Updated NDSD Health Check Script for OES2018/SLES12
People have e-mailed me about how much they use the ndsd health check script all the time. I haven’t modified it for OES 2018, but Thomas Mueller has and it looks great. He shared his updated script with me so that I can post it for every one.
Here is the newest version with OES 2018 updates
Thank you Thomas!
DSfW 2008 R2 Schema Update
DSfW is in the process of being updated to 2008 R2 schema and needs your help. If you are interested in beta testing the next version of DSfW please send an e-mail to pmadhan@microfocus.com and Chitradevi.Kumaraswamy@microfocus.com with a subject line ‘Interested in Domain Services for Windows Beta Program’
The final version will support 2012 schema, aes encryption, and fine grained password policies. This is exciting and would be a great project to be part of. This is your chance see and be a major contributor for the coming versions of DSfW.
For more information on this project please go to the coolsolution page below.
https://www.novell.com/communities/coolsolutions/updating-dsfw-environment-ad2008-r2-level-beta-planned/
Logon-Logoff / Power-on-Shutdown Scripts Execution for Windows Clients of DSfW
A new coolsolution has been released allowing the login and logoff tasks on a workstation. The script can also power down or power on workstations. Administrators and end users can automate these tasks. The scripts can be stored in the netlogon or sysvol on the primary domain controller which will sync it out to the other DCs. The profile tab of user properties, or Logon GPO can be used for integrating these scripts into startups and shutdown cases.
Go to novell.coolsolutions.com to download the script and read more about what you can do with this script.
How to remove a DSfW Domain Controller
Need to remove a DSfW Domain Controller? ndsdcrm is the tool to do it. There have been older versions that worked ok but not a version that works with OES11SP2. Some times it would fail or not completely clean up the domain. With OES11SP2 we have had to resort to the manual removal process as described in TIDs 7005431 and 7012738.
A new version has been released on Novell Cool Solutions. If you want to remove an ADC or the entire domain, this is the tool to do it. The tool can be found on Novell Cool Solutions, Removing DSfW Domain Controllers
March 2015 OES 11 SP2 Scheduled Maintenance Update 10332
March 2015 OES 11 SP2 Scheduled Maintenance Update 10332
How to apply the patch with zypper. YaST Online Update can also be used.
1) List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP2-Updates | OES11-SP2-Updates | Yes | Yes
2) List the Updates
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-March-2015-Scheduled-Maintenance | 10332 | security | Needed
3) Install the maintenance patch
OES11SP2
zypper up -t patch oes11sp2-March-2015-Scheduled-Maintenance
4) Then list the patches again to verify the patch is listed as Installed
OES11SP2
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-March-2015-Scheduled-Maintenance | 10332 | Installed
5) To apply all OES11 SP2 updates run the following command
zypper up -t patch -r OES11-SP2-Updates
6) To apply all SLES 11 SP3 updates run the following command
zypper up… Continue reading
January 2015 Scheduled Maintenance Update
January 2015 Scheduled Maintenance has been released
How to apply the patch with zypper. YaST Online Update can also be used.
1) List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP2-Updates | OES11-SP2-Updates | Yes | Yes
2) List the Updates
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-January-2015-Scheduled-Maintenance | 10105 | security | Needed
3) Install the maintenance patch
OES11SP2
zypper up -t patch oes11sp2-January-2015-Scheduled-Maintenance
4) Then list the patches again to verify the patch is listed as Installed
OES11SP2
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-January-2015-Scheduled-Maintenance | 10105
5) To apply all OES11 SP2 updates run the following command
zypper up -t patch -r OES11-SP2-Updates
6) To apply all SLES 11 SP3 updates run the following command
zypper up -t patch -r… Continue reading
December 2014 Scheduled Maintenance Update
December 2014 Scheduled Maintenance has been released
How to apply the patch with zypper. YaST Online Update can also be used.
List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP2-Updates | OES11-SP2-Updates | Yes | Yes
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-December-2014-Scheduled-Maintenance | 9879 | security | Needed
[clear-line]Install the maintenance patch
OES11SP2
zypper up -t patch oes11sp2-December-2014-Scheduled-Maintenance
Then list the patches again to verify the patch is listed as Installed
OES11SP2
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-December-2014-Scheduled-Maintenance | 9879
To apply all OES11 SP2 updates run the following command
zypper up -t patch -r OES11-SP2-Updates
To apply all SLES 11 SP3 updates run the following command
zypper up -t patch -r SLES11-SP3-Updates
Key DSfW specific bugs fixed with this maintenance… Continue reading
DSfW Migration – OES 11 SP1 to OES11 SP2
DSfW Migrations can be tricky if you do not follow the documentation carefully. I created two videos that take you through the process of a successful migration. The videos do not cover the pre-migration. For the pre-migration you want to ensure the tree and DSfW server specifically is healthy.
The key is to install and configure eDirectory with the pre-migration pattern on the target server using the Software Management tool provided by the YaST utility. DO NOT Use the OES Install and Configuration utility. This is the key piece most people miss. If you use the OES Install and Configuration utility the DSfW patter will not be able to be installed. Instead the pre-migration pattern will be layed down, the pre-migration wizard will pop up. If you continue through the pre-migration pattern eDir will be installed. You then click… Continue reading
OES 2015 NSS for AD
The big new feature in OES 2015 is NSS for AD. With NSS for AD, AD users can be given file system access to an OES server. Coupled with DSfW a functioning bi-directional trust will be possible.
Currently the limits with a bi-directional trust are with file system access from the AD side to the eDir/DSfW side. The work around has been to add an AD user to a eDir/DSfW group and via the group the user will gain the needed ACLs to access a file system. The problem has been file access via this method is limited to only DSfW servers. This does not work with other OES servers. Now with NSS for AD complete AD user access will be possible.
Watch this video for more information on NSS for AD in OES 2015
supportconfig updated with DSfW information
A great tool to get essential information on a server is supportconfig. It comes with SLES/OES and the latest set of patches has the DSfW information in the tool.
If you have a SR opened with support you can get the supportconfig analyzed by running supportconfig -ur $srnum; where $srnum is your 11 digit service request number. A html report will be given which will list Critical, Warning, and Recommended messages. Some will have TIDs and/or videos to apply to fix the issue. Some will list a rpm to apply.
This will not upload to Novell to have the supportconfig analyzed. It is the ray files to look at.
With this DSfW piece in the new supportconfig, specific to DSfW is exporting… Continue reading
Novell-Cifs CASA Repair Tool @ Coolsolutions
I published my Novell-Cifs CASA Repair Tool to Novell Coolsolutions.
The tool will validate CASA keys are present and the the proxy user can login. If there is a problem, it will fix it. Great tool to fix the following errors:
ERROR: ENTRY: DDCLogin() failed Error: -223
ERROR: ENTRY: DDCLogin() failed Error: -222
ERROR: ENTRY: DDCLogin() failed Error: -197
The tool works with OES2.x and OES11.x. I expect it to work with OES2015 unless there are big changes in that version.
If you are running Novell Cifs this tool is a must. Download it and have it ready, or run it as a preventative measure.
VI Commands posted @ Coolsolutions
You can learn about vic (vi commands) and download the rpm at Novell Coolsolutions.
Start learning vi or use vic as a quick reference to expand your vi reparto.
DSfW Monitor daemon
I just created a demonized version of the DSfW Monitor script. For more information on the script look the DSfW Monitor script post.
Now you don’t have to create a cronjob to continuously run the tool. Simply download and install the dsfwmon.rpm.
The install will create the /etc/init.d/dsfwmon startup script, the /opt/dsfwdude/conf/dsfwmon.conf file to edit the configuration and the dsfwmon daemon. It also has log rotating enabled.
The install will enable the dsfwmon script so that when the server starts, the script will start monitoring the services.
Edit the /opt/dsfwdude/conf/dsfwmon.conf to send an e-mail if a service has to be restarted. Do not adjust the delay time less than 5 minutes. The script could possibly step on itself, trying to check the services while restarting the services.
Common changes are to enable e-mail setting to be sent when the services restart,… Continue reading
CVE-2014-0224 Fixes in eDirectory
The following Hotfixes for NESCM 3.1 and eDirectory (888, 887 & 885) standalones address the OpenSSL security vulnerability described in CVE-2014-0224 can be found below.
For OES11 SP1/SP2 and OES2 SP3 LTSS the updates are in the respective channels.
– eDirectory 8.8 SP8 Patch 2 HotFix 1 (All Platforms)
Download URL: http://download.novell.com/Download?buildid=4A2ah857Bgs~
– eDirectory 8.8 SP7 Patch 6 HotFix 1 (All Platforms)
Download URL: http://download.novell.com/Download?buildid=wldDBGgzzng~
– eDirectory 8.8 SP5 Patch6 Hotfix2 for NetWare
Download URL: http://download.novell.com/Download?buildid=MzoS_HY0LYw~
– Identity Assurance Solution Client 3.1 Hotfix 1
Download URL: http://download.novell.com/Download?buildid=OXteBss0i-k~
Below is the list of patches that have been released addressing openssl security fixes:
1. OpenSSL on 24th June.
2. GnuTLS on 30th June.
3. iPrint Client on 10th July.
4. eDirectory on 10th July.
All these were duplicated across OES2 SP3, OES11 SP1 and OES11 SP2.
New iManager Plug-ins Page
Have trouble accessing iManager plugins from a server? Now there is a single dedicated site were the plugins can be downloaded and later installed on servers.
https://www.netiq.com/support/imanager/plugins/
The columns are sort-able making it easy to find a plugin or plugin version.
The iManager documentation has been updated to reference the new page:
Install Guide: https://www.netiq.com/documentation/imanager/imanager_install/data/bs3h82n.html
Admin Guide: https://www.netiq.com/documentation/imanager/imanager_admin/data/bxak4k8.html
iManager download install instructions: https://www.novell.com/documentation/imanager/esd/ii_imanager_277.html
May 2014 OES11SP2 Scheduled Maintenance for eDirectory 8.8 SP8 patch 2
May 2014 OES11SP2 Scheduled Maintenance for eDirectory 8.8 SP8 patch 2 (9156)
How to apply the patch with zypper. YaST Online Update can also be used.
List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP2-Updates | OES11-SP2-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-edirectory-888-patch2 | 9156 | security| Needed
Install the maintenance patch
zypper up -t patch oes11sp1-edirectory-887-patch2
Then list the patches again to verify the patch is listed as Installed
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp1-edirectory-888-patch2 | 9156 | security| Installed
To apply all OES11 SPa updates run the following command
zypper up -t patch -r OES11-SP2-Updates
Bugs: 627162, 653702, 782375, 795332, … Continue reading
May 2014 OES11SP1 Scheduled Maintenance for eDirectory 8.8 SP7
May 2014 OES11SP1 Scheduled Maintenance for eDirectory 8.8 SP7
How to apply the patch with zypper. YaST Online Update can also be used.
List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-edirectory-887-patch2 | 6989| security| Needed
Install the maintenance patch
zypper up -t patch oes11sp1-edirectory-887-patch2
Then list the patches again to verify the patch is listed as Installed
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-edirectory-887-patch2 | 6989| security| Installed
To apply all OES11 SPa updates run the following command
zypper up -t patch -r OES11-SP1-Updates
Patch: oes11sp1-edirectory-887-patch6-9149
Bugs: 612236, 799046, 812295, 812707, 825235,… Continue reading
May 2014 Scheduled Maintenance Patch
May 2014 Scheduled Maintenance Patch
May 2014 Scheduled Maintenance has been released
How to apply the patch with zypper. YaST Online Update can also be used.
List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
nu_novell_com:OES11-SP2-Updates | OES11-SP2-Updates | Yes | Yes
List patches in the Updates repository
OES11SP1
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-May-2014-Scheduled-Maintenance | 9151| recommended | Needed
OES11SP2
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-May-2014-Scheduled-Maintenance | 9157| recommended | Needed
Install the maintenance patch
OES11SP1
zypper up -t patch oes11sp1-May-2014-Scheduled-Maintenance
OES11SP2
zypper up -t patch oes11sp2-May-2014-Scheduled-Maintenance
Then list the patches again to verify the patch is listed as Installed
OES11SP1
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-May-2014-Scheduled-Maintenance | 9151
OES11SP2
zypper… Continue reading
March 2014 Scheduled Maintenance Patch
March 2014 Scheduled Maintenance has been released
How to apply the patch with zypper. YaST Online Update can also be used.
List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-March-2014-Scheduled-Maintenance | 8935| recommended | Needed
Install the maintenance patch
zypper up -t patch oes11sp1-March-2014-Scheduled-Maintenance
Then list the patches again to verify the patch is listed as Installed
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-March-2014-Scheduled-Maintenance | 8935
To apply all OES11 SPa updates run the following command
zypper up -t patch -r OES11-SP1-Updates
To apply all SLES 11 SP2 updates run the following command
zypper up -t patch -r SLES11-SP2-Updates
Key DSfW specific bugs fixed with this… Continue reading
I/OTest script to check if the disk I/O is causing slow performance
Slow VM Performacne, use IOTest to see if the disk IO is the culprit
This script will test the disk IO by copying 500Mb of data using the same block size as eDir uses and with the same api eDir uses “fdatasync”.
This writes 500 Mb of data each iteration to the iotest.log in the dib directory, usually the /var/opt/novell/eDirectory/data/dib/
It will overwrite the previous data in the iotest.log each time it runs. Anything under 100 MB/s is a concern and will cause slowness for eDirectory and possible memory build up. IO causes a bottleneck for events to be written to disk. A build up of memory by ndsd can cause a ndsd to take all available memory (both virtual and resident) causing ndsd to core.
If slow IO writes are seen with the iotest script begin the process of adding hard drives and reducing the… Continue reading
New Patch for eDir 8.8.7.5
Patch 8.8.7.5 was released and immediately pulled after seeing ndsd cores due to ldap search filters of (guid=). A new patch is now available. To view if the new patch has been applied run the command:
zypper list-patches –bugzilla=864542
To apply the patch run the command:
zypper up -t patch oes11sp1-edirectory-887-patch5-8910
The following packages will be upgraded:
novell-NDSbase novell-NDSbase-32bit novell-NDScommon novell-NDSimon
novell-NDSrepair novell-NDSserv novell-NOVLembox novell-NOVLice
novell-NOVLsnmp novell-NOVLsubag novell-dclient novell-dclient-32bit
novell-edirectory-jclnt novell-edirectory-tsands
novell-edirectory-tsands-32bit novell-nmas novell-nmas-libnmasext
novell-nmas-libspmclnt novell-nmas-libspmclnt-32bit novell-nmasclient
novell-nmasclient-32bit novell-npkiapi novell-npkiapi-32bit novell-npkiserver
novell-npkit novell-npkit-32bit novell-sss
To downlowd the stand alone eDirectory patch and to learn more about the patch see eDirectory 8.8 SP7 Patch 5 HotFix 1 (All Platforms)
New Features in DSfW OES11SP2
There is a great article on Novell CoolSoltutions about the New Features in DSfW OES11SP2.
It gives great information on the new features with screenshots and explanations. Take a look and learn more about the new features of DSfW.
January 2014 Scheduled Maintenance Ptach
January 2014 Scheduled Maintenance has been released
How to apply the patch with zypper. YaST Online Update can also be used.
List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-January-2014-Scheduled-Maintenance | 8685| recommended | Needed
Install the maintenance patch
zypper up -t patch oes11sp1-January-2014-Scheduled-Maintenance
Then list the patches again to verify the patch is listed as Installed
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-January-2014-Scheduled-Maintenance | 8685
To apply all OES11 SPa updates run the following command
zypper up -t patch -r OES11-SP1-Updates
To apply all SLES 11 SP2 updates run the following command
zypper up -t patch -r SLES11-SP2-Updates
Key DSfW specific bugs fixed with this… Continue reading
OES11SP2 is Available for Download
OES11sp2 is now available for download.
SCA Appliance
Ever wonder what happens when you run a supportconfig -ur SR#? The support config gets uploaded and analyzed by a Support Config Analysis server that runs potentially over 900 support patterns to analyze the support configs contents. The report is then posted to the SR listing critical issues than when fixed have been found to fix roughly 50% of the issues an SR was created for.
The Support Config Analysis server is available for download as an appliance than can be ran on premises. The appliance stores analysis results in a MariaDB database and uses PHP to read the database and generate the report. It has a FTP server allowing for support configs to be uploaded, archived, processed, and analyzed. With this it is possible to modify the supportconfig script to gather more information for other applications running on the server and… Continue reading
November 2013 Scheduled Maintenance
November 2013 Scheduled Maintenance has been released
How to apply the patch with zypper. YaST Online Update can also be used.
List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-November-2013-Scheduled-Maintenance | 8483| recommended | Needed
Install the maintenance patch
zypper up -t patch oes11sp1-November-2013-Scheduled-Maintenance
Then list the patches again to verify the patch is listed as Installed
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-November-2013-Scheduled-Maintenance | 8483
To apply all OES11 SPa updates run the following command
zypper up -t patch -r OES11-SP1-Updates
To apply all SLES 11 SP2 updates run the following command
zypper up -t patch -r SLES11-SP2-Updates
Key DSfW specific bugs fixed with this… Continue reading
DNS CASA Repair Script
A common reason for Novell DNS to fail to update records or even fail to load is do to CASA credentials for the DNS proxy user.
When troubleshooting Novell DNS issues start with the /var/opt/novell/log/named/named.run log.
If novell-named fails to start or update records and CASA Error has occured, error:No credential is retrived from CASA is seen in the log, it is almost a guarantee the reason is the dns-ldap key is missing, the password is incorrect for the proxy user, or the user name is incorrect.
Below is a sample of a named.run log demonstrating what is seen when CASA credentials in invalid or missing.
Look for the starting of named and the CASA Error
19-Nov-2013 15:30:13.489 general: main: notice: starting BIND 9.3.2 -u named
19-Nov-2013 15:30:13.490 general: server: info: found 4 CPUs, using 4 worker threads
19-Nov-2013 15:30:13.500 general: dns/message: error: Credential Not found
19-Nov-2013… Continue reading
New DSfW Monitor Script
I previously created two scripts, dsfw_processcheck.sh and dsfw_portchk.sh, one to monitor pids and one to monitor ports. With the two script they are helpful to ensure the DSfW services are up. A new script combines the two and adds additional options. The script not only checks for pids and ports, but it can be used to create a cron job to run the script every 10 minutes by adding the “add” switch. To remove the cron job use the “rm” switch.
If a DSfW server running DNS (or not) has a DSfW specific process stop or crash a quick stop gap measure is to monitor the DSfW processes and restart them if one or more of the DSfW processes stop.
If the DSfW server is an Additional Domain Controller (ADC) DNS might not be configured on the server. If DNS is not running on the… Continue reading
September 2013 Scheduled Maintenance
July2013 Scheduled Maintenance has been released
How to apply the patch with zypper. YaST Online Update can also be used.
List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-September-2013-Scheduled-Maintenance | 8284| recommended | Needed
Install the maintenance patch
zypper up -t patch oes11sp1-September-2013-Scheduled-Maintenance
Then list the patches again to verify the patch is listed as Installed
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-September-2013-Scheduled-Maintenance | 8284| recommended | Installed
September 2013 Scheduled Maintenance for OES11SP1 (8284)
Key DSfW specific bugs fixed with this maintenance patch for OES11SP1
- 816488 – DSfW: Migration does not retain sysvol facls
- 828484 – OES11 SP2: eDirectory cored… Continue reading