On 04/13/2018 08:25 AM, Sandor Juhasz via FreeIPA-users wrote:
Hello,

we are using freeipa in a 4way multi master replication setup. 
Servers ipa14,ipa15 and ipa34,ipa35 on
CentOS Linux release 7.3.1611 (Core) with version
ipa-server-common-4.4.0-14.el7.centos.7.noarch.

We have an issue where one of the servers log a missing CSN. It happens even after 
ipa replication reinitialized.
We are guessing that CSN 5a0a27d9000000060000 only exists on ipa35, but we see it in those files listed on ipa15 and the error is reported there.
Please see attached file with logs.
the missing csn is from Nov,13,2017 - so it is not unlikely it was trimmed. But in some RUV there seems to be a reference to it, and replication uses to position it in the changelog.



How can we fix this?
we first should get a full picture of the replicaids and RUVs on all servers, could you do on all servers the following search:
ldapsearch  .... -o ldif-wrap=no  -D "cn=directory manager" .... -b cn=config "objectclass=nsds5replica" nsds5replicaid nsds50ruv

That should help in deciding what to do.

There is also on option to kick an agreement to ingnore a missing change:

do the following change on the failing replication agreement, but it would be better to have the data first:

ldapmodify ....
dn: <agmt>
replace: nsds5ReplicaIgnoreMissingChange
nsds5ReplicaIgnoreMissingChange: once


--
Sándor Juhász
System Administrator
ChemAxon Ltd.
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031
Cell: +36704258964


_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, 
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander