preparation of replica failed

Issues related to applications and software problems
Post Reply
gnapp42
Posts: 2
Joined: 2018/09/19 09:21:26

preparation of replica failed

Post by gnapp42 » 2018/09/19 09:25:08

Ive encountered a issue when preparing for ipa migration.
On the source ipa server.

ipa-replica-prepare newipaserver.example.com --ip-address x.x.x.x
Directory Manager (existing master) password:

Preparing replica for newipaserver.example.com from oldipaserver.example.com
preparation of replica failed: cannot connect to u'ldaps://oldipaserver.example.com:7390': LDAP Server Down
cannot connect to u'ldaps://oldipaserver.example.com:7390': LDAP Server Down
File "/usr/sbin/ipa-replica-prepare", line 529, in <module>
main()

File "/usr/sbin/ipa-replica-prepare", line 391, in main
update_pki_admin_password(dirman_password)

File "/usr/sbin/ipa-replica-prepare", line 247, in update_pki_admin_password
bind_pw=dirman_password

File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 63, in connect
conn = self.create_connection(*args, **kw)

File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 846, in create_connection
self.handle_errors(e)

File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 736, in handle_errors
error=u'LDAP Server Down').

Ive also encountered the same issue on a test environment, but i cant fully reproduce the circumstances.
ipactl restart had no effect.

# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
DNS Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING

Seems like a known issue but i cant find a solution.

User avatar
TrevorH
Forum Moderator
Posts: 24097
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: preparation of replica failed

Post by TrevorH » 2018/09/19 09:31:19

Is anything listening on port 7390 of oldipaserver? Is it on other than localhost? Is the firewall open for that port?
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

gnapp42
Posts: 2
Joined: 2018/09/19 09:21:26

Re: preparation of replica failed

Post by gnapp42 » 2018/09/19 10:24:43

No i checked and also tried just stop iptables.
Same with selinux.

In regard to whats listening on that port no only ldap

netstat -plnt | grep 73*
tcp 0 0 0.0.0.0:5672 0.0.0.0:* LISTEN 3002/qpidd
tcp 0 0 0.0.0.0:749 0.0.0.0:* LISTEN 25476/kadmind
tcp 0 0 0.0.0.0:48781 0.0.0.0:* LISTEN 1797/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1775/rpcbind
tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 25476/kadmind
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 29030/named
tcp 0 0 0.0.0.0:726 0.0.0.0:* LISTEN 25218/ns-slapd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2616/cupsd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 29030/named
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2949/master
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 28592/sshd
tcp 0 0 :::7389 :::* LISTEN 25287/ns-slapd
tcp 0 0 :::7390 :::* LISTEN 25287/ns-slapd
tcp 0 0 ::ffff:127.0.0.1:9701 :::* LISTEN 26001/java
tcp 0 0 :::9447 :::* LISTEN 26001/java
tcp 0 0 :::35655 :::* LISTEN 1797/rpc.statd
tcp 0 0 :::5672 :::* LISTEN 3002/qpidd
tcp 0 0 :::749 :::* LISTEN 25476/kadmind
tcp 0 0 :::111 :::* LISTEN 1775/rpcbind
tcp 0 0 :::464 :::* LISTEN 25476/kadmind
tcp 0 0 :::726 :::* LISTEN 25218/ns-slapd

User avatar
TrevorH
Forum Moderator
Posts: 24097
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: preparation of replica failed

Post by TrevorH » 2018/09/19 21:19:10

Then you either have the wrong port number or whatever it is that should be listening there is not.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply