Environment
Novell Certificate Server
PKIDIAG.NLM Version 2.40.01 May 9, 2002
Situation
- The
PKIDIAG Version 2.40.01 repair process can NOT process any AG
default server certificates
- The repair process
will loop on writing the following error message into the"SYS:\ETC\CERTSERV\REPAIR.LOG" file:
"PROBLEM: The KMO 'IP AG 192\.168\.100\.10 - NW65SERV.NOVELL' does not have the right naming convention.
UNFIXABLE: !!! This utility cannot fix this kind of problem !!!"
Resolution
- Stop PKIDIAG while looping by using the following command at the NetWare server system console: "exec unload pkidiag"
- Use
iManager 2.6 with CertServerPlugins Version 3.201.20061116 instead
of PKIDIAG.
PKIDIAG functionality has been ported over to iManager and will allow you to create all default certificates for mutiple dIrectory servers (all platforms) at the same time if required.
Additional Information
With NetWare 6.5 (and eDir 8.7 SP1) Certificate server will attempt to create certificates for all of the IP and DNS addresses configured on the box (i.e. there could be more certificates than you are currently seeing based on the number of addresses configured for the box). These new certificates will be named DNS AG... and IP AG... where the "..." is either the DNS or the IP address (AG stands for Auto Generated).
COPY OF EXCERPT FROM SYS:\ETC\CERTSERV\REPAIR.LOG
---------------------------------------------------------------------------
NPKIRepair Starting (Check the end of the log for the last repair results)
Current Time: Wed Aug 20 10:22:14 2003
User logged-in as: admin.novell.
Fixing mode
Rename and create mode
Rename and create when necessary
--> Server Name = 'NW65SERV'
---------------------------------------------------------------------------
Step 1 Verifying the Server's link to the
SAS Service Object.
Server 'NW65SERV.NOVELL' points to SAS Service object 'SAS Service
- NW65SERV.NOVELL'
Step 1 succeeded.
Step 2 Verifying the SAS Service
Object
SAS Service object 'SAS Service - NW65SERV.NOVELL' is backlinked
to server 'NW65SERV.NOVELL'.
Step 2 succeeded.
Step 3 Verifying
the links to the KMOs
Reading
the links for SAS Service object 'SAS Service -
NW65SERV.NOVELL'.
--->KMO
IP AG 192\.168\.100\.10 - NW65SERV.NOVELL is linked.
PROBLEM:
The KMO 'IP AG 192\.168\.100\.10 - NW65SERV.NOVELL' does not have
the right naming convention.
UNFIXABLE:
!!! This utility cannot fix this kind of problem !!!
--->KMO
IP AG 192\.168\.100\.10 - NW65SERV.NOVELL is linked.
PROBLEM:
The KMO 'IP AG 192\.168\.100\.10 - NW65SERV.NOVELL' does not have
the right naming convention.
UNFIXABLE:
!!! This utility cannot fix this kind of problem !!!
--->KMO
IP AG 192\.168\.100\.10 - NW65SERV.NOVELL is linked.
PROBLEM:
The KMO 'IP AG 192\.168\.100\.10 - NW65SERV.NOVELL' does not have
the right naming convention.
UNFIXABLE:
!!! This utility cannot fix this kind of problem !!!
.
.
.
--->KMO
IP AG 192\.168\.100\.10 - NW65SERV.NOVELL is linked.
PROBLEM:
The KMO 'IP AG 192\.168\.100\.10 - NW65SERV.NOVELL' does not have
the right naming convention.
UNFIXABLE:
!!! This utility cannot fix this kind of problem !!!
--->KMO
IP AG 192\.168\.100\.10 - NW65SERV.NOVELL is linked.
PROBLEM:
The KMO 'IP AG 192\.168\.100\.10 - NW65SERV.NOVELL' does not have
the right naming convention.
UNFIXABLE:
!!! This utility cannot fix this kind of problem !!!
Formerly known as TID# 10086584