asd23 Absent Member.
Absent Member.
1917 views

ndsd down

Just installed these 2 patches on one of my sles11sp4 / oes11sp3 boxes.

Jan 2017 OES11 SP3 edir 8.8 SP8 patch 9

Jan 2017 OES11 SP3 Scheduled Maintenance Update


Installs seemed to go fine, then rebooted the box. Now, ndsd is not
running and will not start.

The following shows on the console when I try a manual start:

Multiple values for n4u.server.configdir found in configuration file.
Failed to parse configuration file. ndsd will not start up.
startproc: exit status of parent of /opt/novell/eDirectory/sbin/ndsd: 1

Looking in /var/opt/novell/eDirectory/log/ndsd.log, I see this entry:

Feb 02 08:29:30 eDirectory is downgraded from NetIQ eDirectory 8.8 SP8
v20809.21 to NetIQ eDirectory 8.8 SP8 v20810.20 . It is recommended to
update the server with the available OES patches.
Feb 02 08:29:30 About to start NetIQ eDirectory server on host:
<server>.

No other patches show as available to install on this box, namcd is
running, any suggestions?

--
Stevo
Labels (1)
0 Likes
6 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: ndsd down

The system has detected a problem that has probably been there for years
and now prevents starting so you will fix it. You have duplicate lines in
your nds.conf file (probably at /etc/opt/novell/eDirectory/conf/nds.conf)
and you need to clean those up. Try these commands:


cp -a /etc/opt/novell/eDirectory/conf/nds.conf
/etc/opt/novell/eDirectory/conf/nds.conf-20170202
sort -u /etc/opt/novell/eDirectory/conf/nds.conf-20170202 >
/etc/opt/novell/eDirectory/conf/nds.conf


The result should be a file without the duplicates present and then
eDirectory should start as usual.

I wish the company had just had a big ugly warning on the screen, rather
than stopping eDirectory from starting, but at least it's an easy fix.
This is part of an effort to identify WHY the lousy duplicate lines show
up, as nobody yet knows for sure and the bug I opened years ago is still
investigating it. Unfortunately it is sporadic, and happens here but not
there, is very hard to duplicate, and does not seem to have anything
in-common other than eDirectory ifself, of course.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
asd23 Absent Member.
Absent Member.

Re: ndsd down

ab sounds like they 'said':

> The system has detected a problem that has probably been there for
> years and now prevents starting so you will fix it. You have
> duplicate lines in your nds.conf file (probably at
> /etc/opt/novell/eDirectory/conf/nds.conf) and you need to clean those
> up. Try these commands:
>
>

> cp -a /etc/opt/novell/eDirectory/conf/nds.conf
> /etc/opt/novell/eDirectory/conf/nds.conf-20170202
> sort -u /etc/opt/novell/eDirectory/conf/nds.conf-20170202 >
> /etc/opt/novell/eDirectory/conf/nds.conf
>

>
> The result should be a file without the duplicates present and then
> eDirectory should start as usual.
>
> I wish the company had just had a big ugly warning on the screen,
> rather than stopping eDirectory from starting, but at least it's an
> easy fix. This is part of an effort to identify WHY the lousy
> duplicate lines show up, as nobody yet knows for sure and the bug I
> opened years ago is still investigating it. Unfortunately it is
> sporadic, and happens here but not there, is very hard to duplicate,
> and does not seem to have anything in-common other than eDirectory
> ifself, of course.


So my response to ab's comment is...

Ok, that (along with another edit of nds.conf) seems to have fixed it,
thanks!

Other edit I needed to do was clean up duplicate entries in
https.server.cached-cert-dn within nds.conf

--
Stevo
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: ndsd down

Good information; I guess the value of the certificate name changed, then,
maybe from one certificate to another? Seems surprising that would
happen, but maybe you did it on purpose at some point, or maybe it's
another symptom of the main problem, but this value actually changes
sometimes where most of the others (server name, server IP, vardir and
dibdir) almost never do.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
asd23 Absent Member.
Absent Member.

Re: ndsd down

ab sounds like they 'said':

> Good information; I guess the value of the certificate name changed,
> then, maybe from one certificate to another? Seems surprising that
> would happen, but maybe you did it on purpose at some point, or maybe
> it's another symptom of the main problem, but this value actually
> changes sometimes where most of the others (server name, server IP,
> vardir and dibdir) almost never do.


So my response to ab's comment is...

Odd thing is, one of the entries was basically the fqdn of the server,
not even a cert.

--
Stevo
0 Likes
Highlighted
MStatman Contributor.
Contributor.

Re: ndsd down


Same issue here, except on a SLES11Sp4/OES2015Sp1 server: some
duplicate entries in nds.conf and an added malformed entry for
https.server.cached-cert-dn. Fixed it, then found this thread. 😉

Patches installed were oes2015sp1-January-2017-Hot-Patch,
oes2015sp1-January-2017-Scheduled-Maintenance,
oes2015sp1-edirectory-888-patch9, as well as several slessp4 updates.

Also got the whine "eDirectory is downgraded from NetIQ eDirectory 8.8
SP8 *v20809.21* to NetIQ eDirectory 8.8 SP8 *v20810.20 *." Seems
someone is math-challenged. Which is additionally strange since this
server had been running eDirectory 8.8 SP8 *v20809.22 *since last
September.

This server appears to have been an anomaly, the next dozen or so
servers that were patched (mix of oes11 and oes2105) didn't have the
issue (although I made a copy of the nds.conf just in case...)

Then I came to a SLESS11sp3/OES11Sp2 server that also has duplicate
entries in its nds.conf and an added malformed entry for
https.server.cached-cert-dn, although running quite nicely, also
v20809.22 since September. Strangely, the timestamp on ndsd.conf
(retrieved with 'stat' command) is about 30 minutes _before_ the time I
logged in to the server via ssh to apply patches. -- but may coincide
with the patches/reboots of some of the other servers. Nope, the
timesstamp itself isn't helpful, I see very recent modify timestamps on
ndsd.conf on other servers not yet updated. Fixed the nds.conf before
rebooting, nds is fine (but also whines about the fake downgrade).

Regarding the https.server.cached-cert-dn entries, both of these servers
have an IP AG cert specified. In one case, the cert expired several
years ago (ok, need to fix that), in the other case the cert is still
valid. Other servers also use an IP AG cert but only these two had
corrupted nds.conf.

As was stated by ab in an earlier reply, not known why these lines show
up, but the release notes for NetIQ eDirectory 9.0 SP2 claim that "This
release updates eDirectory to start without crashing" ... "immediately
after starting due to invalid entries in the nds.conf file." Yay, can't
wait for that.

-M


--
mstatman
------------------------------------------------------------------------
mstatman's Profile: https://forums.netiq.com/member.php?userid=1078
View this thread: https://forums.netiq.com/showthread.php?t=57293

0 Likes
dbgallo1 Absent Member.
Absent Member.

Re: ndsd down

Seen the same thing, it was before applying the September 2016 patches for OES11SP2 on an NCS cluster. Every server had this issue, sometimes the same data was there 2-3x. We , manually went in , copied the bad nds.conf, edited it to a workstation and parsed thru it with notepad++. eDir v20809.22 seems to be able to handle the corrupted nds.conf properly, but the upgraded versions cannot. We hit this on our way to running wagon to get to OES11SP3, which started fine with edited nds.conf, but did not start with corrupted one.

Best guess is that the eDir and upgrade between 20806.5 and 20809.22 upgrade did this, we have several servers running 20806.5 which do not exhibit the corrupted nds.conf file
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.