IdM command ipa-healthcheck shows old server replica

Solution In Progress - Updated -

Issue

  • After the iDM upgrade, the command ipa-healthcheck shows an old replica instance that does not exist anymore.

    # ipa-healthcheck

Internal server error HTTPSConnectionPool(host='vm01.example.com', port=443): Max retries exceeded with        url: /ca/rest/certs/search?size=3 (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f6708174a20>: Failed to establish a new connection: [Errno 111] Connection refused',))
[
{
"source": "pki.server.healthcheck.clones.connectivity_and_data",
"check": "ClonesConnectivyAndDataCheck",
"result": "ERROR",
"uuid": "42a3ee20-cfc7-44e7-8a5e-aa0339178729",
"when": "20230518092029Z",
"duration": "0.233154",
"kw": {
"status": "ERROR: pki-tomcat : Internal error testing CA clone. Host: vm01.example.com Port: 443"
}



# ipa-replica-manage list-ruv

Replica Update Vectors:
vm02.example.com :389: 17
vm03.example.com :389: 15
vm01.example.com :389: 3 ----------> this server should not appear
vm04.example.com :389: 19
Certificate Server Replica Update Vectors:
vm02.example.com :389: 18
vm03.example.com :389: 16
vm04.example.com :389: 20

  • The command pki securitydomain-show also shows a replica that does not exist anymore

    # pki securitydomain-show 

CA Subsystem:

Host ID: CA vm01.example.com 443 -----------> This server should not appear
Hostname: vm01.example.com
Port: 80
Secure Port: 443
Domain Manager: TRUE

Environment

  • Identity Management in Red Hat Enterprise Linux.
  • IPA Server 4.6.8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content