On Mon, Jun 21, 2021, at 9:03 AM, Bret Wortman via FreeIPA-users
wrote:
> On Fri, Jun 18, 2021, at 1:32 PM, Rob Crittenden wrote:
>> Awesome, glad to hear it. When you complete the migration don't forget
>> to move over the DNA settings, CRL generation and other stuff.
>
> Is this documented somewhere? I'd hate to miss a step.
Also, my new host, ipa2, is claiming to already have a replication agreement with ipa2c7
but I'm not seeing it:
[root@ipa2c7 ~]# ipa-replica-manage list
ipa1.our.net: master
ipa2c7.our.net: master
[root@ipa2c7 ~]# ipa-replica-manage list-ruv
Directory Manager password:
unable to decode: {replica 13} 60b907570001000d0000 60b907570001000d0000
unable to decode: {replica 14} 60b923030002000e0000 60b923030002000e0000
unable to decode: {replica 21} 60cb27ed000600150000 60cb27ed000600150000
unable to decode: {replica 24} 60cc5b11000400180000 60cc5b11000400180000
unable to decode: {replica 17} 60be13a5000000110000 60be13c9000700110000
unable to decode: {replica 18} 60bf4aec000000120000 60c07065000200120000
unable to decode: {replica 5}
Replica Update Vectors:
ipa2c7.our.net:389: 26
ipa1.our.net:389: 4
Certificate Server Replica Update Vectors:
ipa2c7.our.net:389: 91
ipa1.our.net:389: 96
[root@ipa2c7 ~]#
Could it be one of those "unable to decode" replicas and if so how do I get rid
of those?
Try ipa-replica-manage clean-dangling-ruv
and/or ipa-replica-manage clean-ruv <replica id>
so 13, 14, 21, etc.
rob