Novell Home

More eDirectory 8.x Upgrade Tips

Novell Cool Solutions: Feature
By Niclas Ekstedt

Digg This - Slashdot This

Posted: 31 Mar 2003
 

Question: We have downloaded eDirectory 8.7, but have seen 8.6.2 and SP3 on the downloads page. The docs for eDirectory 8.7 indicate that the schema gets updated from a version of DSREPAIR that is included with eDirectory. What are your recommendations?

Answer: The procedure below is what I've used when upgrading to eDir 8.6.2, it should also work well for upgrading to eDir 8.7, with the appropriate changes of course. SP5 doesn't contain all the recommended patches. You're best advised to make sure that you have the recommended versions installed before upgrading to eDir 8.7; that will save you from a lot of problems.

The DSREPAIR version in eDirectory 8.7 should take care of the schema modifications for you. Just make sure that the schema are correct in regards to the creatorsName and modifiersName attributes. Also make sure that you've run the Post NetWare 5x and Optional Schema enhancements.

I also recommend that you also make the server being the CA, the master of root, and upgrade this server first. When this is done you can upgrade the other one and then move the master replica of root back to the original server.

1. PRE-UPGRADE

1.1 Pre-Requisites

eDirectory has the following minimum Synchronization Compatibility requirements:

NetWare versions
4.11 or 4.2 SP8a/DS 6.09
5 SP5/DS 7.47
5 SP5/DS 8.51
5.1 SP2a/DS 7.47/8.78/85.23

Novell recommends at least SP9/DS 6.14 for 4.x and SP3/WSOCK4f for 5.x.

-Certificate Server 2.0
-NICI 1.5.4

Novell recommends at least Certificate Server 2.2.3 and NICI 1.5.7. The NICI patch can be downloaded from support.novell.com. Certificate Server 2.2.3 is included in eDirectory 8.6.2, but can't be installed separately.

Some reports state that Certificate Server 2.0.3 is sufficient. The Certificate Server only needs to be installed on the Certificate Authority Server.

-JAVA 1.2.2.

JVM 1.2.2 can be downloaded from download.novell.com. The installation is workstation based.
After updating the JAVA, be sure to execute STARTX.NCF to reconfigure the GUI.

-PREEDIRF.EXE

DSREPAIR.NLMs need to be at the following minimum version level:
DS 6.x - DSREPAIR 4.72B
DS 7.x - DSREPAIR 5.28B
DS 8.X/85.XX - DSREPAIR 85.12B

Special Note:
These files are also in the 8.6.2 upgrade under PATCHES. You need to copy the appropriate DSREPAIR.NLM to all your servers to preserve the SCHEMA. If you have DSREPAIR versions lower than these versions, and run a local repair with Rebuild Operational Schema, you will corrupt that servers SCHEMA and possible corrupt DS.

-Memory

Make sure the server is not low on memory. Because of the new caching feature implemented in eDirectory, DS may consume more memory than earlier versions.

-JetDirect

Check your HP printers. JetDirect firmware should be at 8.04 or greater.
Refer to the following for more info: HP Jetdirect Print Servers - Novell NetWare and 80, 81, 82, 83, or 86 Service Errors

1.2 Schema Checks

-Schema Synchronization

From Master of [ROOT] issue the following:
    SET DSTRACE=ON
    SET DSTRACE=NODEBUG
    SET DSTRACE=+SCHEMA
    SET DSTRACE=*SSD
    SET DSTRACE=*SSL
    SET DSTRACE=*SSA

Switch over to DSTRACE Screen and verify the you have an ALL Processed
=
Yes

-CreatorsName & ModifiersName Attributes

Check with Schema Manager if these attributes exist, they both must have their Attribute Syntax set to Case Ignore String. If not, you need to run a repair from PREEDIRF. The repair needs to be run with the following parameters:

LOAD DSREPAIR -A0 -RD

-Post NetWare 5 Schema Update and Optional Schema Enhancements

From Master of [ROOT] issue the following:
DSREPAIR -A | ADVANCED OPTIONS MENU | GLOBAL SCHEMA OPERATIONS

From there you will select:
Post NetWare 5 Schema Enhancements
Optional Schema Enhancements

-Schema Synchronization after extension

From Master of [ROOT] issue the following:
    SET DSTRACE=ON
    SET DSTRACE=NODEBUG
    SET DSTRACE=+SCHEMA
    SET DSTRACE=*SSD
    SET DSTRACE=*SSL
    SET DSTRACE=*SSA

Switch over to DSTRACE Screen and verify the you have an ALL Processed
=
Yes.

-NDS Health Check

Perform an NDS Health Check as per TID 10060600. Make sure everything is healthy.

1.3 Backups!

On every server you are upgrading to eDirectory, get a backup of the directory services and trustees:
Run DSREPAIR -RC

Copy the "DIB" files off the server. The DIB will be the following:
DS 7.x SYS:SYSTEM\DSREPAIR.DIB
DS 8.X SYS:SYSTEM\DSR_DIB\00000000.$DU (If your DIB is over 100MB on DS 8, the files will increment ie..00000001.$DU. Get all files!)

Run TRUSTBAR on every server's volume and copy the files off the server.
The file will be stored in the root of each volume, called TRUSTEES.XML.

1.4 Workstation Downloads

For proper management of eDirectory 8.6.2 you will need to download the following:
ConsoleOne 1.3.3
Client NICI 1.5.7 (If you have 1.5.7 on your server.
Snapins
eDirectory 8.6.2
Novell Certificate Server 2.21

1.5 PKIDIAG

The PKIDIAG.NLM utility is designed to fix all of the SSL and SAS objects. If a server has been renamed or moved it will rename or move the related objects so that they conform to the correct naming and containment schemes. If any of the required objects do not exist, it will create them. If any of the objects don't have the necessary rights, PKI will give those rights. If any of the objects are not linked, then PKIDIAG will link them. If either the SSL CertificateIP or the SSL CertificateDNS do not exist, have incorrect names, or are out of date (or close to out of date), PKIDIAG will fix them.

Although not mandatory, running PKIDIAG on your server prior to upgrading them to eDirectory is a good idea. It not only tests the validity and links of your SSL objects (SSL CertificateIP and SSL CertificateDNS), it also confirms that the HOSTS and HOSTNAME files are in order. If PKIDIAG reports errors when run, you should verify that your SYS:\ETC\HOSTS and SYS:\ETC\HOSTNAME files are correct. If you still have problems then you should check the entry in DNS. If you don't have PKIDIAG.NLM, contact a Novell Support Representative.

2. UPGRADE

Download eDirectory 8.6.2 from download.novell.com The NetWare file is edir_862_full_nw.exe and is about 96MB.

When upgrading to eDirectory, start with the server holding the Master of [Root]. Then work your way through the replica rings down the tree. If installing remotely, you may want to redirect the GUI, check out the following tip for info on how to redirect the GUI: Redirecting the NetWare 5 GUI - Feb. 18, 2002.

(Conditional but recommended) In the AUTOEXEC.NCF file, comment out the lines that load NWCONFIG.NLM, virus scanners, database applications such as Sybase* or Oracle*, backup applications, and other programs that rely on files being continually open and volumes being mounted. During eDirectory installation, the software must dismount volumes so that trustee assignments can be migrated. Be aware that virus scanners and other programs might be embedded inside other products, for example, ZENworks, ManageWise, and BorderManager.

Restart the server and verify that the programs and applications referred to above are not running.
TIP: If you uncompress the volume you are installing eDirectory on, the install will finish quicker. Check the following TID for tips on speeding up the install "Install of eDirectory 8.6.x is slow on NetWare 5".

If you have an IP-only environment, load IPXSPX.NLM. NWCONFIG.NLM looks to Btrieve* for the product list. Btrieve subsequently requires IPX*. Loading IPXSPX.NLM allows Btrieve to load. When you reboot the server, IPXSPX.NLM does not reload, so you have an IP-only environment again.

Depending on the CPU it could take over an hour for the JVM to copy all of the files included with the eDirectory upgrade. Fortunately, there is a way to dramatically increase the speed. The answer is in changing the server's SET DIRTY DISK CACHE DELAY TIME=0.1. This can be done before or during the install. This change should only be made during the install. (After the install is done be sure to return the Dirty Disk Cache Delay Time to the original value. If you forget the original value the default is 3.3 seconds.)

At the server console, load NWCONFIG.NLM.

Select Product Options> Install a Product Not Listed.

Press F3 (F4 if you're using RCONSOLE) > enter the path to the eDirectory files under the NW directory, for example, SYS:\NW. Follow on screen prompts concerning license agreements, the readme file, and tips. After files are copied, the server automatically restarts and begins to install components for ConsoleOne and Novell Certificate Server.

Enter the administrator's login name (for example, Admin.VMP).
IMPORTANT: This window might close before you enter this information.
If it does, toggle (Alt+Esc) to the screen and enter the information.
Otherwise, the installation will not be complete.

Follow the online instructions concerning the Certificate Server, LDAP, languages, components, and products to install.

When the installation is almost complete, you will see an error message 1,442 when the install is trying to create the W0 object. This error is benign. The script of the installation is setup to create a W0 object, but does not check to see if the object already exists, thus the error. A defect is entered with engineering and should be resolved shortly.

When the installation is completed, you will see a message to remove all disk's and CDs and allow you to select YES to restart the server. At this time, restore the lines that you commented out in AUTOEXEC.NCF and change back the SET DIRTY DISK CACHE DELAY TIME parameter to the original value. If you forgot the original value the default is 3.3 seconds.

Restart the server by clicking Yes. Repeat this procedure for each NetWare server you want to upgrade to eDirectory 8.6 for NetWare.

Special Note: Lost Trustee Assignments on NFS Gateway Volumes.

eDirectory installation process does not upgrade trustee assignments on NFS Gateway volumes. If you are hosting NFS Gateway volumes on a server upgraded to eDirectory, those trustee assignments are mapped to non-existent trustees. To delete the inaccurate trustee assignments, complete the following steps:

On the server, load UNICON > authenticate to eDirectory.
Select Start/Stop Services > NFS Gateway Server > Del.

From a workstation, log in to the server > delete the file SYS:\NFSGW\SFSxxxx.DAT.
At the server, load UNICON again > authenticate to eDirectory.
Select Start/Stop Services > NFS Gateway Server.
You will need to manually create new trustee assignments for eDirectory objects to any NFS Gateway volumes.

3. POST UPGRADE

3.1 Post Upgrade Check

-NDS Health Check

Perform an NDS Health Check as per TID 10060600. Make sure everything is healthy.

-Trustees

Verify trustees. If needed restore trustees from the files created with TRUSTBAR in step 1.3

3.2 Post Upgrade Patches

-Download eDirectory 8.6.2 SP3

The NetWare file is edir862SP3.exe and is about 7 MB.
Be sure to read the readme file about SETPARM.NLM in order to speed up the installation.

-NDS Health Check

Perform an NDS Health Check as per TID 10060600. Make sure everything is healthy.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell