Novell Home

Notes From the Field: eDirectory 8.6.2 Upgrade

Novell Cool Solutions: Feature
By Brett Ratliff

Digg This - Slashdot This

Posted: 22 Apr 2002
 

There's nothing like a little hands-on experience. Brett Ratliff has been through a handful of eDirectory 8.6.2 upgrades and he's sharing his CliffsNotes here.

This document outlines specific tasks to upgrade existing NetWare 5.x with DS 7.x, DS 8.x or eDirectory 85.xx to eDirectory 8.6.2.

  1. PRE-UPGRADE

  2. UPGRADE

  3. POST-UPGRADE

  4. POSSIBLE ERRORS

  5. ADDITIONAL INFO

1. PRE-UPGRADE

1.1 PRE-REQUISITIES

eDirectory has the following minimum Synchronization Compatibility requirements:

  • NetWare versions:

    4.11 or 4.2 SP8a/DS 6.09
    5 SP5/DS 7.47
    5 SP5/DS 8.51
    5.1 SP2a/DS 7.47/8.78/85.23

    Novell recommends SP9/DS 6.13 for 4.x and SP3/WSOCK4f for 5.x.

  • Certificate Server 2.0.
  • NICI 1.5.4.

    Novell recommends Certificate Server 2.2.3 and NICI 1.5.7. Both can be downloaded from download.novell.com. The Certificate Server only needs to be installed on the Certificate Authority Server.

  • Java 1.2.2.

    JVM 1.2.2 can be downloaded from download.novell.com. The installation is workstation based.

  • PREEDIRE.EXE from SUPPORT.NOVELL.COM. DSREPAIR.NLMs need to be at the following minimum version level:
    • DS 6.x DSREPAIR 4.72B
    • DS 7.x DSREPAIR 5.28B
    • DS 8.X/85.XX DSREPAIR 85.12B
    Special Note:
    These files are also in the 8.6.2 upgrade under PATCHES. You need to copy the appropriate DSREPAIR.NLM to all your servers to preserve the SCHEMA. If you have DSREPAIR versions lower than these versions, and run a local repair with Rebuild Operational Schema, you will corrupt that servers SCHEMA and possible corrupt DS.

1.2 SCHEMA CHECKS

  1. SCHEMA Synchronization

    From Master [ROOT] issue the following:

     SET DSTRACE=ON
     SET DSTRACE=NODEBUG
     SET DSTRACE=+SCHEMA
     SET TTF=ON
     SET DSTRACE=*R
     SET DSTRACE=*SSD
     SET DSTRACE=*SSL
     SET DSTRACE=*SSA
    

    Switch over to DSTRACE Screen and verify the you have an ALL Processes = Yes

    Once the SCHEMA SYNC is complete, issue the following at the console:

      SET TTF=OFF
  2. CreatorsName & ModifiersName Attributes

    If these attributes exist, they both must have their Attribute Syntax set to Case Ignore String. If not, you need to run a repair from PREEDIRE. The repair needs to be run with the following parameters:

    LOAD DSREPAIR -A0 -RD
  3. Post NetWare 5 Schema Update

    From Master [ROOT]

    DSREPAIR -A | ADVANCED OPTIONS MENU | GLOBAL SCHEMA OPERATIONS 

    From there you will select:

    POST NETWARE 5 SCHEMA ENHANCEMENTS
  4. Optional Schema Enhancements

    From Master [ROOT]

    DSREPAIR -A | ADVANCED OPTIONS MENU | GLOBAL SCHEMA OPERATIONS 

    From there select:

    OPTIONAL SCHEMA ENHANCEMENTS
  5. Schema Synchronization after extension

    From Master [ROOT] issue the following:

     SET DSTRACE=ON
     SET DSTRACE=NODEBUG
     SET DSTRACE=+SCHEMA
     SET TTF=ON
     SET DSTRACE=*R
     SET DSTRACE=*SSD
     SET DSTRACE=*SSL
     SET DSTRACE=*SSA
    

    Switch over to DSTRACE Screen and verify the you have an ALL Processes = Yes.

    Once the SCHEMA SYNC is complete, issue the following at the console:

    SET TTF=OFF

1.3 BACKUPS!

On every server you are upgrading to eDirectory, get a backup of the directory services and trustees.

Run DSREPAIR -RC

Copy the "DIB" files off the server. The DIB will be the following:

DS 7.x SYS:SYSTEM\DSREPAIR.DIB
DS 8.X SYS:SYSTEM\DSR_DIB\00000000.$DU

(If your DIB is over 100MB on DS 8, the files will increment ie..00000001.$DU. Get all files!)

Run TRUSTBAR on every server's volume and copy the files off the server. The file will be stored in the root of each volume, called TRUSTEES.XML.

1.4 WORKSTATION DOWNLOADS

For proper management of eDirectory 8.6.2 you will need to download the following:

  • ConsoleOne 1.3.3
  • Client NICI 1.5.7 (If you have 1.5.7 on your server.)
  • Snapins
  • eDirectory 8.6.2
  • Novell Certificate Server 2.21

1.5 PKIDIAG

The PKIDIAG.NLM utility is designed to fix all of the SSL and SAS objects. If a server has been renamed or moved it will rename or move the related objects so that they conform to the correct naming and containment schemes. If any of the required objects do not exist, it will create them. If any of the objects don't have the necessary rights, PKI will give those rights. If any of the objects are not linked, then PKIDIAG will link them. If either the SSL CertificateIP or the SSL CertificateDNS do not exist, have incorrect names, or are out of date (or close to out of date), PKIDIAG will fix them.

Although not mandatory, running PKIDIAG on your server prior to upgrading them to eDirectory is a good idea. It not only tests the validity and links of your SSL objects (SSL CertificateIP and SSL CertificateDNS), it also confirms that the HOSTS and HOSTNAME files are in order. If PKIDIAG reports errors when run, you should verify that your SYS:\ETC\HOSTS and SYS:\ETC\HOSTNAME files are correct. If you still have problems then you should check the entry in DNS. If you don't have PKIDIAG.NLM, contact a Novell Support Representative.

2. UPGRADE

Download eDirectory from download.novell.com/index.jsp. The NetWare file is edir_862_full_nw.exe and is about 96MB.

If you are upgrading eDirectory, do the following:

  1. (Conditional but recommended) In the AUTOEXEC.NCF file, comment out the lines that load virus scanners, database applications such as Sybase* or Oracle*, backup applications, and other programs that rely on files being continually open and volumes being mounted. During eDirectory installation, the software must dismount volumes so that trustee assignments can be migrated. Be aware that virus scanners and other programs might be embedded inside other products, for example, ZENworks, ManageWise, and BorderManager.

  2. Restart the server and verify that the programs and applications referred to in Step a are not running. TIP: If you uncompress the volume you are installing eDirectory on, the install will finish quicker.

  3. If you have an IP-only environment, load IPXSPX.NLM. NWCONFIG.NLM looks to Btrieve* for the product list. Btrieve subsequently requires IPX?. Loading IPXSPX.NLM allows Btrieve to load. When you reboot the server, IPXSPX.NLM does not reload, so you have an IP-only environment again.

  4. At the server console, load NWCONFIG.NLM.

  5. Select Product Options > Install a Product Not Listed.

  6. Press F3 (F4 if you're using RCONSOLE) > enter the path to the eDirectory files under the NW directory, for example, SYS:\NW. Follow on screen prompts concerning license agreements, the readme file, and tips. After files are copied, the server automatically restarts and begins toinstall components for ConsoleOne and Novell Certificate Server.

  7. Enter the administrator's login name (for example, Admin.VMP). IMPORTANT: This window might close before you enter this information. If it does, toggle (Alt+Esc) to the screen and enter the information. Otherwise, the installation will not be complete.

  8. Follow the online instructions concerning the Certificate Server, LDAP, languages, components, and products to install.

  9. When the installation is almost complete, you will see an error message 1,442 when the install is trying to create the W0 object. This error is benign. The script of the installation is setup to create a W0 object, but does not check to see if the object already exists, thus the error. A defect is entered with engineering and should be resolved shortly.

  10. When the installation is completed, you will see a message to remove all disk's and CDs and allow you to select YES to restart the server. At this time, restore the lines that you commented out in Step a. Restart the server by clicking Yes.

    Repeat this procedure for each NetWare server you want to upgrade to eDirectory 8.6 for NetWare.

Special Note: Lost Trustee Assignments on NFS Gateway Volumes

eDirectory installation process does not upgrade trustee assignments on NFS Gateway volumes. If you are hosting NFS Gateway volumes on a server upgraded to eDirectory, those trustee assignments are mapped to non-existent trustees. To delete the inaccurate trustee assignments, complete the following steps:

  1. On the server, load UNICON > authenticate to eDirectory.
  2. Select Start/Stop Services > NFS Gateway Server > Del.
  3. From a workstation, log in to the server > delete the file SYS:\NFSGW\SFSxxxx.DAT.
  4. At the server, load UNICON again > authenticate to eDirectory.
  5. Select Start/Stop Services > NFS Gateway Server.

You will need to manually create new trustee assignments for eDirectory objects to any NFS Gateway volumes.

3. POST UPGRADE

3.1 SCHEMA VERIFICATION

Once eDirectory is installed at the [root] we need to verify the extended SCHEMA was pushed out. From Master [ROOT] issue the following:

SET DSTRACE=ON
SET DSTRACE=NODEBUG
SET DSTRACE=+SCHEMA
SET TTF=ON
SET DSTRACE=*R
SET DSTRACE=*SSD
SET DSTRACE=*SSL
SET DSTRACE=*SSA

Switch over to DSTRACE Screen and verify the you have an ALL Processes = Yes

Once the SCHEMA SYNC is complete, issue the following at the console:

SET TTF=OFF

3.2 BACKLINKS

The upgrade has to modify every backlink on the local database. After the installation, issue a SET DSTRACE=*B on all servers you upgraded to eDirectory.

3.3 REPLICA SYNCHRONIZATION

Once the upgrade is complete, verify replica synchronization from the Master [root].

4. POSSIBLE ERRORS

4.1 Error -649 During Synchronization

You need to apply the field-test file, SLP107F, for SLP to eliminate any -649 errors. Apply it to all servers running eDirectory 8.6.2 and hosting a Directory Agent for SLP.

4.2 "0" Local Errors

"0" local errors report in Report synchronization status on NDS 6.xx, NDS 7.xx, NDS 8.xx or NDS 85.xx to a NDS 8.6 (10110.20) or greater. This is a cosmetic error and has been resolved in the following DSREPAIR versions:

	NDS 6.xx - DSREPAIR 4.72b or greater
	NDS 7.xx - DSREPAIR 5.28b or greater
	NDS 8.xx/85.xx DSREPAIR 85.12a or greater

Just run repair on the servers with these versions.

5. Additional Info

5.1 VERSION NUMBER FORMAT

The version numbering has changed with eDirectory. The following is an example of the build string found on an eDirectory component:

Example: 10110.20 

This new format (RRRsb.bb) is strictly a build format to keep track of each build as it is released. The number is composed of a release number (RRR), a release source (s), and a build number (b.bb). The current build numbers and their common names are given below:

v7.57    - NetWare 5.1 SP4
v8.79	 - NetWare 5.1 SP4
v8       - eDirectory 8 (NetWare 5.0, Windows NT, Windows 2000)
v8.38    - eDirectory 8 (Solaris)
85.23	 - eDirectory 8.5.x (NetWare 5.x, Windows, Solaris, Linux)
10110.20 - Shipping DS version with NetWare 6 (eDirectory 8.6)
10210.43 - eDirectory 8.6.1
10310.17 - NetWare 6 SP1
10320.04 - NetWare 6 SP2
103xb.bb - cross-platform eDirectory 8.6.2
104xb.bb - upcoming eDirectory 8.7

5.2 NDS 8.xx/85.xx for NT/2000 DSREPAIR 85.12 or greater

These new DSREPAIRs are available via PreedirE.exe or greater.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell