server, assuming 
the time is in sync. Please check that 123 UDP port is opened.
2021-06-01T17:27:03Z DEBUG Writing Kerberos configuration to /tmp/tmpGWIbHp:
2021-06-01T17:27:03Z DEBUG #File modified by ipa-client-install

includedir /var/lib/sss/pubconf/krb5.include.d/

default_realm = XYZ.COM
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = yes
udp_preference_limit = 0

kdc = prdipaco8ldm01.XYZ.com:88
master_kdc = prdipaco8ldm01.XYZ.com:88
admin_server = prdipaco8ldm01.XYZ.com:749
kdc = drxipaco8lds01.XYZ.com:88
master_kdc = drxipaco8lds01.XYZ.com:88
admin_server = drxipaco8lds01.XYZ.com:749
default_domain = XYZ.com
pkinit_anchors = FILE:/etc/ipa/ca.crt


.XYZ.com = XYZ.COM

2021-06-01T17:27:07Z DEBUG args=kinit ad...@xyz.com
2021-06-01T17:27:07Z DEBUG stdout=Password for ad...@xyz.com:

2021-06-01T17:27:07Z DEBUG stderr=
2021-06-01T17:27:07Z DEBUG trying to retrieve CA cert via LDAP from 
2021-06-01T17:27:07Z INFO Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=XYZ.COM
Issuer: CN=Certificate Authority,O=XYZ.COM
Valid From: Mon Apr 19 14:35:38 2021 UTC
Valid Until: Fri Apr 19 14:35:38 2041 UTC

2021-06-01T17:27:08Z DEBUG args=/usr/sbin/ipa-join -s prdipaco8ldm01.XYZ.com -b 
dc=XYZ,dc=com -h drxlceco6app01.XYZ.com -f
2021-06-01T17:27:08Z DEBUG stdout=
2021-06-01T17:27:08Z DEBUG stderr=Failed to retrieve encryption type Triple DES 
cbc mode with HMAC/sha1 (#16)
Failed to retrieve encryption type ArcFour with HMAC/md5 (#23)
Keytab successfully retrieved and stored in: /etc/krb5.keytab
Certificate subject base is: O=XYZ.COM

2021-06-01T17:27:08Z INFO Enrolled in IPA realm XYZ.COM
2021-06-01T17:27:08Z DEBUG args=kdestroy
2021-06-01T17:27:08Z DEBUG stdout=
2021-06-01T17:27:08Z DEBUG stderr=
2021-06-01T17:27:08Z INFO Attempting to get host TGT...
2021-06-01T17:27:08Z DEBUG args=/usr/bin/kinit -k -t /etc/krb5.keytab 
2021-06-01T17:27:08Z DEBUG stdout=
2021-06-01T17:27:08Z DEBUG stderr=
2021-06-01T17:27:08Z DEBUG Attempt 1/5 succeeded.
2021-06-01T17:27:08Z DEBUG Backing up system configuration file 
2021-06-01T17:27:08Z DEBUG -> Not backing up - '/etc/ipa/default.conf' doesn't 
2021-06-01T17:27:08Z INFO Created /etc/ipa/default.conf
2021-06-01T17:27:08Z DEBUG importing all plugin modules in 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG args=klist -V
2021-06-01T17:27:08Z DEBUG stdout=Kerberos 5 version 1.10.3

2021-06-01T17:27:08Z DEBUG stderr=
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:08Z DEBUG importing plugin module 
2021-06-01T17:27:09Z DEBUG Backing up system configuration file 
2021-06-01T17:27:09Z DEBUG -> Not backing up - '/etc/sssd/sssd.conf' doesn't 
2021-06-01T17:27:09Z INFO New SSSD config will be created
2021-06-01T17:27:09Z DEBUG Backing up system configuration file 
2021-06-01T17:27:09Z DEBUG Saving Index File to 
2021-06-01T17:27:09Z INFO Configured sudoers in /etc/nsswitch.conf
2021-06-01T17:27:09Z INFO Configured /etc/sssd/sssd.conf
2021-06-01T17:27:09Z DEBUG args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA 
CA -t CT,C,C -a -i /etc/ipa/ca.crt
2021-06-01T17:27:09Z DEBUG stdout=
2021-06-01T17:27:09Z DEBUG stderr=
2021-06-01T17:27:09Z DEBUG Backing up system configuration file '/etc/krb5.conf'
2021-06-01T17:27:09Z DEBUG Saving Index File to 
2021-06-01T17:27:09Z DEBUG Writing Kerberos configuration to /etc/krb5.conf:
2021-06-01T17:27:09Z DEBUG #File modified by ipa-client-install

includedir /var/lib/sss/pubconf/krb5.include.d/

default_realm = XYZ.COM
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = yes
udp_preference_limit = 0

kdc = prdipaco8ldm01.XYZ.com:88
master_kdc = prdipaco8ldm01.XYZ.com:88
admin_server = prdipaco8ldm01.XYZ.com:749
kdc = drxipaco8lds01.XYZ.com:88
master_kdc = drxipaco8lds01.XYZ.com:88
admin_server = drxipaco8lds01.XYZ.com:749
default_domain = XYZ.com
pkinit_anchors = FILE:/etc/ipa/ca.crt


.XYZ.com = XYZ.COM

2021-06-01T17:27:09Z INFO Configured /etc/krb5.conf for IPA realm XYZ.COM
2021-06-01T17:27:09Z DEBUG args=keyctl search @s user 
2021-06-01T17:27:09Z DEBUG stdout=
2021-06-01T17:27:09Z DEBUG stderr=keyctl_search: Required key not available

2021-06-01T17:27:09Z DEBUG args=keyctl search @s user 
2021-06-01T17:27:09Z DEBUG stdout=
2021-06-01T17:27:09Z DEBUG stderr=keyctl_search: Required key not available

2021-06-01T17:27:09Z DEBUG failed to find session_cookie in persistent storage 
for principal 'host/drxlceco6app01.xyz....@xyz.com'
2021-06-01T17:27:09Z INFO trying https://prdipaco8ldm01.XYZ.com/ipa/xml
2021-06-01T17:27:09Z DEBUG Created connection context.xmlclient
2021-06-01T17:27:09Z DEBUG raw: env(None, server=True)
2021-06-01T17:27:09Z DEBUG env(None, server=True, all=True)
2021-06-01T17:27:09Z INFO Forwarding 'env' to server 
2021-06-01T17:27:09Z DEBUG NSSConnection init prdipaco8ldm01.XYZ.com
2021-06-01T17:27:09Z DEBUG Connecting:
2021-06-01T17:27:09Z DEBUG auth_certificate_callback: check_sig=True 
Version: 3 (0x2)
Serial Number: 9 (0x9)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=XYZ.COM
Not Before: Mon Apr 19 14:37:53 2021 UTC
Not After: Thu Apr 20 14:37:53 2023 UTC
Subject: CN=prdipaco8ldm01.XYZ.com,O=XYZ.COM
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
65537 (0x10001)
Signed Extensions: (7 total)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
Serial Number: None
General Names: [0 total]

    Name:     Authority Information Access
    Critical: False
    Authority Information Access: [1 total]
        Info [1]:
            Method:   PKIX Online Certificate Status Protocol
            Location: URI: http://ipa-ca.XYZ.com/ca/ocsp

    Name:     Certificate Key Usage
    Critical: True
        Digital Signature
        Key Encipherment
        Data Encipherment

    Name:     Extended Key Usage
    Critical: False
        TLS Web Server Authentication Certificate
        TLS Web Client Authentication Certificate

    Name:     CRL Distribution Points
    Critical: False
    CRL Distribution Points: [1 total]
        Point [1]:
            General Names: [1 total]
            Issuer:  Directory Name: CN=Certificate Authority,O=ipaca
            Reasons: ()

    Name:     Certificate Subject Key ID
    Critical: False

    Name:     Certificate Subject Alt Name
    Critical: False
        ['[0]', '[1]']

    Signature Algorithm:
        Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Fingerprint (MD5):
    Fingerprint (SHA1):
2021-06-01T17:27:09Z DEBUG approved_usage = SSL Server intended_usage = SSL 
2021-06-01T17:27:09Z DEBUG cert valid True for 
2021-06-01T17:27:09Z DEBUG handshake complete, peer =
2021-06-01T17:27:09Z DEBUG Protocol: TLS1.2
2021-06-01T17:27:09Z DEBUG Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
2021-06-01T17:27:09Z DEBUG received Set-Cookie 
2021-06-01T17:27:09Z DEBUG storing cookie 
 Domain=prdipaco8ldm01.XYZ.com; Path=/ipa; Secure; HttpOnly' for principal 
2021-06-01T17:27:09Z DEBUG args=keyctl search @s user 
2021-06-01T17:27:09Z DEBUG stdout=
2021-06-01T17:27:09Z DEBUG stderr=keyctl_search: Required key not available

2021-06-01T17:27:09Z DEBUG args=keyctl search @s user 
2021-06-01T17:27:09Z DEBUG stdout=
2021-06-01T17:27:09Z DEBUG stderr=keyctl_search: Required key not available

2021-06-01T17:27:09Z DEBUG args=keyctl padd user 
ipa_session_cookie:host/drxlceco6app01.xyz....@xyz.com @s
2021-06-01T17:27:09Z DEBUG stdout=915601519

2021-06-01T17:27:09Z DEBUG stderr=
2021-06-01T17:27:09Z WARNING Hostname (drxlceco6app01.XYZ.com) not found in DNS
2021-06-01T17:27:09Z DEBUG Writing nsupdate commands to 
2021-06-01T17:27:09Z DEBUG
zone XYZ.com.
update delete drxlceco6app01.XYZ.com. IN A
update add drxlceco6app01.XYZ.com. 1200 IN A

2021-06-01T17:27:10Z DEBUG args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt
2021-06-01T17:27:10Z DEBUG stdout=
2021-06-01T17:27:10Z DEBUG stderr=tkey query failed: GSSAPI error: Major = 
Unspecified GSS failure. Minor code may provide more information, Minor = 
Server DNS/udns1.ultradns....@xyz.com not found in Kerberos database.

2021-06-01T17:27:10Z DEBUG nsupdate failed: Command '/usr/bin/nsupdate -g 
/etc/ipa/.dns_update.txt' returned non-zero exit status 1
2021-06-01T17:27:10Z ERROR Failed to update DNS records.
2021-06-01T17:27:10Z DEBUG args=/sbin/service messagebus start
2021-06-01T17:27:10Z DEBUG stdout=Starting system message bus:

2021-06-01T17:27:10Z DEBUG stderr=
2021-06-01T17:27:10Z DEBUG args=/sbin/service messagebus status
2021-06-01T17:27:10Z DEBUG stdout=messagebus (pid 1186) is running...

2021-06-01T17:27:10Z DEBUG stderr=
2021-06-01T17:27:10Z DEBUG args=/sbin/service certmonger restart
2021-06-01T17:27:10Z DEBUG stdout=Stopping certmonger: 
Starting certmonger: ?[60G[?[0;32m OK ?[0;39m]

2021-06-01T17:27:10Z DEBUG stderr=
2021-06-01T17:27:10Z DEBUG args=/sbin/service certmonger status
2021-06-01T17:27:10Z DEBUG stdout=certmonger (pid 1974) is running...

2021-06-01T17:27:10Z DEBUG stderr=
2021-06-01T17:27:10Z DEBUG args=/sbin/service certmonger stop
2021-06-01T17:27:10Z DEBUG stdout=Stopping certmonger: ?[60G[?[0;32m OK ?[0;39m]

2021-06-01T17:27:10Z DEBUG stderr=
2021-06-01T17:27:11Z DEBUG args=/sbin/service certmonger restart
2021-06-01T17:27:11Z DEBUG stdout=Stopping certmonger: 
Starting certmonger: ?[60G[?[0;32m OK ?[0;39m]

2021-06-01T17:27:11Z DEBUG stderr=
2021-06-01T17:27:11Z DEBUG args=/sbin/service certmonger status
2021-06-01T17:27:11Z DEBUG stdout=certmonger (pid 2063) is running...

2021-06-01T17:27:11Z DEBUG stderr=
2021-06-01T17:27:11Z DEBUG args=/sbin/chkconfig certmonger on
2021-06-01T17:27:11Z DEBUG stdout=
2021-06-01T17:27:11Z DEBUG stderr=
2021-06-01T17:27:12Z DEBUG args=ipa-getcert request -d /etc/pki/nssdb -n IPA 
Machine Certificate - drxlceco6app01.XYZ.com -N 
CN=drxlceco6app01.XYZ.com,O=XYZ.COM -K host/drxlceco6app01.xyz....@xyz.com
2021-06-01T17:27:12Z DEBUG stdout=New signing request "20210601172712" added.

2021-06-01T17:27:12Z DEBUG stderr=
2021-06-01T17:27:12Z INFO Adding SSH public key from 
2021-06-01T17:27:12Z DEBUG raw: host_mod(u'drxlceco6app01.XYZ.com', 
2021-06-01T17:27:12Z DEBUG host_mod(u'drxlceco6app01.XYZ.com', random=False, 
 rights=False, updatedns=False, all=False, raw=False, no_members=False)
2021-06-01T17:27:12Z INFO Forwarding 'host_mod' to server 
2021-06-01T17:27:12Z DEBUG NSSConnection init prdipaco8ldm01.XYZ.com
2021-06-01T17:27:12Z DEBUG Connecting:
2021-06-01T17:27:12Z DEBUG handshake complete, peer =
2021-06-01T17:27:12Z DEBUG Protocol: TLS1.2
2021-06-01T17:27:12Z DEBUG Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
2021-06-01T17:27:12Z DEBUG received Set-Cookie 
2021-06-01T17:27:12Z DEBUG storing cookie 
 Domain=prdipaco8ldm01.XYZ.com; Path=/ipa; Secure; HttpOnly' for principal 
2021-06-01T17:27:12Z DEBUG args=keyctl search @s user 
2021-06-01T17:27:12Z DEBUG stdout=915601519

2021-06-01T17:27:12Z DEBUG stderr=
2021-06-01T17:27:12Z DEBUG args=keyctl search @s user 
2021-06-01T17:27:12Z DEBUG stdout=915601519

2021-06-01T17:27:12Z DEBUG stderr=
2021-06-01T17:27:12Z DEBUG args=keyctl pupdate 915601519
2021-06-01T17:27:12Z DEBUG stdout=
2021-06-01T17:27:12Z DEBUG stderr=
2021-06-01T17:27:12Z DEBUG Caught fault 4202 from server 
https://prdipaco8ldm01.XYZ.com/ipa/xml: no modifications to be performed
2021-06-01T17:27:12Z DEBUG Writing nsupdate commands to 
2021-06-01T17:27:12Z DEBUG zone XYZ.com.
update delete drxlceco6app01.XYZ.com. IN SSHFP
update add drxlceco6app01.XYZ.com. 1200 IN SSHFP 1 1 

2021-06-01T17:27:12Z DEBUG args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt
2021-06-01T17:27:12Z DEBUG stdout=
2021-06-01T17:27:12Z DEBUG stderr=tkey query failed: GSSAPI error: Major = 
Unspecified GSS failure. Minor code may provide more information, Minor = 
Server DNS/udns1.ultradns....@xyz.com not found in Kerberos database.

2021-06-01T17:27:12Z DEBUG nsupdate failed: Command '/usr/bin/nsupdate -g 
/etc/ipa/.dns_update.txt' returned non-zero exit status 1
2021-06-01T17:27:12Z WARNING Could not update DNS SSHFP records.
2021-06-01T17:27:12Z DEBUG args=/sbin/service nscd status
2021-06-01T17:27:12Z DEBUG stdout=nscd is stopped

2021-06-01T17:27:12Z DEBUG stderr=
2021-06-01T17:27:12Z DEBUG args=/sbin/service nscd stop
2021-06-01T17:27:12Z DEBUG stdout=
2021-06-01T17:27:12Z DEBUG stderr=
2021-06-01T17:27:12Z DEBUG args=/sbin/chkconfig nscd off
2021-06-01T17:27:12Z DEBUG stdout=
2021-06-01T17:27:12Z DEBUG stderr=
2021-06-01T17:27:12Z DEBUG Saving StateFile to 
2021-06-01T17:27:12Z DEBUG Saving StateFile to 
2021-06-01T17:27:12Z DEBUG Saving StateFile to 
2021-06-01T17:27:15Z DEBUG args=/usr/sbin/authconfig --enablesssdauth 
--enablemkhomedir --update --enablesssd
2021-06-01T17:27:15Z DEBUG stdout=Starting sssd: ?[60G[?[0;32m OK ?[0;39m]
Starting oddjobd: ?[60G[?[0;32m OK ?[0;39m]

2021-06-01T17:27:15Z DEBUG stderr=
2021-06-01T17:27:15Z INFO SSSD enabled
2021-06-01T17:27:15Z INFO Configuring XYZ.com as NIS domain
2021-06-01T17:27:15Z DEBUG args=/bin/nisdomainname
2021-06-01T17:27:15Z DEBUG stdout=(none)

2021-06-01T17:27:15Z DEBUG stderr=
2021-06-01T17:27:15Z DEBUG Saving StateFile to 
2021-06-01T17:27:15Z DEBUG args=/usr/sbin/authconfig --update --nisdomain 
2021-06-01T17:27:15Z DEBUG stdout=Starting sssd: ?[60G[?[0;32m OK ?[0;39m]

2021-06-01T17:27:15Z DEBUG stderr=
2021-06-01T17:27:15Z DEBUG args=/bin/nisdomainname XYZ.com
2021-06-01T17:27:15Z DEBUG stdout=
2021-06-01T17:27:15Z DEBUG stderr=

I am unable to understand what i am missing or changes required in current 

Any help / suggestions appreciated.

users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
Do not reply to spam on the list, report it: 

Reply via email to