Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
185 views

Partion not synchronized to other servers


Hello,

We have three partitions and 4 eDirectory 8.8.7 servers on our
production environment. We have on master replica, one read/write
replica and two read only replicas. We noticed that one partition (the
one holding the largest number of objects) is no longer synchronized to
other servers. There is no problem on the the two other partitions.

What can be the cause of this?
How can we fix it?

Thanks


--
moularbi
------------------------------------------------------------------------
moularbi's Profile: https://forums.netiq.com/member.php?userid=1196
View this thread: https://forums.netiq.com/showthread.php?t=48826

Labels (1)
0 Likes
15 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Partion not synchronized to other servers

How did you notice this, exactly? Please provide output from iMonitor or
a "Synchronization Status" report indicating the same. Usually if
something is synchronizing there are error numbers involved; see any?

Good luck.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Partion not synchronized to other servers

On Wed, 02 Oct 2013 09:25:52 +0000, moularbi wrote:

> We have three partitions and 4 eDirectory 8.8.7 servers on our
> production environment. We have on master replica, one read/write
> replica and two read only replicas.


Why "read only"? I'm curious. I've never found an actual use for those.


> We noticed that one partition (the
> one holding the largest number of objects) is no longer synchronized to
> other servers. There is no problem on the the two other partitions.


Noticed how? Which one (the M, R/W, or R/O)?


> What can be the cause of this?


Lots of possible causes. Let's see the output of "ndsrepair -T" and
"ndsrepair -E" from the server holding the Master.


> How can we fix it?


Depends on the cause of the problem.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Partion not synchronized to other servers


The read-only replicas are used only for authentication.

The problem is concerning the read-write replica and one of the two
read-only replicas. We noticed this by connecting to the read-write
replica with an ldap browser to check if the data was updated by the IDM
driver running on the master replica.

Here is the result of ndsrepair -P after selecting "view replica ring":
Replicas Of Partition: .CUSTOMERS
Total number of servers in the replica ring = 4
SERVER NAME REPLICA TYPE REPLICA STATE
(1).VSRV1187.servers.system Master On
(2).VSRV1188.servers.system Read-Only On
(3).VSRV1189.servers.system Read-Only On
(4).VSRV1201.servers.system Read/Write On
(5)Return to Replica Options

Enter 'q' to escape the operation.

Result of ndsrepair -T:
================

Collecting time synchronization and server status
Time synchronization and server status information
Start: Wednesday, October 02, 2013 16:01:48 Local Time

---------------------------+---------+---------+-----------+--------+-------
DS Replica Time Time is
Time
Server name Version Depth Source in sync
+/-
---------------------------+---------+---------+-----------+--------+-------
Processing server: .VSRV1201.servers.system
..VSRV1201.servers.system 20701.48 0 Non-NetWare Yes
0
Processing server: .VSRV1189.servers.system
..VSRV1189.servers.system 20701.48 0 Non-NetWare Yes
0
Processing server: .VSRV1188.servers.system
..VSRV1188.servers.system 20701.48 0 Non-NetWare Yes
0
Processing server: .VSRV1187.servers.system
..VSRV1187.servers.system 20701.48 0 Non-NetWare Yes
0
---------------------------+---------+---------+-----------+--------+-------
Total errors: 0
NDSRepair process completed.

Result of ndsrepair -E:
================
Partition: .CUSTOMERS
Replica on server: .VSRV1201.servers.system
Replica: .VSRV1201.servers.system 10-02-2013 16:32:23
Replica on server: .VSRV1189.servers.system
Replica: .VSRV1189.servers.system 10-02-2013 16:31:28
Replica on server: .VSRV1188.servers.system
Replica: .VSRV1188.servers.system 10-02-2013 16:32:24
Server: CN=VSRV1189.dc=servers.dc=system 10-02-2013 16:31:30 -641
Remote
Object:
uniqueID=CRM-003D000000qoaiuIAA.dc=CONTACTS.OU=CRM-S_ES_100369.dc=CUSTOMERS
Replica on server: .VSRV1187.servers.system
Replica: .VSRV1187.servers.system 10-02-2013 16:31:28
Server: CN=VSRV1189.dc=servers.dc=system 10-02-2013 16:33:21 -641
Remote
Object:
uniqueID=CRM-003D000000qoaiuIAA.dc=CONTACTS.OU=CRM-S_ES_100369.dc=CUSTOMERS
All servers synchronized up to time: 10-02-2013 16:31:28
Partition: .driverset.idm.services.system
Replica on server: .VSRV1201.servers.system
Replica: .VSRV1201.servers.system 10-02-2013 16:32:03
Replica on server: .VSRV1189.servers.system
Replica: .VSRV1189.servers.system 10-02-2013 16:32:02
Replica on server: .VSRV1188.servers.system
Replica: .VSRV1188.servers.system 10-02-2013 16:32:02
Replica on server: .VSRV1187.servers.system
Replica: .VSRV1187.servers.system 10-02-2013 16:32:00
All servers synchronized up to time: 10-02-2013 16:32:00
Partition: .[Root].
Replica on server: .VSRV1201.servers.system
Replica: .VSRV1201.servers.system 10-02-2013 16:33:16
Replica on server: .VSRV1189.servers.system
Replica: .VSRV1189.servers.system 10-02-2013 16:32:48
Replica on server: .VSRV1188.servers.system
Replica: .VSRV1188.servers.system 10-02-2013 16:33:15
Replica on server: .VSRV1187.servers.system
Replica: .VSRV1187.servers.system 10-02-2013 16:33:13
All servers synchronized up to time: 10-02-2013 16:32:48
Finish: Wednesday, October 02, 2013 16:33:28 Local Time

Total errors: 2
NDSRepair process completed.


--
moularbi
------------------------------------------------------------------------
moularbi's Profile: https://forums.netiq.com/member.php?userid=1196
View this thread: https://forums.netiq.com/showthread.php?t=48826

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Partion not synchronized to other servers

On Wed, 02 Oct 2013 14:44:02 +0000, moularbi wrote:

> The read-only replicas are used only for authentication.


In that case, no, they aren't. Authentication generally requires writing,
so your requests will be sent to the R/W or Master anyway, which will
then update the R/O via synchronization. You might as well just make them
all R/W.


> Result of ndsrepair -E:
> ================
> Partition: .CUSTOMERS
> Replica on server: .VSRV1201.servers.system Replica:
> .VSRV1201.servers.system 10-02-2013 16:32:23 Replica on server:
> .VSRV1189.servers.system Replica: .VSRV1189.servers.system
> 10-02-2013 16:31:28 Replica on server: .VSRV1188.servers.system Replica:
> .VSRV1188.servers.system 10-02-2013 16:32:24 Server:
> CN=VSRV1189.dc=servers.dc=system 10-02-2013 16:31:30 -641 Remote
> Object:
> uniqueID=CRM-003D000000qoaiuIAA.dc=CONTACTS.OU=CRM-

S_ES_100369.dc=CUSTOMERS
> Replica on server: .VSRV1187.servers.system Replica:
> .VSRV1187.servers.system 10-02-2013 16:31:28 Server:
> CN=VSRV1189.dc=servers.dc=system 10-02-2013 16:33:21 -641 Remote
> Object:
> uniqueID=CRM-003D000000qoaiuIAA.dc=CONTACTS.OU=CRM-

S_ES_100369.dc=CUSTOMERS

Ok, good, so you've got a problem here.

-641 FFFFFD7F INVALID REQUEST

Source

eDirectoryâ„¢

Explanation

A request was received that is invalid or unsupported by the version of
eDirectory (ds.nlm) being used.


Since all of your servers are on the same version, I'm not what this is,
but I'd have a close look at this object (uniqueID=CRM-003D000000qoaiuIAA)
with iMonitor, on all four servers. There may be something weird about
it. If you find something, a single object repair on this object may
correct it.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Partion not synchronized to other servers


There is nothing weird on this object. I compared the entry on the four
servers, there are different values on these attributes:
- localEntryID
- modifyTimestamp
- revision
and one custom optional attribute which is not present in the two
servers with error.

How can I do a repairon this object?


--
moularbi
------------------------------------------------------------------------
moularbi's Profile: https://forums.netiq.com/member.php?userid=1196
View this thread: https://forums.netiq.com/showthread.php?t=48826

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Partion not synchronized to other servers

On Wed, 02 Oct 2013 16:54:02 +0000, moularbi wrote:

> There is nothing weird on this object. I compared the entry on the four
> servers, there are different values on these attributes: - localEntryID
> - modifyTimestamp
> - revision
> and one custom optional attribute which is not present in the two
> servers with error.


Hm. That's interesting. The notes on the -614 error seem to indicate that
an out-of-sync schema can cause this.


Possible Cause

This error could be a response error or could be caused by a non-
synchronized schema.


So this custom optional attribute, is it defined in the schema correctly
on all four servers?


> How can I do a repairon this object?


I wouldn't do that just yet, but in iMonitor, find the object, then click
on the repair button. The default option here is single object repair.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Partion not synchronized to other servers


Yes, the attribute is defined correctly. It is a single valued string.
I made an ndsrepair on this object then an ndsrepair -E. It returns the
same error.


--
moularbi
------------------------------------------------------------------------
moularbi's Profile: https://forums.netiq.com/member.php?userid=1196
View this thread: https://forums.netiq.com/showthread.php?t=48826

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Partion not synchronized to other servers

On Wed, 02 Oct 2013 14:44:02 +0000, moularbi wrote:

> The read-only replicas are used only for authentication.


Unless something has changed, read-only replicas cannot be used for
authentication. Authentication causes attributes to be updated, so the
authentication request is handed off to a writable replica.

In 20 years of working with NDS and eDirectory, I've never found a use
for read-only replicas as implemented.

Jim
--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Partion not synchronized to other servers


Using read-only replicas for authentication does it reduce load on the
master replica when performing serach and read operations?


--
moularbi
------------------------------------------------------------------------
moularbi's Profile: https://forums.netiq.com/member.php?userid=1196
View this thread: https://forums.netiq.com/showthread.php?t=48826

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Partion not synchronized to other servers

On Wed, 02 Oct 2013 17:04:03 +0000, moularbi wrote:

> Using read-only replicas for authentication does it reduce load on the
> master replica when performing serach and read operations?


No, it doesn't - it generates more traffic, and the RO server just hands
the entire authentication request off to a R/W or the master.

Remember that the only real difference between a R/W and the master
replica is that the master has responsibility for partition and replica
operations. In terms of data access, they're essentially equivalent in
99% of situations.

Jim

--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Partion not synchronized to other servers


moularbi;234820 Wrote:
> Using read-only replicas for authentication does it reduce load on the
> master replica when performing serach and read operations?

But
Jim Wrote:
> read-only replicas cannot be used for authentication

So how then could having them reduce the load on the Master replica?
Please forget RO replicas entirely. No-one uses them and they have no
practical use. Just have a M and at least 2 RWs of each partition,
you'll be fine. BTW the M does not preferentially do authentication, RWs
are just as good for that purpose.


--
ataubman
------------------------------------------------------------------------
ataubman's Profile: https://forums.netiq.com/member.php?userid=301
View this thread: https://forums.netiq.com/showthread.php?t=48826

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Partion not synchronized to other servers

On Wed, 02 Oct 2013 14:44:02 +0000, moularbi wrote:

> Remote
> Object:
> uniqueID=CRM-003D000000qoaiuIAA.dc=CONTACTS.OU=CRM-

S_ES_100369.dc=CUSTOMERS

Is this object important? If not, you may want to just delete it, make
sure everything else is working normally, then recreate it.


If that doesn't work, or isn't palatable for whatever reason, you might
have to take more drastic steps.

- do a "receive all object in this partition" on the two problem
servers

- force all replicas off the two problem servers with ndsrepair -xk2
-xk3 and clean up the rings with ndsrepair -A on the remaining servers

- get a dialin from NTS.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Partion not synchronized to other servers

On Mon, 14 Oct 2013 17:30:02 +0000, David Gersic wrote:

> - do a "receive all object in this partition" on the two problem servers


If the object can't be deleted, this is what I'd be inclined to do - it
basically destroys and recreates the replica, so the xk2/xk3 option
wouldn't really do anything different than this (other than affect all
partitions on the server in question).

You can also try iMonitor's "send entry to all replicas" from a server
holding a good copy of the object - that would be even less invasive than
the "receive all" option, but that may not resolve the issue.

I might also be inclined to do a schema compare between the source and
destination servers - an inconsistent object between replicas could be
the result of a schema mismatch (though I might expect a different result
code than a -641 if that was the case).

Jim



--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Partion not synchronized to other servers


We tried a receive all object in this partition but it didn't work.

We finally deleted the replica from the third server and recreated it.
We have no more errors, the replica synchronized to both problem
servers.


--
moularbi
------------------------------------------------------------------------
moularbi's Profile: https://forums.netiq.com/member.php?userid=1196
View this thread: https://forums.netiq.com/showthread.php?t=48826

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.