Ive encountered a issue when preparing for ipa migration.
On the source ipa server.
ipa-replica-prepare newipaserver.example.com --ip-address x.x.x.x
Directory Manager (existing master) password:
Preparing replica for newipaserver.example.com from oldipaserver.example.com
preparation of replica failed: cannot connect to u'ldaps://oldipaserver.example.com:7390': LDAP Server Down
cannot connect to u'ldaps://oldipaserver.example.com:7390': LDAP Server Down
File "/usr/sbin/ipa-replica-prepare", line 529, in <module>
main()
File "/usr/sbin/ipa-replica-prepare", line 391, in main
update_pki_admin_password(dirman_password)
File "/usr/sbin/ipa-replica-prepare", line 247, in update_pki_admin_password
bind_pw=dirman_password
File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 63, in connect
conn = self.create_connection(*args, **kw)
File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 846, in create_connection
self.handle_errors(e)
File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 736, in handle_errors
error=u'LDAP Server Down').
Ive also encountered the same issue on a test environment, but i cant fully reproduce the circumstances.
ipactl restart had no effect.
# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
DNS Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING
Seems like a known issue but i cant find a solution.
preparation of replica failed
Re: preparation of replica failed
Is anything listening on port 7390 of oldipaserver? Is it on other than localhost? Is the firewall open for that port?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: preparation of replica failed
No i checked and also tried just stop iptables.
Same with selinux.
In regard to whats listening on that port no only ldap
netstat -plnt | grep 73*
tcp 0 0 0.0.0.0:5672 0.0.0.0:* LISTEN 3002/qpidd
tcp 0 0 0.0.0.0:749 0.0.0.0:* LISTEN 25476/kadmind
tcp 0 0 0.0.0.0:48781 0.0.0.0:* LISTEN 1797/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1775/rpcbind
tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 25476/kadmind
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 29030/named
tcp 0 0 0.0.0.0:726 0.0.0.0:* LISTEN 25218/ns-slapd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2616/cupsd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 29030/named
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2949/master
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 28592/sshd
tcp 0 0 :::7389 :::* LISTEN 25287/ns-slapd
tcp 0 0 :::7390 :::* LISTEN 25287/ns-slapd
tcp 0 0 ::ffff:127.0.0.1:9701 :::* LISTEN 26001/java
tcp 0 0 :::9447 :::* LISTEN 26001/java
tcp 0 0 :::35655 :::* LISTEN 1797/rpc.statd
tcp 0 0 :::5672 :::* LISTEN 3002/qpidd
tcp 0 0 :::749 :::* LISTEN 25476/kadmind
tcp 0 0 :::111 :::* LISTEN 1775/rpcbind
tcp 0 0 :::464 :::* LISTEN 25476/kadmind
tcp 0 0 :::726 :::* LISTEN 25218/ns-slapd
Same with selinux.
In regard to whats listening on that port no only ldap
netstat -plnt | grep 73*
tcp 0 0 0.0.0.0:5672 0.0.0.0:* LISTEN 3002/qpidd
tcp 0 0 0.0.0.0:749 0.0.0.0:* LISTEN 25476/kadmind
tcp 0 0 0.0.0.0:48781 0.0.0.0:* LISTEN 1797/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1775/rpcbind
tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 25476/kadmind
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 29030/named
tcp 0 0 0.0.0.0:726 0.0.0.0:* LISTEN 25218/ns-slapd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2616/cupsd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 29030/named
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2949/master
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 28592/sshd
tcp 0 0 :::7389 :::* LISTEN 25287/ns-slapd
tcp 0 0 :::7390 :::* LISTEN 25287/ns-slapd
tcp 0 0 ::ffff:127.0.0.1:9701 :::* LISTEN 26001/java
tcp 0 0 :::9447 :::* LISTEN 26001/java
tcp 0 0 :::35655 :::* LISTEN 1797/rpc.statd
tcp 0 0 :::5672 :::* LISTEN 3002/qpidd
tcp 0 0 :::749 :::* LISTEN 25476/kadmind
tcp 0 0 :::111 :::* LISTEN 1775/rpcbind
tcp 0 0 :::464 :::* LISTEN 25476/kadmind
tcp 0 0 :::726 :::* LISTEN 25218/ns-slapd
Re: preparation of replica failed
Then you either have the wrong port number or whatever it is that should be listening there is not.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke