Install a NW 5.x Server after removing DS, NDS, eDirectory.
(Last modified: 24Jan2003)
This document (10063721) is provided subject to the disclaimer at the end of this document.
goal
Install a NW 5.x Server after removing DS, NDS, eDirectory.
What objects have to be created manually after installing a NW 5.1 server into an existing Tree using Install Directory Services in NWConfig?
fact
Novell NetWare 5.x
Novell Directory Services
Novell NetWare Server NICI
Novell Certificate Server
symptom
NDS objects are missing after re-installing DS to a NW 5.1 server.
Installing DS to a NW 5.1 server does not create all the required NDS objects.
NLDAP objects are not created when installing DS to a NW 5.1 server.
A normal server install process to an existing Tree creates a number of objects in NDS that are not created during a DS only install.
SMDR objects are not created when installing DS to a NW 5.1 server.
Failure to setup the Public/Private Key pair correctly may require Novell Technical Support or Consulting Services to clean up Tree and Server problems.
A NW 5.x Server is created using server imaging solutions prior to deployment.
A NW 5.x Server is initially created by a clean install into a Separate Tree, Service Packs are applied and then DS is removed.
fix
The following steps assume that you have removed DS from this server, or that DS was not included in the Server image used to create this server.
When the server is ready to be installed into the destination (Production) Tree, use the following process to ensure all NDS objects and related services are correctly installed and created. This process assumes that NDS has already been removed from this server.
1. Change the SERVER ID number and Server Name as required for your network by editing the SYS:SYSTEM\AUTOEXEC.NCF file.
If Imaging technology was used to deploy this server, this must be done. Verify that this number and name are still UNIQUE for the entire network system.
2. Comment out lines for services or agents that are not required at this time in the SYS:SYSTEM\AUTOEXEC.NCF file.
Comment our any services that you do not want loading during the DS install and server setup steps following. Items like BROKER.NLM, NLDAP.NLM should be commented out for now.
3. NOTE: Only do this step if you are using an image to create the server. Delete the old NICI files/configuration. (THIS IS A CRITICAL STEP TO AVOID FUTURE PROBLEMS. THIS WAS NOT REQUIRED PRIOR TO NW 5.X)
If imaging technology was used to deploy this server, this may have been done prior to the image being created.
a. Delete all the file in SYS:SYSTEM\NICI
b. Delete the SYS:_NETWARE\XMGRCFG.DA0 (DAzero), using JCMD.NLM or a similar utility
If MLA licenses were/are used this file may be SYS:_NETWARE\XMGRCFG.KS0 (KSzero)
c. Copy the A:\LICENSE\xxxxxxxx.NFK file to SYS:SYSTEM\ (rename it to NICIFK - with no extension)
d. Delete the file SYS:PUBLIC\ROOTCERT.DER if it exists.
4. NOTE: Only do this step it you are using an image to create the server. Edit the configuration files for the new IP addresses/host name.
a. SYS:ETC\SNMP.CFG for server name and description
b. SYS:ETC\HOSTS for server name, DNS name and IP address
c. SYS:ETC\SLP.CFG for static SLPDA IP addresses
d. SYS:ETC\RESOLV.CFG for domain and DNS server IP addresses
e. Novonyx configuration files for IP and server DNS name
5. Configure IPX and TCP Protocols and LAN Bindings as appropriate for the new site.
Use INETCFG in most cases. If you are configuring NIC Teaming or Trunking, you may have to setup Bindings in the AUTOEXEC.NCF only.
6. Configure Timesync to reference the local (or designated) Time providers.
You can verify that the Timesync process is working by turning on the Timesync Debug screen as follows:
SET TIMESYNC DEBUG=7
SET TIMESYNC RESTART FLAG=ON
Use Alt-Esc to switch to the Timesync Debug Screen or Ctrl-Esc to select that screen directly.
Verify that the server is communicating with the designated Time Sources.
When finished the SET TIMESYNC DEBUG=0 will turnoff the debug display.
7. Reboot the server with the above settings established.
This will change the Server Name, Server ID, NICI Keys, and other configuration correctly before the server is installed into the production Tree.
8. After rebooting the server, verify server communication.
Use the DISPLAY SERVERS command to list IPX services discovered by SAP. This can also be checked in the Services option of IPXCON.NLM. Verify communications with other TCP servers using the PING.NLM. TCPCON.NLM can also be used to identify TCP/IP connectivity.
9. Install Server into existing Tree.
Use NWCONFIG.NLM - Directory Options - Install Directory.
It is important to use a User Login for this process that has full rights to the Certificate Authority. Any other Admin login (one that has full rights to the ORGANIZATION object but no rights to the CA) will result in an incomplete setup of the Security pieces of the server. The Certificate Server software will have to be manually reinstalled later to fix this problem. The best way to avoid problems here (or in related steps) is to use an Admin login that has full Supervisor rights to the [Root] object.
(Need to verify that the server has been assigned as a trustee to it's container with BROWSE and COMPARE Entry Rights and SUPERVISOR rights to All Attributes.)
10. Verify Timesync time sources.
The install Directory Services process (in step 9) will often change the Timesync source to the Reference Time Server. After Directory Services is installed to this server, check the Time Source settings. If they have been changed incorrectly, reset them to the values you initially set in step 6.
11. Create the NLS_LSP object.
Although the Directory Services installation in Step 9 should have setup the NLS_LSP object, this step will ensure that NLS is properly configured for this server and the Tree. Run SETUPNLS.NLM to create the NLSLSP object for this server. Use the same Admin user that was used in step 9.
12. Install the Server License.
If MLA licenses are used they may already be installed in the Tree. Other licenses can be installed through NWCONFIG.NLM - License Options or through the NWAdmin utility.
NOTE: STEPS 13 and 14 can be completed by using the PKIDIAG.NLM utility. The use of the PKIDIAG.NLM is recommended as it will also ensure that the SAS and SSL objects are correctly linked as well as being valid.
13. Create the SAS Service object.
At the server console enter "UNLOAD PKI" and "UNLOAD SAS" to. Once those modules are unloaded enter "LOAD SASI" to load the SASI.NLM. When prompted make sure that you use a User Login with the same rights to the Certificate Authority object as noted in step 9 above.
14. Create the KMO's "SSL CertificateIP" and "SSL CertificateDNS".
Use Console One to create these objects. The default options, as prompted by the Wizard, will usually suffice for these objects. Use the Certificate name that is shown in quotes above for the new certificate objects. The object will be created with the Server Name appended, based on the Server selected during the Certificate creation process. Use Custom instead of Standard when prompted so that you can check the properties as the certificate is created. Verify the Certificate time length. When the certificate expires, you will have to re-issue these Certificates. A time setting of Maximum will issue these certificates for 10 years.
15. Create the "LDAP Group - {server name}" and "LDAP Server - {server name}" objects. (OPTIONAL)
If LDAP is being used on this server create these objects. Load NLDAP.NLM at the server console just prior to starting this object creation process. Create the Group object ·LDAP Group - {server name}·, first and then it can be referenced correctly in the Server object. You need to include the Server Name in the object names for this process. Use the "SSL CertificateDNS - {server name}" object when configuring the LDAP Server object properties.
16. Setup the SMDR (Backup) objects. (OPTIONAL)
If Backup Services are to be used on this server, create the {Server Name} Backup Queue, SMS SMDR Group and the {Server Name} SMS RPC objects by running "SMDR.NLM NEW" at the server console. Use a fully distinguished Admin login with the leading period when prompted. After successfully setting up the SMDR, you can test this by unloading SMDR.NLM and loading TSA500.NLM. The SMDR.NLM should auto-load without any errors.
17. Create the NDPS Objects. (OPTIONAL)
If the NDPS database (Broker portion) is on this server (installed earlier or in server image), create the Broker Object in NWAdmin. Create the NDPS Manager Object in NWAdmin if the Manager is to be running on this server as well.
18. Edit SYS:SYSTEM\AUTOEXEC.NCF.
Add any commands that were removed or commented out in the SYS:SYSTEM\AUTOEXEC.NCF in step 2. Items like the BROKER.NLM, NLDAP.NLM and so on.
19. Clean up and re-check all configuration files one last time.
Go through the above steps and any notes you made during this process to verify that all settings are correct.
20. Restart the server with all services starting correctly.
Verify server is in full communication with other servers and that Time and DS are in full sync. Add or move DS replicas as required for your network structure and design.
document
| Document Title: | Install a NW 5.x Server after removing DS, NDS, eDirectory. |
| Document ID: | 10063721 |
| Solution ID: | NOVL53760 |
| Creation Date: | 23Jul2001 |
| Modified Date: | 24Jan2003 |
| Novell Product Class: | End of Life NetWare Novell eDirectory |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.