Highlighted
jmlester Absent Member.
Absent Member.
1202 views

Migrate NW Server with Root Master, CA, and DA Running On It

It looks like I am finally going to start moving our old NW environment over to OES. When we looked at doing this before, it seemed very difficult to move the services in my title over to OES. From what I can tell now though from the docs and forum postings, the process is much smoother. We have three NW65 servers at our data center and one NW65 at each of our 16 remote sites. All are completely patched and running under VMware vSphere for the most part. A few are still running on physical servers, but will soon be moved over.

I would like to start by migrating our main server that is running iPrint for the main site, the CA, the SLPDA, and holds the Master replica of [root]. That particular server was originally 4.10, then 4.11, 5.0, 6.0, and then 6.5 (various migrations and hardware refreshes since about 1996.) It was the first NDS server that was installed in our organization.

I would use the migui tool to move the services and then transfer the server ID to OES. Any tips, gotchas, or things in particular to look at when doing this process? The docs don't go into much detail on these specific services that are critical to eDirectory and SLP to continue functioning properly.

Thanks,
Jason
Labels (2)
0 Likes
8 Replies
elagrew Absent Member.
Absent Member.

Re: Migrate NW Server with Root Master, CA, and DA Running O

Move the DA master to another server before the migration. I would also be inclined to make a brand new CA rather than try migrating it...YMMV.

--El

jmlester;2244710 wrote:
It looks like I am finally going to start moving our old NW environment over to OES. When we looked at doing this before, it seemed very difficult to move the services in my title over to OES. From what I can tell now though from the docs and forum postings, the process is much smoother. We have three NW65 servers at our data center and one NW65 at each of our 16 remote sites. All are completely patched and running under VMware vSphere for the most part. A few are still running on physical servers, but will soon be moved over.

I would like to start by migrating our main server that is running iPrint for the main site, the CA, the SLPDA, and holds the Master replica of [root]. That particular server was originally 4.10, then 4.11, 5.0, 6.0, and then 6.5 (various migrations and hardware refreshes since about 1996.) It was the first NDS server that was installed in our organization.

I would use the migui tool to move the services and then transfer the server ID to OES. Any tips, gotchas, or things in particular to look at when doing this process? The docs don't go into much detail on these specific services that are critical to eDirectory and SLP to continue functioning properly.

Thanks,
Jason

El LaGrew elbert.lagrew#katun.com elagrew on twitter
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrate NW Server with Root Master, CA, and DA Running On It

In article <elagrew.5q8wwn@no-mx.forums.novell.com>, Elagrew wrote:
> Move the DA master to another server before the migration. I would also
> be inclined to make a brand new CA rather than try migrating it...YMMV.
>

A good point, and check when those CA certs are expiring. They tended to
be set for 10 years and many systems have had theirs expire when they
weren't expecting.


Andy Konecny
Knowledge Partner (voluntary SysOp)
KonecnyConsulting.ca in Toronto
----------------------------------------------------------------------
Andy's Profile: http://forums.novell.com/member.php?userid=75037


___
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrate NW Server with Root Master, CA, and DA Running On It

In article <jmlester.5q5jlz@no-mx.forums.novell.com>, Jmlester wrote:
> I would like to start by migrating our main server that is running
> iPrint for the main site, the CA, the SLPDA, and holds the Master
> replica of [root].
>

Given that you are virtualized, I would be inclined to setup a new
server to be the new CA and SLP 'box'. This so that you can focus on
those services first and separately from the main file and print
migrations. SLP has changed enough as to make it not a strait forward
migration, but more of a transition. The same goes for DNS & DHCP if
they are on NetWare as well.

For some useful tips, see
http://www.novell.com/communities/node/11601/oes2-sp2-migration-guide-t
ransfer-id-scenarios


Andy Konecny
Knowledge Partner (voluntary SysOp)
KonecnyConsulting.ca in Toronto
----------------------------------------------------------------------
Andy's Profile: http://forums.novell.com/member.php?userid=75037


___
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
jmlester Absent Member.
Absent Member.

Re: Migrate NW Server with Root Master, CA, and DA Running O

Thanks for the tips. If I do a new CA, will the other 18 server certificates stop working or are they OK until they expire? Is there a good doc anywhere that tells how to create a new CA for a tree?
0 Likes
jmlester Absent Member.
Absent Member.

Re: Migrate NW Server with Root Master, CA, and DA Running O

I found this TID, seems pretty straight-forward:

Support | How do I move the Organizational CA to another server?
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrate NW Server with Root Master, CA, and DA Running On It

In article <jmlester.5qahun@no-mx.forums.novell.com>, Jmlester wrote:
> If I do a new CA, will the other 18 server
> certificates stop working or are they OK until they expire?
>

Generally OK, unless you link things like user browsers to the public
of the root to get rid of the cert warnings (like in IE with that "the
internet is not safe, don't go there") Then you just have to remember
to get out the new public key of the root cert before updating the
server certs. I don't think the old and new ones will conflict in that
scenario, but is something to test.


Andy Konecny
Knowledge Partner (voluntary SysOp)
KonecnyConsulting.ca in Toronto
----------------------------------------------------------------------
Andy's Profile: http://forums.novell.com/member.php?userid=75037


___
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrate NW Server with Root Master, CA, and DA Running On It

In article <jmlester.5qajpb@no-mx.forums.novell.com>, Jmlester wrote:
> I found this TID, seems pretty straight-forward:
>

Isn't that often the case, that you find what you are looking for AFTER
you've asked for it.
Been There, Done that, where is the t-short for it?

Yes, pretty strait forward.


Andy Konecny
Knowledge Partner (voluntary SysOp)
KonecnyConsulting.ca in Toronto
----------------------------------------------------------------------
Andy's Profile: http://forums.novell.com/member.php?userid=75037


___
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrate NW Server with Root Master, CA, and DA Running O

jmlester;2244710 wrote:
It looks like I am finally going to start moving our old NW environment over to OES. When we looked at doing this before, it seemed very difficult to move the services in my title over to OES. From what I can tell now though from the docs and forum postings, the process is much smoother. We have three NW65 servers at our data center and one NW65 at each of our 16 remote sites. All are completely patched and running under VMware vSphere for the most part. A few are still running on physical servers, but will soon be moved over.

I would like to start by migrating our main server that is running iPrint for the main site, the CA, the SLPDA, and holds the Master replica of [root]. That particular server was originally 4.10, then 4.11, 5.0, 6.0, and then 6.5 (various migrations and hardware refreshes since about 1996.) It was the first NDS server that was installed in our organization.

I would use the migui tool to move the services and then transfer the server ID to OES. Any tips, gotchas, or things in particular to look at when doing this process? The docs don't go into much detail on these specific services that are critical to eDirectory and SLP to continue functioning properly.

Thanks,
Jason


I did pretty much exactly what you want to do and it worked fine for me.

Check my signature for the process and I've got a separate article for migrating the SLPDA (there's no actual migration tool, you have to do it by hand).

Alternatively you can setup everything from scratch and then move the CA if you want.

I just didn't want to have to deal with changing IP's, etc. plus our Novell Clients have hard-coded DA's in their config because Sun Solaris (at the time) wasn't capable of giving out the slpd options correctly.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.