Hello all,
I wanted to migrate my old el8 freeipa server to el9.
So I installed a new system with el9 and configured a replica on it.
After this was completed I ran ipa-healthcheck on the new el9 replica and
all was well.
However after this I ran ipa-healthcheck on the old el8 ipa server and I
got the following error.
ipa-healthcheck
Internal server error 'Link'
[
{
"source": "pki.server.healthcheck.clones.connectivity_and_data",
"check": "ClonesConnectivyAndDataCheck",
"result": "ERROR",
"uuid": "5aea196e-1693-4c14-93c5-649286c8ef7f",
"when": "20230117082651Z",
"duration": "0.402024",
"kw": {
"status": "ERROR: pki-tomcat : Internal error testing CA clone. Host:
freeipa01.tjako.thuis Port: 443"
}
}
]
I double checked the firewall and all ports were open on the el9 server
firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: br0 enp1s0
sources:
services: cockpit dhcpv6-client dns freeipa-ldap freeipa-ldaps http https
ntp ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
On the el9 server ipa-healthcheck yields no errors and ipactl status shows
everything is
running.
Anybody know why the old el8 server fails the ipa-healthcheck ?
Rob