Troubleshooting OES2 data migration issues with miggui

  • 7002862
  • 30-Mar-2009
  • 08-Nov-2012

Environment

Novell Open Enterprise Server 2 (OES 2)
Novell Open Enterprise Server (Linux based)

Situation

This TID contains troubleshooting steps for common miggui migration issues.

Resolution


Miggui is a data and service GUI migration utility introduced in OES2 SP1. 

Section 1:  Prerequisites
Section 2:  Supported Services
Section 3:  Source and Target OS support / Supported file systems
Section 4:  Logs
Section 5:  Miggui CLI tools
Section 6:  Authentication issues
Section 7:  Data Migration issues
Section 8:  Service Migration issues
Section 9:  Transfer ID issues


Section 1:  Prerequisites

Review and fix any issues in KB 7001767, "Troubleshooting data migrations with migfiles from NetWare 6.5 to OES 2 Linux":  https://support.microfocus.com/kb/doc.php?id=7001767&sliceId=1&docTypeID=DT_TID_1_1&dialogID=51371089&stateId=0%200%2051369286


Section 2:  Supported Services

The migration tool supports these service migrations:

AFP, CIFS, DHCP, File System, FTP, iFolder, iPrint, NTP, Archive Version, and server Identity Migration.


Section 3:  Source and Target OS support / Supported file systems.

Sources supported:

NetWare: 5.1 SP8, 6.0 SP5,  6.5 SP6 or later
Linux: OES 1, OES 2
Windows: NT, 2000 and 2K3

Target supported:

OES2 SP1

File Systems:

Target:  NSS, NCP and POSIX
NetWare Source:  Traditional, NSS
OES2 Source:  NSS, NCP and POSIX
OES1 Source:  NSS, NCP


Section 4:  Logs

Miggui project debug logs are available at the user specified project directory.  The default project location is /var/opt/novell/migration/<PROJECT NAME>/log/.  Please review these logs when there are errors or failures.  The failing CLI command seen in the debug.log can often be executed manually from a terminal shell with additional debug enabled.  For example, if the failure was on a migfiles command it could be executed manually from a bash shell with an additional --debug switch.  It is best practice to review the man page and help screen information of the failing CLI command to determine what additional debug options are available and where it writes the log file by default.


Section 5:  Miggui CLI tools

Any of the migfiles command line troubleshooting steps are applicable because miggui is a GUI wrapper for CLI tools like the migfiles utility.

CLI tools used by miggui:
  • mls
Lists files with associated trustees and rights, directory and user quotas from the NetWare or OES 1/2 Linux source server. mls output is used as input for both maprights& maptrustees. The mls utility in turn, uses the SMS nbackup utility to get this information. It uses ldapsearch to get mount point details of source OES 1.0 Linux and OES 2.0 Linux volumes.

  • maptrustees
It takes the output of mls as its input and use OpenLDAP command “ldapsearch†to get the eDir attribute information of the user which are trustees on the file system. It outputs the users and their properties. The output can be modified  to achieve greater control on the migration.

  • migtrustees
Takes as input the output of maptrustees and uses OpenLDAP commands “ldapadd†and “ldapmodify†to create the users on the destination tree.

  • migmatchup
 Uses input from mls to produce a mapping of users and groups from the source server to those on the destination server.  It uses 'ldapsearch' to retrieve the user and group data from the source and destination LDAP server.

  • migfiles
Uses SMS tool “nbackup†to migrate data from source servers to the destination. If the source is a Windows workstation, it  mounts the shared volume to /tmp/migrate and then uses Linux command “rsync†to copy the data.

  • maprights
Takes the output of mls as its input and maps the source file system rights to destination file system rights.

  • migrights
Takes the output of maprights as it input and uses NCP command “ncpcon†to set the trustee rights if the destination is NSS, or NCP on POSIX volumes. It use Linux commands “chmod†and “chown†to change the rights if the destination is POSIX.

  • ntfsmls
Uses SAMBA commands “smbcacls†and “smbcquotas†to get user rights and quotas under a given Windows share path.
  • ntuserls
Uses SAMBA command “smbclient†to lists all the users and groups from Windows Active Directory Domain.

  • ntfsmap
Takes the output of ntuserls as its input and use OpenLDAP commands to map the Windows NTFS rights and ACLs to OES NSS, NCP or POSIX rights and permissions.

  • migcred
Used to persist credentials for the migration utilities.

  • mignotify
Takes the output of maptrustees as its input and sends e-mail notifications to the migrated users.

Man pages are available for manual CLI usage.

Section 6:  Authentication issues

  • The shipping version of miggui has a bug that causes failures if the server name entered, while authenticating to the source, is a different case from the entry in  the /etc/hosts file.  Use the same case as seen in the hosts file.
  • Login via IP address if troubleshooting DNS related issues.
  • nldap.nlm should be loaded on a source NetWare server.  Ldap should be configured correctly and listening on ports 389 or 636.
  • The path on the target server must be correct.
Run this command from a terminal shell to validate the path:
echo $PATH [ENTER]

Confirm the following entries exist in the path on the target server where miggui will be loaded:

/opt/novell/eDirectory/sbin:/opt/novell/eDirectory/bin:/opt/novell/migration/sbin

The entries can be appended to the existing path if they don't exist by running this command from a terminal shell:

(Note:  Command case is relevant.  It is possible to destroy the current path if this command is not executed properly.)
echo PATH=$PATH:/opt/novell/eDirectory/sbin:/opt/novell/eDirectory/bin:/opt/novell/migration/sbin

  • Authentication may fail if there are incorrect entries in the/etc/pam.d/tsafs file.
  • Verify the novell-sms package to see if there have been changes to this file:
rpm -V novell-sms

  • The Certificate Authority (CA) must be up and running and certificates must be valid and not expired.


Section 7:  Data Migration issues

Review and fix any issues in KB 7001767, "Troubleshooting data migrations with migfiles from NetWare 6.5 to OES 2 Linux":  https://support.microfocus.com/kb/doc.php?id=7001767&sliceId=1&docTypeID=DT_TID_1_1&dialogID=51371089&stateId=0%200%2051369286

There is a bug in the shipping version of novell-ncpserv code that prevents visibility of source NSS volumes in miggui that are larger than 1 terabyte in size.  Update to the current novell-ncpserv code from the update channel.

The current patch code in the update channel must be used to be able to properly see cluster enabled volumes and migrate data from Cluster source servers.

OES1 iFolder data migration:
OES 1 source data on native Linux partitions can not be migrated with miggui.  Miggui only recognizes NSS and NCP volumes on OES1 source servers.  If IFolder data resides on native Linux partitions on OES 1 servers, either create an NCP mount point where the data resides and then use miggui, or manually migrate the data directly from the native linux partition with the migfiles CLI.  Ncpcon can be used to create NCP volumes.

Here is an example of how to migrate OES 1 ifolder data on native Linux partitions to OES2 with migfiles:

migfiles --debug -s<source IP> -iPX /source/path -px /target/path

miggui and migfiles will fail in nbackup code if smszapi is not loaded on OES1 and zapi is not loaded on OES2.
Use lsmod to confirm these modules are loaded in the kernel.


Section 8:  Service Migration issues

ndsimon.nlm is required if migrating NetWare eDir / serverid to OES2 Linux.  Confirm this NLM is loaded on the source NetWare server.

During the process of the eDirectory PreCheck, it will give errors regarding the admingroup object not being found or the unix workstation object not being found if there is not sufficient rights for the LDAP anonymous bind it does to the local target box. Make sure that Public account has the default rights needed to search the eDirectory Tree. If Public's rights have been limited, make sure to use a LDAP proxy user on the target server's LDAP group object, that has sufficient rights to browse the tree.

If using a SSL connection does not work, make sure that the default certificates on the Target server are not expired. If they are expired, you can use iManager to repair the default certificates for all servers with expired certificates.


Section 9:  Transfer ID issues

Review KB 7000347,"Migration fails with error, "secure copy from NetWare failed rc=35327":
https://support.microfocus.com/kb/doc.php?id=7000347&sliceId=1&docTypeID=DT_TID_1_1&dialogID=92389696&stateId=1%200%2054094418