Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Unable to start AD Driver

467 views
Skip to first unread message

mor...@gstr.not

unread,
Jan 31, 2004, 6:28:41 PM1/31/04
to
Environment:
1 NW6sp3 w/DirXML installed
1 W2k3 w/DirXML installed

When attempting to start the DirXML Driver through iManager, the
following is displayed:

Message 1:
Sat Jan 31 16:42:51 EST 2004
Error = -288 [0xFFFFFEE0]
Unable to bind DirXML Driver
\PROD\MP\DirXML\Active Directory\ADDriver

Message 2:
Sat Jan 31 16:42:51 EST 2004
Warning
Driver state changed to Stopped
.ADDriver.Active Directory.DirXML.MP.PROD.

I never see a connection attempt in the W2k3 trace.

I've read TID 10065334 but the answer isn't within.

Any ideas?

Thanks!

Jeff

Uwe Carsten Krause

unread,
Feb 1, 2004, 10:24:53 AM2/1/04
to
Hi,
 
this is a little bit to unspecific. Pls turn on DriverTraceLevel (go to your DriverSet Objekt - Properties- Other ans ADD the DriverTracelevel with an value of 3). Turn on DirXML and DirXMLDRV Traces in DSTRACE and look for error messages.
 
Some more generell questions: what type of driver for AD do you use? Remote Loader? Is the addriver.dll running on a AD Domain Controller? If yes, did you specify an Authentification ID, Password and context? If yes again, then remove these informations from the drivers configuration paramters. They are only necessary if you run the driver on a non AD DC.
 
If you have the remoteloader running, what do you see on the RL Trace when starting the driver?
 
Kind regs
 
Uwe
 
Kind regards
 
Uwe Carsten Krause
Maintainet AG
Zum Wartturm 9
63571 Gelnhausen
 

Jeff Moreau

unread,
Feb 1, 2004, 4:07:27 PM2/1/04
to
Apologies for the vagueness.  I don't quite get this DirXML stuff,  yet...
I have gotten the driver to load, but now cannot connect.
 
Here's the DSTrace info:
 
VRReadCacheBlock:  Read 16384 bytes from cache <33773.TAO>
DirXML Driver <\Prod\MP\DirXML\Active Directory\ADDriver> requesting 30 second retry delay.
 
DirxXML Log Event...................................
Status=retry
Message = No connection to remote loader
 
What type of driver for AD do you use?                         Remote Loader
Is the addriver.dll running on a AD Domain Controller?   Yes
Did you specify an Authentification ID, Password and context?  I think I did.  This is the AD DC.  But,  I can't find where this is set.  I've tried to change some of the settings in the ADdriver, and when I eliminate the Passwords, I can no longer start the driver.
 
If you have the remoteloader running, what do you see on the RL Trace when starting the driver?
Trace output:
Verifying command post...
Verifying driver can be loaded...
Initiating SSL encryption
Waiting for DirXML to connect on 'TCP server socket, port 8090, address localhost, using SSL'...
 
Thanks for your help!!!!!!
 
Jeff

Jeff Moreau

unread,
Feb 2, 2004, 12:29:43 AM2/2/04
to
TID 10058131
 
Suggestion here is dissimilar versions of NICI.  In my environment, the NW6 has the beta SP4 installed.  This has NICI 2.6.4.  The Windows 2003 has NICI 2.6.1.  I cannot locate a NICI version of 2.6.4 to install to the Windows server.   ...gone looking some more.

Thorsten H. Niebuhr

unread,
Feb 2, 2004, 2:40:26 AM2/2/04
to
Before fiddling around with nici, i would set up the remote loader without
ssl to check if they can connect that way. If you have that running, change
to SSL.
For setting up remote-Loader, you have to setup three secrets:
RemoteLoader Passwort ->shared secret between DirXML-Engine and RemoteLoader
Engine
Driver Objekt Password ->shared secret to start the driver whitin the
RemoteLoader
Authentication Password ->password of the user-id you specified to connect
to AD (Authentication ID)

Did you set tp the tree correctly ?
how did you set up the authentication context ? (must be
hostname="xx.xx.xx.xx" port="8090")

Thorsten

"Jeff Moreau" <Mor...@GSTR.net> wrote in message
news:bflTb.4932$Wh....@prv-forum2.provo.novell.com...
TID 10058131

----------------------------------------------------------------------------
----

Jeff Moreau

unread,
Feb 2, 2004, 8:03:47 AM2/2/04
to
Can't connect w/o SSL either.
 
It seems I have a syntax problem now with the login name to the remote loader.
 
For Remote Loader connection parameters, I have tried a variety of methods for entering the username:
 
 
I continually received:
 
Status=error
Message = java.net.UnknownHost Excepetion: novell...@domain.com

Jeff Moreau

unread,
Feb 2, 2004, 8:22:29 AM2/2/04
to
Got communication between the Driver and the remote driver.
 
But, now can't get objects to sync.
 
It appears to be on the subscriber channel...  The Trace screen on the AD DC Shows:
 
DirXML Log Event —-------------------------
     Driver       =  \Prod\MP\DirXml\Active Directory\ADDriver
     Thread     =   \Subscriber Channel
     Object      =  \Prod\MP\Users\ZeName  (CN=ZeNameCN=Users,DC=MP,DC=com,)
     Level        =  error
     Message   =  Add error.<status level="error'/>

Thorsten H. Niebuhr

unread,
Feb 2, 2004, 8:32:16 AM2/2/04
to
Jeff, please deaktivate html. This is a newsgroup.

>>CN=ZeNameCN=Users,DC=MP,DC=com,
~~~~~ ~~~~
Fix your placement-rule on the subscriber.

Thorsten

"Jeff Moreau" <Mor...@GSTR.net> wrote in message

news:pasTb.5095$Wh....@prv-forum2.provo.novell.com...


Got communication between the Driver and the remote driver.

But, now can't get objects to sync.

It appears to be on the subscriber channel... The Trace screen on the AD DC
Shows:

DirXML Log Event --------------------------


Driver = \Prod\MP\DirXml\Active Directory\ADDriver
Thread = \Subscriber Channel
Object = \Prod\MP\Users\ZeName (CN=ZeNameCN=Users,DC=MP,DC=com,)
Level = error
Message = Add error.<status level="error'/>

----------------------------------------------------------------------------
----


Got communication between the Driver and the remote driver.

But, now can't get objects to sync.

It appears to be on the subscriber channel... The Trace screen on the AD DC
Shows:

DirXML Log Event --------------------------

Jeff Moreau

unread,
Feb 2, 2004, 8:53:37 AM2/2/04
to
Getting Close!!!!

I've added a preceeding "," to the rule and eliminated the DC=MP, so I am now getting:

DirXML Log Event —-------------------------


Driver = \Prod\MP\DirXml\Active Directory\ADDriver
Thread = \Subscriber Channel

Object = \Prod\MP\Users\ZeName (CN=ZeName,CN=Users,DC=com,)


Level = error
Message = Add error.<status level="error"/>

Have I missed something?

Thorsten H. Niebuhr

unread,
Feb 2, 2004, 9:08:05 AM2/2/04
to
my goodness.... ;)

CN=ZeName,CN=Users,DC=com,)

doesnt look like you real path, does it ?

i guess it should be "CN=bla,CN=users,DC=mp,DC=com" ?!


"Jeff Moreau" <Mor...@GSTR.net> wrote in message

news:BDsTb.5113$Wh....@prv-forum2.provo.novell.com...


> Getting Close!!!!
>
> I've added a preceeding "," to the rule and eliminated the DC=MP, so I am
now getting:
>

> DirXML Log Event --------------------------

Jeff Moreau

unread,
Feb 2, 2004, 11:19:56 AM2/2/04
to
Thank you for your patience and rapid response. Pardon my ignorance, but I just don't see what is wrong here.


There are 3 rules of which I think only the 3rd is the problem. They are:

<Data: 'CN='>
<copy-name>
<Data: ',OU=Users,DC=modernpeople,DC=com'>

I tried setting the 3rd placement rule like:

CN=users,DC=mp,DC=com
,OU=Users,DC=modernpeople,DC=com
,OU=Users,DC=modernpeople

my AD Domain is named modernpeople.com
in an OU directly below the domain is the Users
and the Users are within the OU=Users.

I'm aware the AD is case-sensitive.

So close, yet so far....

Father Ramon

unread,
Feb 2, 2004, 11:32:29 AM2/2/04
to
Are you sure the it is OU=Users? Seems like I have seen references to
the fact that by default the Organizational Units in AD are named by
some other attribute (like DC or CN).
--

Father Ramon
The Patron(izing) Saint of DirXML

Jeff Moreau

unread,
Feb 2, 2004, 11:47:44 AM2/2/04
to
I've tried using:
CN=Users,DC=modernpeople
CN=Users,DC=modernpeople,DC=com
DC=Users,DC=modernpeople
DC=Users,DC=modernpeople,DC=com

AD trace shows:
.
.
.
Message = Add error.<status level="error">There is no such object on the server.

Jeff Moreau

unread,
Feb 2, 2004, 11:54:11 AM2/2/04
to
TID 10062540 ... Default containers created by AD are CN. OU is only used for Admin created containers.

Jeff Moreau

unread,
Feb 2, 2004, 12:00:21 PM2/2/04
to
OK... right above the DirXML Log Event, there is an error message:

<nds>
<output>
<status level="error">Add error.<status level="error">Access is denied

Jeff Moreau

unread,
Feb 2, 2004, 12:06:49 PM2/2/04
to
Success! sort of.

The user object in AD was not a member of the Domain Adminstrators. I added the user to the Domain Adminstrators group, and the DirXML Log Event now states:

Driver = \Prod\MP\DirXML\Active Directory\ADDrivers
Thread = Subscriber Channel
Level = success

But, I am not seeing the user appear in the MMC under Users.

Jeff Moreau

unread,
Feb 2, 2004, 12:13:15 PM2/2/04
to
My mistake...

I had to close the MMC for AD and reopen it. (Refreshing didn't work.)

Thanks go out to Thorsten and Father Ramon for their patience and guidance through this very difficult first time setup! I doubt I would have been successful without your help!!! Thank YOU!!!!
—---------------------------------
For the benefit of others!

Tid 10062540 was useful to identify the proper syntax
I ended up with ",CN=Users,DC=modernpeople,DC=com"
Of course the user object in the AD Must have Administrative Privelages.


Jeff

0 new messages