The proxy script failed to do is update the security domain entry stored in ldap for the master. This leaves the ports as 9xxx so if you go to create a clone against that server you'll get an invalid clone_uri error.
You can fix this by going into ldap and changing the relevant security domain entries for all the CA's that have been converted to use the proxy to use the proxy ports instead. They will be under ou=security domain, $basedn. They will basically all be 443, except for UnscurePort which will be 80.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=768284
Talked with Ade from dogtag team. May have them apply this fix instead, it really belongs to them.
The problem of trying to do this in IPA is we would have to prompt for the DM password which we can't do during the rpm install process.
Filed dogtag bug https://bugzilla.redhat.com/show_bug.cgi?id=796356
This only applies to 2.0 -> 2.1 upgrades. RHEL bug is closed as upgrades aren't supported from 2.0 to 2.1.
Moving to 3.1 backlog, making a task.
General backlog was renamed to Beer Exchange
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: Ticket Backlog
Login to comment on this ticket.