DSfW 2008 R2 Schema Update
DSfW is in the process of being updated to 2008 R2 schema and needs your help. If you are interested in beta testing the next version of DSfW please send an e-mail to pmadhan@microfocus.com and Chitradevi.Kumaraswamy@microfocus.com with a subject line ‘Interested in Domain Services for Windows Beta Program’
The final version will support 2012 schema, aes encryption, and fine grained password policies. This is exciting and would be a great project to be part of. This is your chance see and be a major contributor for the coming versions of DSfW.
For more information on this project please go to the coolsolution page below.
Logon-Logoff / Power-on-Shutdown Scripts Execution for Windows Clients of DSfW
A new coolsolution has been released allowing the login and logoff tasks on a workstation. The script can also power down or power on workstations. Administrators and end users can automate these tasks. The scripts can be stored in the netlogon or sysvol on the primary domain controller which will sync it out to the other DCs. The profile tab of user properties, or Logon GPO can be used for integrating these scripts into startups and shutdown cases.
Go to novell.coolsolutions.com to download the script and read more about what you can do with this script.
How to remove a DSfW Domain Controller
Need to remove a DSfW Domain Controller? ndsdcrm is the tool to do it. There have been older versions that worked ok but not a version that works with OES11SP2. Some times it would fail or not completely clean up the domain. With OES11SP2 we have had to resort to the manual removal process as described in TIDs 7005431 and 7012738.
A new version has been released on Novell Cool Solutions. If you want to remove an ADC or the entire domain, this is the tool to do it. The tool can be found on Novell Cool Solutions, Removing DSfW Domain Controllers
March 2015 OES 11 SP2 Scheduled Maintenance Update 10332
March 2015 OES 11 SP2 Scheduled Maintenance Update 10332
How to apply the patch with zypper. YaST Online Update can also be used.
1) List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP2-Updates | OES11-SP2-Updates | Yes | Yes
2) List the Updates
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-March-2015-Scheduled-Maintenance | 10332 | security | Needed
3) Install the maintenance patch
OES11SP2
zypper up -t patch oes11sp2-March-2015-Scheduled-Maintenance
4) Then list the patches again to verify the patch is listed as Installed
OES11SP2
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-March-2015-Scheduled-Maintenance | 10332 | Installed
5) To apply all OES11 SP2 updates run the following command
zypper up -t patch -r OES11-SP2-Updates
6) To apply all SLES 11 SP3 updates run the following command
zypper up… Continue reading
January 2015 Scheduled Maintenance Update
January 2015 Scheduled Maintenance has been released
How to apply the patch with zypper. YaST Online Update can also be used.
1) List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP2-Updates | OES11-SP2-Updates | Yes | Yes
2) List the Updates
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-January-2015-Scheduled-Maintenance | 10105 | security | Needed
3) Install the maintenance patch
OES11SP2
zypper up -t patch oes11sp2-January-2015-Scheduled-Maintenance
4) Then list the patches again to verify the patch is listed as Installed
OES11SP2
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-January-2015-Scheduled-Maintenance | 10105
5) To apply all OES11 SP2 updates run the following command
zypper up -t patch -r OES11-SP2-Updates
6) To apply all SLES 11 SP3 updates run the following command
zypper up -t patch -r… Continue reading
December 2014 Scheduled Maintenance Update
December 2014 Scheduled Maintenance has been released
How to apply the patch with zypper. YaST Online Update can also be used.
List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP2-Updates | OES11-SP2-Updates | Yes | Yes
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-December-2014-Scheduled-Maintenance | 9879 | security | Needed
[clear-line]Install the maintenance patch
OES11SP2
zypper up -t patch oes11sp2-December-2014-Scheduled-Maintenance
Then list the patches again to verify the patch is listed as Installed
OES11SP2
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-December-2014-Scheduled-Maintenance | 9879
To apply all OES11 SP2 updates run the following command
zypper up -t patch -r OES11-SP2-Updates
To apply all SLES 11 SP3 updates run the following command
zypper up -t patch -r SLES11-SP3-Updates
Key DSfW specific bugs fixed with this maintenance… Continue reading
DSfW Migration – OES 11 SP1 to OES11 SP2
DSfW Migrations can be tricky if you do not follow the documentation carefully. I created two videos that take you through the process of a successful migration. The videos do not cover the pre-migration. For the pre-migration you want to ensure the tree and DSfW server specifically is healthy.
The key is to install and configure eDirectory with the pre-migration pattern on the target server using the Software Management tool provided by the YaST utility. DO NOT Use the OES Install and Configuration utility. This is the key piece most people miss. If you use the OES Install and Configuration utility the DSfW patter will not be able to be installed. Instead the pre-migration pattern will be layed down, the pre-migration wizard will pop up. If you continue through the pre-migration pattern eDir will be installed. You then click… Continue reading
supportconfig updated with DSfW information
A great tool to get essential information on a server is supportconfig. It comes with SLES/OES and the latest set of patches has the DSfW information in the tool.
If you have a SR opened with support you can get the supportconfig analyzed by running supportconfig -ur $srnum; where $srnum is your 11 digit service request number. A html report will be given which will list Critical, Warning, and Recommended messages. Some will have TIDs and/or videos to apply to fix the issue. Some will list a rpm to apply.
This will not upload to Novell to have the supportconfig analyzed. It is the ray files to look at.
With this DSfW piece in the new supportconfig, specific to DSfW is exporting… Continue reading
DSfW Monitor daemon
I just created a demonized version of the DSfW Monitor script. For more information on the script look the DSfW Monitor script post.
Now you don’t have to create a cronjob to continuously run the tool. Simply download and install the dsfwmon.rpm.
The install will create the /etc/init.d/dsfwmon startup script, the /opt/dsfwdude/conf/dsfwmon.conf file to edit the configuration and the dsfwmon daemon. It also has log rotating enabled.
The install will enable the dsfwmon script so that when the server starts, the script will start monitoring the services.
Edit the /opt/dsfwdude/conf/dsfwmon.conf to send an e-mail if a service has to be restarted. Do not adjust the delay time less than 5 minutes. The script could possibly step on itself, trying to check the services while restarting the services.
Common changes are to enable e-mail setting to be sent when the services restart,… Continue reading
I/OTest script to check if the disk I/O is causing slow performance
Slow VM Performacne, use IOTest to see if the disk IO is the culprit
This script will test the disk IO by copying 500Mb of data using the same block size as eDir uses and with the same api eDir uses “fdatasync”.
This writes 500 Mb of data each iteration to the iotest.log in the dib directory, usually the /var/opt/novell/eDirectory/data/dib/
It will overwrite the previous data in the iotest.log each time it runs. Anything under 100 MB/s is a concern and will cause slowness for eDirectory and possible memory build up. IO causes a bottleneck for events to be written to disk. A build up of memory by ndsd can cause a ndsd to take all available memory (both virtual and resident) causing ndsd to core.
If slow IO writes are seen with the iotest script begin the process of adding hard drives and reducing the… Continue reading
New Features in DSfW OES11SP2
There is a great article on Novell CoolSoltutions about the New Features in DSfW OES11SP2.
It gives great information on the new features with screenshots and explanations. Take a look and learn more about the new features of DSfW.
January 2014 Scheduled Maintenance Ptach
January 2014 Scheduled Maintenance has been released
How to apply the patch with zypper. YaST Online Update can also be used.
List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-January-2014-Scheduled-Maintenance | 8685| recommended | Needed
Install the maintenance patch
zypper up -t patch oes11sp1-January-2014-Scheduled-Maintenance
Then list the patches again to verify the patch is listed as Installed
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-January-2014-Scheduled-Maintenance | 8685
To apply all OES11 SPa updates run the following command
zypper up -t patch -r OES11-SP1-Updates
To apply all SLES 11 SP2 updates run the following command
zypper up -t patch -r SLES11-SP2-Updates
Key DSfW specific bugs fixed with this… Continue reading
OES11SP2 is Available for Download
OES11sp2 is now available for download.
New DSfW Monitor Script
I previously created two scripts, dsfw_processcheck.sh and dsfw_portchk.sh, one to monitor pids and one to monitor ports. With the two script they are helpful to ensure the DSfW services are up. A new script combines the two and adds additional options. The script not only checks for pids and ports, but it can be used to create a cron job to run the script every 10 minutes by adding the “add” switch. To remove the cron job use the “rm” switch.
If a DSfW server running DNS (or not) has a DSfW specific process stop or crash a quick stop gap measure is to monitor the DSfW processes and restart them if one or more of the DSfW processes stop.
If the DSfW server is an Additional Domain Controller (ADC) DNS might not be configured on the server. If DNS is not running on the… Continue reading
September 2013 Scheduled Maintenance
July2013 Scheduled Maintenance has been released
How to apply the patch with zypper. YaST Online Update can also be used.
List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-September-2013-Scheduled-Maintenance | 8284| recommended | Needed
Install the maintenance patch
zypper up -t patch oes11sp1-September-2013-Scheduled-Maintenance
Then list the patches again to verify the patch is listed as Installed
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-September-2013-Scheduled-Maintenance | 8284| recommended | Installed
September 2013 Scheduled Maintenance for OES11SP1 (8284)
Key DSfW specific bugs fixed with this maintenance patch for OES11SP1
- 816488 – DSfW: Migration does not retain sysvol facls
- 828484 – OES11 SP2: eDirectory cored… Continue reading
July 2013 Scheduled Maintenance
July2013 Scheduled Maintenance has been released
How to apply the patch with zypperList repositories
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-July-2013-Scheduled-Maintenance | 7889 | recommended | Needed
Install the maintenance patch
zypper up -t patch oes11sp1-July-2013-Scheduled-Maintenance
Then list the patches again to make sure it is installed
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-July-2013-Scheduled-Maintenance | 7889 | recommended | Installed
July 2013 Scheduled Maintenance for OES11SP1
Key DSfW specific bugs fixed with this maintenance patch for OES11SP1
- 806538 – MS cluster support in DSfW
- 816741 – DSFW: ldapsearch fails when the entryDN specified in search filter contains spaces before or after comma.
- 818366 – xadsd crashes in rpc__naf_addr_free ()
- 819547 – DSFW: No results for ldapsearch with… Continue reading
DSfW: Provisioning using python script
Need to do the DSfW install via a putty session/ no gui. Look at this coolsolution article DSfW: Provisioning using python script. It provides a python script to do the provisioning portion of the install with out the need of X Server. It is also reported to be faster. Great for scripted installs.
Adding displayName to DSfW user accounts
BES10 requires AD authentication so DSfW is being deployed to accomplish this in eDirectory environments.
The displayName attribute is one attribute that must be populated.
displayName
All but two are automatically populated on DSfW users.
displayName and mail are not. Hopefully mail is already populated since this is for an e-mail application. displayName most likely is not.
This video will go over a script that can be used populate displayName with the value used in samAccountName. It will also show you how to modify the script if the value from another attribute is desired to be used for displayName.
The script does the following search to find users and generate a ldif file
ldapsearch -Y EXTERNAL -LLL -Q -b “$DEFAULTNAMINGCONTEXT” -s sub ‘(&(objectclass=user)(samAccountName=*)(!(|(objectClass=Computer)(displayName=*)(cn:dn:=users)(ou:dn:=oessystemobjects))))’ dn: samAccountName |sed s[samAccountName[‘changetype:modify\nadd: displayName\ndisplayname'[g | grep -v ^# >/tmp/add_displayname.ldif
As… Continue reading
May 2013 Scheduled Maintenance
May 2013 Scheduled Maintenance has been released
How to apply the patch with zypperList repositories
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-May-2013-Scheduled-Maintenance | 7715 | security | Needed
Install the maintenance patch
zypper up -t patch oes11sp1-May-2013-Scheduled-Maintenance
Then list the patches again to make sure it is installed
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-May-2013-Scheduled-Maintenance | 7715 | security | Installed
May 2013 Scheduled Maintenance for OES11SP1 7715
Key DSfW specific bugs fixed with this maintenance patch for OES11SP1
- – 769530: OES11SP1LH: DSfW provisioning task “Assign Rights” – rerun fails with error -614 (entry already exists)
- – 783005: DSFW: AD Ping doesn’t… Continue reading
April 2013 Scheduled Maintenance
April2013 Scheduled Maintenance has been released
How to apply the patch with zypperList repositories
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-April-2013-Scheduled-Maintenance | 7421 | security | Needed
Install the maintenance patch
zypper up -t patch oes11sp1-April-2013-Scheduled-Maintenance
Then list the patches again to make sure it is installed
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-April-2013-Scheduled-Maintenance | 7421 | security | Installed
April 2013 Scheduled Maintenance for OES11SP1 (7421)
Key DSfW specific bugs fixed with this maintenance patch for OES11SP1
- – 770208: OES11SP1LH: DSfW provisioning of DNS generates duplicate forward and reverse lookup zones if they already exists
- – 785697: Provsioning pre healthCheck fails in ADC.
- – 791640: DSFW FTU1:During ADC Provosioning PreCheck, the… Continue reading
NDSD Health Check Script
I’ve received a great deal of feed back on the DSfW Health Check Script and applied some changes. One of the suggestions was to do only a ndsd (eDirectory) script. The DSfW Health Check Script works for both DSfW and eDirectory servers, but if all you want to do is check eDirectory health on a DSfW server or want a script only for ndsd that is smaller and simple this is an option.
I am always looking for suggestions. I’ve created a video for the ndsd_heaclthchk script. Watch to to learn about configuring it for your specific needs.
For for NDSD Health Check in the download section.
The configuration options are as follows
# Set emailsetting to 1 to send e-mail log when finished. Set to 0 or remove the 1 to disable
emailsetting=0
# Set emailonerror to 1 to send e-mail log if an error is returned. Set to… Continue reading
Latest DSfW Health Check Script
I’ve received a great deal of feed back on the DSfW Health Check Script and applied some changes.
I am always looking for suggestions. I’ve created an updated video with the latest script. Watch to to learn about configuring it for your specific needs.
Troubleshooting High Utilization – High Utilization Gstack tool
Some times ndsd or another process can cause a server to go into high utilization or to become unresponsive. A great TID to follow for OES servers is TID 7007332 – Troubleshooting ndsd becoming unresponsive on OES Linux. A TID specific for DSfW servers to start with is TID 7010462- Troubleshooting slow logins and unresponsive DSfW server.
When trouble shooting a process stuck in high utilization or causing a server to slow down or become unresponsive looking at a top output for a daemon like ndsd with individual threads shown and a correlating gstack can show us which thread is in high utilization and what that thread is doing. In most cases it is best to take a number of gstacks every 10 seconds to 60 seconds depending on the situation. We can see not only what that thread is doing but if the… Continue reading
January 2013 Scheduled Maintenance for eDirectory 8.8 SP7 Patch 2
January 2013 OES11SP1 Scheduled Maintenance for eDirectory 8.8 SP7 Patch 2 has been released
Description
January 2013 OES11SP1 Scheduled Maintenance for eDirectory 8.8 SP7 Patch 2 Hot Patch1
- – 795674: ndsd crashes in libnldap.so with latest November 2012 eDirectory Patch 8.8.7 Patch 2
- – 799053: ldap and ldaps interfaces are lost on DSFW server after installing eDir887patch2 + OES11SP1 Nov Patches
Solution
This update is provided as a set of RPM packages that can easily be installed onto a running system by using the YaST online update module. Please install the update.
file contents
| Files Included | Size | Date |
|---|---|---|
| novell-NDSbase-32bit-8.8.7.2-0.7.1.x86_64.rpm | 420.2 KB (430316) | 2013-01-31 11:52:45 |
| novell-NDSserv-8.8.7.2-0.7.1.x86_64.rpm | 5.7 MB (6069650) | 2013-01-31 11:52:51 |
| novell-NDSbase-8.8.7.2-0.7.1.x86_64.rpm | 579.0 KB (592953) | 2013-01-31 11:52:44 |
| novell-edirectory-jclnt-8.8.7.2-0.7.1.x86_64.rpm | 280.7 KB (287529) | 2013-01-31 11:52:56 |
| novell-edirectory-tsands-8.8.7.2-0.7.1.x86_64.rpm | 283.4 KB (290253) | 2013-01-31 11:52:57 |
| novell-NOVLice-8.8.7.2-0.7.1.x86_64.rpm | 462.3 KB (473462) | 2013-01-31 11:52:55 |
| novell-edirectory-tsands-32bit-8.8.7.2-0.7.1.x86_64.rpm | 276.4 KB (283131) | 2013-01-31 11:52:58 |
| novell-NOVLice-32bit-8.8.7.2-0.7.1.x86_64.rpm | 281.5 KB (288314) | 2013-01-31 11:52:55 |
| novell-NDScommon-8.8.7.2-0.7.1.x86_64.rpm | 243.7 KB (249642)… Continue reading |
January 2013 Scheduled Maintenance for OES11SP1
January 2013 Scheduled Maintenance for OES11SP1 has been released
How to apply the patch with zypperList repositories
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-Updates
Should see the following:
OES11-SP1-Updates | oes11-sp1-January-2013-Scheduled-Maintenance | 7195 | recommended | Need
Install the maintenance patch
zypper up -t patch oes11-sp1-January-2013-Scheduled-Maintenance
Then list the patches again to make sure it is installed
zypper pch OES11-Updates
Should see the following:
OES11-SP1Updates | oes11-sp1-January-2013-Scheduled-Maintenance | 7195 | recommended | Installed
Key… Continue reading
January 2013 Scheduled Maintenance for OES11
January 2013 Scheduled Maintenance for OES11 has been released
How to apply the patch with zypperList repositories
zypper lr
Should see the following:
nu_novell_com:OES11-Updates | OES11-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-Updates
Should see the following:
OES11-Updates | oes11-January-2013-Scheduled-Maintenance | 7170 | recommended | Need
Install the maintenance patch
zypper up -t patch oes11-January-2013-Scheduled-Maintenance
Then list the patches again to make sure it is installed
zypper pch OES11-Updates
Should see the following:
OES11-Updates | oes11-January-2013-Scheduled-Maintenance | 7170 | recommended | Installed
Key DSfW specific… Continue reading
January 2013 Scheduled Maintenance for OES2SP3
January 2013 Maintenance patch for OES2P3 has been released
Key DSfW specific bugs fixed with this maintenance patch
- 787330: Can’t install ADC to DSfW domain that is updated to Sept 2012 patch level
- 790828: DSfW Assign rights fails in XAD\_RETAIN\_POLICIES=no case and if there are containers with nspm… attr set
- 792131: DSFW – behavior for isdeleted attribute doesn’t match with Active Directory
- 792146: DSFW FTU1: “Enable Kerberos” task fails while provisioning for CDC in case of FRD is updated with FTU1 build
- 792192: DSFW – “unavailableCriticalExtension” being returned when LDAP\_SERVER\_NOTIFICATION\_OID is being used during ldapsearch
- 793390: Fresh install & configuration of OES11SP1 DSFW Server along with November 2012 patch is failing.
January 2013 Scheduled Maintenance for OES2SP3
- 567151: provide an icon for group in the history window
- 624515: Adding an Auxiliary Class fails if a mandatory attribute of the Aux Class is an optional for another class
- 638542: iManager upgrades… Continue reading
DSfW and eDirectory Health Check
It is a good idea to periodically check the health of DSfW and eDirectory servers.
This video concentrates on a script I wrote that can be ran on both eDirectory and DSfW servers.
The script demonstrated in this video is called dsfw_edir_healthchk.sh. To get the latest version of the script click on the DSfW Health Check link in the download section on DSfWDude.com.
A great TID to start off with for a eDirectory health check is TID 3564075.
On a DSfW server start off with an eDirectory health check as well as TID 7001884 which has DSfW specific commands to check the health and overall operation of a DSfW server.
The script does most of the suggestions in both TIDs mentioned above plus a few more checks.
For eDirectory there are 8 checks the script does and… Continue reading
DSfW Express Install in OES11SP1
With OES11SP1 there are two install options. Express and regular.
The difference between the two is the express install will not prompt for the server and dib location, SLP configuration, the OES proxy user, or the DNS configuration. If there are no other Novell DNS servers in the tree this is a good option. Otherwise do the regular install to use the same DNS Locator object as the existing Novell DNS server is using.
Install error: ndsconfig error 74
Installs can be tricky especially when installing into an existing tree that has been around since NetWare 4.11, has multiple partitions, several locations, and dozens of servers. If the tree is not healthy the install of DSfW has a greater chance of failure. If communication with all servers is good, the tree is healthy, and the Preparing for Domain Services for Windows Install TID is followed then usually the install goes through with out any issues.
If there is a failure a common error is ndsconfig error 74. This video goes over the error. The troubleshooting of this error can be applied to a similar error “ndsconfig error 80”.