Hello
I am running CentOS 7.9
FreeIPA 4.6.8
Installed with integrated DNS and CA
A replica will be installed after the trust is established with the AD domain.
When trying to create a trust with AD i get the following error message (it seems to be
somewhat random but goes back and forth between these two)
Fetching domains from trusted forest failed
OR
ipa: ERROR: cannot connect to 'https://<server>/ipa/session/json': Gateway
Timeout
I have done the following to troubleshoot:
- disable Selinux, which makes no difference
- check firewall ports. for your reference I have the following defined
services: freeipa-ldap, freeiipa-ldaps, http, https, kerberos, ntp, dns, ssh
ports: 749/tcp, 7389/tcp, 8005/tcp, 8009/tcp
- check DNS, it all verifies properly according to 5.2.1.2
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
- enabled debugging per
https://www.freeipa.org/page/Active_Directory_trust_setup#Establish_and_v...
- disabled DNSSEC per
https://access.redhat.com/solutions/2263991
I do see something of interest in the error_log but I am not sure if this is the problem.
wsgi:error Timeout when reading response headers from daemon process 'ipa':
/usr/share/ipa/wsgi.py
ipa: ERROR: Failed to call com.redhat.idm.trust.fetch_domains helper. DBus exception is
org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the
remote application did not send a reply, the message bus security policy blocked the
reply, the reply timeout expired, or the network connection was broken.
ipa: ERROR: Helper fetch_domain was called for forest <forest_name_here>, return
code is 2
Any assistance you can provide is appreciated!