Trying to promote a client to a replica and it's failing with:
Upgrading IPA:. Estimated time: 1 minute 30 seconds [1/9]: stopping
directory server [2/9]: saving configuration [3/9]: disabling
listeners [4/9]: enabling DS global lock [5/9]: starting directory
server [6/9]: upgrading server [7/9]: stopping directory server
[8/9]: restoring configuration [9/9]: starting directory
serverDone.Restarting the KDCYour system may be partly configured.Run
/usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall):
ERROR 406 Client Error: Failed to validate message: No recipient
matched the provided key["Failed: [ValueError('Decryption
failed.',)]"]ipa.ipapython.install.cli.install_tool(CompatServerReplica
Install): ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
The replica-install log:
2017-10-04T07:22:06Z DEBUG Restarting the KDC2017-10-04T07:22:06Z DEBUG
Starting external process2017-10-04T07:22:06Z DEBUG args=/bin/systemctl
restart krb5kdc.service2017-10-04T07:22:06Z DEBUG Process finished,
return code=02017-10-04T07:22:06Z DEBUG stdout=2017-10-04T07:22:06Z
DEBUG stderr=2017-10-04T07:22:06Z DEBUG Starting external process2017-
10-04T07:22:06Z DEBUG args=/bin/systemctl is-active
krb5kdc.service2017-10-04T07:22:06Z DEBUG Process finished, return
code=02017-10-04T07:22:06Z DEBUG stdout=active
2017-10-04T07:22:06Z DEBUG stderr=2017-10-04T07:22:06Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in
execute return_value = self.run() File "/usr/lib/python2.7/site-
packages/ipapython/install/cli.py", line 333, in run cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
368, in run self.execute() File "/usr/lib/python2.7/site-
packages/ipapython/install/core.py", line 392, in execute for
_nothing in self._executor(): File "/usr/lib/python2.7/site-
packages/ipapython/install/core.py", line 434, in
__runner exc_handler(exc_info) File "/usr/lib/python2.7/site-
packages/ipapython/install/core.py", line 463, in
_handle_execute_exception self._handle_exception(exc_info) File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453,
in _handle_exception six.reraise(*exc_info) File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424,
in __runner step() File "/usr/lib/python2.7/site-
packages/ipapython/install/core.py", line 421, in <lambda> step =
lambda: next(self.__gen) File "/usr/lib/python2.7/site-
packages/ipapython/install/util.py", line 81, in
run_generator_with_yield_from six.reraise(*exc_info) File
"/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59,
in run_generator_with_yield_from value = gen.send(prev_value) File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 658,
in _configure next(executor) File "/usr/lib/python2.7/site-
packages/ipapython/install/core.py", line 434, in
__runner exc_handler(exc_info) File "/usr/lib/python2.7/site-
packages/ipapython/install/core.py", line 463, in
_handle_execute_exception self._handle_exception(exc_info) File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521,
in _handle_exception self.__parent._handle_exception(exc_info) File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453,
in _handle_exception six.reraise(*exc_info) File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518,
in _handle_exception super(ComponentBase,
self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-
packages/ipapython/install/core.py", line 453, in
_handle_exception six.reraise(*exc_info) File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424,
in __runner step() File "/usr/lib/python2.7/site-
packages/ipapython/install/core.py", line 421, in <lambda> step =
lambda: next(self.__gen) File "/usr/lib/python2.7/site-
packages/ipapython/install/util.py", line 81, in
run_generator_with_yield_from six.reraise(*exc_info) File
"/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59,
in run_generator_with_yield_from value = gen.send(prev_value) File
"/usr/lib/python2.7/site-packages/ipapython/install/common.py", line
63, in _install for _nothing in self._installer(self.parent): File
"/usr/lib/python2.7/site-
packages/ipaserver/install/server/__init__.py", line 617, in
main replica_install(self) File "/usr/lib/python2.7/site-
packages/ipaserver/install/server/replicainstall.py", line 386, in
decorated func(installer) File "/usr/lib/python2.7/site-
packages/ipaserver/install/server/replicainstall.py", line 1477, in
install custodia.import_dm_password(config.master_host_name) File
"/usr/lib/python2.7/site-
packages/ipaserver/install/custodiainstance.py", line 124, in
import_dm_password cli.fetch_key('dm/DMHash') File
"/usr/lib/python2.7/site-packages/ipaserver/secrets/client.py", line
101, in fetch_key r.raise_for_status() File
"/usr/lib/python2.7/site-packages/requests/models.py", line 834, in
raise_for_status raise HTTPError(http_error_msg, response=self)
2017-10-04T07:22:06Z DEBUG The ipa-replica-install command failed,
exception: HTTPError: 406 Client Error: Failed to validate message: No
recipient matched the provided key["Failed: [ValueError('Decryption
failed.',)]"]2017-10-04T07:22:06Z ERROR 406 Client Error: Failed to
validate message: No recipient matched the provided key["Failed:
[ValueError('Decryption failed.',)]"]2017-10-04T07:22:06Z ERROR The
ipa-replica-install command failed. See /var/log/ipareplica-install.log
for more information
Not really sure where to look for what is causing the error from here.
Any help appreciated.