Re: Upgrade OES2SP1 to OES2SP2 Fail
a...@novell.com
Hash: SHA1
I saw an issue once where the answer file didn't get created properly
because of how the password was being entered when prompted-for. Can you
post what you are using here? Specifically in that case the failure
happened because the password had a couple of dollar-signs in it which are
special to bash so....
pa$$word
when not escaped, resolves to something like:
pa5453word
where '5453' is the PID of the current bash process where the value was
entered. This can be fixed easily by wrapping the password in quotes when
giving it to Yast to generate the answer file. The Yast prompt showing
you the password should also show you exactly what it stored in any case
so if you are looking at the value there and not just skipping past it you
should be fine. This was just for the general eDirectory password... I've
never tried the DSfW side of things.
Good luck.
jyssupport wrote:
> Following TLD 7004963, all went well until the initial reboot. Now, I
> get an ndsconfig error. I'm being presented the 'failed to upgrade and
> start eDirectory' screen:
>
> ndsconf failed to upgrade and start eDirectory
> This may be due to an incorrect LDAP admin password
> The online upgrade will be aborted
> Check your passwords
>
> Details ->
>
> Checking if server is ready to service requests
> unknown error 1 (1 hex) .1
> ERROR /opt/novell/eDirectory/bin/ndsconfig return value = 56
>
> I've checked and rechecked the passwords (ldap and DSFW) several times
> (both entering manually and creating an answer file). The tree is
> healthy and in sync.
>
> Things look ok from rug's point of view:
>
> silver:~ # rug ca
>
> Sub'd? | Name | Service
>
> -------+-------------------------------------+------------------------------------
> Yes | Novell Open Enterprise Server 2 SP1 | Novell Open Enterprise
> Server 2 SP1
> Yes | SUSE Linux Enterprise Server 10 SP2 | SUSE Linux Enterprise
> Server 10 SP2
> Yes | SLES10-SP3-Online | https://nu.novell.com
>
> | OES2-SP2-Online | https://nu.novell.com
>
> Yes | OES2-SP2-Pool | https://nu.novell.com
>
> Yes | OES2-SP2-Updates | https://nu.novell.com
>
> Yes | SLES10-SP3-Updates | https://nu.novell.com
>
> Yes | SLES10-SP3-Pool | https://nu.novell.com
>
> | SLE10-SP3-Debuginfo-Updates | https://nu.novell.com
>
> | SLE10-SP3-Debuginfo-Pool | https://nu.novell.com
>
> | SLE10-SP3-Debuginfo-Online | https://nu.novell.com
>
>
> silver:~ # rug pd -i
>
> S | Name | Version | Category
> --+----------------------------+---------+---------
> i | SUSE_SLES_SP3 | 10.3-1 | base
> i | OPEN_ENTERPRISE_SERVER_SP2 | 2.0.2-0 | add-on
>
> silver:~ # rug sl
>
> # | Status | Type | Name | URI
>
> --+--------+------+-------------------------------------+-----------------------
> 1 | Active | ZYPP | Novell Open Enterprise Server 2 SP1 |
> nfs://steel.localdo...
> 2 | Active | ZYPP | SUSE Linux Enterprise Server 10 SP2 |
> nfs://steel.localdo...
> 3 | Active | NU | https://nu.novell.com |
> https://nu.novell.com
>
> After I abort the upgrade, all services start normally (including
> eDirectory, all my pools and volumes are mounted). I pointed a web
> browser to the server, and I was presented the Novell Open Enterprise
> Server 2 Support Pack 2 Welcome screen. I see nothing in any log file
> that indicates what is failing. I'm stuck.
>
> I attempted the suggestions in TLD 7002557, but rebooting and
> attempting to spawn another window doesn't allow me to enter anything in
> the console, as it's waiting for the OK button to be pressed, which
> aborts the upgrade. I tried the upgrade from the command line, but
> found after killing eDirectory, there was no lock, and the upgrade still
> failed with the same error messages.
>
> Does anyone have any suggestions? Is there a super secret log file
> somewhere I'm missing? I feel the password warning is a general error,
> and a red herring in my case (i could be wrong however).
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJLViI6AAoJEF+XTK08PnB5AI0P/2Qx/7Vt72hPsPp19osHA5P0
zytk7IEWmDEKqc8zUOeDPrxfwHFd4U8ay/dH3+s1W0D04uxqnjCy314B10QXYiwk
n5f5c48EHU+B0JqXVBe6c555Zc1ueN9vomWeY5sDa+JfPNDEoI+VeRej15OtfctB
QXxV1z5MAtFlBHFQ+apn6/EJd9WvnpwztXKwD5aHUgVz5xRHy6kK84mWsuEP1b3a
fH9HFv12LY3vqwHbeYEtnXG7qpfQTVS9dzJC/YSDrQiWW1peficdSjRbTynlRZux
GVHRypQnJpW0SaLVkW7bFaZ20VVY3DO47zqla+Y4Rh2T8uBVq1bfXyWZC6FDYn8/
vV8ZlYz94OQvhwIY5dBEMIMAdR5el8fNiVmuLq0vWuEN9c6vW6K9zRegclvkOlGk
waars5HeqYTdAI8e7p0w0mLt4pRex6K5aGEy0At9wXHOicOcJSaLSmvoTjvdRoW+
DG2nR3225+ZG0Z0LT+q03RezSmGBo9WNa2fekcvaP+Ha/qke9d/BxKl04nfr9qBU
ZwuVKlzv52FApobqPP9iaIKsdS08muiQkSejWURa12jyBtXSfi3pUxKX7Da5qg28
vcRM/KhAQPRDmQN7tzKrC4XRZhxTAhnb3eRlHUw7J579fuYJLg2d03UHBFFvAldD
GqPa1xDqxYsrSi7dX1c8
=wGQd
-----END PGP SIGNATURE-----
W_ Prindl
>
>I found these in /var/log/localmessages
>
>xadsd: [SAMSS] SamrOpenUser: failed to open user with RID 1004 in
>domain <dc=mydomain,dc=org>: Can't contact LDAP server
>xadsd: [NETLOGON] xad_nl_compute_server_digest: failed to verify
>authenticator
>xadsd: [LSASS] LsapOpenPolicy: failed to open policy handle for server
>: Can't contact LDAP server
>
>there were no such messages before the upgrade attempts. It looks to
>me that 'it' is trying to authenticate to LDAP using an unknown(?)
>user, or a user that no longer exists or something of that nature.
>
>With the upgrade scripts running in the background, how can i tell
>what username it's trying to use to authenticate? Since nothing ever
>asked what the ldap admin username is, it just assumes 'it' knows
>what it is. In my case, it seems that assumption is broken.
>
Usually it takes the admin user stated in nam.conf. Sometimes a
namconfig -k helps.
>Or, if someone could tell me if I'm on or off track, that would help
>too.
Do you have alternative ldap servers configured in nam.conf? That helps
in situations, where the local ldap server is down or not functioning
and you should avoid using dns-names for them as they would fail if
your dns server is down or unreachable.
--
W. Prindl