Oddly, I am having the same problem not too many days later, so I thought I would just reply here. I was in the middle of bringing up a new replica when the hardware panicked or something. Last messages to console: ``` Upgrading IPA:. Estimated time: 1 minute 30 seconds [1/9]: stopping directory server [2/9]: saving configuration [3/9]: disabling listeners [4/9]: enabling DS global lock [5/9]: starting directory server [6/9]: upgrading server ```
I've tried everything in the thread, starting with the link Mark Reynolds sent above. I found the current replication and did the `cleanruv` path (not the `all` variant) for the open transaction, then checked it on the other master. Still getting the `invalid 'PKINIT enabled server': all masters must have IPA master role enabled` message.
Also tried the `ipa-replica-manage del replica.server --force` and `ipa server-del --ignore-topology-disconnect --ignore-last-of-role --force replica.server` command and got the same error message for both commands.
Any ideas of what I might additionally try?
Thanks for your help!