Novell is now a part of Micro Focus

Solving Error -1418: Tree Key Problems

Novell Cool Solutions: Tip

Digg This - Slashdot This

Posted: 9 Sep 2004

Here are some suggestions for dealing with Error -1418 ("Encrypted Data Invalid"). For the complete details, see TID 10071163.

This error occurs when the TreeKey is corrupt, or when there is a mismatch between the various TreeKeys (SYS\SYSTEM\NICI\NICISDI.KEY is the TreeKey) on the servers in the tree.

When a user tries to authenticate to a server, the password might be encrypted by a key that does not match the key to the server being authenticated to. This can happen if keys get corrupted, or more likely, were created incorrectly. Each server should have a file generated based on the same encryption information as all the others (though simply copying the file from one server to another is not appropriate).

Fixing the Problem

To fix the problem, you must determine whether the TreeKey is valid on each server in the tree, beginning with the master server:

  1. Create a private key for a user. If the private key is created successfully, the tree key is not corrupt. However, this does not mean that the tree key is valid, or synchronized with the master server.
  2. Launch ConsoleOne and select a user object.
  3. Click the Security tab and select "Certificates."
  4. Click Create.
  5. Name the certificate.
  6. From the "Server" drop-down list, select the server you are testing.
  7. Select the "Standard" creation method, then click Next.
  8. If a message about No E-mail Address appears, click OK.
  9. Click Finish.

If this process completes without errors, the TreeKey is intact and not corrupt.

Finally, you need to verify that the tree key is the same as the TreeKey on the master server. SDIDIAG is the best utility to use for checking the SDI tree keys in your tree. SDIDIAG can be downloaded from Use TID 10088626 (Using SDIDiag to gather specific SDKey information from servers) in order to check your tree keys. You can also use SDIDIAG to fix tree key synchronization problems. For more information on SDIDIAG and its options, see TID 10086669 (Using SDIDiag - Switches and Options).

Note: If you still get the -1418 error when you try to set a user's Simple Password with NetWare Remote Manager after having checked the SDI keys, or if you're using ConsoleOne version 1.3.6 and the SAS attributes do not show up, see TID 10071163 for suggestions.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates