Presentation is loading. Please wait.

Presentation is loading. Please wait.

Avoiding the Top eDirectory ™ Issues on NetWare ®, Windows, Linux, and Solaris Josh Baxter Worldwide Support Engineer Novell, Inc.

Published byRoy Crawford Modified over 8 years ago

Similar presentations

Presentation on theme: "Avoiding the Top eDirectory ™ Issues on NetWare ®, Windows, Linux, and Solaris Josh Baxter Worldwide Support Engineer Novell, Inc."— Presentation transcript:

1 www.novell.com Avoiding the Top eDirectory ™ Issues on NetWare ®, Windows, Linux, and Solaris Josh Baxter Worldwide Support Engineer Novell, Inc. Jbaxter@novell.com Jason Record Worldwide Support Engineer Novell, Inc. jrecord@novell.com Robby Taylor Worldwide Support Engineer Novell, Inc. RoTaylor@novell.com

2 Vision…one Net A world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries Mission To solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world

3

4 Deployed Versions Novell eDirectory ™ and Novell Directory Services ® (NDS) Product VersionBuild VersionPlatforms NetWare 5.1 SP4 (NDS 7)DS.nlm v7.57NetWare 5.1 NetWare 5.1 SP 4 (NDS 8)DS.nlm v8.79NetWare 5.1 eDirectory 8DS.nlm & DS.dlm v8.79NetWare 5.0,Win NT/2K eDirectory 8.5.xDS v85.23NetWare 5.x,Win,Solaris NetWare 6 (eDirectory 8.6)DS.nlm v10110.20NetWare 6 eDirectory 8.6.1DS v10210.43NW 5.1,NW 6,Win,Solaris,Linux NetWare 6 SP1 (eDirectory 8.6.2)DS.nlm v10310.17NetWare 6 eDirectory 8.6.2DS v103xx.xxNW 5.1,NW 6,Win,Solaris,Linux eDirectory 8.7DS v10410.xxNW 5.1,NW 6,Win,Solaris,Linux,AIX

5 Differences Between eDirectory and NDS ® NetWare 6 NetWare NDSeDirectory NOS directory focused on managing NetWare ® servers A cross-platform, scalable, standards-based directory used for managing identities that span all aspects of the network—eDirectory is the foundation for eBusiness NetWare 5

6 How We Decided On These Topics The topics used in this presentation are based on a Novell technical support report that linked the greatest number of solutions or Technical Information Documents (TIDs) to incidents We have also included other common issues that we feel will help you maintain your eDirectory environment

7 Agenda Troubleshooting obituaries Timesync configuration eDirectory health checks UNIX issues NT/2000 issues Question and answer

8 Obituaries Obituaries (a.k.a. Death Notice) are used for the processing of updates, such as renames, moves, and deletions, of objects Processing obituaries  Obit process  Purger How do I know I have obituary problems?  -637 when attempting a partition operation  Object that was moved, deleted, or renamed shows up sometimes, but not others

9 Possible Causes of Obituary Problems Older versions of eDirectory Communication problems Time synchronization problems Replica synchronization problems Purge Vector issues Known defects and issues

10 Troubleshooting Obituaries Run Obituary Listing Report from within iMonitor Any entry records that have Obituary Attributes on them will be displayed Choose an entry record

11 Troubleshooting Obituaries (cont.) From here you can see the obit flags for each value The obit flags on the Primary Obit will always be 0 until all secondary obits have been notified Notice that neither PRV-MP3SERV nor SIVIE_TEST2 have been notified of the modification to the object Choose Agent Health for any server that has not been notified

12 Troubleshooting Obituaries (cont.) Look for warning signs As you can see this server’s time is not currently synchronized Lack of time synchronization could cause the obituaries to be stuck To determine the cause use iMonitor

13 Troubleshooting Obituaries (cont.) Using iMonitor DSTrace function turn on obituaries Monitor the log file—as you can see in this case we are actually processing the obituary with no errors If there is a reason for the obituary to not be processed an error would be displayed here

14 Troubleshooting Obituaries (cont.) For more obituary troubleshooting information as well as a list of current obituary issues see TID #10064117 at http://support.novell.com

15 iMonitor Notes The reports previously mentioned are only available in iMonitor 1.5.2 and newer Free for download if you own eDirectory 8.5.0 or newer www.novell.com/downloads

16 Timesync and eDirectory eDirectory relies on Timesync eDirectory will function even if Timesync is not working Results will not be as expected since the highest timestamp wins

17 Timesync Configuration NetWare 5.x Patches  Timesync 5.24o (TS524O.EXE)  SERVER.EXE (OS5PT2A.EXE)  Winsock 4f (WSOCK4F.EXE)  NW51SP4.EXE includes all of the above fixes NetWare 6.x Patches  Timesync from TS524O.EXE  NW6SP1.EXE includes these fixes Start the update of Timesync at the Reference Server and work down All servers need to be updated Use NTP whenever possible (Port 123) Always use Monitor to configure Timesync rather than editing TIMESYNC.CFG

18 Timesync Configuration Single reference or reference  Reference servers must have a configured sources list  Point only to external sources  Do not point to primaries for fault tolerance  Do not use Loopback Address in configured sources list

19 Troubleshooting Timesync Other configuration issues  If your provider is IP only then do not use the IPX name of the server—you will need to use either an IP address or a DNS name  If your server has multiple NICs, then there is a timing issue during initialization—add the following to your AUTOEXEC.NCF Unload Timesync Load Timesync

20 Troubleshooting Timesync Timesync will now log debug information to the SYS:\SYSTEM\TIMESYNC.LOG file Configuring Timesync logging  SET TIMESYNCE DEBUG = 15 (Turns on logging to screen and log file)  SET TIMESYNCE DEBUG = 7 (Turns logging to screen only)  SET TIMESYNCE DEBUG = 0 (Turns logging off completely)

21 Troubleshooting Timesync For more information about Timesync issues and configuration refer to TID #2961100 at http://support.Novell.com

22 eDirectory Health Checks Regular health checks avoid problems  Check DS versions  Time synchronization  Replica synchronization  Schema synchronization  External references  Replica ring states Hint—Use iMonitor to help perform your health checks

23 eDirectory Health Checks For more information about performing regular health checks refer to TID #10060600 at http://support.Novell.com

24 Related Sessions Tutorial 229— Practical NDS iMonitor: Case Studies in eDirectory Diagnosis Tutorial 231—Tips and Tricks for Using eDirectory Utilities

25 eDirectory on UNIX Jason Record Worldwide Support Engineer Novell, Inc. jrecord@novell.com

26 Novell eDirectory for UNIX Novell eDirectory 8.5x topics  Two primary obituaries get stuck  ndsd core dumps or becomes defunct Novell eDirectory 8.6.1 topics  Patch 111177-06 disables ndsd  Upgrading from the shipping CD Tuning Parameters UNIX Information Tool

27 Tuning Parameters Don’t make the cache too big  TID10066483—Performance Tuning on NDS for UNIX Solaris tuning parameters  TID10060584—Performance tuning for eDirectory 8.5 on Solaris

28 ndsd Core Dump/Defunct Many issues fixed in 85.23 Linux memory corruption fixed after 85.23

29 Patch 111177-06 Disables ndsd Occurs on Solaris 8 only Remove the LD_LIBRARY_PATH reference

30 Fixing ndsd Script

31

32 nds-install Doesn’t Upgrade Fixed in the web download release nds-install upgrades 85.12 shipping code, but not later patches

33 UNIX Information Tool Gathers most needed system information TID2961593—UNIX Information Tool (unixinfo)  Replaces ndsunix.sh

34 eDirectory on Win32 Platform

35 Agenda Understanding eDirectory on Windows platform eDirectory configuration Timesync Known issues

36 Understanding eDirectory on Win32 Platform eDirectory is an application that runs on top of Windows eDirectory starts as a service

37 Understanding eDirectory on Win32— Components NDSServe.exe A Shim that run the NDS Server Service—It calls DHOST.EXE Dhost.exe NCP Engine on Windows and executes DLM’s instead of NLMs  You can start Dhost manually from a command prompt \NOVELL\NDS\DIBFILES 1.Make the current directory \NOVELL\NDS\DIBFILES (..\dhost dsrepair) 2.Type..\dhost (..\dhost dsrepair) NDSCons.exe  Management Utility that allows the start, stop, and configuration of DLM’s NDSCons.exe is connection based and must make an internal Named Pipe connection to Dhost

38 NDSCons Utility

39 eDirectory Configuration eDirectory must have a static IP address  This address is stored in \NOVELL\NDS\DIBFILES\CONFIG.ASC  When eDirectory starts it reads this file and attempts to bind to the listed address If you change your TCP/IP address  Edit \NOVELL\NDS\DIBFILES\CONFIG.ACS  Delete all lines that start with [Dhost/NCP Engine/Transports ……]

40 eDirectory Configuration (cont.) Config.asc example [DHost/Thread Pool/Min Pool Threads] = 0x00000014 [DHost/Thread Pool/Max Pool Threads] = 0x00000050 [DHost/Thread Pool/Start Pool Threads] = 0x00000028 [DHost/Thread Pool/Long Term Threshold] = 0x00000005 [DHost/Thread Pool/Kill Thread Delay] = 0x0000003c [DHost/NCP Engine/Server State/Allow Large Internet Packets] = ?1 [DHost/NCP Engine/Server State/Allow Logins] = ?1 [DHost/NCP Engine/Server State/Allow Unencrypted Passwords] = ?1 [DHost/NCP Engine/Server State/Checksum Level] = 0x00000001 [DHost/NCP Engine/Server State/Signature Level] = 0x00000001 [DHost/NCP Engine/Transports/Enabled] = 0x00000007 [DHost/NCP Engine/Transports/Enum] = 0x00000003 [DHost/NCP Engine/Transports/Enum/00] = {0x09 0x00 0x00 0x00 0x06 0x00 0x00 0x00 0x02 0x0c 0x89 0x41 0xd7 0x10} [DHost/NCP Engine/Transports/Enum/01] = {0x08 0x00 0x00 0x00 0x06 0x00 0x00 0x00 0x02 0x0c 0x89 0x41 0xd7 0x10} [DHost/NCP Engine/Transports/Enum/02] = {0x00 0x00 0x00 0x00 0x0c 0x00 0x00 0x00 0x01 0x01 0x06 0xe0 0x00 0xb0 0xd0 0x84 0x0b 0x55 0x04 0x51} [DHost/NCP Engine/Watchdog/Ping Interval] = 0x000000f0 [DHost/NCP Engine/Watchdog/Pings To Kill] = 0x00000004 [DHost/Module Loader/Modules/nldap.dlm/Flags] = 0x00000008 [DHost/Module Loader/Modules/NDSiMon.dlm/Flags] = 0x00000008 [DHost/Module Loader/Modules/ds.dlm/Flags] = 0x00000008 [DHost/Module Loader/Modules/sapserv.dlm/Flags] = 0x00000008 [DHost/Module Loader/Modules/miscncp.dlm/Flags] = 0x00000008 [DHost/Module Loader/Modules/niciext.dlm/Flags] = 0x00000008 [DHost/Module Loader/Modules/pki.dlm/Flags] = 0x00000008 [DSTrace/Last Window Position] = {0x63 0x00 0x00 0x00 0x92 0x00 0x00 0x00 0x63 0x03 0x00 0x00 0xc0 0x02 0x00 0x00}

41 Timesync on Windows Platform Novell does not provide an NTP time synchronization utility for eDirectory on Windows NT or 2000 servers Windows does not include an NTP time-synchronization utility; you can obtain an NTP-compatible timeserver in the Windows NT 4.0 Resource Kit However, it is important that eDirectory on Windows have its time in sync to all other eDirectory servers

42 Known Issues: eDirW32b.exe Issue 1: Issue 1: Utilization would increase to 100% during the installation of Edir (NLDAP.DLM) Issue 2: Issue 2: After Installation when manually shutting down the NDS Server is would appear to be hung or utilization would goto 100% (NLDAP.DLM) Issue 3: Issue 3: During installation of eDirecorty the installation would shut down and disappear without any error message (Win2K SP2, NDSI.Jar, Jclient.Jar) Issue 4: Issue 4: With certain configurations of Windows 2000/WinNT during installation an error would occur stating that the Schema was out of date (NDSI.Jar)

43 Known Issues: eDirW32b.exe (cont.) New install of eDirectory 85.12a for Windows 2000/Windows NT  Take the original EDirectory 85.12a Install CD and copy it to a hard drive  Extract or Unzip edirw32b.exe to the root directory where the EDirectory Install CD was copied—when prompted, choose to over write existing files  Install eDirectory from the \NT directory by typing SETUP.EXE

44 Known Issues: Auditing Auditing causes high utilization in Dhost This happens even if auditing is turned off—The existence of the auditing files syncing causing the utilization To see if this is your problem look in the \NOVELL\NDS\DIBFILES directory for the existence of auditing files: xxxxxxxx.$af The auditing files must be removed from all servers in the replica ring

45 Known Issues: Auditing (cont.) How to Disable Auditing: 1. Ensure Container Auditing is disabled using AUDITCON.EXE 2. Delete the AFO0_ object(s) for the affected container with ConsoleOne ® 3. Use DSBROWSE.NLM or DSBROWSE.DLM and browse to the container that had auditing enabled 4. Write down the Entry ID number of the container object (ex. 010003EC) 5. Find the associated auditing files in the sys:_NetWare directory using JCMD, for example: search for SYS:_NETWARE\dir 10003EC.$*  You will see something similar to this 010003EC.$AF (Current Auditing File) 010003EC.$O0 (Oldest Backup File) 010003EC.$O1 (Next Oldest Backup File) etc. up to a total of 15 backup files

46 Known Issues: Auditing (cont.) 6. Delete all files found. (jcmd, NETBASIC or toolbox can be used. You may need to change the attributes on the $AF file so that it can be deleted. This is done in JCMD by typing "attr t- a-". If you still cannot delete the file; you may need to lock the database or unload DS before the file can be deleted. 7. Run a local repair on the Server reporting the errors (A Full Unattended or Local repair with Validate Stream Files will work) 8. Manually turning auditing off requires that DS.NLM and then NDSAUDIT.NLM be unloaded on all servers that hold a replica of the partition that holds the container that had auditing enabled—After it has been unloaded on all servers that hold a replica of the partition, reload NDSAUDIT.NLM and then DS.NLM on each server 9. Synchronize the partition and check synchronization to ensure the errors are no longer being produced

47 Known Issues: Internal IPX Numbers Installation fails with –614 (Duplicate Value) when more than one network card is present and bound to IPX eDirectory attempts to write the Internal IPX number for each card and fails on the second because by default both have Internal IPX number of 00000000

48 Known Issues: LDAP When users passwords are changed via LDAP their passwords would not sync to the Domain when Account Management 2.10 (Redirection) was installed  This has been fixed in NLDAP Versions 85.18 and above

49 eDirectory—Memory Requirements From past experience the following memory requirements seem to work the best  You only need enough physical memory to cache the DB blocks and entries that are frequently being accessed  Refer to iMonitor to see how much memory eDirectory is using—By default eDirectory can use up to 51% of Available memory  Physical Memory 2-3 time the size of the dibfile  Swap File size 1.5-2 time greater than physical memory

50 eDirectory on W32 TIDS 10063547—614 Duplicate Value exists during install 10015318—How to Remove Auditing from Netware Server 10060286—Auditing causes High Utilization of W2k and NT4 Servers TIMESYNC 1018288 EDIRW32 (Java Files)

51

Download ppt "Avoiding the Top eDirectory ™ Issues on NetWare ®, Windows, Linux, and Solaris Josh Baxter Worldwide Support Engineer Novell, Inc."

Similar presentations

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.

Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.
Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.

Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.
Chapter Nine NetWare-Based Networking. Objectives Identify the advantages of using the NetWare network operating system Describe NetWare’s server hardware.

Chapter Nine NetWare-Based Networking. Objectives Identify the advantages of using the NetWare network operating system Describe NetWare’s server hardware.
Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from www.mandrake.com www.mandrake.com.

Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.

Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.

Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
1 Module 2 Installing Windows NT. 2  Overview Preparing for Installation Installing Windows NT Performing a Server-based Installation Troubleshooting.

1 Module 2 Installing Windows NT. 2  Overview Preparing for Installation Installing Windows NT Performing a Server-based Installation Troubleshooting.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Network and Active Directory Performance Monitoring and Troubleshooting NETW4008 Lecture 8.

Network and Active Directory Performance Monitoring and Troubleshooting NETW4008 Lecture 8.
Securing Your GroupWise ® System Morris Blackham Software Engineer Novell, Inc. Danita Zanrè Senior Consultant Caledonia.

Securing Your GroupWise ® System Morris Blackham Software Engineer Novell, Inc. Danita Zanrè Senior Consultant Caledonia.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
BASIC NETWORK CONCEPTS (PART 6). Network Operating Systems NNow that you have a general idea of the network topologies, cable types, and network architectures,

BASIC NETWORK CONCEPTS (PART 6). Network Operating Systems NNow that you have a general idea of the network topologies, cable types, and network architectures,
11 NETWORK PROTOCOLS AND SERVICES Chapter 10. Chapter 10: Network Protocols and Services2 NETWORK PROTOCOLS AND SERVICES  Identify how computers on TCP/IP.

11 NETWORK PROTOCOLS AND SERVICES Chapter 10. Chapter 10: Network Protocols and Services2 NETWORK PROTOCOLS AND SERVICES  Identify how computers on TCP/IP.

Similar presentations

Ads by Google