Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Vice Admiral
Vice Admiral
2838 views

eDirectory Adding Replica, Failed to configure SAS service

I have two eDirectory Servers, first is "192.168.1.119" and second is "192.168.1.201"
I am using NetIQ eDirectory 8.8 SP8 v20811.09 on Red Hat Enterprise Linux Server release 6.8 (Santiago).
I want to add eDirectory Replica Server 192.168.1.119 inside "192.168.1.201", Steps are given below.
Login into 192.168.1.119 Run the following command,
ndsconfig add -S idm01 -t VAULT -n idm01.servers.system -d /var/opt/novell/eDirectory/data/dib -a admin.sa.system -p 192.168.1.201:524
it gives me the following error inside ndsd.log
Jan 18 10:25:13  SASL Version:8.8.8.10 Build:20170328 started
Jan 18 10:25:29 SecurityInstall: Error from pkiInstallCreatePKIObjects (ccode = -1222; retval = -4).
Jan 18 10:25:29 An error occurred while configuring product SAS. Error description unknown error -1222 (fffffb3a hex).-1222
Jan 18 10:25:29 NDSIInstallDSProduct: Returning -1222.
Jan 18 10:25:29 DHModuleInit_dsi: Returning -1222.
Jan 18 10:25:29 Module dsi is not loaded
Labels (1)
0 Likes
16 Replies
Vice Admiral
Vice Admiral

Anyone have any suggestion on this?
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

First, if you want quick responses you should use an official channel to
contact the vendor, or a partner, for (presumably) paid support. The
forums are frequented by volunteers who are like yourself, and expecting a
response in six-hours from volunteers is likely to end in disappointment.

I do not recall seeing this before, but it may help to see all of your
ndsconfig output as you tried to add your second server into your first
server's tree. Also, have you checked the knowledgebase? The -1222 error
appears to be possible in some cases (a case that is similar to this one
where default certificates would be created) if your CRL configuration on
the CA is invalid, though since this sounds like a new setup I am not sure
why that would be the case for you:

https://www.novell.com/support/kb/doc.php?id=7015505

Also, is it safe to assume you have verified that, despite this error,
eDirectory was not configured properly on this box? Do you have a second
server object in the tree now? I presume your server object names are
unique, but if not they MUST be tree-wide.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Vice Admiral
Vice Admiral

Thanks for the reply.
I was changed CRL from "One" to "CRL_1" using iManager.
Now I am not getting any error at the time of adding eDir Replica using "ndsconfig add" command, but after success of "ndsconfig add" command, run "rcndsd restart" and I am getting the below error inside ndsd.log
Loader Failed:for dxevent,error dxevent: cannot open shared object file: No such file or directory,errno 2


I want to share, the Master eDir has already one eDir Replica and it is 2 years old environment. And now I am trying to add one more eDir Replica server to that Master eDir.
So please help me to fix this.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

On 01/20/2018 03:54 AM, fartyalvikram wrote:
>
> Code:
> --------------------
> Loader Failed:for dxevent,error dxevent: cannot open shared object file: No such file or directory,errno 2
> --------------------


Despite that error, does eDirectory work on that box?


sudo /usr/sbin/ss -planeto | grep 'LISTEN ' | grep ndsd
ps aux | grep ndsd
ndsstat


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Vice Admiral
Vice Admiral

Please see below output when I run the following command on 192.168.1.119 server which I want to add on Master eDir.
Run "/usr/sbin/ss -planeto | grep 'LISTEN ' | grep ndsd" command
LISTEN     0      128                     *:389                     *:*      users:(("ndsd",30512,111)) ino:1635649 sk:ffff880237f7b140
LISTEN 0 128 192.168.1.119:524 *:* users:(("ndsd",30512,50)) ino:1635589 sk:ffff880233e65100
LISTEN 0 128 127.0.0.1:524 *:* users:(("ndsd",30512,6)) ino:1635546 sk:ffff880237f5f180
LISTEN 0 128 *:636 *:* users:(("ndsd",30512,112)) ino:1635650 sk:ffff880236cc3880
LISTEN 0 128 192.168.1.119:8028 *:* users:(("ndsd",30512,40)) ino:1635569 sk:ffff880233e35740
LISTEN 0 128 192.168.1.119:8030 *:* users:(("ndsd",30512,42)) ino:1635575 sk:ffff880233e35040

Run "ps aux | grep ndsd" command
root     30512  4.5  0.8 710484 66804 ?        Sl   23:25   0:00 /opt/novell/eDirectory/sbin/ndsd
root 30627 0.0 0.0 105364 844 pts/0 S+ 23:25 0:00 grep ndsd

Run "ndsstat" command
[1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf:  idm01.OU=idm01.OU=servers.O=system.VAULT
Tree Name: VAULT
Server Name: .CN=idm01.OU=idm01.OU=servers.O=system.T=VAULT.
Binary Version: 20811.09
Root Most Entry Depth: -1
Product Version: eDirectory for Linux x86_64 v8.8 SP8 [DS]
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

This is showing eDirectory running, but I wanted you to run those comands
on your new box to see if it was working too. Everything here looks fine,
at least as far as those commands are concerned, though it is only
eDirectory 8.8, where a new environment should probably be starting with
eDirectory 9.0 SP4.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Vice Admiral
Vice Admiral

When I run the following command on 192.168.1.201 (Master eDir) server, I am getting the following output
Run "/usr/sbin/ss -planeto | grep 'LISTEN ' | grep ndsd" command
LISTEN     0      128                       *:636                      *:*      users:(("ndsd",27301,249)) ino:6273234 sk:ffff8801b98a1180
LISTEN 0 128 192.168.1.201:8028 *:* users:(("ndsd",27301,40)) ino:6273141 sk:ffff8801b5607780
LISTEN 0 128 192.168.1.201:8030 *:* users:(("ndsd",27301,42)) ino:6273146 sk:ffff8801b9b5c0c0
LISTEN 0 128 *:389 *:* users:(("ndsd",27301,248)) ino:6273233 sk:ffff8801b8c581c0
LISTEN 0 50 *:8200 *:* users:(("ndsd",27301,325)) ino:6273355 sk:ffff8801b8c4b800
LISTEN 0 128 192.168.1.201:524 *:* users:(("ndsd",27301,50)) ino:6273157 sk:ffff8801b546e800
LISTEN 0 128 127.0.0.1:524 *:* users:(("ndsd",27301,6)) ino:6273119 sk:ffff8801b8c588c0

Run "ps aux | grep ndsd" command
root      5274  0.0  0.0 103320   848 pts/0    S+   11:39   0:00 grep ndsd
root 27301 17.9 14.1 2876548 849984 ? Sl Jan20 334:57 /opt/novell/eDirectory/sbin/ndsd

Run "ndsstat" command
[1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf:  masteridm01.OU=masteridm01.OU=servers.O=system.VAULT
Tree Name: VAULT
Server Name: .CN=masteridm01.OU=masteridm01.OU=servers.O=system.T=VAULT.
Binary Version: 20811.09
Root Most Entry Depth: 0
Product Version: eDirectory for Linux x86_64 v8.8 SP8 [DS]


I think the version of eDir is same in both server (Master eDir 192.168.1.201 and eDir Replica 192.168.1.119) because the output of ndsstat is same on both server.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

This shows eDirectory working. The message you see in the ndsd.log file
is normal, and cosmetic in your case, so you can safely ignore it.

Another command you could run to verify that the tree, with both servers
communicating, is healthy, is the following:


ndsrepair -E


Generally looking for health in iMonitor is recommended, but iMonitor is a
graphical interface, and commands are easier to convey, plus their output
return, than pictures. Become familiar with iMonitor as you can; it is
covered in the eDirectory documentation.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Vice Admiral
Vice Admiral

Do you want me to run ndsrepair command on eDir Replica Server 192.168.1.119 or Master eDir Server 192.168.1.201?
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Either, or both; they should sow very similar output, basically a single
partition ([root]) with two replicas, and probably showing up to a time
very close to the present.



--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Vice Admiral
Vice Admiral

I tried "ndsrepair -R" on both server (Master eDir and eDir Replica). But is gives the same error on ndsd.log and replica not showing on Master eDir server using ndscheck command.

I found that on eDir Replica server (192.168.1.119) they have "novell-DXMLMSGway" package is missing. I was checked that by using below command
rpm -qa | grep novell-DXMLMSGway
On the other side Master eDir server (192.168.1.201) they have that package when I hit the above command the output is given below
novell-DXMLMSGway-4.0.2-0.noarch

So is it the issue?
If yes so please give me suggestion for installing this package, how can I installed this package.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.