[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

[Dmitry Perets via FreeIPA-users]

Hi,

I have the same issue right now...
I had two working replicas, and I tried to add the third one. But due to some 
issues with ansible playbook, the installation of that third replica failed in 
the middle (I believe ansible lost SSH connection somewhere in the middle). 
That obviously left the new replica in kinda undefined state, which is not my 
issue. My issue is that it affected WebUI of both other two replicas.

Exactly as the others report, I can no longer login to the WebUI. It says 
"invalid 'PKINIT enabled server': all masters must have IPA master role 
enabled" and then throws an exception:

TypeError: Cannot read property 'ipapwdexpadvnotify' of undefined
    at Object.y.update_password_expiration 
(https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?40604:1:37205)
    at Object.start_runtime 
(https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?40604:1:17298)
    at Object.<anonymous> 
(https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?40604:1:1262)
    at 
https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?40604:1:3478
    at Object.forEach 
(https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/dojo/dojo.js?v=40604:1:29752)
    at Object._run_phase 
(https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?40604:1:3442)
    at Object.next_phase 
(https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?40604:1:3904)
    at Object.<anonymous> 
(https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?40604:1:3631)
    at c 
(https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/dojo/dojo.js?v=40604:1:60960)
    at e.extend.then.then.t.then 
(https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/dojo/dojo.js?v=40604:1:62246)

All the commands offered in this thread give me the same error so far: "invalid 
'PKINIT enabled server': all masters must have IPA master role enabled"

Fortunately, it seems that the domain services keep working fine, users can 
login etc. But WebUI is dead, and the failed replica is stuck in the list of 
ipa-replica-manage...

Sounds like a bug...? 

---
Regards,
Dmitry Perets
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org