Hi all, Some more digging reveals that when an attempt is made for serverb to try and commence replication with serverc, I get the following in the error log: [04/May/2014:17:46:55 +0100] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=Agreement serverc.example.com" (serverc:636)". [04/May/2014:17:47:02 +0100] NSMMReplicationPlugin - agmt="cn=Agreement serverc.example.com" (serverc:636): Failed to send extended operation: LDAP error -1 (Can't contact LDAP server) [04/May/2014:17:47:02 +0100] NSMMReplicationPlugin - agmt="cn=Agreement serverc.example.com" (serverc:636): Received error -1 (Can't contact LDAP server): for total update operation [04/May/2014:17:47:03 +0100] NSMMReplicationPlugin - agmt="cn=Agreement serverc.example.com" (serverc:636): Warning: unable to send endReplication extended operation (Can't contact LDAP server) [04/May/2014:17:47:04 +0100] NSMMReplicationPlugin - agmt="cn=Agreement serverc.example.com" (serverc:636): Replication bind with SIMPLE auth resumed Unfortunately the error message "Failed to send extended operation: LDAP error -1 (Can't contact LDAP server)" is too vague to be useful because there is no clear and unambiguous indication of *which* server it is unable to connect to and on what port. The "(serverc:636)" would imply that it is trying to connect to "serverc", but "serverc" is the name of the instance, it is not the name of the server, so any attempt to connect to this will fail. The server is called serverc.example.com, and this name appears exclusively in the replication agreement: dn: cn=Agreement serverc.example.com,cn=replica,cn=o\3DFoo\,c\3Dza,cn=mapping tr ee,cn=config objectClass: nsDS5ReplicationAgreement objectClass: top cn: Agreement serverc.example.com description: Replication agreement between serverb.example.com and serverc.example.com nsds5BeginReplicaRefresh: start nsDS5ReplicaBindDN: cn=Replication Manager,cn=config nsDS5ReplicaBindMethod: SIMPLE nsds5replicaChangesSentSinceStartup: nsDS5ReplicaCredentials:: xxx nsDS5ReplicaHost: serverc.example.com nsds5replicaLastInitEnd: 0 nsds5replicaLastInitStart: 20140504164654Z nsds5replicaLastInitStatus: 0 nsds5replicaLastUpdateEnd: 20140504164652Z nsds5replicaLastUpdateStart: 20140504164652Z nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental u pdate started nsDS5ReplicaPort: 636 nsDS5ReplicaRoot: o=Foo,c=ZA nsDS5ReplicaTransportInfo: SSL nsds5replicaUpdateInProgress: FALSE At the same time, ssldump reveals that serverb.example.com and serverc.example.com are successfully speaking to one another, and have a lot to say - data seems to be constantly flowing between them, but not to any successful end. Does any of this behaviour look familiar to anybody? Regards, Graham -- -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
