ipa-replica-install fails with the error; "Waiting up to 300 seconds to see our keys appear on host: ipa-master.example.com"

Solution Verified - Updated -

Issue

ipa-replica-install fails with the error; "Waiting up to 300 seconds to see our keys appear on host: ipa-master.geo-a.example.com"

In this environment, certain IPA servers are only accessible to to the IPA replicas within the same geographical location.

/var/log/ipa-replica-install.log has the following errors :

2017-08-17T07:20:11Z INFO Waiting up to 300 seconds to see our keys appear on host: ipa-master.geo-a.example.com
2017-08-17T07:22:18Z DEBUG Transient error getting keys: '{'desc': "Can't contact LDAP server"}'

Customer pointed replica server to the IPA server located within the same geographical location using the parameter "ipa_hostname" in sssd.conf however it still trying to contact IPA master server in a different geographical location.

Environment

Red Hat Enterprise Linux 7.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.