7.8 Troubleshooting

This section describes some issues you might experience with Novell Domain Services for Windows(DSfW) while provisioning and provides suggestions for resolving or avoiding them.

7.8.1 Troubleshooting Provisioning Tasks

This section describes the errors that you might experience while executing the Provisioning tasks and provides details for resolving them.

Provisioning Precheck

All details related to task execution and state of the task are recorded in the provisioning.log file

Error: Provisioning Pre-check Failed

Cause: The provisioning pre-check scripts check for existence of schema and configuration partition in the first domain controller. If the first domain controller does not have a schema and configuration partition, it fails to locate the partitions, an error is thrown.

Solution: It is recommended that you select the Replicate schema and configuration Partitions option during installation. If you have failed to do that, replicate the partitions using iManager. For more information, see Administering Replicas

Configure DNS

All details related to task execution and state of the task are recorded in the provisioning.log file

Error: Insufficient Access

Cause: The administrator being used to execute the ldapmodify command does not have privileges to complete the operation.

Solution 1: In the provisioning.log file, search for the ldapmodify command. Make sure the administrator used to execute that command has adequate privileges to execute this command.

Solution 2: If the DNS Locator and Group objects are outside the domain partition, make sure the administrator has privileges to access the objects.

Entry already Exists

Cause: You see this error when you retry executing a task and the task fails during execution.

Solution: For any task that has failed, delete the associated objects from the server and then retry the task.

Depending on the task that failed, different objects are created. For instance, if the DNS Configuration task failed, you need to delete the Locator object and the Group object

ldapmodify Failed

Cause: Replica synchronization fails.

Solution: To resolve this issue, refer Novell Error Codes Reference Guide

No such Entry

Cause:

This error is seen in cases where the version of the forest root domain is OES 2 SP1 and you are attempting to install a subsequent domain controller of version OES 2 SP2.

Solution:

  1. To resolve this issue, run the provisioning script with the get-domain-guid option. For example:

    /opt/novell/xad/share/dcinit/provisionTools.sh get-domain-guid -p 192.168.3.11 -c ou=domain,o=novell

    Here -p represents the IP address of the domain and -c represents the distinguished name of the mapped domain.

    This command returns the GUID value of the domain.

  2. Using iManager, search and select the zone object of the domain.

    For more details about using iManager see, Browsing Objects

  3. In the zone, search for the DNS record with the following entry:

    _ldap._tcp.DOMAIN-GUID.domains._msdcs.DOMAIN.COM

  4. If the entry does not have a valid GUID, replace the incorrect GUID value with the correct GUID value obtained from Step 1.

  5. Check the value of the domain GUID in the dnipdnsdomainname attribute. If found to be incorrect, replace the replace the incorrect GUID value with the correct GUID value obtained from Step 1.

Configure SLAPI Plug-in

Cause:

The NAD Plug-in is not loaded

Solution:

Execute ldapsearch on the LDAP server object to find out adman NAD plug-in is configured.

Perform LDAP server refresh using iManager or using the ldapconfig -R -a <admin> -w <passwd> command.

Error: Insufficient Access

Cause: The administrator being used to execute the ldapmodify command does not have privileges to complete the operation.

Solution : In the provisioning.log file, search for the ldapmodify command. Make sure the administrator used to execute that command has adequate privileges to execute this command.

Entry already Exists

Cause: You see this error when you retry executing a task and the task fails during execution.

Solution: For any task that has failed, delete the associated objects from the server and then retry the task.

Depending on the task that failed, different objects are created. For instance, if the DNS Configuration task failed, you need to delete the Locator object and the Group object

ldapmodify Failed

Cause: Replica synchronization fails.

Solution: To resolve this issue, refer Novell Error Codes Reference Guide

Create Domain Partition

All details related to task execution and state of the task are recorded in the provisioning.log file

Error: 626 All Referrals Failed

Cause: The synchronization process between the replicas fails.

Solution: To resolve this issue, refer Novell Error Codes Reference Guide

Error: 625 Transport Failure/ Unknown Error

Cause: The DSfW server could not reach the master server. For example, installing a child server requires the parent server to be reachable, or installing a DSfW server in the name-mapped forest root domain scenario requires the server holding the tree replica to be reachable.

Solution 1: Ensure that the servers are reachable. Remove the bad address cache from the servers by using the following command:

set ndstrace=*UP

Try executing the task again.

Solution 2: Try executing the provisioning task manually. For details see, Executing Provisioning Tasks Manually.

Error: 30 Retry Entries to Get the Replica Status in the Log File

Cause: A very slow network link can cause incomplete operations and multiple retries.

Solution: Check the speed of your network link. Try executing the task again.

Add Domain Replica

All details related to task execution and state of the task are recorded in the provisioning.log file

Error: 626 All Referrals Failed

Cause: The synchronization process between the replicas fails.

Solution: To resolve this issue, refer Novell Error Codes Reference Guide

Error: 625 Transport Failure/ Unknown Error

Cause: The DSfW server could not reach the master server. For example, installing a child server requires the parent server to be reachable, or installing a DSfW server in the name-mapped forest root domain scenario requires the server holding the tree replica to be reachable.

Solution 1: Ensure that the servers are reachable. Remove the bad address cache from the current server by using the following command:.

set ndstrace=*UP

Try executing the task again.

Solution 2: Try executing the provisioning task manually. For details see, Executing Provisioning Tasks Manually.

Error: 30 Retry Entries to Get the Replica Status in the Log File

Cause: A very slow network link can cause incomplete operations and multiple retries.

Solution: Check the speed of your network link. Try executing the task again.

Add Domain Objects

All details related to task execution and state of the task are recorded in the provisioning.log file.

Error: Insufficient Access

Cause: The administrator being used to execute the ldapmodify command does not have privileges to complete the operation.

Solution: In the provisioning.log file, search for the ldapmodify command. Make sure the administrator used to execute that command has adequate privileges to execute this command.

Entry already Exists

Cause: You see this error when you retry executing a task and the task fails during execution.

Solution: For any task that has failed, delete the associated objects from the server and then retry the task.

Depending on the task that failed, different objects are created. For instance, if the DNS Configuration task failed, you need to delete the Locator object and the Group object

ldapmodify Failed

Cause: Replica synchronization fails.

Solution: To resolve this issue, refer Novell Error Codes Reference Guide

Create Configuration Partition

All details related to task execution and state of the task are recorded in the provisioning.log file

Error: 626 All Referrals Failed

Cause: The synchronization process between the replicas fails.

Solution: To resolve this issue, refer Novell Error Codes Reference Guide

Error: 625 Transport Failure/ Unknown Error

Cause: The DSfW server could not reach the master server. For example, installing a child server requires the parent server to be reachable, or installing a DSfW server in the name-mapped forest root domain scenario requires the server holding the tree replica to be reachable.

Solution 1: Ensure that the servers are reachable. Remove the bad address cache from the current server by using the following command:.

set ndstrace=*UP

Try executing the task again.

Solution 2: Try executing the provisioning task manually. For details see, Executing Provisioning Tasks Manually.

Error: 30 Retry Entries to Get the Replica Status in the Log File

Cause: A very slow network link can cause incomplete operations and multiple retries.

Solution: Check the speed of your network link. Try executing the task again.

Create Schema Partition

All details related to task execution and state of the task are recorded in the provisioning.log file

Error: 626 All Referrals Failed

Cause: The synchronization process between the replicas fails.

Solution: To resolve this issue, refer Novell Error Codes Reference Guide

Error: 625 Transport Failure/ Unknown Error

Cause: The DSfW server could not reach the master server. For example, installing a child server requires the parent server to be reachable, or installing a DSfW server in the name-mapped forest root domain scenario requires the server holding the tree replica to be reachable.

Solution 1: Ensure that the servers are reachable. Remove the bad address cache from the current server by using the following command:.

set ndstrace=*UP

Try executing the task again.

Solution 2: Try executing the provisioning task manually. For details see, Executing Provisioning Tasks Manually.

Error: 30 Retry Entries to Get the Replica Status in the Log File

Cause: A very slow network link can cause incomplete operations and multiple retries.

Solution: Check the speed of your network link. Try executing the task again.

Add Configuration Objects

All details related to task execution and state of the task are recorded in the provisioning.log file

All details related to task execution and state of the task are recorded in the provisioning.log file

Error: Insufficient Access

Cause: The administrator being used to execute the ldapmodify command does not have privileges to complete the operation.

Solution: In the provisioning.log file, search for the ldapmodify command. Make sure the administrator used to execute that command has adequate privileges to execute this command.

Entry already Exists

Cause: You see this error when you retry executing a task and the task fails during execution.

Solution: For any task that has failed, delete the associated objects from the server and then retry the task.

Depending on the task that failed, different objects are created. For instance, if the DNS Configuration task failed, you need to delete the Locator object and the Group object

ldapmodify Failed

Cause: Replica synchronization fails.

Solution: To resolve this issue, refer Novell Error Codes Reference Guide

Assign Rights

All details related to task execution and state of the task are recorded in the provisioning.log file

All details related to task execution and state of the task are recorded in the provisioning.log file

Error: Insufficient Access

Cause: The administrator being used to execute the ldapmodify command does not have privileges to complete the operation.

Solution 1: In the provisioning.log file, search for the ldapmodify command. Make sure the administrator used to execute that command has adequate privileges to execute this command.

Solution 2: If the DNS Locator and Group objects are outside the domain partition, make sure the administrator has privileges to access the objects.

Entry already Exists

Cause: You see this error when you retry executing a task and the task fails during execution.

Solution: For any task that has failed, delete the associated objects from the server and then retry the task.

Depending on the task that failed, different objects are created. For instance, if the DNS Configuration task failed, you need to delete the Locator object and the Group object

ldapmodify Failed

Cause: Replica synchronization fails.

Solution: To resolve this issue, refer Novell Error Codes Reference Guide

Establish Trust

Cause

This error occurs in cases where the parent realm could not be resolved

Solution

Use the provision -q -q --locate-dc parent.domain command to resolve the parent domain. Retry executing the task.

Update Service Configuration

Cause

This error occurs in cases where the parent realm could not be resolved

Solution

Use the provision -q -q --locate-dc parent.domain command to resolve the parent domain. Retry executing the task.

Cleanup

Cause

This error occurs in cases where the parent realm could not be resolved

Solution

Use the provision -q -q --locate-dc parent.domain command to resolve the parent domain. Retry executing the task.