Upgrading to eDirectory 8.7

Articles and Tips: article

01 Jun 2003

Taken from Technical Information

Document #10073858

This procedure is what was used when upgrading to eDirectory 8.6.2; it should also work well for upgrading to eDirectory 8.7, with the appropriate changes, of course. Support Pack 5 doesn't contain all of the recommended patches. You are best advised to make sure that you have the recommended versions installed before upgrading to eDirectory 8.7--that will save you from a lot of problems.

The DSREPAIR version in eDirectory 8.7 should take care of the schema modifications for you. Just make sure that the schema is correct in regards to the creatorsName and modifiersName attributes. Also, make sure that you've run the Post NetWare 5x and Optional Schema enhancements.

I also recommend that you make the server the Certificate Authority Server, the master of Root, and upgrade this server first. When this is done, you can upgrade the other one and then move the master replica of Root back to the original server.

Before You Upgrade

eDirectory has the following minimum synchronization compatibility requirements:

NetWare versions:

4.11 or 4.2 SP8a/DS 6.09
5 SP5/DS 7.47
5 SP5/DS 8.51
5.1 SP2a/DS 7.47/8.78/85.23

Novell recommends at least SP9/DS 6.14 for 4.x and SP3/WSOCK4f for 5.x.

Certificate Server and NICI:

Novell recommends at least Certificate Server 2.2.3 and NICI 1.5.7. The NICI patch can be downloaded from http://support.novell.com . Certificate Server 2.2.3 is included in eDirectory 8.6.2, but it can't be installed separately. Some reports state that Certificate Server 2.0.3 is sufficient. The Certificate Server only needs to be installed on the Certificate Authority Server.

Java Virtual Machine (JVM):

JVM 1.2.2 can be downloaded from http://download.novell.com . The installation is workstation-based. After updating Java, be sure to execute STARTX.NCF to reconfigure the GUI. It is recommended that, where possible, you upgrade to JVM 1.4.1 as soon as it becomes available.

DSREPAIR.NLM:

DSREPAIR.NLM needs to be at the following minimum version level:

DS 6.x - DSREPAIR 4.72B
DS 7.x - DSREPAIR 5.28B
DS 8.x/85.xx - DSREPAIR 85.12B

Note: These files are also in the 8.6.2 upgrade under PATCHES. You need to copy the appropriate DSREPAIR.NLM to all of your servers in order to preserve the schema. If you have DSREPAIR versions lower than the versions outlined here, and run a local repair with Rebuild Operational Schema, you will corrupt that server's schema and possibly corrupt Directory Services as well.

Memory:

Make sure the server is not low on memory. Because of the new caching feature implemented in eDirectory, later versions may consume more memory than did earlier versions. If you are running NetWare 6.x, make sure you have at least 500 MB (preferably 1 GB) of memory on the server.

JetDirect:

Check your HP printers. JetDirect firmware should be at 8.04 or greater. Refer to the following for more information:

HP JetDirect Print Servers - Novell NetWare
80, 81, 82, 83, or 86 Service Errors

1.2 Schema Checks

For schema synchronization, bring up DSTRACE. From the Master of [Root], issue the following commands:

SET DSTRACE=ON
SET DSTRACE=NODEBUG
SET DSTRACE=+SCHEMA
SET DSTRACE=*SSD
SET DSTRACE=*SSL
SET DSTRACE=*SSA

Switch over to the DSTRACE Screen and verify that the "All Processed=Yes" message is displayed for the tree.

CreatorsName and ModifiersName Attributes

Check with the Schema Manager to see if these attributes exist, and if they do they both must have their Attribute Syntax set to Case Ignore String. If they do not exist, you need to run a repair from PREEDIRF. The repair needs to be run with the following parameters:


LOAD DSREPAIR -A0 -RD

Post-NetWare 5 Schema Update and Optional Schema Enhancements

From the Master of [Root], issue the following commands:


DSREPAIR -A | ADVANCED OPTIONS MENU | GLOBAL SCHEMA OPERATIONS

From there you will select Post NetWare 5 Schema Enhancements and then Optional Schema Enhancements.

Schema Synchronization after Extension

From the Master of [Root], issue the following commands:

SET DSTRACE=ON
SET DSTRACE=NODEBUG
SET DSTRACE=+SCHEMA
SET DSTRACE=*SSD
SET DSTRACE=*SSL
SET DSTRACE=*SSA

Switch over to DSTRACE Screen and verify that you have an "All Processed=Yes" message.

NDS Health Check

Perform an NDS Health Check as per TID #10060600 (this TID adequately explains the NDS Health Check procedure, thus it doesn't need to be done here). Make sure everything is healthy.

Backups!

On every server you are upgrading to eDirectory, do a backup of the directory services and trustees. From the server console prompt, type:


Run DSREPAIR -RC

Copy the "DIB" files off the server. The DIB files will be in the following locations:

DS 7.x SYS:SYSTEM\DSREPAIR.DIB
DS 8.x SYS:SYSTEM\DSR_DIB\00000000.$DU

If your DIB is over 100 MB on Directory Services 8, the files will increment in file extension, such as 00000001.$DU. Be sure to get all files!

Run TRUSTBAR on every server's volume and copy the files off the server. The file will be stored in the root of each volume, called TRUSTEES.XML.

Workstation Downloads

For proper management of eDirectory 8.6.2, you will need to download the following files from the http://www.novell.com\download\ URL:

ConsoleOne 1.3.3
Client NICI 1.5.7 (if you have 1.5.7 on your server)
Appropriate ConsoleOne snap-ins
eDirectory 8.6.2
Novell Certificate Server 2.21

PKIDIAG.NLM

The PKIDIAG.NLM utility is designed to fix all of the SSL and SAS objects. If a server has been renamed or moved, PKIDIAG will rename or move the related objects so that they conform to the correct naming and containment schemes. If any of the required objects do not exist, it will create them. If any of the objects don't have the necessary rights, PKI will grant the necessary rights. If any of the objects are not linked, PKIDIAG will link them. If either the SSL CertificateIP or the SSL CertificateDNS do not exist, if they have incorrect names, or are out of date (or close to out of date), PKIDIAG will fix these instances as well.

Although not mandatory, running PKIDIAG on your server prior to upgrading to eDirectory is a good idea. It not only tests the validity and links of your SSL objects (SSL CertificateIP and SSL CertificateDNS), it also confirms that the HOSTS and HOSTNAME files are in order.

If PKIDIAG reports errors when it is run, you should verify that your SYS:\ETC\HOSTS and SYS:\ETC\ HOSTNAME files are correct. If you still have problems, you should check the entry in DNS. If you don't have PKIDIAG.NLM, contact a Novell Support Representative.

The Upgrade

Download eDirectory 8.6.2 from http://download.novell.com The file for eDirectory on NetWare is called edir_862_full_nw.exe and it is about 96 MB.

When upgrading to eDirectory, start with the server holding the Master of [Root]. Then work your way through the replica rings down the tree. If you are installing remotely, you may want to redirect the GUI. Check out the following TID for information on how to redirect the GUI: "Redirecting the NetWare 5 GUI -- Feb. 18, 2002" on http://support.novell.com.

Conditional But Recommended

In the AUTOEXEC.NCF file, comment out the lines that load NWCONFIG.NLM, virus scanners, database applications such as Sybase or Oracle, backup applications, and other programs that rely on files being continually open and volumes being mounted. During the eDirectory installation, the software must dismount volumes so that trustee assignments can be migrated. Be aware that virus scanners and other programs might be embedded inside other products, such as ZENworks, ManageWise, and BorderManager.

Restart the server and verify that the programs and applications referred to above are not running.

If you uncompress the volume upon which you are installing eDirectory, the install program will finish quicker. Check the following TID for tips on speeding up the install: "Install of eDirectory 8.6.x is Slow on NetWare 5."

If you have an IP-only environment, load IPXSPX.NLM. NWCONFIG.NLM looks to Btrieve for the product list. Btrieve subsequently requires IPX. Loading IPXSPX.NLM allows Btrieve to load. When you reboot the server, IPXSPX.NLM does not reload, so you will have an IP-only environment again.

Depending on the server's CPU, it could take over an hour for the JVM to copy all of the files that are included with the eDirectory upgrade. Fortunately, there is a way to dramatically increase the speed. The answer is in changing the server's SET parameter to SET Dirty Disk Cache Delay Time=0.1. This can be done before or during the install. This change should only be made during the install. (After the install is done, be sure to return the Dirty Disk Cache Delay Time to the original value. If you forget the original value, the default is 3.3 seconds.)

The Installation Process

At the server console, load NWCONFIG.NLM and select Product Options> Install a Product Not Listed.
Press <F3> (<F4> if you're using RCONSOLE). Then enter the path to the eDirectory files under the NW directory, for example, SYS:\NW. Follow the on-screen prompts concerning license agreements, the readme file, and tips. After these files are copied, the server automatically restarts and begins to install components for ConsoleOne and Novell Certificate Server.
Enter the administrator's login name (for example, Admin.VMP).

Note: This window might close before you enter this information. If it does, toggle (Alt+Esc) to the screen and enter the information. Otherwise, the installation will not be complete.
Follow the online instructions concerning the Certificate Server, LDAP, languages, components, and products to install.
When the installation is almost complete, you will see an error message 1,442 when the install is trying to create the W0 object. This error is benign. The script of the installation is set up to create a W0 object, but it does not check to see if the object already exists, and thus produces the error. A defect has been entered with Engineering and this should be resolved shortly.
When the installation is completed, you will see a message telling you to remove all disks and CDs and it will allow you to select YES to restart the server. At this time, restore the lines that you commented out in AUTOEXEC.NCF and change back the SET Dirty Disk Cache Delay Time parameter to its original value. If you forgot the original value, the default is 3.3 seconds.
Restart the server by clicking Yes. Repeat this procedure for each NetWare server you want to upgrade to eDirectory 8.6 for NetWare.

Perform a Post-Upgrade Check

This includes the NDS Health Check. Perform another NDS Health Check as per TID #10060600 and make sure everything is healthy.

Trustees

Verify trustees. If you need to restore trustees from the files created with TRUSTBAR, look again at the information found under "Backup!" heading.

Post Upgrade Patches

Download eDirectory 8.6.2 Support Pack 3 (The NetWare file is called edir862SP3.exe and it is about 7 MB.) Be sure to read the readme file about SETPARM.NLM in order to speed up the installation.

NDS Health Check

Perform a third NDS Health Check as per TID #10060600. Make sure everything is healthy. You are now finished and life should be good!

For more information, see http://support.novell.com/cgi-bin/search/searchtid.cgi?/10073858.htm.

* Originally published in Novell AppNotes

Disclaimer

The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.