Document workaround for 1454 in 'pkispawn' man page.

Ticket #1486.

1 files changed, 18 insertions, 1 deletions

diff --git a/base/server/man/man8/pkispawn.8 b/base/server/man/man8/pkispawn.8
index d475d9524..df7d5ca7d 100644
--- a/base/server/man/man8/pkispawn.8
+++ b/base/server/man/man8/pkispawn.8
@@ -439,8 +439,25 @@ master# scp backup_keys.p12 clone:/backup_keys.p12
 clone# chown pkiuser: /backup_keys.p12
 clone# semanage -a -t pki_tomcat_cert_t /backup_keys.p12\fP
 .fi
-
 .PP
+.nf
+Note: One current cloning anomaly to mention is the following scenario:
+
+1. Create a clone of a CA or of any other subsystem.
+2. Remove that just created clone.
+3. Immediately attempt the exact same clone again, in place of
+   the recently destroyed instance. Before recreating this clone,
+   make sure the "pki_ds_remove_data=True" is used in the clone's
+   deployment config file. This will remove the old data from the previous
+   clone.
+
+Here the Director Server instance may have worked itself in into a state
+where it no longer accepts connections, aborting the clone configuration quickly.
+
+The fix to this is to simply restart the Directory Server instance before
+creating the clone for the second time. After restarting the Directory Server
+it should be possible to create the mentioned clone instance.
+.fi
 .SS Installing a KRA or TKS clone
 .BR
 .PP