Health Check Procedures for NDS eDirectory on Supported Platforms

Articles and Tips: article

Worldwide Support Services
Novell Technical Services
Novell, Inc.
support@novell.com

01 May 2001

This AppNote outlines regular health check procedures for Novell Directory Services (NDS) or eDirectory. The procedures are given for running the health checks in several of the supported platforms for eDirectory: NetWare, UNIX/Linux, and Windows NT/2000.

Introduction
Health Check Procedures
Conclusion

Introduction

To maintain eDirectory (also known as Novell Directory Services or NDS) and as a preventative measure, Novell recommends that you perform a series of health check operations on every server on a regular basis. The frequency of the health check procedures is a general rule, based on whether you have a dynamic or static eDirectory environment.

To determine whether your eDirectory environment is dynamic or static, consider the following definitions:

Static Environment. A static eDirectory environment has minimal routine changes. For example, you only make simple changes such as adding or deleting User objects, or you create a partition or add a server every couple of months. Since a static environment experiences fewer changes, you need only perform the health checks once a month.
Dynamic Environment. A dynamic eDirectory environment is one in which non-routine changes are made frequently. For example, you create partitions or add servers weekly, or you are in the process of developing the Directory tree. Because of the frequency of changes in a dynamic tree, you should perform the health checks once a week in this environment.

If you initially have a dynamic environment, the pace of change often decreases over time and the environment becomes more static. As this happens, you can begin to perform these health checks less frequently.

Novell also recommends that you perform these health checks on your tree before executing major NDS operations such as moving or deleting large numbers of objects, performing partition operations, or adding or deleting servers.

The utilities used to check the health of eDirectory on a UNIX/Linux platform are installed by default when the NDS server package is installed. The two most commonly used utilities which will be referred to in this AppNote are ndsrepair and ndstrace. For more detailed information about these utilities, UNIX manual ("man") pages are available online. To access these, enter the following commands from the console prompt:

man ndsrepair

man ndstrace

Health Check Procedures

The platforms that these instructions apply to include:

NDS 6.x, 7.x, eDirectory 8, and eDirectory 8.5
NetWare 4.11, 4.2, 5.0, and 5.1
Windows NT 4.0, 2000 Server, and 2000 Advanced Server
Linux (supported kernels)
Sun Solaris 2.6 and above
Tru64 UNIX

The health check procedures that you should perform are:

Verifying DS Versions
Checking Time Synchronization
Checking Server-to-Server Synchronization
Checking Replica Synchronization
Checking External References
Checking Replica States
Checking Schema Synchronization

These procedures are explained in the following sections.

Verifying DS Versions

All NDS versions should be at the latest version on their respective operating system platforms. In addition, all servers in the tree should be patched to the latest available versions.You can verify the versions of DS.NLM that exist in your tree by using the DSREPAIR utility in NetWare and Windows NT/2000 environments or the ndsrepair utility in UNIX/Linux environments.

The following steps outline how to verify DS versions for each OS platform.

NetWare. Perform a time synchronization check within the DSREPAIR utility. To do this, load DSREPAIR.NLM from the server console and select the "Time Synchronization" option. The resulting report includes the DS.NLM version for each server in the tree.

Windows NT/2000. Perform a time synchronization check within DSREPAIR to report the DS version for each server in the tree. Load DSREPAIR.DLM from the server by opening the "NDS Services" under the Control Panel, highlighting DSREPAIR.DLM, and clicking on the Start button. Once DSREPAIR.DLM starts, select the Repair menu and then the "Time Synchronization" option.

UNIX/Linux. Execute the "ndsrepair -T" command (remember UNIX is case-sensitive), which will show the DS version for the servers displayed in the list. If some of the servers in the tree are not displayed, you may have to run this command on those servers separately. Or you could execute "ndsrepair -E" on individual servers; the DS version is given at the beginning of the displayed information.

Time Synchronization

NDS communication uses time stamps to uniquely identify objects and each object's modification time for synchronization purposes. If servers in the tree are not synchronized to the correct local time (or, more importantly, to each other), replica synchronization will not be reliable. In this situation, severe object corruption and data loss can be experienced. To avoid these problems, time must be in sync across all servers in the network.

The following steps outline how to check time synchronization for each platform.

NetWare. Load DSREPAIR.NLM from the server console and select the "Time Synchronization" option. This process will check every server in the tree (including Windows NT, UNIX, and Linux servers) and report whether each server"s time is synchronized to the network.

Windows NT/2000. Load DSREPAIR.DLM from the server by opening the "NDS Services" under the Control Panel, highlighting DSREPAIR.DLM, and clicking on the Start button. Once DSREPAIR.DLM has started, select the Repair menu and then the "Time Synchronization" option.

UNIX/Linux. Execute the "ndsrepair -T" command from the server console.

Server-to-Server Synchronization

NDS servers regularly communicate changes made to objects and partition boundaries to keep the tree synchronized. This check is to verify that no errors exist after NDS performs its synchronization process. To perform this check on a server, the server must have a replica in order to display the needed NDS trace information.

The following steps outline how to check server-to-server synchronization for each platform.

NetWare. Type the following commands at the server console prompt:

SET DSTRACE=ON (activates the NDS transactions screen) SET DSTRACE=NODEBUG (turns off all preset filters) SET DSTRACE=+S (makes it so you can see the synchronization) SET DSTRACE=*H (initiates NDS synchronization between servers)

You can view the NDS eDirectory trace screen by pressing the <Ctrl<-<Esc< keys simultaneously and then selecting <Directory Services< from the list of Current Screens. If there are no synchronization errors, you will see a line that says <All Processed = Yes< displayed for each partition contained on this server.

If the information is more than can fit on a single screen, use the following commands to save the display to a file that can be viewed in any text editor:

SET TTF=ON (sends screen to the SYS:SYSTEM\DSTRACE.DBG file) SET DSTRACE=*R (resets the DSTRACE.DBG file to 0 bytes) SET TTF=OFF (do this after NDS has completed synchronizing all partitions)

Once the file is saved, map a drive to your server's SYS:SYSTEM directory and bring up the DSTRACE.DBG file in a text editor. Search for 'YES' to find successful synchronization messages for a partition, or for '-6' and '-7' to find any NDS synchronization errors, such as -625 or -746 errors.

Windows NT/2000. Load the NDS Server Tracy Utility from the server by opening the "NDS Services" under the Control Panel, highlighting DSTRACE.DLM, and clicking on the Start button. Once DSREPAIR.DLM has started, select the Edit menu and click on Clear All. Check the "Partition" and "Sync Detail" boxes, and then click on OK.

To force a partition synchronization with other servers, highlight the DS.DLM under the "NDS Services" screen and click on the Configure button. Select the Triggers tab and then click the Replica Sync button. You can view the synchronization activity by going to the NDS Server Trace Utility screen and scrolling through the synchronization messages.

UNIX/Linux. Execute the "ndstrace" command from the server console. Once the NDSTRACE utility has started, enter the following commands:

SET NDSTRACE=ON (enables file logging to \var\nds\DSTRACE.LOG) SET NDSTRACE=NODEBUG (turns off all preset filters) SET NDSTRACE=+SKLK (enables filter of synchronization traffic) SET NDSTRACE=*H (initiates synchronization between servers)

The displayed information is also saved in the DSTRACE.LOG file, which can be viewed in any text editor.

Replica Synchronization

This check reports the replica synchronization status for every partition that has a replica on the current server. This operation reads the Synchronization Status attribute from the replica object on each server that holds replicas of the partition. It displays the time of the last successful synchronization to all servers, along with any errors that have occurred since the last synchronization.

The following steps outline how to check replica synchronization for each platform.

NetWare. Load DSREPAIR.NLM from the server console and select the "Report Synchronization Status" option.

UNIX/Linux. Execute the "ndsrepair -E" command from the server console.

External References

This check looks at each external reference object to determine if a replica containing the object can be located. It will also display obituaries and show you the states of all servers in the backlink lists for the obituaries.

The following steps outline how to check external references for each platform.

NetWare. Load DSREPAIR.NLM from the server console, select "Advanced Options Menu", and then select the "Check External References" option.

UNIX/Linux. Execute the "ndsrepair -C" command from the server console.

Replica States

This check lists partitions and the states of the replicas stored in the current server's NDS database files.

The following steps outline how to check replica states for each platform.

NetWare. Load DSREPAIR.NLM from the server console, select "Advanced Options Menu", and then select the "Replica and Partition Operations" option.

Windows NT/2000. Load DSREPAIR.DLM from the server by opening the "NDS Services" under the Control Panel, highlighting DSREPAIR.DLM, and clicking on the Start button. Once DSREPAIR.DLM has started, expand the "Partitions" tree to list each of the partitions. Highlight each partition to see the states of the replicas, listed in the right-hand window.

UNIX/Linux. Execute the "ndsrepair -P" command from the server console.

Schema Synchronization

Each of the NDS servers has schema definitions that are used for creating and maintaining objects.This check verifies that schema synchronization between servers is working correctly. To perform this check, a server must have a replica to display the needed NDS trace information.

The following steps outline how to check schema synchronization for each platform.

NetWare. At the server console prompt, type the following commands:

SET DSTRACE=ON (activates the NDS transactions screen) SET DSTRACE=NODEBUG (turns off all preset filters) SET DSTRACE=+SCHEMA (displays schema information) SET DSTRACE=*SS (initiates schema synchronization between servers)

You can view the NDS eDirectory trace screen by pressing the <Ctrl<-<Esc< keys simultaneously and then selecting <Directory Services< from the list of Current Screens. Check for the message <SCHEMA: All Processed = Yes< to verify successful schema synchronization.

Windows NT/2000. Load the NDS Server Trace Utility from the server by opening "NDS Services" under the Control Panel, highlighting DSTRACE.DLM, and clicking on the Start button. Once DSREPAIR.DLM has started, select the Edit menu and click on Clear All. Check the "Schema" checkbox, and then click on OK.

To force a schema synchronization with other servers, highlight the DS.DLM under the "NDS Services" screen and click on the Configure button. Select the Triggers tab and then click the Schema Sync button. You can view the synchronization activity by going to the NDS Server Trace Utility screen and scrolling through the synchronization messages.

UNIX/Linux. Execute the "ndstrace" command from the server console. Once the NDSTRACE utility has started, enter the following commands:

SET NDSTRACE=ON (enables file logging to \var\nds\DSTRACE.LOG) SET NDSTRACE=NODEBUG (turns off all preset filters) SET NDSTRACE=+SCMA (enables filter of schema synchronization traffic)

Additionally, you can see both inbound and outbound schema-related operations by entering these commands:

SET NDSTRACE=+SCMD (enables file logging to \var\nds\DSTRACE.LOG) SET NDSTRACE=*SS (initiates synchronization of all schemas)

The displayed information is also saved in the DSTRACE.LOG file, which can be viewed in any text editor.

What To Do If You Encounter Errors

If you encounter DS errors while following the above health check procedures, or if you suspect problems with a server's NDS database, the Repair Local Database option within DSREPAIR is a valuable tool for checking a server's NDS database. This option checks the integrity of the database and fixes any problems it encounters, as well as reports information that may be useful. This option does not need to be run at any specific time or interval; it should be used in accordance with your organization's specific needs or as a tool to maintain NDS databases.

Conclusion

This AppNote has explained how to perform the recommended health checks for NDS eDirectory on each of the supported operating system platforms. For more information about resolving specific error messages, refer to the following resources:

NetWare online documentation at http://www.novell.com/documentation
Novell Support Connection at http://support.novell.com
Novell Technical Support

* Originally published in Novell AppNotes

Disclaimer

The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.