To avoid entering lockdown mode when upgrading servers in a replicated topology, before upgrading, check the replicationChanges database for any obsolete replicas. To perform this check, run the check-replication-domains tool, which scans changelogDb for all known replication domains and identifies any obsolete replicas still listed as part of a topology.

  1. Run check-replication-domains --serverRoot <serverRootDirectory>.
    Note:

    You can use the --serverRoot argument to specify the root directory where the server containing the replication data is installed. If you don't supply this argument, check-replication-domains uses the default value of the server where you run the tool.

  2. Review the output for any replica IDs listed as Obsolete.

    The following is an example output from the check-replication-domains tool:

    Server topo-1
    [pinguser@topo-1 ~]$ PingDirectory/bin/check-replication-domains --serverRoot PingDirectory/
    
    SERVER           DOMAIN DN                ID
    ---------------- ------------------------ ------
    topo-1           cn=schema                20693 (local)
    topo-1           dc=example,dc=com        23135 (local)
    topo-2           cn=schema                8371
    topo-2           dc=example,dc=com        19233
    
    Server topo-2
    [pinguser@topo-2 ~]$ PingDirectory/bin/check-replication-domains --serverRoot PingDirectory/
    
    SERVER           DOMAIN DN                ID
    ---------------- ------------------------ ------
    <unknown>        dc=example,dc=com        7403 ** OBSOLETE **
    topo-1           cn=schema                20693
    topo-1           dc=example,dc=com        23135
    topo-2           cn=schema                8371 (local)
    topo-2           dc=example,dc=com        19233 (local)

If you identified any obsolete replicas, purge the obsolete replicas.