Troubleshooting guide
Table Of Contents
- Novell eDirectory 8.8 SP7 Troubleshooting Guide
- About This Book
- 1 Resolving Error Codes
- 2 Installation and Configuration
- 2.1 Installation
- 2.1.1 Fatal Error Occurs in Schema Sync When Installing a Second eDirectory Server into the Tree on a SLES 11 Machine
- 2.1.2 Installation Not Successful
- 2.1.3 Installation Takes a Long Time
- 2.1.4 eDirectory Install Fails for Container Administrators
- 2.1.5 NICI Installation Failed - 1497
- 2.1.6 Naming Objects
- 2.1.7 NICI Does Not Get Installed in the Server Mode on Windows
- 2.1.8 Tarball Upgrade Fails With "Cannot open or remove a file containing a running program" Error Message
- 2.1.9 Installing the Library Patches
- 2.2 Configuration
- 2.2.1 Loopback Referrals Are Returned By a Directory Server
- 2.2.2 Tree Name Lookup Failed: -632 Error While Configuring eDirectory 8.8 on Linux
- 2.2.3 Adding New Servers
- 2.2.4 Excluding the DIB directory from Backup or Antivirus Processes
- 2.2.5 eDirectory ndsconfig Displays an Error on RHEL 32-bit System
- 2.3 Upgrade
- 2.3.1 The Integrated Installer Fails to Upgrade on Windows 2003
- 2.3.2 Upgrade Fails from Prior Versions of eDirectory 8.7.3 SP9 to eDirectory 8.8 SP7
- 2.3.3 Upgrade Fails if the Mount Point Is Set to /var/opt/novell/eDirectory/ data
- 2.3.4 Upgrading eDirectory After Applying a Patch Does Not Remove the Patch Version on a Windows System
- 2.4 Multiple Instances
- 2.1 Installation
- 3 Determining the eDirectory Version Number
- 4 Log Files
- 5 Troubleshooting LDIF Files
- 6 Troubleshooting SNMP
- 7 iMonitor
- 7.1 Browsing for Objects Containing Double-Byte Characters in iMonitor
- 7.2 Agent Health Check on a Single-Server Tree
- 7.3 iMonitor Report Does Not Save the Records for Each Hour
- 7.4 Creation and Modification Time Stamps
- 7.5 iMonitor Issues in Older Versions of Mozilla
- 7.6 Run Report Screen Layout Not Aligned on iMonitor
- 7.7 iMonitor Displays Error -672
- 7.8 Time Stamps Displayed in Hexadecimal Format
- 8 iManager
- 9 Obituaries
- 10 Migrating to Novell eDirectory
- 11 Schema
- 12 DSRepair
- 13 Replication
- 14 Clone DIB Issues
- 15 Novell Public Key Infrastructure Services
- 15.1 PKI Operations Not Working
- 15.2 LDAP Search from Netscape Address Book Fails
- 15.3 Removing the configuration of an eDirectory server that is acting as a treekey server in a multiserver tree after having moved the existing eDirectory objects to a different server fails with the error code for Crucial Replica.
- 15.4 While uninstalling the eDirectory Server holding the CA, the KMOs created on that server will be moved to another server in the tree and become invalid
- 16 Troubleshooting Utilities on Linux and UNIX
- 17 NMAS on Linux and UNIX
- 18 Troubleshooting on Windows
- 19 Accessing HTTPSTK When DS Is Not Loaded
- 20 Encrypting Data in eDirectory
- 20.1 Error Messages
- 20.2 Problem With Duplicate Encryption Algorithms
- 20.3 Encryption of Stream Attributes
- 20.4 Configuring Encrypted Replication through iManager
- 20.5 Viewing or Modifying Encrypted Attributes through iManager
- 20.6 Merging Trees With Encrypted Replication Enabled Fails
- 20.7 Limber Displays -603 Error
- 21 The eDirectory Management Toolbox
- 22 SASL-GSSAPI
- 23 Miscellaneous
- 23.1 Backing Up a Container
- 23.2 Repeated eDirectory Logins
- 23.3 Enabling Event System Statistics
- 23.4 Tracking Memory Corruption Issues on Linux
- 23.5 TCP Connection not Terminating after Abnormal Logout
- 23.6 NDS Error, System Failure (-632) Occurs When Doing ldapsearch for the User Objects
- 23.7 Disabling SecretStore
- 23.8 Viewing SLP Man Pages
- 23.9 dsbk Configuration File Location
- 23.10 SLP Interoperability Issues on OES Linux
- 23.11 ldif2dib Fails to Open the Error Log File When the DIB Directory Exists In the Custom Path
- 23.12 eDirectory Server Does Not Start Automatically in the Virtual SLES 10
- 23.13 ndsd Does Not Start After a System Crash
- 23.14 Do not Execute DSTrace With All Tags Enabled on UNIX Systems
- 23.15 LDAP is Not RFC Compliant For Anonymous Search Requests
- 23.16 Troubleshooting Ports with Custom eDirectory 8.8 Instances
- 23.17 Rebooting the Host
- 23.18 ndsd Not Listening at the Loopback Address on a Given NCP Port
- 23.19 LDAP Transaction OIDs
- 23.20 Errors -5871 and -5875 in LDAP Trace
- 23.21 NDSCons Gives -625 Error if a Tree is Renamed
- 23.22 Listening on Multiple NICs Slows Down eDirectory ldapsearch Performance
- 23.23 Unable to Limit the Number of Concurrent Users on UNIX/ Linux Platforms
- 23.24 ndsd Fails to Shut Down Due to SLP
- 23.25 eDirectory Does Not Support Symbolic Links for DIB Location
Miscellaneous 115
tcp_keepalive_probes
: Determines the frequency of sending TCP
keepalive
probes before
deciding a broken connection.
The
tcp_keepalive_probes
takes an integer value, recommended less than 50 depending on
your
tcp_keepalive_time
and the
tcp_keepalive_interval
values. The default is to set to 9
probes before informing the application of the broken connection.
tcp_keepalive_intvl
: Determines the duration for a reply for each
keepalive
probe. This
value is important to calculate the time before your connection has a
keepalive
death.
The
tcp_keepalive_intvl
takes an integer value, the default is 75 seconds. So, 9 probes with 75
seconds each will take approximately 11 minutes. The default values of the
tcp_keepalive_probes
and
tcp_keepalive_intvl
variables can be used to evaluate the
default time before the connection is timed out because of
keepalive
.
Modify these three parameters in a way that the change does not generate a lot of extra network
traffic and still solves the problem. A sample modification could be as follows (a 3-minute detection
time):
tcp_keepalive_time set -120
tcp_keepalive_probes - 3
tcp_keepalive_intvl - 20
NOTE: Be careful with the parameter settings and avoid setting the already valid connections.
The settings take effect immediately after the files are modified. You need not restart any services.
However, the settings are valid for the current session only. Once the server is re-booted, the settings
revert to the default settings.
To make the setting permanent (even after a reboot), do the following:
Add the following entries in
/etc/sysctl.conf.
net.ipv4.tcp_keepalive_time=120
net.ipv4.tcp_keepalive_probes=3
net.ipv4.tcp_keepalive_intvl=20
We recommend these settings only if all the clients and servers are connected through LAN.
23.6 NDS Error, System Failure (-632) Occurs When Doing
ldapsearch for the User Objects
Import the user objects with simple password and then enable universal password for the container
where the user objects are imported. Stop the DS server and set the environment as
NDSD_TRY_NMASLOGIN_FIRST=true
and then start DS Server. When you do an ldapsearch for the user
objects, which were imported with simple password, you get the following error:
ldap_bind: Unknown error, additional info: NDS error: system failure (-632)
To resolve this issue, set the default login sequence as simple password for the container where user
objects are imported before doing ldapsearch for those user objects.
When LDAP requests NMAS to log in a user, NMAS uses the default login sequence. If you do not
specify a default login sequence for these users, then it will use the NDS sequence. If these users are
not given an NDS password when you imported them, then the NDS sequence will not work. If you
enable universal password, then the simple password will be synchronized with the NDS password
and universal password when the user logs in with the simple password.