Troubleshooting guide
Table Of Contents
- Novell eDirectory 8.8 SP7 Troubleshooting Guide
- About This Book
- 1 Resolving Error Codes
- 2 Installation and Configuration
- 2.1 Installation
- 2.1.1 Fatal Error Occurs in Schema Sync When Installing a Second eDirectory Server into the Tree on a SLES 11 Machine
- 2.1.2 Installation Not Successful
- 2.1.3 Installation Takes a Long Time
- 2.1.4 eDirectory Install Fails for Container Administrators
- 2.1.5 NICI Installation Failed - 1497
- 2.1.6 Naming Objects
- 2.1.7 NICI Does Not Get Installed in the Server Mode on Windows
- 2.1.8 Tarball Upgrade Fails With "Cannot open or remove a file containing a running program" Error Message
- 2.1.9 Installing the Library Patches
- 2.2 Configuration
- 2.2.1 Loopback Referrals Are Returned By a Directory Server
- 2.2.2 Tree Name Lookup Failed: -632 Error While Configuring eDirectory 8.8 on Linux
- 2.2.3 Adding New Servers
- 2.2.4 Excluding the DIB directory from Backup or Antivirus Processes
- 2.2.5 eDirectory ndsconfig Displays an Error on RHEL 32-bit System
- 2.3 Upgrade
- 2.3.1 The Integrated Installer Fails to Upgrade on Windows 2003
- 2.3.2 Upgrade Fails from Prior Versions of eDirectory 8.7.3 SP9 to eDirectory 8.8 SP7
- 2.3.3 Upgrade Fails if the Mount Point Is Set to /var/opt/novell/eDirectory/ data
- 2.3.4 Upgrading eDirectory After Applying a Patch Does Not Remove the Patch Version on a Windows System
- 2.4 Multiple Instances
- 2.1 Installation
- 3 Determining the eDirectory Version Number
- 4 Log Files
- 5 Troubleshooting LDIF Files
- 6 Troubleshooting SNMP
- 7 iMonitor
- 7.1 Browsing for Objects Containing Double-Byte Characters in iMonitor
- 7.2 Agent Health Check on a Single-Server Tree
- 7.3 iMonitor Report Does Not Save the Records for Each Hour
- 7.4 Creation and Modification Time Stamps
- 7.5 iMonitor Issues in Older Versions of Mozilla
- 7.6 Run Report Screen Layout Not Aligned on iMonitor
- 7.7 iMonitor Displays Error -672
- 7.8 Time Stamps Displayed in Hexadecimal Format
- 8 iManager
- 9 Obituaries
- 10 Migrating to Novell eDirectory
- 11 Schema
- 12 DSRepair
- 13 Replication
- 14 Clone DIB Issues
- 15 Novell Public Key Infrastructure Services
- 15.1 PKI Operations Not Working
- 15.2 LDAP Search from Netscape Address Book Fails
- 15.3 Removing the configuration of an eDirectory server that is acting as a treekey server in a multiserver tree after having moved the existing eDirectory objects to a different server fails with the error code for Crucial Replica.
- 15.4 While uninstalling the eDirectory Server holding the CA, the KMOs created on that server will be moved to another server in the tree and become invalid
- 16 Troubleshooting Utilities on Linux and UNIX
- 17 NMAS on Linux and UNIX
- 18 Troubleshooting on Windows
- 19 Accessing HTTPSTK When DS Is Not Loaded
- 20 Encrypting Data in eDirectory
- 20.1 Error Messages
- 20.2 Problem With Duplicate Encryption Algorithms
- 20.3 Encryption of Stream Attributes
- 20.4 Configuring Encrypted Replication through iManager
- 20.5 Viewing or Modifying Encrypted Attributes through iManager
- 20.6 Merging Trees With Encrypted Replication Enabled Fails
- 20.7 Limber Displays -603 Error
- 21 The eDirectory Management Toolbox
- 22 SASL-GSSAPI
- 23 Miscellaneous
- 23.1 Backing Up a Container
- 23.2 Repeated eDirectory Logins
- 23.3 Enabling Event System Statistics
- 23.4 Tracking Memory Corruption Issues on Linux
- 23.5 TCP Connection not Terminating after Abnormal Logout
- 23.6 NDS Error, System Failure (-632) Occurs When Doing ldapsearch for the User Objects
- 23.7 Disabling SecretStore
- 23.8 Viewing SLP Man Pages
- 23.9 dsbk Configuration File Location
- 23.10 SLP Interoperability Issues on OES Linux
- 23.11 ldif2dib Fails to Open the Error Log File When the DIB Directory Exists In the Custom Path
- 23.12 eDirectory Server Does Not Start Automatically in the Virtual SLES 10
- 23.13 ndsd Does Not Start After a System Crash
- 23.14 Do not Execute DSTrace With All Tags Enabled on UNIX Systems
- 23.15 LDAP is Not RFC Compliant For Anonymous Search Requests
- 23.16 Troubleshooting Ports with Custom eDirectory 8.8 Instances
- 23.17 Rebooting the Host
- 23.18 ndsd Not Listening at the Loopback Address on a Given NCP Port
- 23.19 LDAP Transaction OIDs
- 23.20 Errors -5871 and -5875 in LDAP Trace
- 23.21 NDSCons Gives -625 Error if a Tree is Renamed
- 23.22 Listening on Multiple NICs Slows Down eDirectory ldapsearch Performance
- 23.23 Unable to Limit the Number of Concurrent Users on UNIX/ Linux Platforms
- 23.24 ndsd Fails to Shut Down Due to SLP
- 23.25 eDirectory Does Not Support Symbolic Links for DIB Location
Obituaries 57
Examine the Agent Process Status: Obituaries to look for any errors.
Common problems in Agent Process Status: Obituaries include
-625, -622, -634, and -635 communication problems. See Server Information Report for more
details.
-601, and -603, indicating servers that have been improperly removed, or that the Server
object might have a base class of Unknown.
Errors shown on this page are not fatal. The next time the obituary process runs for that
partition, it will retry the operation. Resolve any issues shown in this page, then wait for the
retry.
While looking at obituary objects, walk around the replica ring, comparing the obituary around
the ring.
If not all replicas have a copy of the obituary and all attribute values are not purgeable, this
object is inconsistent around the replica ring—and this is a case of an orphaned obituary.
See “Resolving Orphaned Obituaries” on page 57 for more information.
If the object exists on all replicas and is consistent, then it might not be advancing because of
synchronization errors, or the obituary process might be getting errors.
As needed, use Trace with the Obituary option enabled to examine the obituary process in
detail.
To prevent obituary problems in the future, upgrade to the latest Support Pack (for eDirectory
8.6 servers). There have been fixes for all known obituary issues.
9.4.1 Solutions
Use the proper solution referred to in Section 9.4, “Troubleshooting Tips,” on page 56.
Before using any of these solutions, you must make sure that your data is safe. You might need to
back up the directory database files, server configuration, and trustees. To increase the probability of
success and to minimize future problems, upgrade to the latest eDirectory Support Packs.
Resolving Orphaned Obituaries
Preferred method: If eDirectory 8.6 or later is on any of the servers in the replica ring, browse to
the object in iMonitor, then select Send Single Entry. This will perform a nonauthoritative send
to all other replicas.
Far less desirable method: If all servers in the replica ring that have a copy of the orphaned
obituary are older than eDirectory 8.6, load DSBrowse with the -a option, browse to the object,
then time-stamp the entry. This will make the object as it exists on this server the authoritative
copy. We do not recommend making objects authoritative as a matter of practice.
Resolving Orphaned Obituaries on Extrefs
Less desirable method: Run DSRepair with the time stamp option selected.
Less desirable method: Move a real replica to the server, wait for it to turn on, then wait for the
obituary to be processed. If the obituary is not processed, use the information in Section 9.4,
“Troubleshooting Tips,” on page 56 to resolve the issue now that the object is on a real replica.
After the obituary has processed, the replica can be removed if desired.