Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
carnold6 Absent Member.
Absent Member.

Re: Migrate to New Server

Well, all the edir stuff was successful then i got to changing the ip address and a box popsup saying if you are connected via a remote session then you will lose connection. If you are connected via some remote session, click cancel, exit miggui and go to the server console and restart the transfer id. So i did exact that but now i can not "continue" transfer id! The source server is off and i cant authenticate to the target server. So i am going to power the source server back on and try to authenticate to both the source and target servers and see if i can continue the transfer id process. I would appreciate any help as soon as someone could




Yes, i have tried the passwords many times (same passwords work on the source server)

0 Likes
carnold6 Absent Member.
Absent Member.

Re: Migrate to New Server

carnold6;2401369 wrote:
Well, all the edir stuff was successful then i got to changing the ip address and a box popsup saying if you are connected via a remote session then you will lose connection. If you are connected via some remote session, click cancel, exit miggui and go to the server console and restart the transfer id. So i did exact that but now i can not "continue" transfer id! The source server is off and i cant authenticate to the target server. So i am going to power the source server back on and try to authenticate to both the source and target servers and see if i can continue the transfer id process. I would appreciate any help as soon as someone could




Yes, i have tried the passwords many times (same passwords work on the source server)


NetIQ LDAP server NOT listening on SSL or clear text ports. I can login to imanager on the target server (the server that LDAP server is not listening on SSL and clear text ports). Target server is missing from LDAP group. Not sure where to go from here?! Any ideas?

0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrate to New Server

carnold6;2401369 wrote:
Well, all the edir stuff was successful then i got to changing the ip address and a box popsup saying if you are connected via a remote session then you will lose connection. If you are connected via some remote session, click cancel, exit miggui and go to the server console and restart the transfer id. So i did exact that but now i can not "continue" transfer id! The source server is off and i cant authenticate to the target server. So i am going to power the source server back on and try to authenticate to both the source and target servers and see if i can continue the transfer id process. I would appreciate any help as soon as someone could




Yes, i have tried the passwords many times (same passwords work on the source server)


I'm confused. You were connected remotely via VNC (only way I know of to run miggui "remotely")? So you followed the instructions to cancel the migration?

You don't want to power the source server on if you have gotten that far (where it has to be shut off) or else bad things may happen.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrate to New Server

carnold6;2401376 wrote:
NetIQ LDAP server NOT listening on SSL or clear text ports. I can login to imanager on the target server (the server that LDAP server is not listening on SSL and clear text ports). Target server is missing from LDAP group. Not sure where to go from here?! Any ideas?


Could be a number of things, I'm not sure where you are at in the migration stage. If it's towards the end, I am thinking that the SSL certs for LDAP aren't quite right and that's why it's not loading. I vaguely remember something similar (on a new server setup) where one of my co-workers forgot to delete all the old server objects (we were doing an OES2 to OES11 Cluster upgrade, so we had to delete the "old" server object stuff and install the new server with the same name).

I don't recall the exact specifics, but I used iManager from some OTHER server and was able to adjust the LDAP server certificates from there.

However, you may wish to call Novell on this one because I'm not sure of the ramifications of adjusting any eDir objects in a mid-ID Transfer.

I think in my guide (albeit outdated in the sense that some of the screenshots have different options), I lay out that you should never do an ID transfer 'remotely'. (it CAN be done, I just advise against it).


--Kevin
0 Likes
carnold6 Absent Member.
Absent Member.

Re: Migrate to New Server

kjhurni;2401423 wrote:
Could be a number of things, I'm not sure where you are at in the migration stage.


It was at the changing ip stage. All the edir stuff said it completed successfully

If it's towards the end, I am thinking that the SSL certs for LDAP aren't quite right and that's why it's not loading. I vaguely remember something similar (on a new server setup) where one of my co-workers forgot to delete all the old server objects (we were doing an OES2 to OES11 Cluster upgrade, so we had to delete the "old" server object stuff and install the new server with the same name).


I believe it has to do with the cert also but am not sure how to "fix". I ran ndsconfig upgrade in order to assign the system a cert but it said it already had a cert assigned. The cert that is being referenced in the migration log is called targetservercert.der and it is not on the local drive

I don't recall the exact specifics, but I used iManager from some OTHER server and was able to adjust the LDAP server certificates from there.


I can use imanager from the target server but am not sure what to adjust in the LDAP cert and the target server is missing from the ldap group

However, you may wish to call Novell on this one because I'm not sure of the ramifications of adjusting any eDir objects in a mid-ID Transfer.


Our support contract has expired

I think in my guide (albeit outdated in the sense that some of the screenshots have different options), I lay out that you should never do an ID transfer 'remotely'. (it CAN be done, I just advise against it).


Yes, i know and in hindsite that was the stupidest thing ever to do! But now the milk has already spilled and i cant cry over spilled milk. Which direction to go from here? Should i try to get the ldap listening and rerun the transfer id or is rerunning the transfer id not an option at this point? If it is not an option, how do i recover from here?

rcndsd status on the target server:



It has the "old" (source) server listed. The nds.conf also has the "old" server listed and when i change it to the target server (linux) and start nds, the entry i changed changes back to the "old" server

0 Likes
carnold6 Absent Member.
Absent Member.

Re: Migrate to New Server

OK, i got the target server back by rerunning the OES install/configure app in yast. And miggui DOES pickup where it left off (not sure of any damage done as i had to power the source server back on in order to authenticate). Would like to know the way to go from here? Power the source server back off and continue with transfer id or not?

0 Likes
carnold6 Absent Member.
Absent Member.

Re: Migrate to New Server

hostname.domain.tld hostname.domain.tld hostname.domain.tld
2015-07-24 18:11:48,865 INFO - ServerIDSwap:Host Name Change:Executing Command: ncpcon set
2015-07-24 18:12:01,688 INFO - ServerIDSwap:ReInit:Starting reinit server phase
2015-07-24 18:12:01,688 INFO - ServerIDSwap:ReInit:Executing Command: echo mail > /etc/HOSTNAME
2015-07-24 18:12:01,703 INFO - ServerIDSwap:ReInit:Executing Command: hostname mail
2015-07-24 18:12:01,710 INFO - ServerIDSwap:ReInit:Executing Command: hostname
2015-07-24 18:12:01,723 INFO - ServerIDSwap:ReInit:Executing Command: /etc/init.d/network restart
2015-07-24 18:12:12,789 INFO - ServerIDSwap:ReInit:Executing Command: /etc/init.d/ndsd restart
2015-07-24 18:12:12,790 INFO - ServerIDSwap:ndsd:Time taken to execute this command depends on the size of the DIB and tree
2015-07-24 18:12:12,790 INFO - ServerIDSwap:ndsd:No log messages will be updated during the execution
2015-07-24 18:14:10,180 INFO - ServerIDSwap:Repair:Starting repair phase......
2015-07-24 18:14:10,180 INFO - ServerIDSwap:ndsrepair:Starting to execute NDSRepair command
2015-07-24 18:14:10,180 INFO - ServerIDSwap:ndsrepair:Executing Command: LC_ALL=en_US.UTF-8 /opt/novell/eDirectory/bin/ndsrepair -U
2015-07-24 18:14:10,180 INFO - ServerIDSwap:ndsd:Time taken to execute this command depends on the size of the DIB and tree
2015-07-24 18:14:10,180 INFO - ServerIDSwap:ndsd:No log messages will be updated during the execution
2015-07-24 18:19:10,445 ERROR - ServerIDSwap:ndsrepair:ndsrepair command failed.
2015-07-24 18:19:10,448 INFO - ServerIDSwap:migedir:*****************Command output start**********************************
2015-07-24 18:19:10,448 INFO - ServerIDSwap:migedir:
2015-07-24 18:19:10,448 INFO - ServerIDSwap:migedir:[1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf: linux.OU=Administrators.O=TNNDS.TNNDS
2015-07-24 18:19:10,448 INFO - ServerIDSwap:migedir:
2015-07-24 18:19:10,448 INFO - ServerIDSwap:migedir:Unable to connect to NDS Server.
2015-07-24 18:19:10,448 INFO - ServerIDSwap:migedir:No such process.
2015-07-24 18:19:10,448 INFO - ServerIDSwap:migedir:
2015-07-24 18:19:10,448 INFO - ServerIDSwap:migedir:*****************Command output end**********************************
2015-07-24 18:28:09,959 INFO - ServerIDSwap:Repair:Starting repair phase......
2015-07-24 18:28:09,960 INFO - ServerIDSwap:ndsrepair:Starting to execute NDSRepair command
2015-07-24 18:28:09,960 INFO - ServerIDSwap:ndsrepair:Executing Command: LC_ALL=en_US.UTF-8 /opt/novell/eDirectory/bin/ndsrepair -U
2015-07-24 18:28:09,960 INFO - ServerIDSwap:ndsd:Time taken to execute this command depends on the size of the DIB and tree
2015-07-24 18:28:09,960 INFO - ServerIDSwap:ndsd:No log messages will be updated during the execution
2015-07-24 18:34:20,196 INFO - ServerIDSwap:ndsd:Executing ndsd restart
2015-07-24 18:34:20,196 INFO - ServerIDSwap:ndsd:Executing Command: /etc/init.d/ndsd restart
2015-07-24 18:34:20,196 INFO - ServerIDSwap:ndsd:Time taken to execute this command depends on the size of the DIB and tree
2015-07-24 18:34:20,196 INFO - ServerIDSwap:ndsd:No log messages will be updated during the execution
2015-07-24 18:41:45,477 INFO - ServerIDSwap:ndsd:ndsd restart command returned...0
2015-07-24 18:41:45,477 INFO - ServerIDSwap:ndsd:Waiting for ndsd to restart
2015-07-24 18:41:46,481 INFO - ServerIDSwap:ndsd:Executing Command: /etc/init.d/ndsd status
2015-07-24 18:44:17,782 INFO - ServerIDSwap:ndsd:ndsd status command returned...
2015-07-24 18:44:17,782 ERROR - ServerIDSwap:ndsd:Failed status check on ndsd.
2015-07-24 18:44:17,782 INFO - ServerIDSwap:ndsd:*****************Command output start**********************************
2015-07-24 18:44:17,782 INFO - ServerIDSwap:ndsd:Tree Name: TNNDS
2015-07-24 18:44:17,782 INFO - ServerIDSwap:ndsd:Server Name: .CN=linux.OU=Administrators.O=TNNDS.T=TNNDS.
2015-07-24 18:44:17,782 INFO - ServerIDSwap:ndsd:Binary Version: 20802.08
2015-07-24 18:44:17,782 INFO - ServerIDSwap:ndsd:Root Most Entry Depth: -1
2015-07-24 18:44:17,782 INFO - ServerIDSwap:ndsd:Product Version: Could not be retrieved
2015-07-24 18:44:17,782 INFO - ServerIDSwap:ndsd:
2015-07-24 18:44:17,782 INFO - ServerIDSwap:ndsd:
2015-07-24 18:44:17,782 INFO - ServerIDSwap:ndsd:..dead
2015-07-24 18:44:17,782 INFO - ServerIDSwap:ndsd:
2015-07-24 18:44:17,782 INFO - ServerIDSwap:ndsd:*****************Command output end**********************************

I can not login to imanager now. How can i get the edir certificate fixed without edir?

0 Likes
carnold6 Absent Member.
Absent Member.

Re: Migrate to New Server

Anyone have any ideas?

0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrate to New Server

carnold6;2401557 wrote:
Anyone have any ideas?


I'd have to say open an SR with Novell. My concern is that manually fixing anything while the server hasn't completed the ID transfer may make the ID transfer continue to fail or screw things up.

The ID transfer (my memory is a bit fuzzy) does do a certificate repair at the end and adjusts things like LUM/LDAP, with the certs and whatnot, hence my reluctance to just fix things in the middle if the script has already written down the names and such of what it is going to fix/do.

Certificates can be repaired from any iManager server (doesn't have to be the one you're working on), and there's a cool solutions article I believe with a script to fix certs as well. Although I'm not sure if I've ever see a bad cert keep edir from loading (the ldap stuff, sure, but I don't recall having an expired cert/etc. keep ndsd from loading). But I could be wrong.

But again, I'm not sure if that's going to make things worse or not.

--Kevin
0 Likes
carnold6 Absent Member.
Absent Member.

Re: Migrate to New Server

kjhurni;2401569 wrote:
I'd have to say open an SR with Novell. My concern is that manually fixing anything while the server hasn't completed the ID transfer may make the ID transfer continue to fail or screw things up.

The ID transfer (my memory is a bit fuzzy) does do a certificate repair at the end and adjusts things like LUM/LDAP, with the certs and whatnot, hence my reluctance to just fix things in the middle if the script has already written down the names and such of what it is going to fix/do.

Certificates can be repaired from any iManager server (doesn't have to be the one you're working on), and there's a cool solutions article I believe with a script to fix certs as well. Although I'm not sure if I've ever see a bad cert keep edir from loading (the ldap stuff, sure, but I don't recall having an expired cert/etc. keep ndsd from loading). But I could be wrong.

But again, I'm not sure if that's going to make things worse or not.

--Kevin


I hear ya! What are your thoughts on just making a new tree from here (same tree name, hostname and ip)? There is only 5 active users in edir. So i am thinking it may be easier to just start anew. What are your thoughts on this based on the failed transfer id?

0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrate to New Server

carnold6;2401572 wrote:
I hear ya! What are your thoughts on just making a new tree from here (same tree name, hostname and ip)? There is only 5 active users in edir. So i am thinking it may be easier to just start anew. What are your thoughts on this based on the failed transfer id?


If you didn't have iFolder in the mix, I'd probably say "go for it". But the last time I used iFolder, the data was encrypted and not sure about any reliance upon eDirectory.

If you're getting that desperate, then probably no harm trying to see why ndsd won't start.

There's some logs in the ndsd directory that should hopefully indicate why it won't start.

I got the impression your data was on separate volumes presented via iSCSI LUNs, so "moving" the data over should be relatively easy, but the file trustees/etc won't be intact (unless you can get eDir working again).

But I'm not familiar with iFolder (it was years ago when we last used/tried it--probably in the old NW 6.5 days).

You may want to try asking about the eDir stuff (specific to the ndsd won't start during ID Transfer process) in either the migration sub-forums or possibly the NetIQ -> eDirectory -> Linux forums. You may get better visibility there from people who know eDir far better than I do.

--Kevin
0 Likes
nlandas Absent Member.
Absent Member.

Re: Migrate to New Server

carnold6;2401572 wrote:
I hear ya! What are your thoughts on just making a new tree from here (same tree name, hostname and ip)? There is only 5 active users in edir. So i am thinking it may be easier to just start anew. What are your thoughts on this based on the failed transfer id?


If you are going to do that and there are only 5 active users, I'd just do a fresh install of OES11 64-bit after backing up iFolder data and iFolder's configuration. Otherwise, to clean up the current install a Novell SR is your best bet.
0 Likes
nlandas Absent Member.
Absent Member.

Re: Migrate to New Server

kjhurni;2401421 wrote:
I'm confused. You were connected remotely via VNC (only way I know of to run miggui "remotely")? So you followed the instructions to cancel the migration?

You don't want to power the source server on if you have gotten that far (where it has to be shut off) or else bad things may happen.


That was my thought as well. There is a point where the transfer will power down the old server after it decommissions eDir on it. At that point the transfer should be finished unless you need to clean up some issues on the new server with certificates, etc. The OP didn't seem to think the IP changed on the new server though. However, going back to bring up the old server was not a good idea - I hope it was done offline for testing not connected to the network.
0 Likes
carnold6 Absent Member.
Absent Member.

Re: Migrate to New Server

So i finally was able to come back to this project. So i followed:

https://www.novell.com/support/kb/doc.php?id=7002414
to remove the instance. Then rerun oes install applet from yast (used same tree name). This got edir working again but i couldnt login to ifolder admin. So i followed:

https://www.novell.com/support/kb/doc.php?id=3948161
to install a cert. This allowed me to login to ifolder admin. I then mounted the iscsi ifolder store. Also created a new edir user and modified my ifolder search context. Now the new user can login to the ifolder web ui!

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.