NDS / eDirectory Health Check Procedures - Cross Platform

  • 3564075
  • 05-Nov-2007
  • 02-Jan-2013

Environment

Novell eDirectory
Novell Directory Services
Formerly TID 10012858
Formerly TID 10060600

Situation

NDS Health Check Procedures - Cross Platform

Resolution

To maintain NetWare Directory Services (NDS/eDirectory) health, and as a preventative measure you should perform the following operations once a week for a dynamic directory environment, and once a month for a static directory environment on every server (the frequency of the Health Check is a general rule). To determine whether you have a dynamic tree or static tree please read the following definitions:

Static NDS Tree:

A static tree has minimal routine changes. For example, you only make simple changes such as adding or deleting user objects, or you create a partition or add a server every couple of months. Because you make fewer changes to a static NDS tree, you only perform NDS health checks once a month.

Dynamic NDS Tree:

A dynamic tree has frequent non-routine changes. For example, you create partition or add a server weekly, or you are process of developing the tree.

If your organization has a dynamic NDS tree, you should perform an NDS health check once a week. However, as the pace of change decreases and the NDS tree becomes more static, you can begin to perform NDS health checks less frequently.

It is also recommended that a NDS health check be performed on tree before executing a major NDS operation such as: moving or deleting large numbers of objects, performing a partition operation, or adding or deleting servers.

The utilities used on a Unix/Linux platform to `check' the health of Directory Services are installed by default when the NDS server package is installed. The two commonly used utilities which will be referred to are: ndsrepair and ndstrace. For more detailed information about these utilities, there is a Unix `man' pages available from the console prompt. Thus one would enter:

"man ndsrepair" OR "man ndstrace"

*Also there is a menu wrapper for the Unix/Linux platforms that allows easier navigation of the DSREPAIR menus, it can be found by browsing to https://download.novell.com/Download?buildid=G84WN5XsTIQ%7E

STEP 1.Verifying DS Versions - All NDS versions should be at the latest version on their respective operating system platforms. You can verify all DS version that exist in your tree by using the DSREPAIR utility (this includes Unix/Linux and Windows NT/2000 environments). All servers in the tree should be patched to the latest available versions.

a.NetWare - Performing a time synchronization check within DSREPAIR (DSREPAIR.NLM | Time Synchronization) will report the DS version for each server in the tree. Load DSREPAIR.NLM from the server console and execute 'Time Synchronization'.

b.Unix/Linux - Execute "ndsrepair -T" which shows DS version on the servers, displayed in the list. If all servers in the tree are not displayed you may have to run this command on those servers separately. Or individually you could execute ndsrepair -E (remember Unix is "case sensitive"), and it shows the DS version at the beginning of the displayed information.

c.Windows NT/2000 - Perform time synchronization check within DSREPAIR to report the DS version for each server in the tree. Load DSREPAIR.DLM from the server by opening the 'NDS Services' under the Control Panel and highlighting the DSREPAIR.DLM and pushing the 'Start' button. Inside of DSREPAIR.DLM select the REPAIR menu and 'Time Synchronization'.


STEP 2.Time Synchronization - NDS communication uses timestamps to uniquely identify objects and the objects modification time for synchronization purposes. If servers in the tree are not synchronized to the correct local time (or more importantly, to each other) replica synchronization will not be reliable and severe object corruption and data loss can be experienced. To avoid these problems, time must be in sync across all servers in the network. The following steps outline how to check time synchronization for each platform:

a.NetWare - Load DSREPAIR.NLM from the server console and execute 'Time Synchronization'. This process will check every server in the tree (including NT, Unix and Linux servers) and report whether the server's time is synchronized to the network.

b.Unix/Linux - Execute "ndsrepair -T" from the server command-line.

c.Windows NT/2000 - Perform time synchronization check within DSREPAIR to report the time on each of the servers in the tree. Load DSREPAIR.DLM from the server by opening the 'NDS Services' under the Control Panel and highlighting the DSREPAIR.DLM and pushing the 'Start' button. Inside of DSREPAIR.DLM select the REPAIR menu and 'Time Synchronization'.


STEP 3.Server-to-Server Synchronization - NDS servers communicate changes made to objects and partitions boundaries. This step is used to verify that no errors exist when NDS performs synchronization process. To perform this step, a server must have a replica to display the needed NDS trace information.


a.NetWare - From the file server console prompt type:

#this activates the NDS eDirectory transactions screen
SET DSTRACE=ON

#turns off all preset filters

SET DSTRACE=NODEBUG

#this makes it so you can see the synchronization

SET DSTRACE=+S

#this initiates NDS eDirectory synchronization between servers

SET DSTRACE=*H

The NDS eDirectory trace screen can be viewed by selecting 'Directory Services' from the list of Current Screens made available by pressing the two keys simultaneously. You will see *information scrolling on the screen. If there are no errors, there will be a line displaying 'All Processed = Yes.' This message will be displayed for each partition replica contained on a server.

*If the information is more than fit on a single screen, or scrolls by too quickly use the following commands to save the information to a file for viewing:

#this activates the NDS eDirectory transactions screen

SET DSTRACE=ON


#turns off all preset filters

SET DSTRACE=NODEBUG
SET DSTRACE=*R

SET TTF=ON


#this makes it so you can see the synchronization

SET DSTRACE=+S


#this initiates NDS eDirectory synchronization between servers

SET DSTRACE=*H

Once you have viewed enough trace information type the following to turn DSTRACE off.

SET DSTRACE=NODEBUG
SET DSTRACE=OFF

You can then map a drive to your server's SYS:SYSTEM directory and bring the DSTRACE.DBG file up in a text editor. Search for '-6' and'-7' (this will show any NDS errors during synchronization, such as -625 or -746), or 'YES' (this will show successful synchronization for a partition).

b.Unix/Linux - Execute `ndstrace` from the server command-line. Within the ndstrace utility enter:

#enables screen and file logging to the ndstrace.log file
SET NDSTRACE=ON

#turns off all preset filters

SET NDSTRACE=NODEBUG

#enables filtering of synchronization traffic
SET NDSTRACE=+SKLK

#heartbeat; initiates synchronization between file servers

SET NDSTRACE=*H

The ndstrace.log file is located in the following directory:
  • eDirectory 8.7.3 (default) - /var/nds
  • eDirectory 8.8 (default) - /var/opt/novell/eDirectory/log
  • eDirectory 8.8 (non-default or multiple instance)
    • Same directory as ndsd.log
    • Run the following command from a terminal window to determine the location of the ndsd.log file
    • ndsconfig get n4u.server.log-file

c.
Windows NT/2000 - Load NDS Server Trace Utility from the server by opening the 'NDS Services' under the Control Panel and highlighting the DSTRACE.DLM and then selecting the 'Start' button. From the 'NDS Server Trace Utility' select the EDIT menu and push the 'Clear All' button, check the 'Partition' and 'Sync Detail' boxes and push the 'OK' button.

To force a partition synchronization highlight the DS.DLM under the'NDS Services' screen and select the 'Configure' button. Select the 'Triggers' tab and then the 'Replica Sync' button. This will force partition synchronization with other servers. You can view the synchronization activity by going to the NDS Server Trace Utility screen and scrolling through the synchronization process.


STEP 4.Replica Synchronization - This step reports replica synchronization status for every partition that has a replica on the current server. This operation reads the Synchronization Status attribute from the replica object on each server that holds replicas of the partitions. It displays the time the last successful synchronization to all servers and any errors that have occurred since the last synchronization.

a. NetWare - DSREPAIR.NLM | Report Synchronization Status.

b.Unix/Linux - Execute "ndsrepair -E" from the server command-line.

c.Windows NT/2000 - Load DSREPAIR.DLM from the server by opening the 'NDS Services' under the Control Panel and selecting DSREPAIR.DLM and then pushing the 'Start' button. Inside of DSREPAIR.DLM select the REPAIR menu and then 'Report Synchronization Status'.


STEP 5.External References - This step checks each external reference object to determine if a replica containing the object can be located. It will also display obituaries and will show you the Flag States of the obituaries on all servers in the backlink lists for the obituaries.

a.NetWare - DSREPAIR.NLM | Advanced Options Menu | Check External References

b.Unix/Linux - Execute "ndsrepair -C -Ad -A" from the server command-line.

c.Windows NT/2000 - Load DSREPAIR.DLM from the server by opening the 'NDS Services' under the Control Panel and selecting DSREPAIR.DLM and then pushing the 'Start' button. Inside of DSREPAIR.DLM select the REPAIR menu and then 'Check External References.'

Alternatively you can use iMonitor's Reporting feature to show obituaries on any platform where iMonitor works (NetWare, Windows, Linux, etc) using one interface and even using one instance of iMonitor to check the status of multiple servers.

*For more information on troubleshooting obituaries view TID# 7002659


STEP 6.Replica States - This step lists partitions and states of the replicas stored in the current server's NDS database files.

a.NetWare - DSREPAIR.NLM | Advanced Option Menu | Replica and Partition Operations

b.Unix/Linux - Execute ndsrepair -P from the server command-line.

c.Windows NT/2000 - Load DSREPAIR.DLM from the server by opening the 'NDS Services' under the Control Panel and selecting DSREPAIR.DLM and then pushing the 'Start' button. Inside of DSREPAIR.DLM expand the 'Partitions' tree to list each of the partitions. Highlight each partition to find the states of the replicas, which is listed in the right window.


STEP 7.Schema Synchronization - Each of the NDS servers have schema definitions that are used for creating and maintaining objects. This step is used verify that schema synchronization between servers is working correctly. To perform this step, a server must have a replica to display the needed NDS trace information.

a.NetWare - From the file server console prompt, type:

#this activates the NDS eDirectory transactions screen
SET DSTRACE=ON

#turns off all preset filters

SET DSTRACE=NODEBUG

#this will display schema information

SET DSTRACE=+SCHEMA

#this initiates schema synchronization

SET DSTRACE=*SS

Once you have enough trace information type the following to turn DSTRACE off.

SET DSTRACE=NODEBUG
SET DSTRACE=OFF

The NDS eDirectory trace screen can be viewed by selecting 'Directory Services' from the list of Current Screens made available by pressing the two keys simultaneously. Check for the message 'SCHEMA: All Processed = Yes.'

b.Unix/Linux - Execute "ndstrace"

From within the ndstrace utility enter:

#enables screen and file logging to the ndstrace.log file
SET NDSTRACE=ON

#
turn off all preset filters
SET NDSTRACE=NODEBUG

#
enables filter of schema synchronization traffic
SET NDSTRACE=+SCMA

Additionally you can look at the schema-related operations for both inbound and outbound by entering:

SET NDSTRACE=+SCMD
#
initiates synchronization of all schemas
SET NDSTRACE=*SS

The ndstrace.log file is located in the following directory:
  • eDirectory 8.7.3 (default) - /var/nds
  • eDirectory 8.8 (default) - /var/opt/novell/eDirectory/log
  • eDirectory 8.8 (non-default or multiple instance)
    • Same directory as ndsd.log
    • Run the following command from a terminal window to determine the location of the ndsd.log file
    • ndsconfig get n4u.server.log-file

c.Windows NT/2000 - Load NDS Server Trace Utility from the server by opening the 'NDS Services' under the Control Panel and highlighting the DSTRACE.DLM and then selecting the 'Start' button. From the 'NDS Server Trace Utility' select the EDIT menu and push the 'Clear All' button, check the 'Schema' check box and push the 'OK' button.

To force a schema synchronization highlight the DS.DLM under the 'NDS Services' screen and select the 'Configure' button. Select the 'Triggers' tab and then the 'Schema Sync' button. This will force schema synchronization with other servers. You can view the synchronization activity by going to the NDS Server Trace Utility screen and scrolling through the synchronization process.


STEP 8- Repair Local Database

If while following the above outlined Health Check Procedures you encounter DS errors or if you suspect problems with a server's DS database, the Repair Local Database option within DSREPAIR is a valuable tool to check a server's DS database. "Repair Local Database" checks the integrity of the database and fixes any problems it encounters, as well as reports information that may be useful. "Repair Local Database" does not need to be run at either a specific time or specific interval. It should be used in accordance with your organization's specific needs or used as a tool to maintain DS databases.

a.NetWare - Load DSREPAIR | Advanced Options | Repair Local DS Database

b.Windows NT/2000 - Load NDS Server Trace Utility from the server by opening the 'NDS Services' under the Control Panel and highlighting the DSREPAIR.DLM and then selecting the 'Start' button. Inside of DSREPAIR.DLM select the REPAIR menu and then 'Local Database Repair.'

c.Unix/Linux - execute 'ndsrepair -R' from the server command-line
.

Additional Information

View a multi-media tutorial for this TID at: https://support.novell.com/additional/tutorials/tid10060600/
For more information about resolving specific error messages, please refer to your documentation, Novell Support Connection, https://support.novell.com, or Novell Technical Support. If you do need to call Novell Technical Support, please have your DSREPAIR log file or DSTRACE file ready to send to the Novell Technical Support Engineer for review.

Formerly known as TID# 10060600