January 2013 Scheduled Maintenance for eDirectory 8.8 SP7 Patch 2
January 2013 OES11SP1 Scheduled Maintenance for eDirectory 8.8 SP7 Patch 2 has been released
Description
January 2013 OES11SP1 Scheduled Maintenance for eDirectory 8.8 SP7 Patch 2 Hot Patch1
- – 795674: ndsd crashes in libnldap.so with latest November 2012 eDirectory Patch 8.8.7 Patch 2
- – 799053: ldap and ldaps interfaces are lost on DSFW server after installing eDir887patch2 + OES11SP1 Nov Patches
Solution
This update is provided as a set of RPM packages that can easily be installed onto a running system by using the YaST online update module. Please install the update.
file contents
| Files Included | Size | Date |
|---|---|---|
| novell-NDSbase-32bit-8.8.7.2-0.7.1.x86_64.rpm | 420.2 KB (430316) | 2013-01-31 11:52:45 |
| novell-NDSserv-8.8.7.2-0.7.1.x86_64.rpm | 5.7 MB (6069650) | 2013-01-31 11:52:51 |
| novell-NDSbase-8.8.7.2-0.7.1.x86_64.rpm | 579.0 KB (592953) | 2013-01-31 11:52:44 |
| novell-edirectory-jclnt-8.8.7.2-0.7.1.x86_64.rpm | 280.7 KB (287529) | 2013-01-31 11:52:56 |
| novell-edirectory-tsands-8.8.7.2-0.7.1.x86_64.rpm | 283.4 KB (290253) | 2013-01-31 11:52:57 |
| novell-NOVLice-8.8.7.2-0.7.1.x86_64.rpm | 462.3 KB (473462) | 2013-01-31 11:52:55 |
| novell-edirectory-tsands-32bit-8.8.7.2-0.7.1.x86_64.rpm | 276.4 KB (283131) | 2013-01-31 11:52:58 |
| novell-NOVLice-32bit-8.8.7.2-0.7.1.x86_64.rpm | 281.5 KB (288314) | 2013-01-31 11:52:55 |
| novell-NDScommon-8.8.7.2-0.7.1.x86_64.rpm | 243.7 KB (249642)… Continue reading |
January 2013 Scheduled Maintenance for OES11SP1
January 2013 Scheduled Maintenance for OES11SP1 has been released
How to apply the patch with zypperList repositories
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-Updates
Should see the following:
OES11-SP1-Updates | oes11-sp1-January-2013-Scheduled-Maintenance | 7195 | recommended | Need
Install the maintenance patch
zypper up -t patch oes11-sp1-January-2013-Scheduled-Maintenance
Then list the patches again to make sure it is installed
zypper pch OES11-Updates
Should see the following:
OES11-SP1Updates | oes11-sp1-January-2013-Scheduled-Maintenance | 7195 | recommended | Installed
Key… Continue reading
January 2013 Scheduled Maintenance for OES11
January 2013 Scheduled Maintenance for OES11 has been released
How to apply the patch with zypperList repositories
zypper lr
Should see the following:
nu_novell_com:OES11-Updates | OES11-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-Updates
Should see the following:
OES11-Updates | oes11-January-2013-Scheduled-Maintenance | 7170 | recommended | Need
Install the maintenance patch
zypper up -t patch oes11-January-2013-Scheduled-Maintenance
Then list the patches again to make sure it is installed
zypper pch OES11-Updates
Should see the following:
OES11-Updates | oes11-January-2013-Scheduled-Maintenance | 7170 | recommended | Installed
Key DSfW specific… Continue reading
January 2013 Scheduled Maintenance for OES2SP3
January 2013 Maintenance patch for OES2P3 has been released
Key DSfW specific bugs fixed with this maintenance patch
- 787330: Can’t install ADC to DSfW domain that is updated to Sept 2012 patch level
- 790828: DSfW Assign rights fails in XAD\_RETAIN\_POLICIES=no case and if there are containers with nspm… attr set
- 792131: DSFW – behavior for isdeleted attribute doesn’t match with Active Directory
- 792146: DSFW FTU1: “Enable Kerberos” task fails while provisioning for CDC in case of FRD is updated with FTU1 build
- 792192: DSFW – “unavailableCriticalExtension” being returned when LDAP\_SERVER\_NOTIFICATION\_OID is being used during ldapsearch
- 793390: Fresh install & configuration of OES11SP1 DSFW Server along with November 2012 patch is failing.
January 2013 Scheduled Maintenance for OES2SP3
- 567151: provide an icon for group in the history window
- 624515: Adding an Auxiliary Class fails if a mandatory attribute of the Aux Class is an optional for another class
- 638542: iManager upgrades… Continue reading
DSfW and eDirectory Health Check
It is a good idea to periodically check the health of DSfW and eDirectory servers.
This video concentrates on a script I wrote that can be ran on both eDirectory and DSfW servers.
The script demonstrated in this video is called dsfw_edir_healthchk.sh. To get the latest version of the script click on the DSfW Health Check link in the download section on DSfWDude.com.
A great TID to start off with for a eDirectory health check is TID 3564075.
On a DSfW server start off with an eDirectory health check as well as TID 7001884 which has DSfW specific commands to check the health and overall operation of a DSfW server.
The script does most of the suggestions in both TIDs mentioned above plus a few more checks.
For eDirectory there are 8 checks the script does and… Continue reading
DSfW Express Install in OES11SP1
With OES11SP1 there are two install options. Express and regular.
The difference between the two is the express install will not prompt for the server and dib location, SLP configuration, the OES proxy user, or the DNS configuration. If there are no other Novell DNS servers in the tree this is a good option. Otherwise do the regular install to use the same DNS Locator object as the existing Novell DNS server is using.
Install error: ndsconfig error 74
Installs can be tricky especially when installing into an existing tree that has been around since NetWare 4.11, has multiple partitions, several locations, and dozens of servers. If the tree is not healthy the install of DSfW has a greater chance of failure. If communication with all servers is good, the tree is healthy, and the Preparing for Domain Services for Windows Install TID is followed then usually the install goes through with out any issues.
If there is a failure a common error is ndsconfig error 74. This video goes over the error. The troubleshooting of this error can be applied to a similar error “ndsconfig error 80”.
DSfW Slow Performance/Group Types
DSfW, like AD, has multiple group types. This is found in the grouptype attribute. TID 7004405 goes over the three group types.
Domain Local group: -2147483644
Global group: -2147483646
Universal group: -2147483640
The default group type is Universal group. This group type can generate a lot of extra traffic causing the performance of the domain controller to suffer.
Global and Universal groups calculate a virtual attribute called tokenGroupsDomainLocal. This attribute is calculated for the group by the slapi layer. When a user is a member of several groups login times can increase. An increase in ndsd utilization can also result from the calculation of the tokenGroupsDomainLocal when a large number of groups reside within the domain.
If ndsd utilization is high or login times need to be reduced, change groups to Domain Local groups to avoid the calculation of the tokenGroupsDomainLocal virtual attribute.
Here is a… Continue reading
Troubleshooting DSfW Slow Performance/Duplicate Workstation Names
Slow logins and poor performance of a DSfW Domain Controller is often due to too many failed authentications to the domain. This video goes over the specific issue of multiple workstations with the same name increasingly queuing up logins until the server comes to a halt. The video covers TIDs 7010462 and TID 7006851.
This video concentrates on TID 7006851.
The command to display and sort Decrypt integrity check failed errors is:
grep -A1 -i ‘Decrypt integrity check failed’ /var/opt/novell/xad/log/kdc.log |grep -v ‘Decrypt integrity check failed’ |awk -F ‘)’ ‘{print $3}’ |grep -v ‘^$’ |awk -F ‘for’ ‘{print $1}’ |sort -n | uniq -c | sort -n
DSfW Install Error: No Such Partition
An error I have seen during installs is No Such Partition. The majority of the time it is easly solved by adding a replica of the name mapped partition to the DSfW server. This video will go through troubleshooting steps for this error.
Either run them on the eDirectory server specidifed for the install or use the -h [ip] if running on the DSfW server.
ndsstat -r
ndstat -p .o=novell.t=tree. -h 192.168.0.51 -n