Ipa-healthcheck

Hi Everyone!

I ran ipa-healthcheck on my master ipa server (ipa01) running on rocky 9.5 and it seems there is a replication issue that I am not sure how to fix on the replica (ipa02). Does anyone know how to fix these issues?

[
{
“source”: “ipahealthcheck.ds.replication”,
“check”: “ReplicationCheck”,
“result”: “WARNING”,
“uuid”: “eba28f0a-b1e4-4433-a021-72a804224e70”,
“when”: “20241203120748Z”,
“duration”: “0.875160”,
“kw”: {
“key”: “DSREPLLE0002”,
“items”: [
“Replication”,
“Conflict Entries”
],
“msg”: “There were 6 conflict entries found under the replication suffix "dc=example,dc=com".”
}
},
{
“source”: “ipahealthcheck.ipa.certs”,
“check”: “IPACertTracking”,
“result”: “ERROR”,
“uuid”: “8db42087-eb0c-443e-8537-9780953307c7”,
“when”: “20241203120749Z”,
“duration”: “0.455522”,
“kw”: {
“key”: “cert-database=/etc/pki/pki-tomcat/alias, cert-nickname=caSigningCert cert-pki-ca, ca-name=dogtag-ipa-ca-renew-agent, cert-presave-command=/usr/libexec/ipa/certmonger/stop_pkicad, cert-postsave-command=/usr/libexec/ipa/certmonger/renew_ca_cert "caSigningCert cert-pki-ca", template-profile=caCACert”,
“msg”: “Expected certmonger tracking is missing for {key}. Automated renewal will not happen for this certificate”
}
},
{
“source”: “ipahealthcheck.ipa.certs”,
“check”: “IPACertTracking”,
“result”: “WARNING”,
“uuid”: “dab64bba-049c-44f9-904e-f6ec5849ddf5”,
“when”: “20241203120749Z”,
“duration”: “0.546223”,
“kw”: {
“key”: “20240902122824”,
“msg”: “certmonger tracking request {key} found and is not expected on an IPA master.”
}
},
{
“source”: “ipahealthcheck.ipa.certs”,
“check”: “IPACertMatchCheck”,
“result”: “ERROR”,
“uuid”: “b3d34c73-5dc6-4b45-8b91-4ad3660982dc”,
“when”: “20241203120749Z”,
“duration”: “0.009227”,
“kw”: {
“key”: “cn=EXAMPLE.COM IPA CA,cn=certificates,cn=ipa,cn=etc,dc=example,dc=com”,
“dn”: “cn=EXAMPLE.COM IPA CA,cn=certificates,cn=ipa,cn=etc,dc=example,dc=com”,
“serial_number”: 16,
“msg”: “CA Certificate serial number {serial} is in LDAP ‘{dn}’ but is not in /etc/ipa/ca.crt”
}
},
{
“source”: “ipahealthcheck.ipa.idns”,
“check”: “IPADNSSystemRecordsCheck”,
“result”: “WARNING”,
“uuid”: “3fb8312c-4cac-4d7b-af96-693809a7cb85”,
“when”: “20241203120752Z”,
“duration”: “0.032140”,
“kw”: {
“key”: “ipa_ca_missing_ipa02.example.com”,
“server”: “ipa02.example.com”,
“ipaddr”: “10.0.129.42”,
“msg”: “expected ipa-ca to contain {ipaddr} for {server}”
}
}
]