[Freeipa-users] Re: Hard Crash of Server Corrupted IPA

Would I be correct to try the following: Try to reinitialize database with # ipa-replica-manage re-initialize --from ipa03.fbog.local If reinitializing database doesn't work, then Re-install replica server as : 1- On Master server 1 . obtain a Kerberos ticket before running IPA tools # kinit admin 2 . List all of the configured replication agreements for the FreeIPA domain. # ipa-replica-manage list 3 . Removing the replica from the topology involves deleting all the agreements between thereplica and the other servers in the IPA domain and all of the data about the replica in thedomain configuration # ipa-replica-manage del ipa04.fbog.local 4 . If the replica was configured with its own CA, then also use the ipa-csreplica-manage del command to remove all certificate server replication agreements. (HOW DO I CHECK IF THIS IS TRUE?) # ipa-csreplica-manage del ipa04.fbog.local 2- On replica For errors like " ipa.ipapython.install.cli.install_tool(Replica): ERROR A CA is already configured on this system." Remove CA certificates manually with # pkidestroy -s CA -i pki-tomcat # rm -rf /var/log/pki/pki-tomcat /etc/sysconfig/pki-tomcat /etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat /etc/pki/pki-tomcat 5 . Uninstall replica by running below command # ipa-server-install --uninstall -U But then what do we do to rebuild the IPA on ipa04.fbog.local? Thanks. -Steven -----Original Message----- From: Rob Crittenden <rcritten(a)redhat.com&gt; Sent: Tuesday, August 10, 2021 9:19 AM To: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org&gt; Cc: Shirley Schaeffer <shirley_schaeffer(a)nwrdc.fsu.edu>; Simpson, Brett <brett_simpson(a)nwrdc.fsu.edu>; Auerbach, Steven <Steven.Auerbach(a)flbog.edu&gt; Subject: Re: [Freeipa-users] Hard Crash of Server Corrupted IPA Auerbach, Steven via FreeIPA-users wrote: You need to look in the 389-ds error log for details, /var/log/dirsrv/slapd-FBOG-LOCAL/errors rob