Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
441 views

Error Installing Secondary Admin Console


Hi,

I am having trouble installing a secondary admin console. I'm
installing access manager version 3.04 (very old, I know). on SLES 9.
I've done this before successfully.

Anyway, when I install the secondary server, I'm having all kinds of
problems.

When it installs, it hangs on the 3rd step (setting up novell access
manager configuration store ) for hours before showing this error on the
screen:

sed: can't read /tmp/nids_inst_bind_rest.ldif: No such file or
directory.

It continues with all other steps being successful, but at the end it
directs me to a log file at
/tmp/novell_access_manager/inst_devman_date_time.log

I open that and I get a connection refused trying to connect to
edirectory (ldap) running on my local IP. So I guess that edirectory
isn't installing right, or isn't starting up. So I look at the
edirectory install log and see a bunch of suspicious errors. They are
below in order of occurrence in the log:

Error getting the server's state. Error description: no referrals.
Unable to add a replica of the partition on this server. Run
ConsoleOne/iManager to add a replica.

Configuring MNAS service... Failed to configure MNAS service: invalid
connection handle err=-676

Error -676: An error has occurred while configuring the NMAS component
of Novell eDirectory Server.
Authentication failed for cn=My User Name error: failed, no referrals
(-634)

On screen, I also sometimes get an error about time synchronization
between the two servers. Both are running NTP so if that's not
synchronizing the time I don't know what else would....

If I look at the edirectory tree on the primary server via an LDAP
browser, I do see three entries corresponding to my server:

cn=myserver
cn=myserver-PS
cn=myserver.fqdn - treename

I have to delete these each time I try to re-run the install. I'm also
doing the force uninstall each time I retry. OpenLDAP server is NOT
installed. Client is, though.

Also, I did read in the requirements for a secondary console that it
should be on the same subnet as the primary. This secondary console is
NOT on the same subnet because it's intent is to replace the primary
after it's build, as I posted here: http://tinyurl.com/pdee5hg

Any help would be appreciated. Thanks!


--
jeynon
------------------------------------------------------------------------
jeynon's Profile: https://forums.netiq.com/member.php?userid=3378
View this thread: https://forums.netiq.com/showthread.php?t=48504

0 Likes
12 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Error Installing Secondary Admin Console


Can you use sles 10 at least?


--
edmaa
------------------------------------------------------------------------
edmaa's Profile: https://forums.netiq.com/member.php?userid=1118
View this thread: https://forums.netiq.com/showthread.php?t=48504

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Error Installing Secondary Admin Console


I can.... what difference would that make though?


--
jeynon
------------------------------------------------------------------------
jeynon's Profile: https://forums.netiq.com/member.php?userid=3378
View this thread: https://forums.netiq.com/showthread.php?t=48504

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Error Installing Secondary Admin Console

jeynon wrote:

>
> I can.... what difference would that make though?


Its more recent and I can create a lab to try to dupe your issue 🙂 I
don't have any SLES 9 iso's laying around anymore 🙂

--
Cheers,
Edward
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Error Installing Secondary Admin Console

jeynon wrote:

>
> I can.... what difference would that make though?


ok, would you be able to provide
/tmp/novell_access_manager/inst_edir_<timestamp>.log from your failed
install on sles 9?

--
Cheers,
Edward
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Error Installing Secondary Admin Console


Sorry for the delay. Here it is. I shortened it to what I thought was
relevant. If you need anything else let me know.

Started installation at 2013-08-28_16:41:06
Installing Novell Access Manager Configuration Store:

%%% Installing NICI-2.7.3...
%%% Adding packages...

%%% Installing novell-NDSmasv... done
%%% novell-NDSbase is already installed
%%% novell-NLDAPsdk is already installed
%%% novell-NLDAPbase is already installed
%%% Installing novell-NDScommon... done
%%% Installing novell-pkiserver... done
%%% novell-npkiapi is already installed
%%% novell-npkit is already installed
%%% Installing novell-NOVLsas... done
%%% novell-ntls is already installed
%%% Installing novell-ncpenc... done
%%% Installing novell-NDSserv... done
%%% Installing novell-NDSrepair... done
%%% Installing novell-NOVLstlog... done
%%% Installing novell-NOVLsubag... done
%%% Installing novell-nmas... done
%%% novell-NOVLxis is already installed
%%% novell-NOVLlmgnt is already installed
%%% Installing novell-NOVLembox... done
%%% Installing novell-NOVLsnmp... done
%%% Installing novell-NDSimon... done
%%% Installing novell-NOVLldif2dib... done
%%% novell-NOVLice is already installed


%%% Please update the following environment variables and export them or
run /opt/novell/eDirectory/bin/ndspath to set the environment for Novell
eDirectory 8.8.1

PATH=/opt/novell/eDirectory/bin:/opt/novell/eDirectory/sbin:$PATH
LD_LIBRARY_PATH=/opt/novell/eDirectory/lib:/opt/novell/eDirectory/lib/nds-modules:/opt/novell/lib:$LD_LIBRARY_PATH
MANPATH=/opt/novell/man:/opt/novell/eDirectory/man:$MANPATH
TEXTDOMAINDIR=/opt/novell/eDirectory/share/locale

%%% Please go through
/software/novell-access-manager-3.0.4-38/edir/setup/../readme.txt
carefully before using the product.

%%% Novell eDirectory Server packages successfully installed.

%%% Novell eDirectory Administration Utilities packages successfully
installed.
Setting up the Novell Access Manager Configuration Store:
ldconfig: Can't stat /usr/X11R6/lib/Xaw95: No such file or directory
ldconfig: Can't stat /usr/X11R6/lib/Xaw3d: No such file or directory
ldconfig: Can't stat /usr/i486-linux/lib: No such file or directory
ldconfig: Can't stat /usr/i486-linux-libc5/lib: No such file or
directory
ldconfig: Can't stat /usr/i486-linux-libc6/lib: No such file or
directory
ldconfig: Can't stat /usr/i486-linuxaout/lib: No such file or directory
ldconfig: Can't stat /usr/i386-suse-linux/lib: No such file or
directory
ldconfig: Can't stat /usr/openwin/lib: No such file or directory
ldconfig: Can't stat /opt/kde/lib: No such file or directory
ldconfig: Can't stat /opt/kde2/lib: No such file or directory
ldconfig: Can't stat /opt/gnome2/lib: No such file or directory
ldconfig: Path `/opt/novell/eDirectory/lib' given more than once

ldconfig: Cannot stat /usr/lib/libccs2.so: No such file or directory


Configuring the NDAP interfaces... Done
Configuring the LDAP interfaces... Done
Configuring the HTTP interfaces... Done
Starting the service 'ndsd'... Done.

Configuring Novell eDirectory server with following parameters
Admin name = cn=admin.o=novell
Tree name = AMADMININTEG1_TREE
Server Context = o=novell
Server name = gbtvmrsamadmin1q
DIB location = /var/opt/novell/eDirectory/data/dib
Unable to configure LDAP Server with default SSL CertificateDNS
certificate. Use ConsoleOne/ldapconfig to associate SSL CertificateDNS
certificate with LDAP Server

Logging into the tree as "cn=admin.o=novell". Please wait...
Note: If this server is being upgraded into an existing context with a
large number of objects or,if network traffic is excessive,then
configuration could take several minutes.

Synchronizing schema
Error getting the server's state. Error description: no referrals.
Unable to add a replica of the partition on this server. Run
ConsoleOne/iManager to add a replica.
Basic configuration is successful. Proceeding with additional
configuration...

Configuring NMAS service... Failed to configure NMAS service: invalid
connection handle err=-676

ERROR -676: An error has occured while configuring the NMAS component of
Novell eDirectory Server.
Authentication failed for cn=admin.o=novell.AMADMININTEG1_TREE error:
failed, no referrals (-634)
The instance at /etc/opt/novell/eDirectory/conf/nds.conf is successfully
configured.
Verifying Time Synchronization:
Executing customized settings before stopping the Novell eDirectory
server...
Stopping Novell eDirectory server...
.................................done
Executing customized settings after stopping the Novell eDirectory
Server...
Executing customized settings before starting the Novell eDirectory
server...
Starting Novell eDirectory server...
...done
Executing customized settings after starting the Novell eDirectory
server...
Novell eDirectory LDAP Server TCP port is disabled.
Novell eDirectory LDAP Server TLS port is disabled.
Validation failed in post_ndsd_start script.
Please refer to //etc/init.d/post_ndsd_start.
Novell Import Convert Export utility for Novell eDirectory
version: 20112.86
Copyright 2000-2005 Novell, Inc. All rights reserved. U.S. Patent No.
6,915,287.
Source Handler: ICE LDAP handler for Novell eDirectory (version:
20112.86 )
Destination Handler: ICE LDIF handler for Novell eDirectory (version:
20112.86 )
ldap_simple_bind failed: 81(Can't contact LDAP server), dn:
cn=admin,o=novell
You may type 'ice' to see the command line help.
Novell Import Convert Export utility for Novell eDirectory
version: 20112.86
Copyright 2000-2005 Novell, Inc. All rights reserved. U.S. Patent No.
6,915,287.
Source Handler: ICE LDIF handler for Novell eDirectory (version:
20112.86 )
Destination Handler: ICE LDAP handler for Novell eDirectory (version:
20112.86 )
/tmp/nids_inst_bind_rest.ldif can not be opened
You may type 'ice' to see the command line help.

edmaa;233246 Wrote:
> jeynon wrote:
>
> >
> > I can.... what difference would that make though?

>
> ok, would you be able to provide
> /tmp/novell_access_manager/inst_edir_<timestamp>.log from your failed
> install on sles 9?
>
> --
> Cheers,
> Edward



--
jeynon
------------------------------------------------------------------------
jeynon's Profile: https://forums.netiq.com/member.php?userid=3378
View this thread: https://forums.netiq.com/showthread.php?t=48504

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Error Installing Secondary Admin Console

jeynon wrote:


>
> Configuring the NDAP interfaces... Done
> Configuring the LDAP interfaces... Done
> Configuring the HTTP interfaces... Done
> Starting the service 'ndsd'... Done.
>
> Configuring Novell eDirectory server with following parameters
> Admin name = cn=admin.o=novell
> Tree name = AMADMININTEG1_TREE
> Server Context = o=novell
> Server name = gbtvmrsamadmin1q
> DIB location = /var/opt/novell/eDirectory/data/dib
> Unable to configure LDAP Server with default SSL CertificateDNS
> certificate. Use ConsoleOne/ldapconfig to associate SSL CertificateDNS
> certificate with LDAP Server
>
> Logging into the tree as "cn=admin.o=novell". Please wait...
> Note: If this server is being upgraded into an existing context with a
> large number of objects or,if network traffic is excessive,then
> configuration could take several minutes.
>
> Synchronizing schema
> Error getting the server's state. Error description: no referrals.
> Unable to add a replica of the partition on this server. Run
> ConsoleOne/iManager to add a replica.
> Basic configuration is successful. Proceeding with additional
> configuration...
>
> Configuring NMAS service... Failed to configure NMAS service: invalid
> connection handle err=-676
>
> ERROR -676: An error has occured while configuring the NMAS component
> of Novell eDirectory Server.
> Authentication failed for cn=admin.o=novell.AMADMININTEG1_TREE error:
> failed, no referrals (-634)
> The instance at /etc/opt/novell/eDirectory/conf/nds.conf is
> successfully configured.
> Verifying Time Synchronization:
> Executing customized settings before stopping the Novell eDirectory
> server...


OK, a few questions, when you provided the information for the primary
server did you provide a IP address or hostname (I'm not sure if the
installer accepts a hostname and I've never tried).

Additionally, on the existing primary server can you still create
certificates?


--
Cheers,
Edward
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Error Installing Secondary Admin Console


Hi Edward,

Thanks for the reply. To answer your questions, yes I use the IP for
the primary when installing the secondary and yes I can still generate
certs on the primary.

A few more facts (not sure if they matter).

- The server name of the primary server has changed since the admin
console was installed, so all the objects for the primary server in
eDirectory reference the old name. However the IP didn't change and the
name change took place years ago. The primary server has been running
fine.
- The primary server and secondary server are on different subnets with
a firewall inbetween, but I verified that the ports are open.
- It appears from that logs that the installer is having trouble
connecting to the local instance of edir, not the primary.
- The installer hangs at "Setting up the Novell Access Manager
Configuration Store" for hours (literally) before continuing the
installation.

edmaa;233924 Wrote:
> jeynon wrote:
>
>
> >
> > Configuring the NDAP interfaces... Done
> > Configuring the LDAP interfaces... Done
> > Configuring the HTTP interfaces... Done
> > Starting the service 'ndsd'... Done.
> >
> > Configuring Novell eDirectory server with following parameters
> > Admin name = cn=admin.o=novell
> > Tree name = AMADMININTEG1_TREE
> > Server Context = o=novell
> > Server name = gbtvmrsamadmin1q
> > DIB location = /var/opt/novell/eDirectory/data/dib
> > Unable to configure LDAP Server with default SSL CertificateDNS
> > certificate. Use ConsoleOne/ldapconfig to associate SSL

> CertificateDNS
> > certificate with LDAP Server
> >
> > Logging into the tree as "cn=admin.o=novell". Please wait...
> > Note: If this server is being upgraded into an existing context with

> a
> > large number of objects or,if network traffic is excessive,then
> > configuration could take several minutes.
> >
> > Synchronizing schema
> > Error getting the server's state. Error description: no referrals.
> > Unable to add a replica of the partition on this server. Run
> > ConsoleOne/iManager to add a replica.
> > Basic configuration is successful. Proceeding with additional
> > configuration...
> >
> > Configuring NMAS service... Failed to configure NMAS service: invalid
> > connection handle err=-676
> >
> > ERROR -676: An error has occured while configuring the NMAS component
> > of Novell eDirectory Server.
> > Authentication failed for cn=admin.o=novell.AMADMININTEG1_TREE error:
> > failed, no referrals (-634)
> > The instance at /etc/opt/novell/eDirectory/conf/nds.conf is
> > successfully configured.
> > Verifying Time Synchronization:
> > Executing customized settings before stopping the Novell eDirectory
> > server...

>
> OK, a few questions, when you provided the information for the primary
> server did you provide a IP address or hostname (I'm not sure if the
> installer accepts a hostname and I've never tried).
>
> Additionally, on the existing primary server can you still create
> certificates?
>
>
> --
> Cheers,
> Edward



--
jeynon
------------------------------------------------------------------------
jeynon's Profile: https://forums.netiq.com/member.php?userid=3378
View this thread: https://forums.netiq.com/showthread.php?t=48504

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Error Installing Secondary Admin Console

jeynon wrote:

>
> Hi Edward,
>
> Thanks for the reply. To answer your questions, yes I use the IP for
> the primary when installing the secondary and yes I can still generate
> certs on the primary.
>
> A few more facts (not sure if they matter).
>
> - The server name of the primary server has changed since the admin
> console was installed, so all the objects for the primary server in
> eDirectory reference the old name. However the IP didn't change and
> the name change took place years ago. The primary server has been
> running fine.
> - The primary server and secondary server are on different subnets
> with a firewall inbetween, but I verified that the ports are open.
> - It appears from that logs that the installer is having trouble
> connecting to the local instance of edir, not the primary.
> - The installer hangs at "Setting up the Novell Access Manager
> Configuration Store" for hours (literally) before continuing the
> installation.


I think you have a comms issue. Can you communicate to port 524/tcp on
your primary server and also verify if there's firewall rules to allow
524/tcp from the primary to your secondary. Additionally you would need
slp (427/udp) opened up as well. Not sure if its possible but maybe ask
the people that manage your firewall to allow ip to ip for the primary
and secondary admin consoles to see if that works. If so, then at least
you know its a firewall issue and we can focus on that.

--
Cheers,
Edward
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Error Installing Secondary Admin Console


Edward,

Thanks for the response. It looks like you're right. Port 524 is
blocked by our firewall, even though it was supposed to be opened for
me. Guess I shouldn't have assumed it was opened right 🙂 Our network
team takes a few days to get rules implemented, so I will know soon if
that fixes my problem.

edmaa;234032 Wrote:
> jeynon wrote:
>
> >
> > Hi Edward,
> >
> > Thanks for the reply. To answer your questions, yes I use the IP for
> > the primary when installing the secondary and yes I can still

> generate
> > certs on the primary.
> >
> > A few more facts (not sure if they matter).
> >
> > - The server name of the primary server has changed since the admin
> > console was installed, so all the objects for the primary server in
> > eDirectory reference the old name. However the IP didn't change and
> > the name change took place years ago. The primary server has been
> > running fine.
> > - The primary server and secondary server are on different subnets
> > with a firewall inbetween, but I verified that the ports are open.
> > - It appears from that logs that the installer is having trouble
> > connecting to the local instance of edir, not the primary.
> > - The installer hangs at "Setting up the Novell Access Manager
> > Configuration Store" for hours (literally) before continuing the
> > installation.

>
> I think you have a comms issue. Can you communicate to port 524/tcp on
> your primary server and also verify if there's firewall rules to allow
> 524/tcp from the primary to your secondary. Additionally you would need
> slp (427/udp) opened up as well. Not sure if its possible but maybe ask
> the people that manage your firewall to allow ip to ip for the primary
> and secondary admin consoles to see if that works. If so, then at least
> you know its a firewall issue and we can focus on that.
>
> --
> Cheers,
> Edward



--
jeynon
------------------------------------------------------------------------
jeynon's Profile: https://forums.netiq.com/member.php?userid=3378
View this thread: https://forums.netiq.com/showthread.php?t=48504

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Error Installing Secondary Admin Console

jeynon wrote:

>
> Edward,
>
> Thanks for the response. It looks like you're right. Port 524 is
> blocked by our firewall, even though it was supposed to be opened for
> me. Guess I shouldn't have assumed it was opened right 🙂 Our
> network team takes a few days to get rules implemented, so I will
> know soon if that fixes my problem.


Please let us know if it fixed the issue

--
Cheers,
Edward
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Error Installing Secondary Admin Console


Hi Edward,

Once I cleaned up edirectory on the primary server from all the failed
installs, I was able to successfully install the secondary admin
console. So it looked like firewall was the main issue. Thanks for
your help with this!

edmaa;234192 Wrote:
> jeynon wrote:
>
>
> >
> > Edward,
> >
> > Thanks for the response. It looks like you're right. Port 524 is
> > blocked by our firewall, even though it was supposed to be opened for
> > me. Guess I shouldn't have assumed it was opened right 🙂 Our
> > network team takes a few days to get rules implemented, so I will
> > know soon if that fixes my problem.

>
> Please let us know if it fixed the issue
>
> --
> Cheers,
> Edward



--
jeynon
------------------------------------------------------------------------
jeynon's Profile: https://forums.netiq.com/member.php?userid=3378
View this thread: https://forums.netiq.com/showthread.php?t=48504

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Error Installing Secondary Admin Console

jeynon wrote:

>
> Hi Edward,
>
> Once I cleaned up edirectory on the primary server from all the failed
> installs, I was able to successfully install the secondary admin
> console. So it looked like firewall was the main issue. Thanks for
> your help with this!


Cool, thanks for letting us know and confirm that it was a FW issue

--
Cheers,
Edward
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.