SSL - OES 2 SP3 / SLES10 assistance

Similar Messages

• Remove resource from OES 2 sp3 cluster

  We have a shared NSS volume resource on our OES 2 sp3 cluster we no longer need. We want to delete the cluster resource and volume so we can recover the space on our SAN. I've read through the documentation and it seems too easy. Am I missing any steps here:
  1) offline the resource
  2) from the master node, run NSSMU and delete the pool
  3) In eDirectory, look at the Cluster Resource objects in the Cluster container to verify that the resource has been deleted from the Cluster container. If necessary, delete the Cluster Resource object and its virtual server object manually.
  4) Unpresent and remove the volume on my SAN. (not Novell related but still a step that has to be done)
  Is that really it? It seems too easy. Any gotchas in the process? I don't need to reboot my nodes or anything?
  thanks,
  Todd Bowman
  Senior Network Analyst
  University of Minnesota Physicians
  612-884-0744
  [email protected]

  Originally Posted by T. Bowman
  We have a shared NSS volume resource on our OES 2 sp3 cluster we no longer need. We want to delete the cluster resource and volume so we can recover the space on our SAN. I've read through the documentation and it seems too easy. Am I missing any steps here:
  1) offline the resource
  2) from the master node, run NSSMU and delete the pool
  3) In eDirectory, look at the Cluster Resource objects in the Cluster container to verify that the resource has been deleted from the Cluster container. If necessary, delete the Cluster Resource object and its virtual server object manually.
  4) Unpresent and remove the volume on my SAN. (not Novell related but still a step that has to be done)
  Is that really it? It seems too easy. Any gotchas in the process? I don't need to reboot my nodes or anything?
  thanks,
  Todd Bowman
  Senior Network Analyst
  University of Minnesota Physicians
  612-884-0744
  [email protected]
  That should be it. Just did a few a month or so ago.
  If the resource can live on more than one node, I like to rescan the SCSI bus afterwards (after removing the LUN's) just to make sure it "sees" the disk as gone.
  But otherwise, yep. Deleting is easy (frighteningly so).

• Installing OES 11 SP3 into Existing OES 11 SP1 tree

  It been a while since I personally have installed a server into an existing Edir tree, never done it on Linux/OES. Can someone give a quick checklist I can follow that will aid me installing the new OES 11 SP3 into our existing EDir tree?
  I am reading the OES 11 Documentation and it seems to me there should be some more server / tree health checking done before installing. I cant remember the command to check tree health right now either.
  Thanks in advance,
  Ken

  Thanks for the reply. For some reason I remember more checks having to be done. But it has been several years and it was on Netware.
  Thanks for the information,
  Ken
  Originally Posted by ab
  OES 11 SP3 does not exist; I presume you mean OES 11 SP2.
  The documentation should have everything you need. If you want to check
  health further there are TIDs to do an eDirectory health check, but the
  only thing I ever bother doing outside of looking things over briefly in
  iMonitor (agent summary, obituary report, check the replica-ring for
  non-green stuff) and time checking (be sure time is in syhnc, which is an
  OS issue) is perhaps install a new test server into its own tree from
  which I can import schema into the new tree. It is not required, but it's
  one less thing to have fail during the real server install into the
  existing tree.
  Good luck.
  If you find this post helpful and are logged into the web interface,
  show your appreciation and click on the star below...

• OES 2 SP3+Samba+LDAP users

  Hello everyone,
  Wondering if someone might be able to help with a Samba issue that I don't know how to fix. I've researched it quite a bit online but can't seem to find a solution. I did have a couple certs that needed renewed but even after the cert replacement that didn't seem to fix the overall issue. Also made sure the LDAP users are listed in the Samba User list in iManager. Even tried removing a user and and adding them back in the group. Any help would be appreciated, thanks.
  Goal
  LDAP user trying to connect to a samba share on the OES file server from a Mac.
  Enviornment
  Server
  OES SP3
  samba-3.0.36-0.13.28.1
  Client
  Mac OS X 10.9.5
  /var/log/messages
  pdb_get_group_sid: Failed to find Unix account for user1
  Oct 15 14:46:24 server1 smbd[20328]: [2014/10/15 14:46:24, 0] auth/auth_sam.c:check_sam_security(353)
  Oct 15 14:46:24 server1 smbd[20328]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
  Oct 15 14:46:24 server1 smbd[20328]: [2014/10/15 14:46:24, 0] passdb/pdb_get_set.c:pdb_get_group_sid(211)
  /var/log/samba/log.smbd
  [2014/10/15 14:46:24, 1] auth/auth_util.c:make_server_info_sam(589)
  User user1 in passdb, but getpwnam() fails!
  [2014/10/15 14:46:24, 0] auth/auth_sam.c:check_sam_security(353)
  check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
  [2014/10/15 14:46:24, 0] passdb/pdb_get_set.c:pdb_get_group_sid(211)
  pdb_get_group_sid: Failed to find Unix account for user1
  [2014/10/15 14:46:25, 1] auth/auth_util.c:make_server_info_sam(589)
  User user1 in passdb, but getpwnam() fails!

  Ok. So, I've been at Millikin for 12 years as a full-time employee now, and my account has existed for 14 years. Back when my account was first enabled for *nix stuff, we used the Unix tabs in ConsoleOne. This was the case with other coworkers who have been here for a while. We have had no problems logging into LDAP-enabled stuff (Novell Samba, SSH, etc.)
  Some of my more recent coworkers were enabled for *nix stuff using the LUM-enable process in iManager. Ever since we plugged the hole with our ldap proxy account, they have *not* been able to access LDAP-enabled stuff.
  And this has been driving me absolutely nuts, until I figured it out today.
  My clue to this was the LDAP users filter screen in YaST on one of our SLES boxes (it acts the same way on all of the SLES boxes though.)
  Basically, I noticed that when I accessed the screen anonymously, only some users had a username under the "name" column, but everyone had one under the "login" column. However, if I accessed it authenticatedly, everyone had both. Which was very curious to me, I mean - why would someone have a username and not others?
  I ended up playing around with an account, and found that the "Login" column is tied to the "uniqueID" attribute in LDAP, and the "Name" column is tied to the "CN" attribute.
  I accessed our LDAP servers via an anonymous connection in an LDAP browser, and found that for some reason, the "CN" attribute wasn't displayed for some folks, but it was others.
  So, I got to checking the "NDS Rights" tab in C1 for the different accounts, and found something very odd:
  For accounts that were set up for *nix "the old way" (through the Unix tab in C1,) the rights for [Public] were very simple:
  somple.png
  However, for folks who were "LUM-Enable"d through iManager, they were much more complex and odd:
  complex.png
  So, for whatever reason, when we LUM-enabled the accounts via iManager, it also added all of those random NDS ACL's. (I verified this by LUM-enabling an account that hadn't been enabled before, and it went from having the simple ACLs to these crazy complex ones. However, if I re-LUM-enable my account, it doesn't add those ACLs.)
  As soon as I removed the restrictive "CN" permission from an account, LDAP things work properly.
  The reason this went undiscovered for so long was because of the overly-generous ACL for our ldap anonymous proxy account - it had overridden the permissions for the CN attribute. When we fixed that security hole, then things that depended on an anonymous connection to access the CN attribute broke.

• OES 2 sp3 and 10 G networking

  I have a new OES2 server on re-purposed hardware (Dell PE1950) with an
  Intel
  X520-DA2 (2 port 82599EB based direct attached 10 gig network adapter). It
  is attached to a HP Procurve switch (5412zl) by an HP 7 meter direct
  attache
  SFP + cable.
  I have not been able to get any network traffic to go across the wire.
  Has anyone else set up 10 Gig networking (especially with this type of
  Intel
  card)? What should I look at to get it working?
  Is it the driver (I downloaded the latest from Intel and compiled the
  kernel
  module)?
  Is it the hardware on the server side?
  Is it the cable? (HP insists on HP direct attach cables, Intel on Intel
  cables!)
  Is it the Switch or the configuration of the switch? (The switch wants to
  auto-negotiate, the driver does not. I also have two VMware hosts with
  this
  card and they cannot communicate either.)
  Thanks in advance!
  Daniel Wells
  MHTN Architects, Inc.
  Salt Lake City, Utah

  Thanks for the response.
  We get link lights on both ends.
  I was wondering if it was the NIC, so I shut down the server and replaced
  the NIC with another one I have. When the server came back up it recognizes
  the NIC as a NIC, but it does not find the hardware address. So now I
  cannot even load the NIC at all. This is just too weird.
  It is good to know that you can use another DA cable. I was told by Intel
  that the driver update fixed the HP cable problem, but apparently not. So I
  wonder if HP will fix the problem with the cable since these cable are not
  cheap.
  I tried updating the driver with the latest from source forge, but that did
  not help.
  >>> On 7/18/2012 at 11:52 AM, in message
  <[email protected]>, Rick
  B<[email protected]> wrote:
  > Daniel Wells wrote:
  >
  >> I have a new OES2 server on re‑purposed hardware (Dell PE1950) with an
  >> Intel
  >> X520‑DA2 (2 port 82599EB based direct attached 10 gig network adapter).
  >> It is attached to a HP Procurve switch (5412zl) by an HP 7 meter direct
  >> attache
  >> SFP + cable.
  >>
  >> I have not been able to get any network traffic to go across the wire.
  >>
  >> Has anyone else set up 10 Gig networking (especially with this type of
  >> Intel
  >> card)? What should I look at to get it working?
  >>
  >> Is it the driver (I downloaded the latest from Intel and compiled the
  >> kernel
  >> module)?
  >>
  >> Is it the hardware on the server side?
  >>
  >> Is it the cable? (HP insists on HP direct attach cables, Intel on Intel
  >> cables!)
  >>
  >> Is it the Switch or the configuration of the switch? (The switch wants
  > to
  >> auto‑negotiate, the driver does not. I also have two VMware hosts
  with
  >> this
  >> card and they cannot communicate either.)
  >>
  >> Thanks in advance!
  >>
  >> Daniel Wells
  >> MHTN Architects, Inc.
  >> Salt Lake City, Utah
  >
  > Hi Dan I just did this the other day myself with a procurve 5412ZL. We
  > have
  > a We have a fujitsu 10 gig sfp+. We actually used cables and transeivers
  >
  > from another provider other than hp. The module in the procurve chasis
  > is a
  > j9538A. Once we got the right transceivers and cables all can up fine.
  > Do
  > you get link on the switch side when you load the driver?

• SLES10 SP4/OES2 SP3 32 bit Clean Install - Basic Questions

  Hi everyone.
  I am now an expert in installing the above software and ending up with a server which does not work as we require. Must be something I am doing wrong. Hope someone can spot it.
  Have installed and supported Netware servers for 25 years without major problems. Decided now to move to SLES because Novell say we should and we need Groupwise 12 to replace GroupWise 8.
  The operational environment we are targeting is an 80 user edirectory/NDS based single tree, single context containing two Netware 6.5 SP8 HP Proliant servers running uncomplicated file and print services , NSS volumes, Groupwise 8, DHCP, ifolder, Quickfinder and the like, spread across the two servers. It all works a treat. Client PCs are are all XP Pro with Novell client software.
  The idea would be to replace one of the two Netware servers first with a SLES/OES server and then the second Netware server with a second SLES/OES server and move GroupWise functionality to one of the SLES/OES servers. Ideally users would continue to log on using their eDirectory accounts without noticing anything was going on in the background.
  The test environment we have set up is a 5 user NDS/eDirectory single tree, single context already containing a single Netware 6.5 SP8 Proliant server running file and print, NSS volumes etc and Groupwise 8. Into this tree we are trying to install a 32 bit server with a empty 36 GB SCSI disc running SLES 10 SP4 with OES2 DP3 as an add in, with NSS data volumes.
  Because it only takes a few hours to do we have repeatedly run the SLES 10/OES2 install (probably about 9 times!) with minor variations to see whether we can end up with a properly configured SLES/OES server but there is always one problem or another.
  The major problem we have is how to configure NSS data volumes on the SLES server and how to allow users to be validated against their eDirectory entries and knowing whether the test server is 'good to go'.
  The process we followed for each test install, after checking edirectory was clean and removing any entries placed in the tree by earlier attempts to install the SLES server in the same tree were:
  1. Boot the SLES 10 SP4 32 DVD (downloaded ISO and burnt DVD) and selected Installation.
  2. Followed the prompts on time zone and language etc and selected i386 OES CD (also downloaded ISO and burnt) as the Software Add-In.
  3. Loaded SLES DVD and OES CD as and when requested
  4. At the Partitioning stage we selected the EVMS proposal, and at the Software selection stage selected the base software, file server Role, Documentation, DHCP, eDirectory, iFolder, iPrint, Quickfinder, NSS and LDAP.
  5. Miscellaneous errors would appear or not appear during the eDirectory stage (eg LUM error, or iFolder error) but the eDirectory stage would still seem to complete OK and get ticked.
  6. The system would then reboot and appear to come up OK.
  HOWEVER, we are not convinced we have created a fully working reliable server.
  and
  SPECIFICALLY we are unable to create NSS volumes and we cannot logon users via their eDirectory accounts.
  NSSMU shows a single device sda (33.92 Gb) and three partitions sda1 (70Mb), sda2 (31.91GB), and sda3 (1.94GB). sda2 seems to contain all the 'spare' space on the disk (type Linux LVM) but says there is no spare space to create our NSS partitions.
  iManager cannot see any devices to configure NSS data volumes on the SLES server but it connects OK
  NSSCON status seems to show NSS to be running
  EVMSGUI shows /dev/evms/lvm2/system/ro at 10 Gb, /dev/evms/lvm2/system/sw at 2GB and /dev/evms/sda1 at 70 Mb
  So my questions are:
  Does the above look right?
  Why cannot we get at the spare disk space to set up NSS volumes? Did the EVMS proposal grab it all and if so how do we get it back?
  Did not selecting the EVMS partitioning proposal do everything needed to run NSS?
  [There seems to be some suggestion in the several hundred pages of SLES, OES and NSS Guides, Installation manuals, Configuration manuals etc that we have studied over several days, that we now have to edit a fstab file to make it work properly (Really? in this day and age where clicking on Setup.Exe will configure a fully working Windows server) Is that so? Is there anything else we need to do?]
  How do we get the users to access their NDS accounts to log into SLES and Netware?
  How do we know the server is OK for operaational use and 'works' ?
  HELP!!!
  ADB

  alandbond wrote:
  > I
  > have already trawled the self help Forums believing that before SLES
  > 11 came along everyone must have been setting up NSS volumes on SLES
  > 10/OES2 as a matter of course as they moved from Netware and so me
  > trying to do it now should not be akin to rocket science.
  You are partially correct. Admins who used NSS on NetWare likely did
  install NSS on OES Linux but I suspect they used a separate drive for
  NSS either by installing an additional drive, by carving out a chunk of
  space on their RAID array and assigning it to a separate LUN, or by
  running OES in a VM where storage space on a single disk/array can
  appear as separate drives.
  > If Novell say in that guide as they do
  > (just as do you and ab and Simon in responses to my post) that the
  > IDEAL way to include NSS is to have a separate disk for Suse and NSS
  > volumes, BUT as long as you use EVMS to manage the volumes it IS
  > SUPPORTED, then I consider it should be possible without grief to do
  > this and not considered as me putting round pegs in square holes.
  Semantics!
  IDEAL = Recommended; EVMS != IDEAL; EVMS != Recommended;
  IMO, Novell recognised that they had to provide a way for customers to
  install NSS on a system that only had a single disk and provided this
  procedure as a workaround. By the way, they also support 2-node
  clusters but they aren't recommended either. I have also seen cases
  where a supported configuration was deemed no longer to be supported as
  NTS became aware of additional complications.
  My point (and Simon's and ab/Aaron's) is this: Just because it is
  supported doesn't mean you should do it. If we can agree on this point,
  I'll try to help you to get it working. The last thing I want to do is
  give others the impression that by helping you find a solution we think
  this is a good idea!!!
  > This latest release of software even goes as far as including an EVMS
  > Partitioning proposal which can be selected (as I did) within the
  > clean install process.
  >
  > This is what it says:
  Okay! I'm only looking at the information you provided. Let's analyse
  it!
  >
  > A.2.1 Understanding the EVMSBased Partitioning Scheme
  > Using EVMS to manage the system device allows you to later add NSS
  > pools and volumes
  Yes, NSS requires the volume manager to be EVMS and not LVM!
  > on any *unpartitioned* free space on it.
  But you have not left *any* unpartitioned free space!
  > You must modify the partitioning scheme to use EVMS during the
  > install. It is not possible to change the volume manager for the
  > system device after the install.
  True.
  > Beginning in OES 2 SP3, the Partitioner in the YaST Install offers the
  > Create EVMS Based Proposal option to automatically create an EVMS
  > solution for the system device.
  > For unpartitioned devices over 20 GB in size,
  This is what you have...
  > this option creates a boot partition
  > and a container for the swap and / (root) volumes
  > in up to the first 20 GB,
  > and leaves the remainder of the space on the device
  > as unpartitioned free space.
  But it didn't (or you didn't)!
  > Table A-1 shows the default proposed setup
  > for a machine with 768 MB RAM.
  > The default swap size is 1 GB or larger,
  > depending on the size of the RAM on your machine.
  > The remainder of the device is left as unpartitioned free space.
  Let's look at the default proposal. This is *not* what you have.
  > Table A-1 Default EVMS Proposal for Devices over 20 GB in Size
  >
  > Device Size Type Mount Point
  > /dev/sda1 70.5 MB Ext2 /boot
  > /dev/sda2 14.9 GB Linux LVM
  > /dev/evms/lvm2/system 14.9 GB EVMS lvm2/system
  > /dev/evms/lvm2/system/root 10.0 GB EVMS /
  > /dev/evms/lvm2/system/swap 1.1 GB EVMS swap
  A single (SATA/SAS/SCSI) drive will be known as sda (/dev/sda).
  /dev/sda1 is the first partition. In the example and in your
  configuration this is the /boot partition. In both cases it is 70.5 MB.
  /dev/sda2 is the second partition. The partition uses LVM so logical
  volumes of various sizes can be created within the partition. The total
  size of all logical volumes cannot be larger than the size of the
  partition.
  In the above example:
  /root is 10.0 GB and swap is 1.1 GB. This leaves: 14.9 - (10.0 + 1.1) =
  3.8 GB of additional space within /sda2 which can be used to create
  additional logical volumes. Furthermore sda1 + sda2 use only ~ 15 GB.
  Only 15 GB of the disk has been allocated. The remainder of the disk is
  *unallocated* and *unpartitioned*. Presumably, it was left that way so
  that the space could be used for NSS.
  In your case: sda2 is 31.91 GB
  This does not follow the Default EVMS Proposal for Devices over 20 GB
  in Size. Either YaST did not allocate space according to the default
  proposal or you changed it. Either way, sda2 (+sda3) consume *all* of
  the available disk space. It is no wonder that there is no space
  available for NSS!
  > What do you reckon???
  I reckon that something went wrong along the way. If you did not
  specifically change the default allocation yourself, then consider this
  one example of kinds the things that can happen when one tries to
  exploit seldom used, but supported, features!
  It looks like it is time for yet another installation. This time, make
  sure you leave enough unpartitioned space on the drive for NSS and let
  me know how you make out.
  Kevin Boyle - Knowledge Partner
  If you find this post helpful and are logged into the web interface,
  show your appreciation and click on the star below...

• SP3 - Secure portal SSL performance improvements ?

  Portal Gurus,
  One of the major enhancements I was looking for in SP3 was an improvement in
  the SSL gateway performance. However testing I've done so far only shows a
  30% improvement in Requests/second and in open mode SP3 actually seems a
  little slower than SP2. I realize there are environment and specific
  workload factors at work, but under near identical conditions comparing SP2
  to SP3 secure mode, the performance increase wasn't what I had hoped for.
  I followed the tuning instructions in the SP3 release notes and noticed a
  small improvement, ~5%, and was wondering what other people are seeing.
  Given the numbers I'm seeing I have to wonder if using SSL is really viable
  for a busy portal site.
  Anyone seeing a big improvement in SSL performance with SP3 ?
  Cheers,

  I would recommend applying sp3a. The ssl have changed only in sp3a, this should give you much better and faster performance.
  Else, these tuning parameters should help the performance. Goto Admin Console | Gateway Management | Manage Gateway Profile | select "Show Advanced Options" in the bottom of the page and change the following...
  1) Increase the value of "Maximum Thread Pool Size". The default is 200, and it can be increased to 800.
  2) Also increase the Gateway Timeout. The default is 120000. This can be increased to 125000. Then click Submit
  3) Finally on the Gateway server, modify the /opt/SUNWips/bin/ipsgateway script. Find the line that defines the CMD environment variable and change the '-mx128m' parameter to '-mx256m'.

• OES 11 SP2 Imanager doesn't Create IP Certificates???

  If I recreate certificates in Imanager from one of our older OES 2 SP3 or OES 11 SP1 systems, it recreates IP AG, SSL CertificateIP, DNS AG, and SSL CertificateDNS certificates. If I recreate them from an OES 11 SP2 system in Imanager, it only creates Certificates DNS AG and SSL Certificate DNS. I noticed there is a check box to create the IP certs, but even when that box is checked it still only creates the DNS certs. Is this how it should be? I'm guessing not since the check box still doesn't seem to affect whether the IP certs are created.

  On Tue, 08 Jul 2014 16:26:02 +0000, spashia wrote:
  > If I recreate certificates in Imanager from one of our older OES 2 SP3
  > systems, it recreates IP AG, SSL CertificateIP, DNS AG, and SSL
  > CertificateDNS certificates. If I recreate them from an OES 11 SP2
  > system in Imanager, it only creates Certificates DNS AG and SSL
  > Certificate DNS. I noticed there is a check box to create the IP certs,
  > but even when that box is checked it still only creates the DNS certs.
  > Is this how it should be? I'm guessing not since the check box still
  > doesn't seem to affect whether the IP certs are created.
  Yes, I've seen some other reports that suggest that it works differently
  now. I don't know if this was a deliberate change, or if it's a bug. Is
  it causing a problem for you?
  David Gersic dgersic_@_niu.edu
  Knowledge Partner http://forums.netiq.com
  Please post questions in the forums. No support provided via email.
  If you find this post helpful, please click on the star below.

• Transfer Trustees from Netware to OES2 SP3

  Hi everbody,
  with the last metamig, I saw, that saved data from trustee.nlm should be restored.
  I saved on the original Netware Server with trustee save /R daten: daten:daten.txt.
  But I was not able to restore to my OES 2 SP3, I got a lot of error, ie. invalid token.
  The Volume Name is the same as on Netware. All data have the same path.
  Can anybody tell me the correct syntax how to restore the trustees to oes?
  Thanks for helping,
  Regards from Austria,
  Reinhold

  Originally Posted by rsteini
  Hi everbody,
  with the last metamig, I saw, that saved data from trustee.nlm should be restored.
  I saved on the original Netware Server with trustee save /R daten: daten:daten.txt.
  But I was not able to restore to my OES 2 SP3, I got a lot of error, ie. invalid token.
  The Volume Name is the same as on Netware. All data have the same path.
  Can anybody tell me the correct syntax how to restore the trustees to oes?
  Thanks for helping,
  Regards from Austria,
  Reinhold
  I don't believe (I could be wrong) that you can take the trustee.nlm and save the output in a format that OES Linux will understand (the OES LInux uses a .xml format which I think is different)
  You could manually read through the file (that NetWare generates) and figure out if you wanted to manually reassign them
  Or you could use the miggui (migration utility) on OES Linux to migrate the data (and trustees) from NetWare.

• How to Migrate 2 Netware SLP to OES 2SP3

  I have two netware servers that are replica to my tree but not master replica and I like to migrate slp netware 6.5sp8 to oes 2 Sp3 linux. How do go about migrating slp?

  Originally Posted by sl0000
  Thanks for all the help. I appreciate very much.
  Novell Documentation
  section 13.5.3 may help as well
  More or less you'll want to use:
  net.slp.isDA = true
  net.slp.useScopes = myScope1
  net.slp.dasyncreg = true
  slp.DAaddresses = IP_address_1,IP_address_2
  (where "myScope1" can be your EXISTING SLPDA scope that you used for NetWare) and where the IP's will be your "new" servers (OES2) if replacing your NetWare DA, although it can also be a mix (ie, IP1 is the OES2 server and IP2 is your existing NetWare SLPDA).

• ML110 G6 Internal RAID issues

  Heads Up:
  Doing a manual install of NOWS SBE using the standard SLES 10 SP3 and OES 2 SP3 Media.
  The internal raid (RAID 1+0) which is called
  Smart Array B110i SATA RAID is not working.
  SLES 10 SP3 with out using a driver disks, see each disk as a device /sda1 and /sdb1 and not the one logical drive.
  Done
  Fireware Updates etc
  Found a USB floppy drive and used the only disk image HP have during the install this makes it worst and gives you a "No hard disk storage error"
  Got a SR open with Novell.
  HP at present are being unhelpful, the server is listed on the
  Novell support on HP Proliant Servers
  Will keep you posted.
  Adam

  Originally Posted by itec
  Heads Up:
  Doing a manual install of NOWS SBE using the standard SLES 10 SP3 and OES 2 SP3 Media.
  The internal raid (RAID 1+0) which is called
  Smart Array B110i SATA RAID is not working.
  SLES 10 SP3 with out using a driver disks, see each disk as a device /sda1 and /sdb1 and not the one logical drive.
  Done
  Fireware Updates etc
  Found a USB floppy drive and used the only disk image HP have during the install this makes it worst and gives you a "No hard disk storage error"
  Got a SR open with Novell.
  HP at present are being unhelpful, the server is listed on the
  Novell support on HP Proliant Servers
  Will keep you posted.
  Adam
  Hi Adam,
  Thanks for the Heads-up.
  You said you're doing a manual install from the SLES10-SP3 media so this is not really a NOWS SBE issue, although it would certainly affect NOWS SBE customers.
  Have you checked to see if there is any info related to this issue in the SLES: Install-Boot forum? I seem to remember seeing some posts that reference the ML110 G6 but I can't be sure.
  There are a lot of knowledgeable folks who watch that forum. They may have some experience with that machine or be able to offer some suggestions.

• Quickfinder creating spaces in words

  Hello.
  I am testing Quickfinder as a search solution in our office and have noticed some odd behaviour. I am running Quickfinder on OES 2 SP3 and indexing Netware 6.5 volumes. Indexes are being created and stored on the OES server without any errors that I can see.
  I have setup a few test documents to see how well it finds phrases. We have a mixture of pdf, docx, doc and wpd files.
  When I search for one of my test phrases, it will not always be found. If I search for a specific word or other phrase in the same doument, it finds the document.
  What I have noticed, is that in the description given for that doument on the results page, the earlier phrase (that was not found), is part of the description but has odd spacing in it. For example, the word testing showed as t est ing. If I search the index for that word with the odd spacing, it finds it.
  Something else I have noticed is that if I re-index the folder, the word testing will again come up but with possibly different spacing.
  Has anyone else seen this?
  Thanks
  Scott Schaffer
  Network Admin
  Olive Waller Zinkhan & Waller LLP

  -----BEGIN PGP SIGNED MESSAGE-----
  Hash: SHA1
  Did you by chance try disabling User Account Control (UAC) on the system
  to see if that helped? Maybe a real browser?
  Good luck.
  On 04/19/2011 03:38 PM, Scott Schaffer wrote:
  > Found the answer to my second question. For the links to work when using
  > internet explorer on a Windows 7 workstation, you have to launch IE as an
  > administrator.
  >
  > Scott
  >
  > Scott Schaffer
  > Network Admin
  > Olive Waller Zinkhan & Waller LLP
  >
  >>>> On 19/04/2011 at 11:29 AM, in message <[email protected]>,
  > Scott Schaffer<[email protected]> wrote:
  > Second question and the answer may make the answer to the first question
  > moot.
  >
  > Do quickfinder results links work with Windows 7?
  >
  > When I run a quickfinder query on a Windows XP workstation, the resulting
  > links are clickable and will open the document in the appropriate application.
  >
  > When I run the same query from a Windows 7 workstation, I get the same
  > results page, but the links do not work. I get an error message saying
  > that the states:
  >
  > "Cannot find 'file://path_to_file. Make sure the path or Internet Address
  > is correct."
  >
  > I haven't found a solution for this yet. Anybody else seeing this and have
  > a possible solution? If not, since we are starting to move to Windows 7
  > workstations, there is not much sense in continuing to test quickfinder.
  >
  > Thanks
  >
  >
  >
  > Scott Schaffer
  > Network Admin
  > Olive Waller Zinkhan & Waller LLP
  >
  >>>> On 18/04/2011 at 4:19 PM, in message <[email protected]>,
  > Scott Schaffer<[email protected]> wrote:
  > Hello.
  >
  > I am testing Quickfinder as a search solution in our office and have
  > noticed some odd behaviour. I am running Quickfinder on OES 2 SP3 and
  > indexing Netware 6.5 volumes. Indexes are being created and stored on the
  > OES server without any errors that I can see.
  >
  > I have setup a few test documents to see how well it finds phrases. We
  > have a mixture of pdf, docx, doc and wpd files.
  >
  > When I search for one of my test phrases, it will not always be found. If
  > I search for a specific word or other phrase in the same doument, it finds
  > the document.
  >
  > What I have noticed, is that in the description given for that doument on
  > the results page, the earlier phrase (that was not found), is part of the
  > description but has odd spacing in it. For example, the word testing
  > showed as t est ing. If I search the index for that word with the odd
  > spacing, it finds it.
  >
  > Something else I have noticed is that if I re-index the folder, the word
  > testing will again come up but with possibly different spacing.
  >
  > Has anyone else seen this?
  >
  > Thanks
  >
  >
  >
  > Scott Schaffer
  > Network Admin
  > Olive Waller Zinkhan & Waller LLP
  >
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v2.0.15 (GNU/Linux)
  Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
  iQIcBAEBAgAGBQJNrg/iAAoJEF+XTK08PnB5FNMP/0a6ucbs5QgOyzr+pBkars8J
  z8OoSAC2ofk4Hmc/vfzMZexwSS48WqsnhchaoW9wwoZKyUFyOO55jfgQoe80MEqX
  Vp99W1gwOB2tvq+RwbUm6PKIJfa2/BTPb3gv1iRS1Uf9fchOXdXe5y7uQbid0XXK
  zRB7Dr9FxVeNG4xqquWRDZlTbKUCQfw2E6WBzX0UqZcWJcw9ye P8OJQNDV4ZFXGi
  +vS3eTTkXGmytHBvyMXUhptHela6bUHuf0bWxf0mtnzknLolJH UbSH+JUJ4/eGhv
  nBrLRvrCAh+0t/4/2AyqujwasHaqL25VahikFb/6eoHRvTlviVLLLZwK2/AOqBNW
  lVZW6AaxuBRK9RnZTgSMJ2YiYia8ZkSUB+PAISLBqqAkAWJVEe FpPInbtvcNesK4
  KexMkz/D5ZSefFUU0slON7m3Sl/ib0fgNPuw+Kcw4X3SiJZqKOt/xo2toAl6EVUv
  kSq2vnUgvXbHootVFlSO/dck8R9ZK3lV7W2M6cNwgUOi/u9LybtoJK/0Wt93fTfq
  679nZZdJGLxShnJ0GrHauFderx3ku7IL9TgqypQ+AS0LHRkPUE EVAl4TmSuJScJE
  Q25+fLCwRzafmsd8Oqw44419EPcEPOvZUs5cO34CPJ9NOv3oFb 5s7MFNXrF3Pfn4
  ++PscXyBxNcI/XHjZRvF
  =dR0v
  -----END PGP SIGNATURE-----

• What release of openslp supports isDABackup

  Hi everyone.
  Im working on a migration from NW6.5SP8 (+PostSP8, incl FTF slp). to OES 11 SP1/SLES 11 SP1.
  Im working with the ISOs downloaded from download.novell.com. I'm trying to get openslp to do the Backup through the settings net.slp.isDABackup = true, net.slp.DABackupInterval = 900, net.slp.DASyncReg = true. I do not see the /etc/slp.reg..d/slpd/DABackup folder getting created.
  These are my openslp rpms, as they come out-of-box
  vslccs02-idm:/etc # rpm -qa | grep openslp
  openslp-1.2.0-172.11.16
  openslp-server-1.2.0-172.11.16
  openslp-32bit-1.2.0-172.11.16
  This is my /etc/slp.reg.d/ folder .
  vslccs02-idm:/etc/slp.reg.d # ls
  ntp.reg samba.reg ssh.reg vnc.reg
  vslccs02-idm:/etc/slp.reg.d #
  What's the minimum rpm release of openSLP enabling the "isDABackup = true" to work? Does The dabackup folder need to be created before? Who needs rights to it and what are they? if it's the case.
  I know there a couple of new releases for openSLP posted on the web. Ive seen presentations stating about this folder and the backup procedure. They talk about OES 2 SP3. Was OES 11 released before OES2 SP3 was ready and committed? Therefore it's understandable the rpms are up-to-date on OES2 SP3 and need to be applied to OES11.
  Thank you in advanced!

  On 13/06/2012 05:36, miguelvelizven wrote:
  > I�m working on a migration from NW6.5SP8 (+PostSP8, incl FTF slp). to
  > OES 11 SP1/SLES 11 SP1.
  Are you using the provided migration tools (miggui)?
  > I�m working with the ISOs downloaded from download.novell.com. I'm
  > trying to get openslp to do the Backup through the settings
  > net.slp.isDABackup = true, net.slp.DABackupInterval = 900,
  > net.slp.DASyncReg = true. I do not see the /etc/slp.reg..d/slpd/DABackup
  > folder getting created.
  >
  > These are my openslp rpms, as they come out-of-box
  >
  > vslccs02-idm:/etc # rpm -qa | grep openslp
  > openslp-1.2.0-172.11.16
  > openslp-server-1.2.0-172.11.16
  > openslp-32bit-1.2.0-172.11.16
  >
  > This is my /etc/slp.reg.d/ folder .
  > vslccs02-idm:/etc/slp.reg.d # ls
  > ntp.reg samba.reg ssh.reg vnc.reg
  > vslccs02-idm:/etc/slp.reg.d #
  >
  > What's the minimum rpm release of openSLP enabling the "isDABackup =
  > true" to work? Does The dabackup folder need to be created before? Who
  > needs rights to it and what are they? if it's the case.
  This should all work for OES11 - it's documented @
  http://www.novell.com/documentation/.../data/slp.html
  > I know there a couple of new releases for openSLP posted on the web.
  > I�ve seen presentations stating about this folder and the backup
  > procedure. They talk about OES 2 SP3. Was OES 11 released before OES2
  > SP3 was ready and committed? Therefore it's understandable the rpms are
  > up-to-date on OES2 SP3 and need to be applied to OES11.
  OES11 is an add-on for SLES11 SP1 which includes the openslp RPMs you
  referenced above. It was released after OES2 SP3.
  HTH.
  Simon
  Novell/SUSE/NetIQ Knowledge Partner
  Do you work with Novell technologies at a university, college or school?
  If so, your campus could benefit from joining the Novell Technology
  Transfer Partner (TTP) program. See novell.com/ttp for more details.

• Failed to Configured Domain Services for Windows

  Hi!
  I am installing OES 2 SP3 with DSfW Pattern as a "New Domain Controller in an Existing Domain Services for Windows Domain" with Replication Configuration and Schema Partition.
  During the "Perform eDirectory Configuration" at last task "Configure Domain Services for Windows " at 93% we encountered an error: "Failed to configure Domain Services for Windows".
  Here's details of error ;
  command : perl /opt/novell/xad/sbin/ndsdcinit.pl retry full-replica -d 'vec.apd.com.ph' -l 'ou=OESSystemObjects,dc=vec,dc=apd,dc=com,dc=ph'
  -g 'ou=OESSystemObjects,dc=vec,dc=apd,dc=com,dc=ph' -f 'apd.com.ph' -p 'apd.com.ph' -o 192.168.81.92 -t
  Could not create gss directory /etc/opt/novell/xad/gss at /opt/novell/xad/sbin/ndsdcinit.pl line 463, line 652
  LDAP Based utility [ndsConfigServerContext.sh] to retrieve server context for YaST
  DomainName : vec.apd.com.ph
  NdsAdminName : CN=Administrator,CN=Users,DC=vec,DC=apd,DC=com,DC= ph
  ExistingServerIP : ANDROMEDA.vec.apd.com.ph
  ExistingServerPort : 0
  Add_DC : true
  Returning server context->ou=OESSystemObjects.dc=vec.dc=apd.dc=com.dc=ph
  LDAP Based utility [ndsConfigServerContext.sh] to retrieve server context for YaST
  DomainName : vec.apd.com.ph
  NdsAdminName : CN=Administrator,CN=Users,DC=vec,DC=apd,DC=com,DC= ph
  ExistingServerIP : ANDROMEDA.vec.apd.com.ph
  ExistingServerPort : 0
  Add_DC : true
  Returning server context->ou=OESSystemObjects.dc=vec.dc=apd.dc=com.dc=ph
  SASL/GSS-SPNEGO authentication started
  SASL SSF: 56
  SASL installing layers
  Failed to fetch dNIPDNSZones from DNS_LOCATOR_OBJECT at /opt/novell/xad/lib64/perl/Install/adc_install.pm line 503
  at /opt/novell/xad/lib64/perl/Logger.pm line 119
  Logger::_err('Failed to fetch dNIPDNSZones from DNS_LOCATOR_OBJECT at /opt/...') called at /opt/novell/xad/lib64/perl/Logger.pm line 202
  Logger::Log(0, 'Failed to fetch dNIPDNSZones from DNS_LOCATOR_OBJECT at /opt/...') at /opt/novell/xad/lib64/perl/Install/adc_install.pm line 532
  adc_install::decide_domain_zones() called at /opt/novell/xad/lib64/perl/install/adc_install.pm line 150
  adc_install::stage_domain('adc_install=HASH (0X8b9370)') called at /opt/novell/xad/sbin/ndsdcinit.pl line 1383
  main::main(62, 'apd.com.ph', 'vvec.apd.com.ph', 'TRUE','ou=OESSystemObjects,dc=vec,dc=apd,dc=com,d c=ph','ADM_PASSWD_DOMAIN','ou=OESSystemObjects,dc= vec,dc=apd,dc=com,dc=ph','replops::DESTROY',
  'APD.COM.PH',...) called at /opt/novell/xad/sbin/ndsdcinit.pl line 1301
  main::main() called at /opt/novell/xad/sbin/ndsdcinit.pl line 1425
  ENV PATH = /opt/novell/xad/sbin:/opt/novell/xad/bin:/opt/novell/xad/share/dcinit:/opt/novell/eDirectory/bin:
  LIB=lib64
  LD LIBRARY PATH =
  /opt/novell/xad/lib64:/opt/novell/xad/lib64/nds-
  modules:/opt/novell/eDirectory/lib64:/opt/novell/eDirectory/lib64/nds-modules
  SASL PATH = /opt/novell/xad/lib64/sasl2
  DCINIT CONFIG: /etc/opt/novell/xad/xad.ini
  DOMAIN NAME: vec.apd.com.ph
  PARENT NAME: apd.com.ph
  FOREST NAME: apd.com.ph
  NETBIOS NAME: VEC
  Any ideas on this error ?
  Regards. Thanks.
  denzmo

  Thanks for the reply.
  I have some followup questions
  2. Can you explain the DNS setting in your setup ?
  Tree ---> Power--> apd.com.ph -- dlpc.apd.com.ph
  -- vec.apd.com.ph -- Andromeda.vec.apd.com.ph (DNS)
  -- Pictor.vec.apd.com.ph ( additional domain server ) -> "Failed to configure in DSFW"
  1. apd.com.ph, dlpc.apd.com.ph, vec.apd.com.ph are DSfW domains or just DNS domains ?
  2. Andromeda.vec.apd.com.ph (DNS) - is this the DC of a DSfW domain ?
  3. You are adding the Additional domain controller to the vec.apd.com.ph domain right ?
  The
  # LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf /usr/bin/ldapsearch -Y EXTERNAL -s sub -b dc=ph "(objectclass=dniplocator)" dn
  Heres the result ;
  a.) running the command in the DNS server (child domain) ANDROMEDA;
  SASL /EXTERNAL authentication started
  SASL username: gidNumber=0+uidNumber=0, cn=peercred,cn=external,cn=auth
  SASL SSF: 0
  # extended LDIF
  # LDAPv3
  # base <dc=ph(objectclass=dniplocator) [email protected]> with scope subtree
  # filter: (objectclass=*)
  # requesting:ALL
  # search result
  search : 2
  result : 32 No such object
  text : NDS error : no such entry (-601)
  # numResponses :1
  This is strange. This ldapsearch is failing to find the locator object in the tree under dc=ph.
  - Can you try this same command from your FRD DC too and find the result ?
  - Is your server non-name mapped or your adding a DSfW server into an existing eDirectory tree (name mapped) ?
  - If it is later can you try the same search with '-b' parameter replaced with container to which FRD is mapped to into the eDirectory Tree.
  - Can you tell in your setup where are the locator object present for your first DSfW server which is acting as DNS server ?
  - While installing this ADC server, you have given the remote dns server as 192.168.81.92. In the YaST DNS screen did you do retrieve (by clicking 'retrieve' button on the screen ) or you entered those inputs manually ?
  - Another follow up question. The locator context provided to the ndsdcinit command in your first post, is 'ou=OESSystemObjects,dc=vec,dc=apd,dc=com,dc=ph'. Can you confirm your locator
  context is correct ?
  [/QUOTE]
  b.) running the command in the ADC PICTOR;
  SASL /EXTERNAL authentication started
  ldap_sasl_interactive_bind_s: invalid credentials (49)
  [/QUOTE]
  This is expected as the server is not completely configured.
  Please get it touch with our NTS for passing on more information about this setup.

• What is the best way to upgrade from OES2 running on SLES 10

  Tonight was so frustrating. I was half way doing upgrade of an OES 2 SP3 (running on SLES 10 sp4). Wanted to upgrade to SLES 11 SP2 and OES 11 SP1.
  Is there a way to just patch the server using installation source as the ISOs? Because I was upgrading it the traditional way (take backup, make a clone of the machine, shut down, insert SLES 11 CD, upgrade system, bring it up, OES patch, etc) And I was forced to stop half way because the customer expects things to be done within 2 hours or so with minimal downtime. I have previously patched using installation source but that was only to upgrade the service pack version, not the core OS build.
  This is such a ridiculous requirement. Why is it that we can't just install a "move-to-oes-11-sp1" package from online updates? There must be a way to do this through online, but the severs are registered to get updates only for oes2 and sles 10.
  Someone help me out this is getting just silly.

  Originally Posted by oj43085
  Tonight was so frustrating. I was half way doing upgrade of an OES 2 SP3 (running on SLES 10 sp4). Wanted to upgrade to SLES 11 SP2 and OES 11 SP1.
  Is there a way to just patch the server using installation source as the ISOs? Because I was upgrading it the traditional way (take backup, make a clone of the machine, shut down, insert SLES 11 CD, upgrade system, bring it up, OES patch, etc) And I was forced to stop half way because the customer expects things to be done within 2 hours or so with minimal downtime. I have previously patched using installation source but that was only to upgrade the service pack version, not the core OS build.
  This is such a ridiculous requirement. Why is it that we can't just install a "move-to-oes-11-sp1" package from online updates? There must be a way to do this through online, but the severs are registered to get updates only for oes2 and sles 10.
  Someone help me out this is getting just silly.
  As per the Novell documentation:
  https://www.novell.com/documentation...a/bhu19u7.html
  The only SUPPORTED upgrade path from OES2 SP3 64-bit is offline media, or offline network.
  I do not know the technical details/reasoning why you can't use the channel, but I suspect there's a valid reason for it.