bmcclean Absent Member.
Absent Member.
914 views

Starting name server BIND Unable to lock file /etc/nam.conf

Good Day, recently applied a security update to OES 11 and now DNS will not start. I found a support note from 2013 that describes the problem exactly, but the solution has no effect.

https://support.microfocus.com/kb/doc.php?id=7011945
Labels (1)
0 Likes
13 Replies
Knowledge Partner
Knowledge Partner

Re: Starting name server BIND Unable to lock file /etc/nam.conf

bmcclean wrote:

>
> Good Day, recently applied a security update to OES 11 and now DNS
> will not start. I found a support note from 2013 that describes the
> problem exactly, but the solution has no effect.
>
> https://support.microfocus.com/kb/doc.php?id=7011945


Have you checked /var/log/messages for any clues?

What version of OES are you running? Please post the output from this
command:

cat /etc/*release


--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
bmcclean Absent Member.
Absent Member.

Re: Starting name server BIND Unable to lock file /etc/nam.c

Thanks Kevin.

LSB_VERSION="core-2.0-noarch:core-3.2-noarch:core-4.0-noarch:core-2.0-x86_64:core-3.2-x86_64:core-4.0-x86_64"
Novell Open Enterprise Server 11 (x86_64)
VERSION = 11.2
PATCHLEVEL = 2
SUSE Linux Enterprise Server 11 (x86_64)
VERSION = 11
PATCHLEVEL = 3

I have the output in the message file from doing the start and stop. Nothing obvious. Am I revealing anything sensitive about my system be posting the log here?

KBOYLE;2494723 wrote:
bmcclean wrote:

>
> Good Day, recently applied a security update to OES 11 and now DNS
> will not start. I found a support note from 2013 that describes the
> problem exactly, but the solution has no effect.
>
> https://support.microfocus.com/kb/doc.php?id=7011945


Have you checked /var/log/messages for any clues?

What version of OES are you running? Please post the output from this
command:

cat /etc/*release


--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Starting name server BIND Unable to lock file /etc/nam.conf

bmcclean wrote:

> Novell Open Enterprise Server 11 (x86_64)
> VERSION = 11.2
> PATCHLEVEL = 2


I guess you know that this is very old and unsupported.

Please don't post the whole messages file. It's not necessary and may
contain some private information. I just wanted you to check it to see
if there was anything obvious.

You said:
> recently applied a security update to OES 11


It would seem that that could have caused your issue.

What was the patch and how did you apply it?

Why did you not just apply all outstanding patches?

Have you considered upgrading... at least to the latest version of
OES11 which is OES11 SP3?

--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
bmcclean Absent Member.
Absent Member.

Re: Starting name server BIND Unable to lock file /etc/nam.c

Thanks Kevin,

Yes it is pretty old. I don't have the expertise to upgrade ( especially if it goes south ), and outside contractors that want to deal with in-house systems are becoming rare. I will attempt it one day, or just go the SAAS route. When I looked into it when I moved from a stand-alone server to vmware, seems like there were issues with OES and upgrading, and I had no issues with moving it, so I moved on.

The patches just popped up at the bottom of the screen, looked there were only 2, so I let them apply. I'm sure there is a log of what they were, but I did not note it at the time. Generally good luck with applying updates and not having issues. This one may be minor, but troublesome.

there was only 1 line that looked like it might matter. Directory is not writable. I changed the permission in app-armor as the original solution indicated, but no solution. I'm guessing that if the access msg is important, there are more permissions to change.

configuring command channel from '/etc/rndc.key'
Feb 1 16:47:05 mars named[9510]: command channel listening on 127.0.0.1#953
Feb 1 16:47:05 mars named[9510]: configuring command channel from '/etc/rndc.key'
Feb 1 16:47:05 mars named[9510]: command channel listening on ::1#953
Feb 1 16:47:05 mars named[9510]: the working directory is not writable
Feb 1 16:47:05 mars named[9510]: managed-keys-zone: loaded serial 0
Feb 1 16:47:05 mars named[9510]: zone localhost/IN:


KBOYLE;2494741 wrote:
bmcclean wrote:

> Novell Open Enterprise Server 11 (x86_64)
> VERSION = 11.2
> PATCHLEVEL = 2


I guess you know that this is very old and unsupported.

Please don't post the whole messages file. It's not necessary and may
contain some private information. I just wanted you to check it to see
if there was anything obvious.

You said:
> recently applied a security update to OES 11


It would seem that that could have caused your issue.

What was the patch and how did you apply it?

Why did you not just apply all outstanding patches?

Have you considered upgrading... at least to the latest version of
OES11 which is OES11 SP3?

--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Starting name server BIND Unable to lock file /etc/nam.conf

bmcclean wrote:

> I changed the permission in app-armor as the original solution
> indicated, but no solution.


It's possible that was not the problem... 😞

Have a look at /var/opt/novell/log/named/named.run and see if there are
any error messages or any clues.

--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
bmcclean Absent Member.
Absent Member.

Re: Starting name server BIND Unable to lock file /etc/nam.c

Nothing notable. They didn't have obvious warnings and exactly the same as all the old logs.

If this process is unable to get a lock on a file, is there a way to see what other lock may be keeping it from doing that?

KBOYLE;2494801 wrote:
bmcclean wrote:

> I changed the permission in app-armor as the original solution
> indicated, but no solution.


It's possible that was not the problem... 😞

Have a look at /var/opt/novell/log/named/named.run and see if there are
any error messages or any clues.

--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Starting name server BIND Unable to lock file /etc/nam.conf

bmcclean wrote:

> Nothing notable. They didn't have obvious warnings and exactly the
> same as all the old logs.
>
> If this process is unable to get a lock on a file, is there a way to
> see what other lock may be keeping it from doing that?



There were a number if reasons why DNS wouldn't start. The correct
solution will depend on the actual cause.

Why do you believe the process is unable to get a lock on a file? Have
you seen any messages indicating such? Without determining the actual
cause, whatever you try is just hit and miss.

The easiest thing to try is to apply all outstanding patches or, better
yet, outstanding service packs to resolve known OES11 issues.

Other than that, here are some documents that may help:

TID 7012947 - Novell DNS fails to start - Unable to read locator
reference from NCP server
https://support.microfocus.com/kb/doc.php?id=7012947

TID 7006446 - DNS fails to start - CASA Credential Not found
https://support.microfocus.com/kb/doc.php?id=7006446

Novell DNS CASA Repair Tool
https://www.novell.com/communities/coolsolutions/cool_tools/novell-dns-casa-repair-tool/#comments

Common Proxy CASA Repair Tool
https://www.novell.com/communities/coolsolutions/cool_tools/common-proxy-casa-repair-tool/


--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
bmcclean Absent Member.
Absent Member.

Re: Starting name server BIND Unable to lock file /etc/nam.c

'Starting name server BIND Unable to lock file /etc/nam.conf.
permission denied.'

rcnamed status shows running. Stop and start dns and I get the above.

But lookups do not use the local server, they go to outside servers.

pings can find the local server running DNS. That same ip shows up at the top of the list in the DHCP DNS numbers on local clients.
pings cannot find entries in the local DNS.

Maybe DNS is starting but just not functioning the way it did.

KBOYLE;2494985 wrote:
bmcclean wrote:

> Nothing notable. They didn't have obvious warnings and exactly the
> same as all the old logs.
>
> If this process is unable to get a lock on a file, is there a way to
> see what other lock may be keeping it from doing that?



There were a number if reasons why DNS wouldn't start. The correct
solution will depend on the actual cause.

Why do you believe the process is unable to get a lock on a file? Have
you seen any messages indicating such? Without determining the actual
cause, whatever you try is just hit and miss.

The easiest thing to try is to apply all outstanding patches or, better
yet, outstanding service packs to resolve known OES11 issues.

Other than that, here are some documents that may help:

TID 7012947 - Novell DNS fails to start - Unable to read locator
reference from NCP server
https://support.microfocus.com/kb/doc.php?id=7012947

TID 7006446 - DNS fails to start - CASA Credential Not found
https://support.microfocus.com/kb/doc.php?id=7006446

Novell DNS CASA Repair Tool
https://www.novell.com/communities/coolsolutions/cool_tools/novell-dns-casa-repair-tool/#comments

Common Proxy CASA Repair Tool
https://www.novell.com/communities/coolsolutions/cool_tools/common-proxy-casa-repair-tool/


--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Starting name server BIND Unable to lock file /etc/nam.conf

bmcclean wrote:

> rcnamed status shows running. Stop and start dns and I get the above.


On OES servers you need to use "rcnovell-named" not "rcnamed".

Try this and let me know what happens:

rcnamed stop
rcnovell-named start


--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Starting name server BIND Unable to lock file /etc/nam.conf

bmcclean wrote:

> pings cannot find entries in the local DNS.


Use nslookup from your OES server or Windows workstation to verify that
a specific DNS server is returning the correct result.

"man nslookup" will show what options are available.

--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
bmcclean Absent Member.
Absent Member.

Re: Starting name server BIND Unable to lock file /etc/nam.c

Thanks Kevin, That works. I knew that sometime years ago. I suppose I would have done that at some point if RCNAMED had been an unknown command.

No, I think based on this problem, I should leave it alone and save the upgrade for better days. 😉

Again, thanks, Sorry for wasting your time. Although I have saved the links provided. ( and made a note of what this error msg most likely means )

KBOYLE;2494994 wrote:
bmcclean wrote:

> pings cannot find entries in the local DNS.


Use nslookup from your OES server or Windows workstation to verify that
a specific DNS server is returning the correct result.

"man nslookup" will show what options are available.

--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Starting name server BIND Unable to lock file /etc/nam.conf

bmcclean wrote:

> Thanks Kevin, That works. I knew that sometime years ago. I suppose I
> would have done that at some point if RCNAMED had been an unknown
> command.


Were it not for the fact that you mentioned "rcnamed" in your post, I
don't know if I ever would have spotted it.

I'm glad I could help and that you finally got it working!

--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Starting name server BIND Unable to lock file /etc/nam.conf

bmcclean wrote:

> Thanks Kevin, That works.


One last thing: To make sure the correct service starts automatically,
please run this command.

server:~ # chkconfig | grep named
named off
novell-named on



If the wrong service is on, be sure to correct it.

server:~ # chkconfig named off
server:~ # chkconfig novell-named on


--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.