Partion not synchronized to other servers


Hello,

We have three partitions and 4 eDirectory 8.8.7 servers on our
production environment. We have on master replica, one read/write
replica and two read only replicas. We noticed that one partition (the
one holding the largest number of objects) is no longer synchronized to
other servers. There is no problem on the the two other partitions.

What can be the cause of this?
How can we fix it?

Thanks


--
moularbi
------------------------------------------------------------------------
moularbi's Profile: https://forums.netiq.com/member.php?userid=1196
View this thread: https://forums.netiq.com/showthread.php?t=48826

Tags:

  • How did you notice this, exactly? Please provide output from iMonitor or
    a "Synchronization Status" report indicating the same. Usually if
    something is synchronizing there are error numbers involved; see any?

    Good luck.
  • How did you notice this, exactly? Please provide output from iMonitor or
    a "Synchronization Status" report indicating the same. Usually if
    something is synchronizing there are error numbers involved; see any?

    Good luck.
  • How did you notice this, exactly? Please provide output from iMonitor or
    a "Synchronization Status" report indicating the same. Usually if
    something is synchronizing there are error numbers involved; see any?

    Good luck.
  • On Wed, 02 Oct 2013 09:25:52 0000, moularbi wrote:

    > We have three partitions and 4 eDirectory 8.8.7 servers on our
    > production environment. We have on master replica, one read/write
    > replica and two read only replicas.


    Why "read only"? I'm curious. I've never found an actual use for those.


    > We noticed that one partition (the
    > one holding the largest number of objects) is no longer synchronized to
    > other servers. There is no problem on the the two other partitions.


    Noticed how? Which one (the M, R/W, or R/O)?


    > What can be the cause of this?


    Lots of possible causes. Let's see the output of "ndsrepair -T" and
    "ndsrepair -E" from the server holding the Master.


    > How can we fix it?


    Depends on the cause of the problem.


    --
    --------------------------------------------------------------------------
    David Gersic dgersic_@_niu.edu
    Knowledge Partner http://forums.netiq.com

    Please post questions in the forums. No support provided via email.
    If you find this post helpful, please click on the star below.

  • The read-only replicas are used only for authentication.

    The problem is concerning the read-write replica and one of the two
    read-only replicas. We noticed this by connecting to the read-write
    replica with an ldap browser to check if the data was updated by the IDM
    driver running on the master replica.

    Here is the result of ndsrepair -P after selecting "view replica ring":
    Replicas Of Partition: .CUSTOMERS
    Total number of servers in the replica ring = 4
    SERVER NAME REPLICA TYPE REPLICA STATE
    (1).VSRV1187.servers.system Master On
    (2).VSRV1188.servers.system Read-Only On
    (3).VSRV1189.servers.system Read-Only On
    (4).VSRV1201.servers.system Read/Write On
    (5)Return to Replica Options

    Enter 'q' to escape the operation.

    Result of ndsrepair -T:
    ================

    Collecting time synchronization and server status
    Time synchronization and server status information
    Start: Wednesday, October 02, 2013 16:01:48 Local Time

    --------------------------- --------- --------- ----------- -------- -------
    DS Replica Time Time is
    Time
    Server name Version Depth Source in sync
    /-
    --------------------------- --------- --------- ----------- -------- -------
    Processing server: .VSRV1201.servers.system
    ..VSRV1201.servers.system 20701.48 0 Non-NetWare Yes
    0
    Processing server: .VSRV1189.servers.system
    ..VSRV1189.servers.system 20701.48 0 Non-NetWare Yes
    0
    Processing server: .VSRV1188.servers.system
    ..VSRV1188.servers.system 20701.48 0 Non-NetWare Yes
    0
    Processing server: .VSRV1187.servers.system
    ..VSRV1187.servers.system 20701.48 0 Non-NetWare Yes
    0
    --------------------------- --------- --------- ----------- -------- -------
    Total errors: 0
    NDSRepair process completed.

    Result of ndsrepair -E:
    ================
    Partition: .CUSTOMERS
    Replica on server: .VSRV1201.servers.system
    Replica: .VSRV1201.servers.system 10-02-2013 16:32:23
    Replica on server: .VSRV1189.servers.system
    Replica: .VSRV1189.servers.system 10-02-2013 16:31:28
    Replica on server: .VSRV1188.servers.system
    Replica: .VSRV1188.servers.system 10-02-2013 16:32:24
    Server: CN=VSRV1189.dc=servers.dc=system 10-02-2013 16:31:30 -641
    Remote
    Object:
    uniqueID=CRM-003D000000qoaiuIAA.dc=CONTACTS.OU=CRM-S_ES_100369.dc=CUSTOMERS
    Replica on server: .VSRV1187.servers.system
    Replica: .VSRV1187.servers.system 10-02-2013 16:31:28
    Server: CN=VSRV1189.dc=servers.dc=system 10-02-2013 16:33:21 -641
    Remote
    Object:
    uniqueID=CRM-003D000000qoaiuIAA.dc=CONTACTS.OU=CRM-S_ES_100369.dc=CUSTOMERS
    All servers synchronized up to time: 10-02-2013 16:31:28
    Partition: .driverset.idm.services.system
    Replica on server: .VSRV1201.servers.system
    Replica: .VSRV1201.servers.system 10-02-2013 16:32:03
    Replica on server: .VSRV1189.servers.system
    Replica: .VSRV1189.servers.system 10-02-2013 16:32:02
    Replica on server: .VSRV1188.servers.system
    Replica: .VSRV1188.servers.system 10-02-2013 16:32:02
    Replica on server: .VSRV1187.servers.system
    Replica: .VSRV1187.servers.system 10-02-2013 16:32:00
    All servers synchronized up to time: 10-02-2013 16:32:00
    Partition: .[Root].
    Replica on server: .VSRV1201.servers.system
    Replica: .VSRV1201.servers.system 10-02-2013 16:33:16
    Replica on server: .VSRV1189.servers.system
    Replica: .VSRV1189.servers.system 10-02-2013 16:32:48
    Replica on server: .VSRV1188.servers.system
    Replica: .VSRV1188.servers.system 10-02-2013 16:33:15
    Replica on server: .VSRV1187.servers.system
    Replica: .VSRV1187.servers.system 10-02-2013 16:33:13
    All servers synchronized up to time: 10-02-2013 16:32:48
    Finish: Wednesday, October 02, 2013 16:33:28 Local Time

    Total errors: 2
    NDSRepair process completed.


    --
    moularbi
    ------------------------------------------------------------------------
    moularbi's Profile: https://forums.netiq.com/member.php?userid=1196
    View this thread: https://forums.netiq.com/showthread.php?t=48826

  • On Wed, 02 Oct 2013 14:44:02 0000, moularbi wrote:

    > The read-only replicas are used only for authentication.


    In that case, no, they aren't. Authentication generally requires writing,
    so your requests will be sent to the R/W or Master anyway, which will
    then update the R/O via synchronization. You might as well just make them
    all R/W.


    > Result of ndsrepair -E:
    > ================
    > Partition: .CUSTOMERS
    > Replica on server: .VSRV1201.servers.system Replica:
    > .VSRV1201.servers.system 10-02-2013 16:32:23 Replica on server:
    > .VSRV1189.servers.system Replica: .VSRV1189.servers.system
    > 10-02-2013 16:31:28 Replica on server: .VSRV1188.servers.system Replica:
    > .VSRV1188.servers.system 10-02-2013 16:32:24 Server:
    > CN=VSRV1189.dc=servers.dc=system 10-02-2013 16:31:30 -641 Remote
    > Object:
    > uniqueID=CRM-003D000000qoaiuIAA.dc=CONTACTS.OU=CRM-

    S_ES_100369.dc=CUSTOMERS
    > Replica on server: .VSRV1187.servers.system Replica:
    > .VSRV1187.servers.system 10-02-2013 16:31:28 Server:
    > CN=VSRV1189.dc=servers.dc=system 10-02-2013 16:33:21 -641 Remote
    > Object:
    > uniqueID=CRM-003D000000qoaiuIAA.dc=CONTACTS.OU=CRM-

    S_ES_100369.dc=CUSTOMERS

    Ok, good, so you've got a problem here.

    -641 FFFFFD7F INVALID REQUEST

    Source

    eDirectoryâ„¢

    Explanation

    A request was received that is invalid or unsupported by the version of
    eDirectory (ds.nlm) being used.


    Since all of your servers are on the same version, I'm not what this is,
    but I'd have a close look at this object (uniqueID=CRM-003D000000qoaiuIAA)
    with iMonitor, on all four servers. There may be something weird about
    it. If you find something, a single object repair on this object may
    correct it.


    --
    --------------------------------------------------------------------------
    David Gersic dgersic_@_niu.edu
    Knowledge Partner http://forums.netiq.com

    Please post questions in the forums. No support provided via email.
    If you find this post helpful, please click on the star below.
  • On Wed, 02 Oct 2013 14:44:02 0000, moularbi wrote:

    > The read-only replicas are used only for authentication.


    Unless something has changed, read-only replicas cannot be used for
    authentication. Authentication causes attributes to be updated, so the
    authentication request is handed off to a writable replica.

    In 20 years of working with NDS and eDirectory, I've never found a use
    for read-only replicas as implemented.

    Jim
    --
    Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
    Novell/SUSE/NetIQ Knowledge Partner

  • There is nothing weird on this object. I compared the entry on the four
    servers, there are different values on these attributes:
    - localEntryID
    - modifyTimestamp
    - revision
    and one custom optional attribute which is not present in the two
    servers with error.

    How can I do a repairon this object?


    --
    moularbi
    ------------------------------------------------------------------------
    moularbi's Profile: https://forums.netiq.com/member.php?userid=1196
    View this thread: https://forums.netiq.com/showthread.php?t=48826


  • Using read-only replicas for authentication does it reduce load on the
    master replica when performing serach and read operations?


    --
    moularbi
    ------------------------------------------------------------------------
    moularbi's Profile: https://forums.netiq.com/member.php?userid=1196
    View this thread: https://forums.netiq.com/showthread.php?t=48826

  • On Wed, 02 Oct 2013 17:04:03 0000, moularbi wrote:

    > Using read-only replicas for authentication does it reduce load on the
    > master replica when performing serach and read operations?


    No, it doesn't - it generates more traffic, and the RO server just hands
    the entire authentication request off to a R/W or the master.

    Remember that the only real difference between a R/W and the master
    replica is that the master has responsibility for partition and replica
    operations. In terms of data access, they're essentially equivalent in
    99% of situations.

    Jim

    --
    Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
    Novell/SUSE/NetIQ Knowledge Partner