Here's the shell script log
root@registry2:~# kinit admin Password for admin@1.QUIETFOUNTAIN.COM: root@registry2:~# ipa-replica-install --setup-dns --no-forwarders WARNING: conflicting time&date synchronization service 'ntp' will be disabled in favor of chronyd Lookup failed: Preferred host registry2.1.quietfountain.com does not provide DNS. Run connection check to master Connection check OK Configuring directory server (dirsrv). Estimated time: 30 seconds [1/41]: creating directory server instance Starting installation... Created symlink /etc/systemd/system/multi-user.target.wants/dirsrv@1-QUIETFOUNTAIN-COM.service → /lib/systemd/system/dirsrv@.service. Allocate local instance <class 'lib389.DirSrv'> with ldapi://%2fvar%2frun%2fslapd-1-QUIETFOUNTAIN-COM.socket [2/41]: configure autobind for root [3/41]: stopping directory server [4/41]: updating configuration in dse.ldif [5/41]: starting directory server [6/41]: adding default schema [7/41]: enabling memberof plugin [8/41]: enabling winsync plugin [9/41]: configure password logging [10/41]: configuring replication version plugin [11/41]: enabling IPA enrollment plugin [12/41]: configuring uniqueness plugin [13/41]: configuring uuid plugin [14/41]: configuring modrdn plugin [15/41]: configuring DNS plugin [16/41]: enabling entryUSN plugin [17/41]: configuring lockout plugin [18/41]: configuring topology plugin [19/41]: creating indices [20/41]: enabling referential integrity plugin [21/41]: configuring certmap.conf [22/41]: configure new location for managed entries [23/41]: configure dirsrv ccache and keytab [24/41]: enabling SASL mapping fallback [25/41]: restarting directory server [26/41]: creating DS keytab [27/41]: ignore time skew for initial replication [28/41]: setting up initial replication Starting replication, please wait until this has completed. Update in progress, 62 seconds elapsed Update succeeded [29/41]: prevent time skew after initial replication [30/41]: adding sasl mappings to the directory [31/41]: updating schema [32/41]: setting Auto Member configuration [33/41]: enabling S4U2Proxy delegation [34/41]: initializing group membership [35/41]: adding master entry [36/41]: initializing domain level [37/41]: configuring Posix uid/gid generation [38/41]: adding replication acis [39/41]: activating sidgen plugin [40/41]: activating extdom plugin [41/41]: configuring directory to start on boot Done configuring directory server (dirsrv). Configuring Kerberos KDC (krb5kdc) [1/5]: configuring KDC [2/5]: adding the password extension to the directory [3/5]: creating anonymous principal [4/5]: starting the KDC [5/5]: configuring KDC to start on boot Done configuring Kerberos KDC (krb5kdc). Configuring kadmin [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot Done configuring kadmin. Configuring directory server (dirsrv) [1/3]: configuring TLS for DS instance [2/3]: importing CA certificates from LDAP [3/3]: restarting directory server Done configuring directory server (dirsrv). Configuring the web interface (httpd) [1/21]: stopping httpd [2/21]: backing up ssl.conf [3/21]: disabling nss.conf [4/21]: configuring mod_ssl certificate paths [5/21]: setting mod_ssl protocol list [6/21]: configuring mod_ssl log directory [7/21]: disabling mod_ssl OCSP [8/21]: adding URL rewriting rules [9/21]: configuring httpd [10/21]: setting up httpd keytab [11/21]: configuring Gssproxy [12/21]: setting up ssl [13/21]: configure certmonger for renewals [14/21]: publish CA cert [15/21]: clean up any existing httpd ccaches [16/21]: configuring SELinux for httpd [17/21]: create KDC proxy config [18/21]: enable KDC proxy [19/21]: starting httpd [20/21]: configuring httpd to start on boot [21/21]: enabling oddjobd Done configuring the web interface (httpd). Configuring ipa-otpd [1/2]: starting ipa-otpd [2/2]: configuring ipa-otpd to start on boot Done configuring ipa-otpd. Custodia uses 'registry1.1.quietfountain.com' as master peer. Configuring ipa-custodia [1/4]: Generating ipa-custodia config file [2/4]: Generating ipa-custodia keys [3/4]: starting ipa-custodia [4/4]: configuring ipa-custodia to start on boot Done configuring ipa-custodia. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. 404 Client Error: Not Found for url: https://registry1.1.quietfountain.com/ipa/keys/ca/caSigningCert%20cert-pki-ca?type=kem&value=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOm51bGx9.FjcSSiXUpFmdUiDGjqSx6RqQviY_rVOkMuskX-QRUx6boPUox9KvoadV9s9odZc8slpnLF974ew-L_UQ-udd5aO2CD2m0meTVwqLymJOpnjSmD-wFIOxvWYH4lPZiZPPnN6DmGmbDc0kFI5O43eL9z3HocN3nYsTNjg-obhZuCVwNsS7xhUqthosBC8XzFadu0N4c800u13SPLAgmFBuXH3_ICMGsf3E9bGppqEo3BZWSiyBYacMSP40etk9YQaxzknWM4hCxIzH_UALuhubTvnrHswUlqpuQFfCxYAGt-RswwYCkjG1B_UJ1-YKmcSPdw7dePgvxd8aHs-CeztU-g.tXofwhux7QSRKzYBB6ek9w.UNrq-g-MfjRsJ8ZGSdPGvQjIKEw9vk4wp04bG0ZZ7AzvsRT1Tf1bwKHqcWWtC5c0FuQ6YB3j1jvObjJOjoD176S710XpGg_DucL1rvDBSCPTQTHH06QDaE_LwcUIpLZH3bjyyAh9L3yh07-6WCCYDvuHQgfkASeWb916Q7-yTyGuKxk6Tg6wf27gFQS2_q91vllv4g148DX2cREaDb60HOhdkAn3BdWuyomoT3tdwLXX2kUavc-UmUth2WWqPICBaCFXbE1pNVxOMB0cMHD43WPxBzQqQgHV7Xz7QlpyAYJmjJZj0KSu4K4AzXZzX7DPCmBkjReuJvcIOL_zOmn-E38G-ApKLdzXFpr_GFJamzKx5A2AiTzQkivnN_1mwZK65si7NM1wi-10BRQcUL3cz5u2uDxBQZHA0eN26uOHS_OFXke37zuKjqw319GQnXfw_Mlys6Cxilnc0vcjmk6vpx4gJFoQbobbtfaFgzfmYtI3sACLXJLhS8yNQgv03d3zbAaFrZHc7LLv6iKQ_w-jBFxBQf_PepLIaoeebtA1Fld0r3OqZokXAE1vaFfN0nVBAhh4sx-BD3gHpVopCZQHsoeZvKZF23xCbXQCKMAe_8rgNEtuhig2dgXY_3vL2V0xbD_7c2eNcsvutBm-9DGkGiotCOJhrUR2riXCvSIPb-Vt-G2WDg_U8z44JfyvkVHo.3nNEjhuACxacf-BrFl5aN5F0XNUbsF-plMhJ6Sbzt5c The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information root@registry2:~#
Here's the shell script log
root@registry2:~# kinit admin QUIETFOUNTAIN. COM: 1.quietfountain .com does not provide DNS. system/ multi-user. target. wants/dirsrv@ 1-QUIETFOUNTAIN -COM.service → /lib/systemd/ system/ dirsrv@ .service. /%2fvar% 2frun%2fslapd- 1-QUIETFOUNTAIN -COM.socket 1.quietfountain .com' as master peer. ipa-server- install --uninstall to clean up. /registry1. 1.quietfountain .com/ipa/ keys/ca/ caSigningCert% 20cert- pki-ca? type=kem& value=eyJhbGciO iJSU0EtT0FFUCIs ImVuYyI6IkEyNTZ DQkMtSFM1MTIiLC JraWQiOm51bGx9. FjcSSiXUpFmdUiD GjqSx6RqQviY_ rVOkMuskX- QRUx6boPUox9Kvo adV9s9odZc8slpn LF974ew- L_UQ-udd5aO2CD2 m0meTVwqLymJOpn jSmD-wFIOxvWYH4 lPZiZPPnN6DmGmb Dc0kFI5O43eL9z3 HocN3nYsTNjg- obhZuCVwNsS7xhU qthosBC8XzFadu0 N4c800u13SPLAgm FBuXH3_ ICMGsf3E9bGppqE o3BZWSiyBYacMSP 40etk9YQaxzknWM 4hCxIzH_ UALuhubTvnrHswU lqpuQFfCxYAGt- RswwYCkjG1B_ UJ1-YKmcSPdw7de Pgvxd8aHs- CeztU-g. tXofwhux7QSRKzY BB6ek9w. UNrq-g- MfjRsJ8ZGSdPGvQ jIKEw9vk4wp04bG 0ZZ7AzvsRT1Tf1b wKHqcWWtC5c0FuQ 6YB3j1jvObjJOjo D176S710XpGg_ DucL1rvDBSCPTQT HH06QDaE_ LwcUIpLZH3bjyyA h9L3yh07- 6WCCYDvuHQgfkAS eWb916Q7- yTyGuKxk6Tg6wf2 7gFQS2_ q91vllv4g148DX2 cREaDb60HOhdkAn 3BdWuyomoT3tdwL XX2kUavc- UmUth2WWqPICBaC FXbE1pNVxOMB0cM HD43WPxBzQqQgHV 7Xz7QlpyAYJmjJZ j0KSu4K4AzXZzX7 DPCmBkjReuJvcIO L_zOmn- E38G-ApKLdzXFpr _GFJamzKx5A2AiT zQkivnN_ 1mwZK65si7NM1wi -10BRQcUL3cz5u2 uDxBQZHA0eN26uO HS_OFXke37zuKjq w319GQnXfw_ Mlys6Cxilnc0vcj mk6vpx4gJFoQbob btfaFgzfmYtI3sA CLXJLhS8yNQgv03 d3zbAaFrZHc7LLv 6iKQ_w- jBFxBQf_ PepLIaoeebtA1Fl d0r3OqZokXAE1va FfN0nVBAhh4sx- BD3gHpVopCZQHso eZvKZF23xCbXQCK MAe_8rgNEtuhig2 dgXY_3vL2V0xbD_ 7c2eNcsvutBm- 9DGkGiotCOJhrUR 2riXCvSIPb- Vt-G2WDg_ U8z44JfyvkVHo. 3nNEjhuACxacf- BrFl5aN5F0XNUbs F-plMhJ6Sbzt5c ipareplica- install. log for more information
Password for admin@1.
root@registry2:~# ipa-replica-install --setup-dns --no-forwarders
WARNING: conflicting time&date synchronization service 'ntp' will
be disabled in favor of chronyd
Lookup failed: Preferred host registry2.
Run connection check to master
Connection check OK
Configuring directory server (dirsrv). Estimated time: 30 seconds
[1/41]: creating directory server instance
Starting installation...
Created symlink /etc/systemd/
Allocate local instance <class 'lib389.DirSrv'> with ldapi:/
[2/41]: configure autobind for root
[3/41]: stopping directory server
[4/41]: updating configuration in dse.ldif
[5/41]: starting directory server
[6/41]: adding default schema
[7/41]: enabling memberof plugin
[8/41]: enabling winsync plugin
[9/41]: configure password logging
[10/41]: configuring replication version plugin
[11/41]: enabling IPA enrollment plugin
[12/41]: configuring uniqueness plugin
[13/41]: configuring uuid plugin
[14/41]: configuring modrdn plugin
[15/41]: configuring DNS plugin
[16/41]: enabling entryUSN plugin
[17/41]: configuring lockout plugin
[18/41]: configuring topology plugin
[19/41]: creating indices
[20/41]: enabling referential integrity plugin
[21/41]: configuring certmap.conf
[22/41]: configure new location for managed entries
[23/41]: configure dirsrv ccache and keytab
[24/41]: enabling SASL mapping fallback
[25/41]: restarting directory server
[26/41]: creating DS keytab
[27/41]: ignore time skew for initial replication
[28/41]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 62 seconds elapsed
Update succeeded
[29/41]: prevent time skew after initial replication
[30/41]: adding sasl mappings to the directory
[31/41]: updating schema
[32/41]: setting Auto Member configuration
[33/41]: enabling S4U2Proxy delegation
[34/41]: initializing group membership
[35/41]: adding master entry
[36/41]: initializing domain level
[37/41]: configuring Posix uid/gid generation
[38/41]: adding replication acis
[39/41]: activating sidgen plugin
[40/41]: activating extdom plugin
[41/41]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring Kerberos KDC (krb5kdc)
[1/5]: configuring KDC
[2/5]: adding the password extension to the directory
[3/5]: creating anonymous principal
[4/5]: starting the KDC
[5/5]: configuring KDC to start on boot
Done configuring Kerberos KDC (krb5kdc).
Configuring kadmin
[1/2]: starting kadmin
[2/2]: configuring kadmin to start on boot
Done configuring kadmin.
Configuring directory server (dirsrv)
[1/3]: configuring TLS for DS instance
[2/3]: importing CA certificates from LDAP
[3/3]: restarting directory server
Done configuring directory server (dirsrv).
Configuring the web interface (httpd)
[1/21]: stopping httpd
[2/21]: backing up ssl.conf
[3/21]: disabling nss.conf
[4/21]: configuring mod_ssl certificate paths
[5/21]: setting mod_ssl protocol list
[6/21]: configuring mod_ssl log directory
[7/21]: disabling mod_ssl OCSP
[8/21]: adding URL rewriting rules
[9/21]: configuring httpd
[10/21]: setting up httpd keytab
[11/21]: configuring Gssproxy
[12/21]: setting up ssl
[13/21]: configure certmonger for renewals
[14/21]: publish CA cert
[15/21]: clean up any existing httpd ccaches
[16/21]: configuring SELinux for httpd
[17/21]: create KDC proxy config
[18/21]: enable KDC proxy
[19/21]: starting httpd
[20/21]: configuring httpd to start on boot
[21/21]: enabling oddjobd
Done configuring the web interface (httpd).
Configuring ipa-otpd
[1/2]: starting ipa-otpd
[2/2]: configuring ipa-otpd to start on boot
Done configuring ipa-otpd.
Custodia uses 'registry1.
Configuring ipa-custodia
[1/4]: Generating ipa-custodia config file
[2/4]: Generating ipa-custodia keys
[3/4]: starting ipa-custodia
[4/4]: configuring ipa-custodia to start on boot
Done configuring ipa-custodia.
Your system may be partly configured.
Run /usr/sbin/
404 Client Error: Not Found for url: https:/
The ipa-replica-install command failed. See /var/log/
root@registry2:~#