Novell Support Forums - New Posts

I wanna print some important text messages out from my cell phone HTC Leo?So how can I do then?

I figured out quite a nifty way to timestamp individual objects and then resync them to all replicas instead of needing to run a dsrepair -ot to timestamp. We can't run any repairs as our DIB has 20 million records in a single partition.

First you need to login to iMontor and save the session cookies

wget --no-check-certificate --save-cookies=cookies.txt --keep-session-cookies --post-data="usr=**EDIRUSERID**&pwd=**EDIRPWD**" https://**SERVERIP**:8030/_LOGIN_SERVER_RSP_

This should all be on one line, and you replace the **EDIRUSERID** and **EDIRPWD** with your admin username and password. And the **SERVERIP** with the IP address.

IE

wget --no-check-certificate --save-cookies=cookies.txt --keep-session-cookies --post-data="usr=admin.admin&pwd=password" https://192.168.1.1:8030/_LOGIN_SERVER_RSP_

Then you can do a timestamp of a single object ID

wget --no-check-certificate --load-cookies=cookies.txt "https://**SERVERIP**:8030/nds/operation/data?action=timestampobj&dn=/ID%27=xxxxxxxx"

And you put in xxxxxxxx the Object ID.

If you change the "timestampobj" action with "sendobj" that will send the object to all other replicas.

IE

wget --no-check-certificate --load-cookies=cookies.txt "https://**SERVERIP**:8030/nds/operation/data?action=timestampobj&dn=/ID%27=00008000"

or

wget --no-check-certificate --load-cookies=cookies.txt "https://**SERVERIP**:8030/nds/operation/data?action=sendobj&dn=/ID%27=00008000"

If you plan to use it in a dos batch file you need to add two %% signs between the ID and the 27

Hi
I have problem.
Yesterday I installed SP8 for Netware and I can't login using smartcard.
When I write pin I have window with "internal error 0x00008801".
Can anyone help me?

(re-post from OES Client forum)

Implemented LDAP contextless login using an LDAP Proxy user, and that is working fine.

Since the LDAP Proxy user has null password, I wish to lock it down in some way since anyone who knows or guesses the username can login to the directory (not a huge concern but still, want to be thorough).

As far as I can tell from the docs, the only thing I can really do is impose network address restrictions on it ("You can limit the locations that the user can log in from by setting address restrictions for the Proxy User object.")

However, exactly what addr restrictions can / should I impose (such as are just the server IPs of the LDAP servers enough?) and especially, will imposing the address restriction have impact on any other services? Using OES2SP1-Linux and also using NSS clustering if it matters.

Thanks
GM

Hello,

We are having an issue whereby, if network connectivity is interrupted for an extended period of time, a client's workstation helper will disconnect and refuse to reconnect automatically when connectivity is restored.

As a result, any workstation-associated applications disappear from the client's application window and won't come back until the client is rebooted.

Has anyone seen this behaviour before?

Hello,

For some reason, our Zenworks server (OES2 Linux) decides to unregister its bindery service from SLP (which runs on a NetWare 6.5 box) several times a day. We have a number of other servers that run OES2 and this is the only one having this problem.

I've compared slp.conf and slp.reg files between this OES2 box and our other OES2 boxes and there aren't any differences - SLP on all of our OES2 boxes is configured identically.

Strange thing is, I can re-register the offending server manually by stopping and starting slpd. The registration will last for an hour or two, then disappear again. We've set up a cron job on the offending server to do this for us, but I'd like to get to the root of the problem if possible.

Has anyone experienced this issue?

Hello,

I am having trouble running the GroupWise 7 Client (version 7.0.3 HP4) on Windows 7. When I open it, I enter my password, then it hangs at the splash screen and won't go any further.

I've tried running the executable in compatibility mode for Windows XP SP3 and Windows 2000, but haven't had any luck. Has anyone experienced any issues like this?

Install and Upgrade with EVMS Partitioned Server
20-Nov-2009 02:55 PM

Creating EVMS partitions on a clean disk machine:

1. Click Partitioning on the Installation Settings screen and select Create EVMS Based Proposal and click Next.
   
   http://www.novell.com/communities/fi...7/9308-1_0.jpg
   Click to view.
   
   
2. It creates a boot partition and lvm container with EVMS volumes on the second partition.
   
   http://www.novell.com/communities/fi...7/9308-2_0.jpg
   Click to view.
   
   

Creating EVMS partitions on top of existing partitions:

If the server has the partitions created already with a previous installation, delete the old partitions and create the EVMS partitions new.

Follow the steps below to clean up the disk and create the partitions.

1. Choose Create Custom Partition Setup
   
   http://www.novell.com/communities/fi...7/9308-3_0.jpg
   Click to view.
   
   
2. Then select disk
   
   http://www.novell.com/communities/fi...7/9308-4_0.jpg
   Click to view.
   
   
3. Press the button Use entire hard disk and choose the Create EVMS Based Proposal option.
   
   http://www.novell.com/communities/fi...7/9308-5_0.jpg
   Click to view.
   
   
4. It goes back to the Installation Settings screen with the EVMS partitions created.
   It then deletes the existing partitions and creates a new boot partition and lvm container with EVMS volumes.</p>
   
   http://www.novell.com/communities/fi...7/9308-6_0.jpg
   Click to view.
   
   

Upgrading a single hard disk server with the EVMS partition:

1. Install OES2 SP1 with EVMS Partitioning to create NSS pools and Volumes.
2. Down the server and upgrade to OES2 SP2. During System for Update screen, while mounting the partitions, it shows a window saying the /dev/evms/sda1 could not be mounted.
3. Select the button "Specify Mount options".
   
   http://www.novell.com/communities/fi...7/9308-7_0.jpg
   Click to view.
   
   
4. By default the path under Device will be /dev/evms/sda1.
   
   http://www.novell.com/communities/fi...7/9308-8_0.jpg
   Click to view.
   
   
5. Edit the Device to remove evms i.e /dev/evms/sda1 to /dev/sda1, then click OK.
   
   http://www.novell.com/communities/fi...7/9308-9_0.jpg
   Click to view.
   
   
6. Start the Update on the EVMS Partitioned server.
   
   http://www.novell.com/communities/fi.../9308-10_0.jpg
   Click to view.
   
   

• Cool Solutions

More...

Error Codes of the SAP HR driver for Identity Manager - Part 1
20-Nov-2009 01:13 PM

SAP HR Driver, error messages:

Table of Contents:

• Introduction
• Bad Password for account in SAP
• Fatal iDOC processing error
• Error on bad iDOC format

Introduction:

Novell Identity Manager has a list of various pre built drivers for a variety of systems. For example, Active Directory, Lotus Notes, SAP UM, SAP HR, PeopleSoft, BMC Remedy, and so on.

There are a couple of generic drivers as well, that handle a large number of different systems. These include the JDBC driver, which can connect to most databases that have a JDBC interface available. There is the LDAP driver that connects to a large number of LDAP systems, There is the SOAP driver which can connect in principle to any SOAP (SPML or DSML) based web service. There are the Delimited Text driver, for when all else fails, as long as you can you get a text file (CSV perhaps) dump of the data you can use this driver. You could always write your own, using the Java API to connect to the target systems native interfaces, or when available you can use the Scripting driver to do the same, but in a simpler fashion.

Between all these options you should be good to connect most systems as needed.

Once you have a nice system set up, troubleshooting is always entertaining. One criticism I have of the Novell provided documentation is that it does not have sufficient documentation of possible error codes that can occur for each driver. Now to be fair, this is a pretty hard task, as many of the error codes are not actually generated on the Novell Identity Manager engine side, and rather are often system specific to the connected system. Nonetheless I think it would be very beneficial to include such error codes and cases. I have noticed that the troubleshooting section of the driver docs have been getting filled in, with at least some minor amount of details in the latest revisions of the documentation, which is a very good thing. But as always, I encourage more content from the writers.

Rather than just be a blow hard and annoy people, I decided to try and work on this issue myself.

I have a series of articles along this train of thought. For the JDBC driver I wrote:

• Error Codes of the Novell Identity Manager Driver for JDBC: Part 1 of 4
• Error Codes of the Novell Identity Manager Driver for JDBC: Part 2 of 4
• Error Codes of the Novell Identity Manager Driver for JDBC: Part 3 of 4
• Error Codes of the Novell Identity Manager Driver for JDBC: Part 4 of 4

These articles list the error message, showing trace, and the error itself, and where I knew an answer, explain what went wrong, and how to fix it. My hope is that the next person who encounters this error in trace, will copy and paste into a Google search, and whammo, find at least one possible suggestion on how to resolve it. Should it not be the exact error case, needing a different solution, at least they will have a hint on how it affected someone else and a thought on how to proceed.

I did the same for the Active Directory driver in this series of articles:

• Active Directory Driver Error Messages - Part 1
• Active Directory Driver Error Messages - Part 2
• Active Directory Driver Error Messages - Part 3
• Active Directory Driver Error Messages - Part 4

For the eDirectory driver there is:
Error Codes of the eDirectory Driver for Identity Manager - Part 1

I have more content stored up, that I need to finish up writing, like this article on the SAP HR driver error codes. I have a bunch of error messages from the GroupWise, and eDirectory drivers I need to write about.

I highly recommend that when you work with a new driver, keep a nice text editor open, and as each error occurs, paste it into a continuing file, and as soon as you figure out the problem, write down a couple of lines explaining the issue. Then when you have some time, write it up in this sort of format and submit it to Cool Solutions. This way everyone benefits!

Additionally, if you are not aware of it, the Novell Support Forums do an excellent job of supporting Novell products for free. The community works to answer the questions, and Novell does encourage people by selecting some of the more common contributors to be Novell Knowledge Partners. I personally follow the Identity Manager forums and lightly watch some of the others. You can find the Novell Support Forums at http://forums.novell.com or you can use NNTP in a news reader like Thunderbird or the GroupWise client as well. I personally prefer NNTP over a web interface, but the web interface is more easily searched and indexed, so different strokes for different folks.

Before we get to the error codes, a few quick points about the SAP HR driver, SAP as a system is HUGE! It has many many components and systems, and lots of people involved in getting it going. There are actually several SAP drivers from Novell. The original two are the SAP UM, and HR modules. The SAP UM lets you synchronize users in and out of SAP, as users of the system. That is, as users in SAP, who can log in to a module and do work. Alas, the way passwords work in SAP, they are per module. There is a specific SAP module called the CUA (Central User Agent?) which the SAP UM driver can connect too, and push users into, and then the CUA within SAP can push those users to other modules, but it does not push passwords. In which case, you might have a standard SAP UM driver connecting to the CUA to synchronize users, but need additional drivers for all the systems you wish to synchronize passwords too, that only sync passwords, and no other attributes.

Novell has since released a couple of SAP drivers for GRC, and Netweaver that I have not had time to look at, but sound interesting.

The SAP HR driver is meant to synchronize employees out of the HR system, as they are hired, transferred, and withdrawn (nobody is terminated in SAP, they are withdrawn). These are used to create user objects in the Identity Vault to populate and control users in all the other systems.

This article is just about the SAP HR driver. This driver is somewhat peculiar in at least three ways.

1. There are two different communication methods. The Publisher channel (events from SAP HR coming to IDdentity Manager) uses iDOCs to transmit the information. For more information about iDOC's in this context, you can read my previous articles on the topic.
   • Troubleshooting iDOC Issues in the SAP HR Driver for Identity Manager
   • Decoding iDOCs with the IDM SAP Driver
   The Subscriber channel uses BAPI, which needs the Jconnect libraries, (here are a couple of articles related to that:
   
   • IDM SAP HR Driver: Where to Get the JConnect Libraries
   • Using the SAP HR Driver for IDM on a 64-bit OS
2. When an event comes through the Publisher channel as an iDOC the data in the iDOC is all you can query. While you can try and query back to SAP HR, really all you are looking at is the iDOC in memory. This is a very frustrating limitation.
3. RELATIONSHIPS: SAP HR uses a relatively complex system for managing reporting structure and relationships. Ask an SAP guy and he will say, but of course you do it like this, it is simple. To every one else it is very confusing. The RELATIONSHIP data is only available during the life span of the iDOC in memory in the Remote Loader (aka while it is being processed) and there is no way to query back for it either.

Now on to the errors:

Error on bad iDOC format:

DirXML: [10/02/08 14:01:10.232]: TRACE: ParseIDoc: IDoc file opened successfully.DirXML: [10/02/08 14:01:10.258]: TRACE: ParseIDoc: Exception in IDoc Parsing: java.lang.NumberFormatException: For input string: " ". File processing terminated.DirXML: [10/02/08 14:01:10.268]: TRACE: ParseIDoc: File '/idm/idocs/O_400_00000000115871645' renamed to '/idm/idocs/O_400_00000000115871645.proc' successfully.DirXML: [10/02/08 14:01:10.750]: TRACE: SAPPublicationShim: Setting 'success' status on eventObject 'P+00011188'DirXML: [10/02/08 14:01:10.751]: TRACE: ParseIDoc: Status of Published document 'O_400_00000000115871645' is 'bad'DirXML: [10/02/08 14:01:10.763]: TRACE: ParseIDoc: File 'O_400_00000000115871645.proc' renamed to '/idm/idocs/O_400_00000000115871645.bad' successfully.As I was learning about iDOCs I tried editing one myself, to cut it into pieces and make it smaller, into a single event I could follow and troubleshoot. Well looks like I made a typo.

The formatting is VERY constrained and non tolerant of errors. Extra carriage returns or line feeds are a definite no no, and with everything being based on placement of the character in a very long line, you can imagine all the possible errors inadvertent editing could cause.

The good news is that vi or vim are great editors as they do not line wrap on you, munge carriage returns or line feeds, or otherwise do things that many Windows based editors will do to your file.

There are actually two different classes of this kind of error. This first one, just gets caught by the shim and treated as an error.

Then next class of error is much more fatal to the driver shim (whether it be running local or in a remote loader. Though as always, a remote loader is probably a better idea).

Fatal iDOC processing error:

This is the remote loader side trace of the event, as it reads the file, and sees an error. Finally it decides it is a fatal error.

DirXML: [10/01/09 10:49:06.017]: TRACE: ParseIDoc: No Character Set Encoding specified. Using default encoding: ISO8859_1DirXML: [10/01/09 10:49:06.018]: TRACE: ParseIDoc: IDoc file opened successfully.DirXML: [10/01/09 10:49:06.019]: TRACE: ParseIDoc: IDoc to parse: /idm/idocs/O_400_0000000019079301aDirXML: [10/01/09 10:49:06.020]: TRACE: ParseIDoc: Segment EDI_DC40DirXML: [10/01/09 10:49:06.025]: TRACE: ParseIDoc: Unable to read specified byte count from array. Bad line in input file.DirXML: [10/01/09 10:49:06.027]: TRACE: ParseIDoc: Segment E2PLOGIDirXML: [10/01/09 10:49:06.028]: TRACE: ParseIDoc: Object type S found in filter.DirXML: [10/01/09 10:49:06.028]: TRACE: ParseIDoc: Parsing object type S segmentDirXML: [10/01/09 10:49:06.029]: TRACE: ParseIDoc: Object identifier: 00030928DirXML: [10/01/09 10:49:06.029]: TRACE: ParseIDoc: Operation: IDirXML: [10/01/09 10:49:06.030]: TRACE: ParseIDoc: E2PITYP foundDirXML: [10/01/09 10:49:06.030]: TRACE: ParseIDoc: Parsing infotype: 1000, subtype: DirXML: [10/01/09 10:49:06.031]: TRACE: ParseIDoc: GSA segment 'E2P1000001'DirXML: [10/01/09 10:49:06.032]: TRACE: ParseIDoc: Skipping history item - Type: P1000, timestamp: 20050418-20050801DirXML: [10/01/09 10:49:06.033]: TRACE: ParseIDoc: E2PITYP foundDirXML: [10/01/09 10:49:06.033]: TRACE: ParseIDoc: Parsing infotype: 1001, subtype: A003DirXML: [10/01/09 10:49:06.035]: TRACE: ParseIDoc: GSA segment 'E2P1001001'DirXML: [10/01/09 10:49:06.035]: TRACE: ParseIDoc: Skipping history item - Type: P1001, timestamp: 20050418-20050801DirXML: [10/01/09 10:49:06.036]: TRACE: ParseIDoc: Unable to read specified byte count from array. Bad line in input file.DirXML: [10/01/09 10:49:06.037]: DirXML Log Event ------------------- Driver = \ACME-EDIR\acme\services\idm\IDMSet\SAP-HR351 Thread = Publisher Level = error Message = Exception caused by PublicationShim.start()java.lang.NullPointerExcept ion at com.novell.nds.dirxml.driver.SAPShim.ParseIDoc.sta rtparse(ParseIDoc.java(Compiled Code)) at com.novell.nds.dirxml.driver.SAPShim.SAPPublicatio nShim.getOutboundIDoc(SAPPublicationShim.java(Comp iled Code)) at com.novell.nds.dirxml.driver.SAPShim.SAPPublicatio nShim.start(SAPPublicationShim.java(Compiled Code)) at com.novell.nds.dirxml.remote.loader.Driver.run(Dri ver.java:851) at java.lang.Thread.run(Thread.java:570)DirXML: [10/01/09 10:49:06.049]: DirXML Log Event ------------------- Driver = \ACME-EDIR\acme\services\idm\IDMSet\SAP-HR351 Thread = Publisher Level = fatal Message = Exception caused by PublicationShim.start()java.lang.NullPointerExcept ion at com.novell.nds.dirxml.driver.SAPShim.ParseIDoc.sta rtparse(ParseIDoc.java(Compiled Code)) at com.novell.nds.dirxml.driver.SAPShim.SAPPublicatio nShim.getOutboundIDoc(SAPPublicationShim.java(Comp iled Code)) at com.novell.nds.dirxml.driver.SAPShim.SAPPublicatio nShim.start(SAPPublicationShim.java(Compiled Code)) at com.novell.nds.dirxml.remote.loader.Driver.run(Dri ver.java:851) at java.lang.Thread.run(Thread.java:570) You can see the Log Event, that it is a Fatal type event, meaning the driver will shut down.

Then you see the driver shut down event. Nice that it ended so gracefully in this case.

DirXML: [10/01/09 10:49:06.068]: TRACE: Remote driver stopped Watching trace on the engine side shows, the following error, basically the same error the Remote Loader reported, bubbled back to the engine side.

This is useful, as often you may not have easy access to the Remote Loader side to watch the trace, nor might you be running it with trace enabled, as it can eat up disk space quickly, and reduce performance.

[10/01/09 10:49:06.061]:SAP-HR351 :Remote Interface Driver: Received.[10/01/09 10:49:06.061]:SAP-HR351 : Exception caused by PublicationShim.start()java.lang.NullPointerExcept ion at com.novell.nds.dirxml.driver.SAPShim.ParseIDoc.sta rtparse(ParseIDoc.java(Compiled Code)) at com.novell.nds.dirxml.driver.SAPShim.SAPPublicatio nShim.getOutboundIDoc(SAPPublicationShim.java(Comp iled Code)) at com.novell.nds.dirxml.driver.SAPShim.SAPPublicatio nShim.start(SAPPublicationShim.java(Compiled Code)) at com.novell.nds.dirxml.remote.loader.Driver.run(Dri ver.java:851) at java.lang.Thread.run(Thread.java:570) In the first case of a bad iDOC file, I no longer remember what and how I edited the file to cause the non fatal error, that was nicely handled by the shim. In the case of the fatal error, I am pretty sure all I did was leave a trailing empty line, carriage return in VI. Sort of like when you paste in, and the cursor does not have a ~ on the last line, rather there is a blank line in the view in VI. A simple dd to delete the line clears it up, but leaving it behind seems to have caused the issue.

The actual error, on the Remote Loader side that seems to get us in trouble here is: Unable to read specified byte count from array. Bad line in input file.

I wonder if this is a bug versus normal behavior, as it would seem this would be an excellent case, where the shim should quietly handle it as an error, rename the file to .bad as it does above in the previous example and get on with its life. But for some reason, this specific error is fatal. I don't really have the time to report it as a bug, but it leaves me wondering.

Bad Password for account in SAP:

DirXML Driver for SAP/HR Novell, Inc. Error authenticating to SAP host: RFC_ERROR_LOGON_FAILURE [10/08/08 12:58:47.684]:SAP-HR351 PT:Applying schema mapping policies to input.[10/08/08 12:58:47.685]:SAP-HR351 PT:Applying policy: %+C%14CMapping+Policy%-C.[10/08/08 12:58:47.682]:SAP-HR351 PT:Resolving association references.[10/08/08 12:58:47.687]:SAP-HR351 PT:DirXML Log Event ------------------- Driver: \ACME-DEV\acme\services\idm\IDMSet\SAP-HR351 Channel: Publisher Status: Fatal Message: Error authenticating to SAP host: RFC_ERROR_LOGON_FAILUREThis is a nice clear error. Logon Failure. Yay. The best kind. The password was wrong for the account in SAP, used on the Subscriber channel for the BAPI calls. This happened to me, as they refreshed our QC environment and lost my SAP account, recreated it with a different password. I am curious, is this normal for SAP people to do? They did this to me about 4 times over the course of the project. It has to be the most annoying thing to come on site and find out that nothing is working. Takes about half a day to find out what they changed without mentioning it to me, and then to fix it.

Oh, did we not tell you we refreshed that machine, and upgraded it, and threw away any changes we made for your lab? Do I sound bitter? It truly was annoying, especially when it kept happening!

Anyway, easy enough to detect and figure out once you know what to look for.

I think that is enough for now, stay tuned for part 2 where we tackle a bunch more errors that may help you out when deploying this driver in your environment.

As always, I highly recommend that you try to do this sort of article yourself and publish any error codes you might find. The more we get into Google the easier it will be for others searching for help on the topic to help themselves!

• Cool Solutions

More...

Hey all,

I just installed the newest User Application and I'm trying to set the default page for my users when they log in.

I click Administration -> page admin
Click DefaultContainerPage
CLick select default next to default shared page

I get an error saying...
IE cannot open the internet site http://IP:8080/IDM/portal/portlet/Po...aredPagePicker

Operation aborted.

Is this a known issue? How can I get this working?

Thanks.

This happened to me once already this year; that was going from ZCM 10.0.3 to 10.1.3 on SLES 10 SP2. See ZCM 10.1.3 on SLES: No Windows agent push deployment, Novell, forum, forums, support.

In that case, I had not deployed the agent to any machines in the field yet, so I was able to do a full reinstall of SLES and ZCM to cure the problem. This time, I have the agent installed on several hundred machines and cannot afford the time to do another rebuild.

So, here's the short version. I upgraded the server (SLES 10 SP2) from ZCM 10.1.3 to 10.2.0 last week successfully. Afterwards I was unable to discover any new devices, but I soon fixed that problem by upgrading the agent on the Windows proxy to 10.2. Now I can discover devices all day long and everything looks good. Specifically, I can discover devices using the WinAPI functions (with correct local account credentials) and the OS is reported correctly, either XP SP3 or Vista SP2.

When I try to deploy an agent (any adaptive agent) to the discovered devices, I always receive the error "Error: Credentials invalid. Please ensure that Classic file sharing is enabled on the target device." Yes, the credentials are valid because I used them to discover the device in the first place. Yes, I have tried both local administrator accounts and domain administrator accounts with various syntaxes with no progress made.

I have followed all of the documentation for opening firewall ports (I usually turn Windows Firewall off for troubleshooting this kind of them), enabling classic file sharing, starting the Remote Registry service, et c. I reviewed the new documentation for 10.2 regarding this and everything is exactly as stated. Yet, I still cannot push the agent out to a discovered device (either XP or Vista)!

Am I the only one who attempts to use this agent deployment feature? Does everyone else deploy the agent with Group Policy scripts in AD or something similar? Honestly, when I did our site-wide deployment this summer I had to create a set of manual scripts to run to enable the proper settings and install the agent since the built-in agent deployment was so flaky (granted, this was before the upgrade, so I was still running 10.1.3).

I do not know what else to do except continue to install the agent manually (which does work, and the workstations always register properly). Surely someone has some experience or some ideas?

We use LDAP contextless login in our environment, and for the most part it has been rock steady. We had an issue today though where one our LDAP servers wasn't working...but just the LDAP piece. Other services on that server weren't affected, and we could communicate with it just fine. Clients trying to query for LDAP searches were given a search timeout error. We list three servers in the 'servers' field on the client settings. If we moved one of the other servers up to be first on the list they could login. If we moved the malfunction server back to the top they got the timeout again.

My question is... whats the point of multiple servers if it doesn't query the other servers if the first one times out? Does it only use the secondary servers if it can't ping the first one?

We are using Netware 6.5 SP7 w/eDir 8.8.2
Windows XP Pro workstations with 4.91 SP5 client

thanks for any suggestions.

I've been having some problems when recycling some of the zcm services on SLES and was wondering if anyone else has been running into this problem.

Here are the commands that I'm running, in the order that I'm running them.

/etc/init.d/novell-zenmntr stop
/etc/init.d/novell-zenloader stop
/etc/init.d/novell-zenserver stop
/etc/init.d/sybase-asa stop
/etc/init.d/sybase-asa start
/etc/init.d/novell-zenserver start
/etc/init.d/novell-zenloader start
/etc/init.d/novell-zenmntr start

The problem that I'm having is that the Sybase database doesn't seem to start. I don't get any errors when running the start command but if I do a '/etc/init.d/sybase-asa status' I get an unused status back and I can't log into ZCC. The weird thing is that if I completely recycle (init 6) the server everything comes up normally, including the database.

All this server does is run a vanilla install of ZCM 10.2 with the internal Sybase database.

Any suggestions?

I have a batch file to update a registry key under HKCU. I create a directive bundle and the action is set to "Launch Windows Executable" and I point the command to the batch file. In the Launch Options, it is set as Run Once-for each user that logs in.

It ran once for the first time and did not run when a different user login. I wonder what is the best way to troubleshoot if the bundle launches under different windows login.

Thanks in advance.

Wilson

ZCM 10 SP2. In the bundle action, I added "registry edit" and I imported the registry file that I want the bundle to add the keys and the registry operation is set up as "Create Always". However, the registry key won't get added to the device (ensure I have incremented the bundle version and ensured the ZCM agent has the correct bundle version). However, if I add the action as Windows Executable and points to a batch file that has one line:

call regedit.exe /s "M:\registry keys\Setting.reg"

the registry keys are updated.

I wonder how can I troubleshoot the issue? Worse case, I can use the batch file to update the registry but I think it would be good to use the ZCM registry option.

Thanks in advance.

Wilson

We are needing to use an internal DNS server to point to a internal webserver. However, the website also accessible from outside throught Port Forwarding. The external DNS servers point to our public IP address and everything works from outside. However, when we are behind our firewall it doesn't allow us to communicate with the webserver through our external IP address. I believe this is called loopback NAT (or something like that).

Anyways, we need to be able to point a subdomain x.mydomain.com internally. Anybody have any idea how to do this? If I setup mydomain.com as master and add an entry for X then it works... but I can no longer connect to any other subdomains of mydomain.com. Is there a way to specify an A record for just ONE thing and forward everything else?

Thanks,

Craig

I'm on my last iChain to NAM upgrade.

The ichain setup had 3 accelerators on it.

One was regular domain based multihoming (with a few items having Secure Exchange in them).

One was a "parent" accelerator with 3-5 path-based children

One was an http (not https) accelerator.


With NAM, I know I will need at least two IP for my proxies.

One proxy will be for HTTP (non SSL as we had that discussion in this forum that you couldn't have one IP do both http and https).

the other proxy would be for the other stuff.

However, I'm not sure if I can mix proxies.

The reason I had to separate them out in iChain was that I couldn't do this (have the parent contain both domain and path based)

So my path based ones can only do SSL.

I THINK I can do this in NAM, but not sure.

Greetings,

I am new to Novell SSO and new to this group, but I have many years
programming experience.

I have to write a login script for a web application that requests
random characters from the users password. For example, it may say
"Please enter the second, fifth and last letters of your password".
There are then 3 input boxes: one for each of the three characters.

I can easily convert words like second, third, ninth etc to 2, 3, and
9. But I have two problem:

1 - I am using RegSplit to get the number_words from the string - but
am having difficulty with the first one because it has a comma
appended (ie, "second," as in the example above). Does anyone have any
advice how to do that?

2 - I have the users password stored as a string, but don't find any
subtring functions in SSO - I need to extract the 2nd, 3rd, and 9th
(to use the previous example - obviously this changes every time) from
the stored password so that they can be presented to the input box.
Any advice on that one would be great too!

Many thanks,

Simon Knights.
[We are using Novell SSO v6.1, if that makes any difference]

We use LDAP contextless login in our environment, and for the most part it has been rock steady. We had an issue today though where one our LDAP servers wasn't working...but just the LDAP piece. Other services on that server weren't affected, and we could communicate with it just fine. Clients trying to query for LDAP searches were given a search timeout error. We list three servers in the 'servers' field on the client settings. If we moved one of the other servers up to be first on the list they could login. If we moved the malfunction server back to the top they got the timeout again.

My question is... whats the point of multiple servers if it doesn't query the other servers if the first one times out? Does it only use the secondary servers if it can't ping the first one?

thanks for any suggestions.

Ok. So basically I have been testing ZenWorks ZCM 10.2.0 for the past few months and I am really getting no where with the product. I like the overall idea and concepts of ZCM, but I cannot seem to get things to work the way I want.

I didn't know where to start so I figured I would post it here under "Agent Deployment" since it began with "A". Here is the list of problems I am running into.

1) I was able to get 2 Workstations to register with the (standard network install agent). I was not able to get 1 workstation registered using a custom-deployment installer.

2) When I change the Computer name, I cannot get the object to re-register.

3) I cannot get any other workstations to register after imaging. I setup a base image with the full-agent installed. Then using SYSPREP, I "packaged" the workstation, creating new SIDS, before I created the image. I then bring the image back down to a new workstation and cannot seem to get the workstation to register to the Zone. I have tried the zenworks-registration.war fix to no avail. This process works fine with Zenworks 7, why did they have to break it!???!!?

4) I attempted to update to 10.2.1 and the update was supposedly "successful" but the properties of the Zen server still reports running ZCM 10.2.0.0.

5) I am running into the same problem mentioned in other thread, http://forums.novell.com/novell-prod...in-issues.html, about the second ZenWorks Login window. For some reason this works OK on 2 of 4 installs.

6) Trying to uninstall the Zen 10 agent is horrible and as mentioned before, should not be this difficult. Why do I need to reinstall the Novell Client.

After reading all the work arounds, this really does not seem ready for deployment. ZCM is supposed to be a "Zero" effort management tool, as stated in their documents. http://www.novell.com/documentation/...loyment_bp.pdf

Any help or guidance on how to properly use Zen 10 registration, imaging, and deployment would be great. Thank you all for your time and allow me to rant.