Guidelines for implementing NDS 8
(Last modified: 03Jul2003)
This document (10056814) is provided subject to the disclaimer at the end of this document.
Guidelines for implementing NDS 8
Novell NetWare 5.0
Novell NetWare 5.1
Novell eDirectory NDS 8
To ensure that NDS 8 is successfully deployed, please read and consider the guidelines below. This document provides a summary of known issues, please take the time to read the TID's mentioned where applicable.
Document Version 6
Throughout the following minimum patch levels will be assumed:
DS version 6.10 to 6.11
NW4SP6a or greater
DSREPAIR version above 4.70z
DS version 7.44
Dsrepair versions above 5.25z
DS VERSION 7.44
Dsrepair versions above 5.25z
NDS8 / NDS 8
DS version 8.59
CCS.xlm and Nici 1.5.2
***** Before Upgrading or Installation *****
What Products are installed? To plan for a successful upgrade or installation, ensure that each product will work on the upgraded OS! Check - don't make assumptions.
Use the correct installation CDs: Ensure that the CD's being used are the correct versions! They may have been used in the test environment with success, this does not mean that they are correct. Ensure that you are using the correct NICI, 56bit or 128bit.
Correct Service Pack: Early versions of SP's could be US specific. Check that you have the correct versions of the patches.
Hardware Requirements: Check that the hardware will be adequate after the upgrade. NetWare 5.1 does require a more RAM due to caching and indexing, when using NDS8.
Run DSRepair: Run the correct DSREPAIR version prior to upgrade, it's documented in the readme.txt file that is supplied with the product.
Too many attribute values: Check for too many values on the WM:Registered Workstation attribute. Use DSBROWSE to search on NetWare 5 (DS7/8). On NetWare 4.1x, use DSREPAIR ·WM (TID:10051665) to delete values, the deletion is not synced or DSREPAIR -CV100 to check for too many values. (DSRepair 7.26)
Upgrading the DS: TID: 10052489 - If the server being upgraded, does not hold a copy of Root. Copy the files from the NI.EXE file to C:\NWUPDATE directory of the server before installation commences.
Client Issue: The Novell client 4.11a could have a problem connecting to a NetWare 5.x server.
Check for UserSecurityInfo class issues: This is known to be a current issue. After upgrading check that this is working. You may not see any sync errors. But the schema could still be incorrect. TID: 10051821
Avoid a failed Installation: When installing a NetWare 5.1 server, select STANDARD VGA at the beginning of the installation / upgrade. Also read TID: 2943847 & 10023836
After upgrading to NDS 8: Follow TID:10060669 for setting the NDS SMI cache to avoid High Server Utilization. In most cases the cache must be set higher!
The NW5SP5 service pack installs NICI 1.3.1, this version is not correct for implementing NDS 8.59 (DS8E.EXE) or higher. The minimum NICI files required are 1.5.3, the file NICI_W1.EXE contains, NetWare Server NICI 1.5.4 (2000/08/10), found at http://www.novell.com/download
***** Documented issues *****
ISSUE: -628 error (object class violation) being reported on NDS v8 or Edirectory servers for Aux classes such as Entrust
FIX / WORK AROUND: If Aux classes must be used, ensure that only NDS8 servers contain real copies of the partition that has the objects with the Aux class associations. This is a design Issue: Ensure that only NDS8 servers are in the replica ring.
ISSUE: Trustee rights not restored to the files system after a disaster.
FIX / WORK AROUND: The backup software should be able to RESTORE TRUSTEE ASSIGNMENTS ONLY. If Not then you should use TBACK3.exe regularly to backup the trustee rights.
ISSUE: Error 604, No Such Class in replica synch after NW5.1 server is added.
FIX / WORK AROUND: The Global Schema Enhancements had not been run on the Master of Root prior to installing the first NetWare 5.1 server into the tree (specifically the introduction of NDS8 schema). Check schema sync before deployment, then extend the schema.
Use TBACKUP prior to migration. The TID's description could be clearer.
ISSUE: Loss of file system trustees following migration to DS8 from DS6 - SYS:SYSTEM\DSMISC.LOG error " Skipping volume <volume name> because it was previously migrated
FIX / WORK AROUND: If a server does not have a local entryID for the SERVERNAME_VOLUME object at the time the migration is performed then the volume is skipped by the migration and trustees. are not transferred. To confirm prior to migration use DSVIEW.NLM or DSBROWSE.NLM on the server to be migrated to search for the volume objects. If it is found that they are not held locally then: DSREPAIR.NLM > Advanced Options > Check Volume Objects and Trustees, must be performed.
Fix: If the volume was skipped it may be confirmed that the volume object was not originally present in the database by reviewing the SYS:_NETWARE\*.__D files. To recover trustee assignments after the migration it will be necessary to perform "Check Volume Objects and Trustees" to purge the invalid trustees and then recover the file system trustees from backup. If no backup was taken then the file system trustee rights must be re-established following "Check Volume Objects and Trustees".
ISSUE: -641 on schema class userSecurityInformation after migrating from NDS6 to NDS8
FIX / WORK AROUND:When installing the first NW5.1 DS8 server into a WN4.11 tree the UserSecurityInformation class is incorrect, the object was missing the 20 flag (flag setting should have been 00200032) in the class definition. Super classes and Containment were missing "TOP" The root cause appears to be that an older implementation of the affected classes were imported into the NetWare 4 tree. When the server was upgraded and NDS 8 was installed, the newer LDAP schema rules clashed with the existing rules. Issue raised with engineering.
ISSUE: Various problems can be observed with any service which makes use of NDS. Generally administration is slow and changes are lost.
FIX / WORK AROUND: To increase the amount of memory available to the NDS, the number of bytes are 1000000 (1 million) = 1MB. For example: SET DSTRACE = !MB20000000 (M=Memory B=Bytes). The current recommendation is for the cache to be 110% of the DS DIB size (default is 8 MB).
Extract from the TAO documentation, TID: 10056517
1. Open _NDSDB.INI in a text editor.
On NetWare, this file is in SYS:\NETWARE. On Windows NT and Windows 2000, this file is generally in \NOVELL\NDS\DIBFILES.
2.Add the applicable syntax to the file:
Fixed number of bytes you want used.
Definition: Sets a hard memory limit.
Example: To set a hard limit of 8 MB, type cache=8000000
Multiple options can be specified in any order, separated by commas.
DYN: Sets a dynamically adjusting limit.
HARD: Sets a hard memory limit. Percentage of available or physical memory to use.
AVAIL or TOTAL: Percentage of available or total physical memory for hard memory limit only.
MIN:number_of_bytes: Minimum number of bytes.
MAX:number_of_bytes: Maximum number of bytes.
LEAVE:number_of_bytes: Minimum number of bytes to leave.
Definition: Sets a hard memory or dynamically adjusting limit.
Examples: To set a dynamically adjusting limit of 75% of available memory and a minimum of 16 MB, type cache=DYN,%:75,MIN:16000000
To set a hard limit of 75% of total physical memory and a minimum of 16 MB, type cache=HARD,%:75,MIN:16000000
3. (Optional) To specify the dynamic adjusting limit interval, add the following line:
4. (Optional) To specify the interval for cleaning up older versions of entries and blocks, add the following line:
5. (Optional) To change the percentage split between block and entry cache, add the following line:
The variable percent should be between 0 and 100. The percentage you specify is the percentage of cache memory used for the block cache. The remaining percentage is used for the entry cache. We do not recommend setting the percentage to 0.
6.Restart the NDS server for the changes to take effect.
Configuring DSTRACE commands...
If you are using NDS eDirectory for NetWare, you can configure the dynamically adjusting and hard memory limits in DSTRACE. You do not need to restart the server for the changes to take effect.
1. (Optional) To set a fixed hard limit, type the following at the server console:
For example, if you want to set a hard limit of 8 MB, type SET DSTRACE=!MB8388608
2. (Optional) To set a calculated hard limit, type the following at the server console. Only type the options you want to specify.
SET DSTRACE=!MHARD,AVAIL OR TOTAL,%:percent,MIN:number_of_bytes,MAX:number_of_
For example, to set a hard limit of 75% of total physical memory and minimum of 16 MB, and to specify not to save these options to the startup file, type
3. (Optional) To set a dynamically adjusting limit, type the following at the server console:
SET DSTRACE=!MDYN,%:percent,MIN:number_of_bytes,MAX: number_of_bytes,LEAVE:number_of_bytes_to_leave, NOSAVE
For example, to set a dynamic limit of 75% of available memory and a minimum of 8 GB, type
ISSUE: Printing process issue when the following conditions exist:
1. Remote Print Server (i.e. Jet Direct).
2. Server holding the Queue Directory does not hold a replica of the Queue object.
3. Server holding the Queue Directory has connections to servers who do not hold any replicas.
FIX / WORK AROUND: Work around is to put a real copy of the print queue object onto the server. Issue raised with engineering.
Resolved using DS8D.EXE or higher
ISSUE: DS.NLM experiencing a memory leak.
FIX / WORK AROUND: A workaround is to comment out the NTREND.NLM for the NMA5.NCF file.
Copy the files from the NI.EXE file to C:\NWUPDATE directory of the server before installation commences.
ISSUE: Fatal error upgrading NW 4.11 server to NW 5.1 eDirectory, right after it copies the GUI stuff the upgrade will fail with a -782 error, server may abend on reboot with a page fault processor exception, Error: 782 -782 0xFFFFF30E = ERR_ROOT_UNREACHABLE
FIX / WORK AROUND: The solution is to use the files in NI.EXE. The workaround is to put a copy of the [root] partition on the server being migrated. Any factor that stops communications to Root can cause the problem.
ISSUE: Dsrepair, in the advanced menu, replica and partition operations shows 602 errors to various servers.
FIX / WORK AROUND: If report synchronization and DSTRACE do not show any errors then there may be no reason for concern. The best way to evaluate the health of the tree is to use DSDIAG.
Ensure that the schema is in SYNC before upgrading
ISSUE: Error -611 ILLEGAL_CONTAINMENT when trying to create the SECURITY CONTAINER
FIX / WORK AROUND:Run DSREPAIR -A | ADVANCED OPTIONS | GLOBAL SCHEMA OPERATIONS and run the POST NETWARE 5 SCHEMA UPDATE and then the OPTIONAL SCHEMA ENHANCEMENTS. You may then try to use SASI.NLM or try to install the CERTIFICATE SERVER.
ISSUE: Type C Obituaries get stuck in a mixed 4.x/5.x environment
FIX / WORK AROUND: Engineering are aware of the problem
ISSUE: Unable to create _ndsdb.ini file with the set dstrace=!m
FIX / WORK AROUND: Fixed in NW51SP1, but still prob w/ eDirectory on NW5.0. Setting the DS cache doesn't create the INI file because a directory already exists with that name. Delete the directory, SYS:_NETWARE\_NDSDB.INI.
ISSUE: Error: 131 -131 FFFFFF7D = DSERR_HARD_IO_ERROR, The error is sporadic, the error moved from server to server, users could not authenticate to the server reporting the error
FIX / WORK AROUND: This seems to be resolved with the new FILESYS.NLM in NW5 sp5 and with NDS8.59. Both patches must be applied.
ISSUE: User passwords were not correctly maintained, after changing the password the user was still not able to login, returned a -632 error.
FIX / WORK AROUND: Install DS 6.10 on the NetWare 4.1x servers
ISSUE: OBT_OLD_RN and OBT_BACKLINK remain in a NetWare 4 server while running in a mixed NetWare 4/5 NDS8 environment.
There are a number of ways to assist the DS with processing obituaries. One of the easier ones, if not too many obits are involved, is to load DSBROWSE -A. This provides the RESEND option when using the F3 key when highlighting the object which has the obituary. RESENDING the object will ensure that the master has a copy and that the timestamp is updated.
The problem is a incompatibility between NetWare 4 and NetWare 5. Please see the following example, the master is on the NetWare 5 server, and the rename actually gets issued on the NetWare 4 server. When the object gets renamed, the original object (NewObject4) in NetWare 4 gets the new name, and a placeholder called OldObject4 is created with the old name. During synchronization, the NewObject4 gets synchronized over to NetWare5 first, and causes the NetWare5 object to rename to the new name. Then the OBT_OLD_RN gets added to the NetWare5 object. The OldObject4 is always chronologically later in the database than the NewObject4. It syncs over, it has the same tuned name, and causes the OBT_NEW_RDN and the OBT_BACKLINK(s) to be attached to the Object5 on the NetWare 5 server. Then the NetWare 5 server takes over. It now has the OBT_OLD_RDN, and OBT_NEW_RDN, and OBT_BACKLINK(s) on its only object (Object5). It synchronizes this back to the NetWare 4 server, and this server in turn attaches then ALL obituaries to NewObject4.
When the obituary processing now happens on 5, only NewObject4 will be notified, and OldObject4 will not be touched anymore. When the obituaries have been progressed to state 4 (PURGEABLE), the obituaries on the NewObject4 will be purged, but the OldObject4 will stay and never be touched.
FIX / WORK AROUND: Either put the master on NetWare 4, or apply DS 6.10 on ALL NetWare 4.11/4.2 servers in these mixed rings.
ISSUE: High utilization on servers that have a lot of bindery print queues on them.
FIX / WORK AROUND: DS.NLM 8.59 has a new setting that will help with bindery issues. They are set on the console screen under the NDS options. The new set parameters are, NDS Bindery QOS Mask (Must be set for the bindery type causing high utilization) and NDS Bindery QOS Delay (Specifies the delay in ms for the selected types in the mask)
|Document Title:||Guidelines for implementing NDS 8|
|Novell Product Class:||NetWare|
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.