Novell is now a part of Micro Focus

How to Use the Novell Administrator for Windows NT

Articles and Tips: tip

Thom Kerby
Novell Support Engineer

Glen Knutti
Novell Support Engineer

01 Oct 1997


The Novell Administrator for Windows NT (NA4NT) creates a single point of administration for NetWare NDS and NT Domains. It provides an NDS-based administration facility for Windows NT that is similar in functionality to the Microsoft User Manager for Domains. NA4NT allows synchronization of NDS and NT users and groups through two main utilities: IGRATE.EXE and MWANT.REG.

IGRATE.EXE gives you three main capabilities:

  1. Synchronizes users/groups that exist in both NDS and NT Domains.

  2. Creates and synchronizes users/groups in Windows NT Domains that already exist in NDS.

  3. Creates and synchronizes users/groups in NDS that already exist in an NT Domain.

The second main utility, MWANT.REG, is a snap-in component to NWADMNNT.EXE, the NetWare Administrator for Windows NT utility. When you first install NA4NT, it creates an NDS Domain Object to represent the NT Primary Domain Controller (PDC) users and groups. Editing this NDS Domain Object within NetWare Administrator will give you the option to create or modify one of the following:

  1. A hybrid user (exists in both NDS and NT) denoted by a user symbol with a yellow face and a red shirt, facing left.

  2. An NT-only user/group (will create only on NT, not as an NDS user/group) denoted by either a blue user symbol facing right (NT user) or by a computer with two users (gray faces, blue shirts), facing right, superimposed on top (NT group).

NDS-only users/groups may continue to be created as before (not while editing the NDS Domain Object).

NA4NT contains two main software components. The first is called the NDS Event Monitor (NDSDM.NLM) and is stored on the NDS server. The NLM monitors changes to Directory Services users and groups that should be replicated to the Windows NT PDC Server. These changes are stored in temporary files on the NDS server until the NT PDC requests them.

The second main software component is the ManageWise Object Replication Service (ORS) which runs on the NT PDC. This is the component that will request changes from the NDS Event Monitor when they are available. There are two different architectures for how NDS changes will be replicated to NT:

  1. At the Windows NT PDC during bootup:

    1. During boot up of the Windows NT Server, the Object Replication Service examines the network servers for SAP type 28E.

    2. It will read the MWA.CFG file in the WINNT\SYSTEM32 directory to obtain the NDS Domain Object name, the NDS Tree name in which the Domain Object exists, and the context (container) in which the NDS Domain Object exists.

    3. The Object Replication Service creates a licensed, authenticated connection with the NDS server.

    4. The Object Replication Service requests any changes waiting at the server.

    5. The NDS server sends the available changes and continues to monitor for new changes.

    6. The Object Replication Service processes all of the changes and goes into a wait state.

  2. Post-NT Primary Domain Controller boot up:

    1. When the Event Monitor (NDSDM.NLM) discovers a change that needs to be replicated, it pings the ORS on the Windows NT Primary Domain Controller.

    2. The Object Replication Service uses its previous authenticated connection with the NDS server to request those changes when the Windows NT CPU scheduler allows.

    3. The NDS server sends the available changes and continues to monitor for new changes.

    4. The Object Replication Service processes all of the changes and goes into a wait state.

Note: The automated replication of user/group information is one-way: NDS to Windows NT. IGRATE.EXE allows you to use Windows NT user/group information to create objects in NDS, but this does not monitor changes made in the NT Primary Domain Controller registry (Security Access Manager) and replicate them back to NDS. In other words, IGRATE uses static NT Primary Domain Controller users/group information to create NDS users/groups, where the Event Monitor and Object Replication Service dynamically update the NT Primary Domain Controller when changes occur in NDS.

Troubleshooting the Novell Administrator for Windows NT

This portion of the NetNote lists some of the symptoms that users of the Novell Administrator for Windows NT have observed, along with some possible solutions that you can apply. The symptoms include:

  1. NDS objects not being replicated to the Windows NT Server Primary Domain Controller.

  2. The NDS Object Replication Service (ORS) will not start on the NT PDC.

  3. The Event Monitor (NDSDM.NLM) will not load.

  4. When running IGRATE.EXE and updating the NT Domain object, the following error is returned:

    "Integration utility error - no NT address available. The Network address for the NT Server is blank."

    (See solution #4)

  5. When running IGRATE.EXE and updating the NT Domain object, the following error is returned:

    "Invalid Transport type."

    (See solution #4)

  6. When attempting to synchronize information between the NetWare server and the Windows NT server, the update doesn't happen and an error message is logged in the Application Log of the Event Viewer on the NT Server which reads:

    "MWAAgent received a fatal error from the NetWare interface: BeginProcessingEvents () returned -1."

    (See solution #3)

  7. The install of NAWNT ends abnormally, usually during the file copy to the Novell server(s).

    (See solution #9)

Solutions to the Above Stated Issues

Here are the steps for troubleshooting the symptoms listed above.

  1. Verify that the Object Replication Service has started on the NT Primary Domain Controller. You can do this by selecting Control Panel | Services. In the Services window, ensure that the NDS Object Replication Service (MWAAgent) is started and set to Automatic under the Startup button.

    If the service is not started, try starting it by going to Control Panel | Services, manually highlighting the NDS Object Replication Service, and clicking on the Start button on the right-hand side of the Services window. If this fails, note the error code (if any) and try to start the NDS Object Replication Service in debug mode. To do this, perform the following steps:

    1. Change permissions for the group Administrators to Full Control in REGED32.EXE for the following keys:

      HKEY_LOCAL_MACHINE/Security HKEY_LOCAL_MACHINE/Security/MWAXI
      HKEY_LOCAL_MACHINE/Security/MWAXX
    2. From the command line prompt, execute the Object Replication Service with the following MWAAgent parameters:

      MWAAgent.exe -debug [-debugLevel all] [-debugFilename filename]

      where filename designates the drive letter, directory, and filename for the debug log (named WINNT:ORSDEBUG.LOG by default).

    3. Check the debug log to see if you can see any reasons for the service failure.

    Note: Be sure the Domain Workgroup object in NDS tree has Browse, Compare, and Read rights at the [ROOT] of the NDS tree. Otherwise, the Object Replication Service will fail to log in.

  2. Verify that the NDSDM.NLM has loaded successfully at the NDS server by either typing MODULES <Enter> at the server console prompt or by loading the MONITOR utility and going to the System Modules entry, where you should see the module shown as NDSDM Event Synchronizer. If the NDSDM.NLM module is not loaded, try manually loading it. If the file is found, but returns an error code, record the error received and try to load the NLM in debug mode, which you can do using the following command:

    LOAD NDSDM.NLM -A

    The Log file will be stored in the SYS:SYSTEM\NDSDM directory.

  3. Make sure that NDSDM.NLM is loaded on all appropriate servers.

    Note: Novell documentation states that NDSDM.NLM only has to be loaded on the server holding the Master replica on the NT Domain in order to properly synchronize between IntranetWare and NT server. However, Technical Information Documents (TIDs) 2923765 and 2925178, as well as verification from WWS NT Client Engineering at Novell, state that the NDSDM.NLM module must be loaded on all servers holding Master and Read/Write replicas of an NDS partition in which the Domain/Workgroup objects exist.

  4. Make sure the IntranetWare Client for NT running on the NT server can log in to NDS successfully. The client software must function first, even before you install NA4NT.

  5. Make sure that SAP type 28E exists in IPXCON under Services.

  6. Make sure that TCP/IP has been loaded at both the NT and NDS servers. You can check this by typing MODULES <Enter< at the server's command line prompt on the Novell server and looking for the TCPIP.NLM module. For the Windows NT server, click the Network icon under the Control Panel and check the Protocols tab.

  7. Verify that the MWA.CFG file located in the WINNT\SYSTEM32 directory on the Windows NT Primary Domain Controller has the proper information for the NDS Domain Object name, the NDS Tree name in which the Domain Object exists, and the context (container) in which the NDS Domain Object exists.

  8. Temporarily remove any virus protection software (such as Norton Anti-Virus) from the NetWare server. Then see if NA4NT will install correctly. If there are still problems installing NA4NT, contact Novell technical support.

    You can uninstall NA4NT by running SETUP -remove, or by going to the Windows NT Control Panel and using the Add/Remove Programs option.

* Originally published in Novell AppNotes


Disclaimer

The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.

© Micro Focus