Comment 3 for bug 1853863

Here's the shell script log

root@registry2:~# kinit admin
Password for admin@1.QUIETFOUNTAIN.COM:
root@registry2:~# ipa-replica-install --setup-dns --no-forwarders
WARNING: conflicting time&date synchronization service 'ntp' will
be disabled in favor of chronyd
Lookup failed: Preferred host registry2.1.quietfountain.com does not provide DNS.
Run connection check to master
Connection check OK
Configuring directory server (dirsrv). Estimated time: 30 seconds
[1/41]: creating directory server instance
Starting installation...
Created symlink /etc/systemd/system/multi-user.target.wants/dirsrv@1-QUIETFOUNTAIN-COM.service → /lib/systemd/system/dirsrv@.service.
Allocate local instance <class 'lib389.DirSrv'> with ldapi://%2fvar%2frun%2fslapd-1-QUIETFOUNTAIN-COM.socket
[2/41]: configure autobind for root
[3/41]: stopping directory server
[4/41]: updating configuration in dse.ldif
[5/41]: starting directory server
[6/41]: adding default schema
[7/41]: enabling memberof plugin
[8/41]: enabling winsync plugin
[9/41]: configure password logging
[10/41]: configuring replication version plugin
[11/41]: enabling IPA enrollment plugin
[12/41]: configuring uniqueness plugin
[13/41]: configuring uuid plugin
[14/41]: configuring modrdn plugin
[15/41]: configuring DNS plugin
[16/41]: enabling entryUSN plugin
[17/41]: configuring lockout plugin
[18/41]: configuring topology plugin
[19/41]: creating indices
[20/41]: enabling referential integrity plugin
[21/41]: configuring certmap.conf
[22/41]: configure new location for managed entries
[23/41]: configure dirsrv ccache and keytab
[24/41]: enabling SASL mapping fallback
[25/41]: restarting directory server
[26/41]: creating DS keytab
[27/41]: ignore time skew for initial replication
[28/41]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 62 seconds elapsed
Update succeeded
[29/41]: prevent time skew after initial replication
[30/41]: adding sasl mappings to the directory
[31/41]: updating schema
[32/41]: setting Auto Member configuration
[33/41]: enabling S4U2Proxy delegation
[34/41]: initializing group membership
[35/41]: adding master entry
[36/41]: initializing domain level
[37/41]: configuring Posix uid/gid generation
[38/41]: adding replication acis
[39/41]: activating sidgen plugin
[40/41]: activating extdom plugin
[41/41]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring Kerberos KDC (krb5kdc)
[1/5]: configuring KDC
[2/5]: adding the password extension to the directory
[3/5]: creating anonymous principal
[4/5]: starting the KDC
[5/5]: configuring KDC to start on boot
Done configuring Kerberos KDC (krb5kdc).
Configuring kadmin
[1/2]: starting kadmin
[2/2]: configuring kadmin to start on boot
Done configuring kadmin.
Configuring directory server (dirsrv)
[1/3]: configuring TLS for DS instance
[2/3]: importing CA certificates from LDAP
[3/3]: restarting directory server
Done configuring directory server (dirsrv).
Configuring the web interface (httpd)
[1/21]: stopping httpd
[2/21]: backing up ssl.conf
[3/21]: disabling nss.conf
[4/21]: configuring mod_ssl certificate paths
[5/21]: setting mod_ssl protocol list
[6/21]: configuring mod_ssl log directory
[7/21]: disabling mod_ssl OCSP
[8/21]: adding URL rewriting rules
[9/21]: configuring httpd
[10/21]: setting up httpd keytab
[11/21]: configuring Gssproxy
[12/21]: setting up ssl
[13/21]: configure certmonger for renewals
[14/21]: publish CA cert
[15/21]: clean up any existing httpd ccaches
[16/21]: configuring SELinux for httpd
[17/21]: create KDC proxy config
[18/21]: enable KDC proxy
[19/21]: starting httpd
[20/21]: configuring httpd to start on boot
[21/21]: enabling oddjobd
Done configuring the web interface (httpd).
Configuring ipa-otpd
[1/2]: starting ipa-otpd
[2/2]: configuring ipa-otpd to start on boot
Done configuring ipa-otpd.
Custodia uses 'registry1.1.quietfountain.com' as master peer.
Configuring ipa-custodia
[1/4]: Generating ipa-custodia config file
[2/4]: Generating ipa-custodia keys
[3/4]: starting ipa-custodia
[4/4]: configuring ipa-custodia to start on boot
Done configuring ipa-custodia.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
404 Client Error: Not Found for url: https://registry1.1.quietfountain.com/ipa/keys/ca/caSigningCert%20cert-pki-ca?type=kem&value=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOm51bGx9.FjcSSiXUpFmdUiDGjqSx6RqQviY_rVOkMuskX-QRUx6boPUox9KvoadV9s9odZc8slpnLF974ew-L_UQ-udd5aO2CD2m0meTVwqLymJOpnjSmD-wFIOxvWYH4lPZiZPPnN6DmGmbDc0kFI5O43eL9z3HocN3nYsTNjg-obhZuCVwNsS7xhUqthosBC8XzFadu0N4c800u13SPLAgmFBuXH3_ICMGsf3E9bGppqEo3BZWSiyBYacMSP40etk9YQaxzknWM4hCxIzH_UALuhubTvnrHswUlqpuQFfCxYAGt-RswwYCkjG1B_UJ1-YKmcSPdw7dePgvxd8aHs-CeztU-g.tXofwhux7QSRKzYBB6ek9w.UNrq-g-MfjRsJ8ZGSdPGvQjIKEw9vk4wp04bG0ZZ7AzvsRT1Tf1bwKHqcWWtC5c0FuQ6YB3j1jvObjJOjoD176S710XpGg_DucL1rvDBSCPTQTHH06QDaE_LwcUIpLZH3bjyyAh9L3yh07-6WCCYDvuHQgfkASeWb916Q7-yTyGuKxk6Tg6wf27gFQS2_q91vllv4g148DX2cREaDb60HOhdkAn3BdWuyomoT3tdwLXX2kUavc-UmUth2WWqPICBaCFXbE1pNVxOMB0cMHD43WPxBzQqQgHV7Xz7QlpyAYJmjJZj0KSu4K4AzXZzX7DPCmBkjReuJvcIOL_zOmn-E38G-ApKLdzXFpr_GFJamzKx5A2AiTzQkivnN_1mwZK65si7NM1wi-10BRQcUL3cz5u2uDxBQZHA0eN26uOHS_OFXke37zuKjqw319GQnXfw_Mlys6Cxilnc0vcjmk6vpx4gJFoQbobbtfaFgzfmYtI3sACLXJLhS8yNQgv03d3zbAaFrZHc7LLv6iKQ_w-jBFxBQf_PepLIaoeebtA1Fld0r3OqZokXAE1vaFfN0nVBAhh4sx-BD3gHpVopCZQHsoeZvKZF23xCbXQCKMAe_8rgNEtuhig2dgXY_3vL2V0xbD_7c2eNcsvutBm-9DGkGiotCOJhrUR2riXCvSIPb-Vt-G2WDg_U8z44JfyvkVHo.3nNEjhuACxacf-BrFl5aN5F0XNUbsF-plMhJ6Sbzt5c
The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
root@registry2:~#