11.0 Backup and Restore (010)

Backup and restore are invoked by script files:

defbkparm.sh: Created by install. This has the default values for the scripts.
getparams.sh: Prompts administrator for information needed to do the backup or restore operation.
ambkup.sh: Script to run to perform a backup.
amrestore.sh: Script to run to perform a restore.

Other programs used by backup and restore:

ICE: This is the Novell eDirectory utility to import and export LDIF file in and out of eDirectory.
ldifReverse: This is a program that reverses the order of the records in the LDIF file exported from eDirectory. Reversing the order of records allows the LDIF file to be imported without errors.
certtool.jar: This is a eDirectory certificate utility that backs up and restores the CA key, server keys, and trusted roots to a zip file.

Component 010

Subgroup 01: Backup
Subgroup 02: Restore
Subgroup 03: certtool (certificate backup and restore)

Messages are logged to the ambkup.log file.

Event Code	Description	Remedy
	Backup
201001001	Backup failed to export data from the configuration store.	Cause: The ICE utility failed to export directory information to an LDIF file. Action: Make sure that ICE is in the proper location (Linux: /opt/novell/eDirectory/bin). Action: Make sure that the host IP address, port, administrator, password are all correct. Action: Make sure the back up file is writable
201001002	Backup failed to format data for a successful restore.	Cause: The ldifReverse utility failed to sort the LDIF records. Action: Make sure that ldifReverse is in the proper location (Same directory as backup command). Action: Make sure the back up file is writable Action: Check for the backup file you specified with "_pre" appended to the file name. If the file exists, run the following command: ldifReverse bkupfile_pre bkupfile Replace bkupfile with the filename you specified for the backup file. It should create bkupfile which is the desired back up file.
201001003	Backup failed to export certificates to the backup zip file.	Cause: The certtool utility failed to export the certificates to a zip file. Action: Make sure that certtool.jar is in the proper location (Same directory as backup command). Action: Make sure the back up file is writable. Action: Manually export the certificates to a zip file: java -Djava.library.path=/opt/novell/lib -jar certtool.jar -edirTree your_tree -edirIP 000.000.000.000 -edirServer cn=!ServerName.0=novell -edirUser cn=admin.o=novell -edirPwd secret -bkup -file ServerName _20060828_0930.zip -pwd certsecret -trcontainer trustedRoots.access ManagerContainer.novell -caName "your_tree CA"
	Restore
201002001	Backup file does not exist.	Cause: The backup file does not exist. The name of the backup file specified in answer to the prompt should not include the final the .ldif or .zip extension. Action: Specify the correct name of the back up file.
201002002	Backup file does not appear to be valid.	Cause: An simple analysis of the backup file indicates that the LDIF file specified backup file (with .ldif appended to the name) is not a valid backup file. Action: Make sure to specify a backup file that was created by the Access Manager Backup utility.
201002003	Restore failed to access the configuration store.	Cause: The ICE utility failed to access the eDirectory configuration store. Action: Make sure that ICE is in the proper location (Linux: /opt/novell/eDirectory/bin). Make sure that the host IP address, port, administrator, password are all correct.
201002004	Restore failed to format the current configuration store data.	Cause: Restore was not able to save a current copy of the configuration store. A current copy of the config store is saved before the import in case the import fails. Action: Make sure that ldifReverse is in the proper location (Same directory as backup command).
201002005	Restore failed to prepare the configuration store for data import.	Cause: ICE failed. Unknown reason because it has previously been invoked successfully in the restore script.
201002006	Restore failed to prepare the configuration store for data import.	Cause: ICE failed. Unknown reason because it has previously been invoked successfully in the restore script.
101002007	Restore failed to restore the backup data.	Cause: ICE failed. Unknown reason because it has previously been invoked successfully in the restore script. Action: Check the configuration store for the following container: ou=accessManagerContainer,o=novell If it is not there, locate the recover.ldif file. It should be in the directory where you ran the restore command. Run ICE to recover the configuration store to the state it was in before you attempted the restore. Enter the following command: /opt/novell/eDirectory/bin/ice -SLDIF -f recover.ldif -C -n -DLDAP -sxxx.xxx.xxx.xxx -p636 -k -dcn=admin, o=novell -wadmin_password -F
101002008	Failed to restore certificate from backup file.	Cause: The java program restores the certificate failed. The java program is certtool.jar which provides command line access to various eDirectory certificate functions. Action: See the log file (ambkup.log) for more specific details. The log file contains a listing of relevant parameters with each error message. Assuming the back up from which you are trying to restore was successful, failure to restore is probably an incorrectly supplied parameter. Enter the following command: JAVA -classpath vcdnbkup.jar:cert tool.jar com.novell.nids.bkuputil. Util -userid cn=admin,o=novell -pwd secret -vcdnUser
101002009	Failed to reconfigure VCDN user objects.	Cause: The VCDN user objects were not restored with their passwords. Device Manager will not start up until the passwords have been properly set. Action: This is accompanied with an error x01004xxx. Please refer to that error.
	certtool utility
201003002	IP address is missing.	Cause: The certtool.jar was launched without the -edirIP option. A script file might have been incorrectly modified. Action: Make sure the -edirIP option is specified in the script when it launches the certtool utility.
201003005	eDirectory user id missing.	Cause: The certtool.jar was launched without the -eDirUser option. A script file might have been incorrectly modified. Action: Make sure the -edirUser cn=admin.o=novell option is specified in the script when it launches the certtool utility.
201003006	eDirectory user password missing.	Cause: The certtool.jar was launched without the -edirPwd option. A script file may have been incorrectly modified. Action: Make sure the -edirPwd option is specified in the script when it launches the certtool utility.
201003009	File name missing.	Cause: The certtool.jar was launched without the -file (name of backup file) option. A script file may have been incorrectly modified. Action: Make sure the -file option is specified in the script when it launches the certtool utility.
201003011	Encryption password missing.	Cause: The certtool.jar was launched without the -pwd option. A script file may have been incorrectly modified. Action: Make sure the -pwd option is specified in the script when it launches the certtool utility.
201003013	Name of trusted root container missing.	Cause: The certtool.jar was launched without the -trContainer (trusted root container) option. A script file may have been incorrectly modified. Action: Make sure the -trcontainer option is specified in the script when it launches the certtool utility.
201003040	Failed to open backup file for writing.	Cause: Backup was unable to create or access the backup file in which to save certificate information. Action: Ensure that user running backup sufficient rights.
201003041	Failed to retrieve certificate names from eDirectory.	Cause: A PKI or eDirectory error. Action: This error will be accompanied by an error string.
201003042	Failed to retrieve certificate xxxx from eDirectory.	Cause: The certtool failed to retrieve the certificate identified in the error. Problems have been seen trying to export certificate with pending CSRs. Action: This error will be accompanied by an error string.
201003043	Failed to write certificate xxxx to backup file.	Cause: The certificate identified in the error message did not get saved to the backup file. Action: An exception string included in the message my provide additional information.
301003044	Error closing backup.	Cause: Likely will not cause a problem. Action: Try extracting the contents of the zip file created by backup to verify the integrity of the zip file.
201003045	Failed to write trusted root xxxx to backup file.	Cause: The trusted root identified in error messages did not get saved to the backup file. Action: An exception string included in the message might provide additional information.
201003046	Failed to retrieve trusted root xxxx from eDirectory.	Cause: The certtool failed to retrieve the trusted root identified in the error. Likely a PKI or eDirectory error. Action: This error will be accompanied by an error string.
201003048	Not all items were backed up.	Cause: See accompanying errors. Action: Refer to previous error messages to identify which certificates or trusted roots were not backed up.
201003049	Failed to retrieve the CA xxxx from eDirectory. Likely a PKI or eDirectory error.	Cause: The certtool failed to retrieve the CA key identified in the error. Action: This error will be accompanied by an error string.
201003050	Failed to write CA key xxxx to backup file.	Cause: The CA key identified in the error did not get written to the backup file. Action: An exception string included in the message my provide additional information.
201003051	Failed to open backup file for reading.	Action: Make sure the backup file exists. Do not include .ldif or .zip in the name of the back up file. Action: Make sure the user logged in has sufficient rights to access the file.
201003052	Not all items were restored.	Cause: See accompanying errors. Action: Refer to previous error messages to identify which certificates or trusted roots were not backed up.
301003053	Error closing backup.	Action: This error occurred after all restore operations had completed. Should not cause any problem.
201003056	Error importing CA key: xxxx	Action: The CA key was not restored. See the accompanying Error for more information. Likely a PKI error. Action: Make sure the password you provided matches the encryption password used when backing up the data.
201003057	Error importing key: xxxx	Cause: The CA key was not restored. See the accompanying Error for more information. Likely a PKI error. Action: Make sure the password you provided matches the encryption password used when backing up the data.
201003058	Error importing trusted root: xxxx	Cause: The trusted root was not restored. See the accompanying Error for more information. Likely a PKI error.
	VCDN configuration
201004001	Failed to configure VCDN objects for data store access.	The VCDN user objects were not restored with their passwords. Device Manager will not start up until the passwords have been properly set. Cause: The vcdnbkup.jar utility failed to reset passwords for VCDN objects. This causes errors starting up device manager. Action: Make sure /opt/volera/roma/conf/vcdn.conf file is present and has the correct information. To fix enter the following command in the /opt/novell/devman/bin directory: java -jar vcdnbkup.jar -userid cn=admin,o=novell -pwd admin_password -vcdnUser
201004002	Application Error.	The VCDN user objects were not restored with their passwords. Device Manager will not start up until the passwords have been properly set. Accompanied by a stack trace with more information. Cause: vcdnbkup.jar utility failed to reset passwords for VCDN objects. This will cause errors starting up device manager. Action: Make sure the information in /opt/volera/roma/conf/vcdn.conf file is correct: Fix the file by running the following command (in /opt/novell/devman/bin): java -jar vcdnbkup.jar -userid cn=admin,o=novell -pwd admin_password -vcdnUser