Novell Home

Health Checks for Legacy Versions of NDS

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 11 Mar 2002
 

The disclaimer:
The information in this document is only for use in trees where all servers are running versions of NDS older than 8.5 (build versions 85.00) If at least one server has had build 8.5 or later installed on it then NDS iMonitor may be used to simplify the checking of health across the entire tree. NDS iMonitor 1.5 is available to customers as a free download from download.novell.com.

Almost since NDS was introduced, there's been a list of procedures for getting your directory service healthy and keeping it that way. As time passes, new and improved processes have been added to this list. If its been a while since you've taken your directory in for a checkup, maybe it's time to review the list.

For complete details and updates regarding this tip, see TID-10012858.

Before you start:
As a general rule, you should perform the following operations once a week for dynamic trees and once a month for static trees. To determine whether you have a dynamic tree or a static tree read the end of this document.

Step 10, Repair local DS database, should be performed after business hours and/or when errors occur during Steps 1-9.

For very large trees and for a large number of partitions, it is still advisable to perform all 10 steps for every server, but for an abbreviated version, perform all 10 steps on the MASTER replica server for each partition, starting with the MASTER replica server for the [Root] partition and work down the tree.

The steps:
  1. DS versions (DSRepair)
    The DS.NLM should be the same version on every NetWare 4.1x and/or NetWare 5.x server in the tree (all DS versions 6.x, 7.x, and 8.x) and should be the latest versions available (all servers in the tree need to be patched with the latest available support packs). Performing a time synchronization check within DSRepair (DSREPAIR.NLM | Time Synchronization) will report the DS.NLM version for each file server in the tree.
    NOTE: CD Towers are exceptions to this requirement.
  2. Time synchronization (DSRepair)
    Time synchronization is critical for Directory Service functions. This operation can be performed from the "Available Options" menu of DSREPAIR.NLM.
  3. Server-to-server synchronization (DSTRACE)
    A server must have a replica to display any Directory Services trace information. From the file server console prompt, type:
    • SET DSTRACE=ON (this activates the trace screen for Directory Services transactions)
    • SET DSTRACE=+S (this makes it so you can see the synchronization)
    • SET DSTRACE=*H (this initiates synchronization between file servers)

    The Directory Services trace screen can be viewed by selecting Directory Services from the list of Current Screens made available by pressing the two keys <ctrl> <esc> simultaneously. If there are not any errors, there will be a line displaying "All processed = YES." This message will be displayed for each partition contained on this server.

    If the information is more than can fit on a single screen, use the following commands:
    • SET TTF=ON (To Trace the Synchronization to a File. SYS\:SYSTEM\DSTRACE.DBG)
    • SET DSTRACE=*R (resets the file to 0 bytes)
    • SET TTF=OFF (once NDS has completed synchronizing all partitions)
    You can then map a drive to your server's SYS:SYSTEM directory and bring the DSTRACE.DBG file up in a text editor. Search for "-6" (this will show any NDS errors during synchronization, such as -625), or "YES" (this will show successful synchronization for a partition).

  4. Replica synchronization (DSRepair)
    A server must have a replica for this operation to display replica synchronization status. DSREPAIR.NLM | Available Options| Report synchronization status.
  5. External references (DSRepair)
    In DSRepair from the "Available Options" menu select "Advanced options menu", then select "Check external references". This option will display external references and obituaries and will show you the states of all servers in the back link list for the obits.
  6. Replica state (DSRepair)
    In DSRepair from the "Available Options" menu select "Advanced options menu", then select "Replica and partition operations", and verify the replica state is ON.
  7. Remote server IDs (DSRepair)
    In DSRepair from the "Available Options" menu select "Advanced options menu", then select "View remote server ID list". Press <:enter> and this should bring up the "Remote Server ID Options" menu; select "Verify all remote server IDs". This option executes authentication from server to server using the remote server's ID. This option verifies this server's ID on the other servers.


  8. Note: For NetWare 5, use DSREPAIR | Advanced options menu | Replica and partition operations | select a partition | Repair selected replica. This will give you the line "OK - authenticated to server" which is the same as the option listed above for NetWare 4.

  9. Replica ring (DSRepair)
    Run DSRepair on the server holding the MASTER replica of each partition and also on one of the servers holding a Read/Write replica to check for replica ring mismatches. From the "Available Options" menu select "Advanced options menu", then select "Replica and partition operations", select "View replica ring", and verify that the servers holding replicas of that partition are correct.
  10. Schema (DSTRACE)
    A server must have a replica to display any Directory Services trace information. From the file server console prompt, type:
    • SET DSTRACE=ON (this activates the trace screen for Directory Services transactions)
    • SET DSTRACE=+SCHEMA (this will display schema information)
    • SET DSTRACE=*SS (this initiates schema synchronization)
    The Directory Services trace screen can be viewed by selecting Directory Services from the list of Current Screens made available by pressing the two keys <ctrl> <esc> simultaneously. Check for the message "SCHEMA: All Processed = YES".

  11. Repair local database (DSRepair)--(Administrators may opt to perform this as an AFTER-HOURS OPERATION).

    Suggested procedure: LOAD DSREPAIR >> Advanced Options Menu >> Repair local DS database >> Accept the defaults on this page.

    This option will lock the Directory Services database. DSREPAIR will display a message stating that authentication cannot occur with this server with Directory Services locked, i.e., users will not be able to login to this server during this operation. For this reason, this operation may need to be performed after business hours.

  12. For disaster recovery, load DSREPAIR -RC.
    This switch will create a database dump file (SYS:\SYSTEM\DSREPAIR.DIB for DS version 6 and 7 and SYS:\SYSTEM\DSR_DIB\00000000.$DU for DS version 8). Assistance from Novell Support staff is required to restore this file.
Note: DSTRACE, if left running, requires server resources. After completion of DSTRACE checks enter the following DSTRACE commands to turn it off:
  • Set DSTRACE=nodebug
  • Set DSTRACE=+min
  • Set DSTRACE=off
Read the following to determine if you have a dynamic or static tree.

Static NDS Tree - A static tree has minimal routine changes.
Examples:
* You make only simple changes, such as adding or deleting user objects.
* You create a partition or add a server every couple of months.

Because you make fewer changes to a static NDS tree, you only perform NDS health checks once a month.

Dynamic NDS Tree - A dynamic tree has frequent non-routine changes. Examples:
* You create a partition or add a server weekly.
* You are in the process of developing the tree.
-For example, if you were upgrading a NetWare 3 or 4 network to a NetWare 5 network, your company would have a dynamic NDS tree during the upgrade process.
* You are undergoing a period of change.
- For example, if your company were reorganizing, selling off part of its business, or merging with another company, you would have to modify the NDS tree.

If your company has a dynamic NDS tree, you should perform an NDS health check once a week. However, as the pace of change decreases and the NDS tree becomes static, you can begin to perform NDS health checks less frequently.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell