[pki-users] Error cloning CA

Hello, I am attempting to do some testing with the Fedora PKI and Dogtag systems and have run into an issue. My setup is as follows: Server-1 - Running fedora-ds and dogtag (dogtag uses the local fedora-ds LDAP server as for storage) Server-2 - Running the same Server-2 is acting as a LDAP replica for Server-1 (o=NetscapeRoot and the primary dc are replicated, this *seems* to work fine.. I can create an entry on Server-1 and it will show up on Server-2) On Server-1, I installed Dogtag 1.1.0 (via yum) and setup a CA - again everything *seems* to work fine. On Server-2 I then attempted to clone the CA from Server-1. Things go good until I get to the screen to specify where the backend is located. For the backend, I use the fedora-ds server located on Server-2, I enter my credentials and then it seems to hang. In /var/log/dirsrv/slapd-TEST/error on Server-2 I see some error messages I can't seem to find reference too: info: entrydn not indexed on 'ou=certificaterepository,ou=ca,dc=<dc>'; entry ou=certificaterepository,ou=ca,dc=<dc> may not be added to database yet (this message shows up numerous times) info: entrydn not indexed on 'ou=ca,ou=requests,dc=<dc>'; entry ou=ca,ou=requests,dc=<dc> may not be added to database yet (this message shows up numerous times) NSMMReplicationPlugin - agmt="cn=cloneAgreement1-server-2-pki-ca" (service-2:389): Replica has a different generation ID than the local data I managed to get around the replication problem by (and this is probably not the correct course of action): 1. Deleted the replication agreement on both systems 2. Exported the CA database on Server-1 and imported it into Server-2 3. Recreated the replication agreement This allowed me to finally get past the screen listed above (where the LDAP credentials have to be entered) but I still see this error on Server-2: Replica has a different generation ID than the local data And on Server-1: NSMMReplicationPlugin - repl_set_mtn_referrals: could not set referrals for replica dc=<dc>: 1 Is there a reason that the installation is not correctly setting up the LDAP database and replication agreement? Are there steps I have missed, I followed the directions in the RedHat Certificate Server Admin Guide? Does this have something to do with replicating o=NetscapeRoot? Thanks, Mike