ABEND in LOGEVENT.NLM when exiting DSREPAIR on NetWare

When running a DSREPAIR with Novell Audit installed, when the eDirectory database opens, the server ABENDs in LOGEVENT.NLM.

The server does not ABEND when running in normal conditions.

Identity Manager (DirXML) is also installed on the server and is being audited.

A coredump of the ABEND was taken and analyzed. A copy of the stack walk (without symbols) is provided in the "Additional Notes" section below. The problem is the Identity Manager (IDM - formerly known as DirXML) has a corrupt NAuditConfiguration attribute. Below is a copy of the contents of that attribute:

As you can see above, the EventConfiguration enabled is set to"true" and "false" simultaneously. This is causing the ABEND.

Please read through all of the steps prior to performing them to understand what will happen. To fix the problem, please do the following steps:

1.) Login to iManager. iManager is located at http:///nps/iManager.html .

2.) Go to "Auditing and Logging" and click on "Logging Server Options". Search for your Secure Logging Server (SLS) object. Typically the SLS is located in the"Logging Services" container that is located at the top of your tree. If you have installed your SLS in a different area of the tree, then browse to the appropriate location and select the SLS object.

3.) Click on the "General" tab and click on the"Summary" link. In the "Summary" section you should see three different categories. Those categories are Channels, Notifications, and Log Applications. Scroll down to the "Log Applications" category. There you will see "Identity Manager" hyperlinked. Click on "Identity Manager".

4.) A new window should pop up when you click on"Identity Manager". On the "Configuration" tab you should have an "Events" link. Click on "Events". Take a look at how this section is configured. If "Enable filtering for selected events" is unchecked, then you can ignore this step. If there is a check next to "Enable filtering for selected events", then take note on which events are being audited/logged. Now close the "Modify Object" pop up for the Identity Manager log application.

5.) Map a drive to SYS:/PUBLIC on the file server that has a copy of ConsoleOne on it. Start ConsoleOne. Typically ConsoleOne is located at SYS:/PUBLIC/MGMT/CONSOLEONE/1.2/BIN and is called ConsoleOne.exe in the BIN directory.

6.) Once ConsoleOne is loaded, go to the location in the tree where the IDM log application is located. In a default install of Novell Audit, this is located in the .Applications.Logging Services. container.

7.) In the Applications container, locate the "Identity Manager" object. Double click on it. Click on the"Other" tab. One of the attributes that you see is the"NAuditConfiguration" attribute. Highlight"NAuditConfiguration" and click on the "Delete" button. You will be prompted with "Do you really want to delete this attribute?". Click on the "Yes" button to delete the attribute. Now you can close ConsoleOne. (Note: You do not need to use ConsoleOne to delete this attribute. You can use any other tool that will allow you to delete the"NAuditConfiguration" attribute.)

8.) Return to iManager. Repeat steps 1 - 3 above. On the "Configuration" tab, click on the "Events" link. Restore the settings that you recorded in step 4. Then click on "OK" or "Apply" to save your changes.

9.) Restart LENGINE.NLM so the new settings can be read.

Stack walk of the ABEND:

P00# sw
Current EIP:908B3407 LOGEVENT.NLM|LogEventDirectW+19D11
ESP:9D994C70 EIP:9089EC22 LOGEVENT.NLM|LogEventDirectW+552C
ESP:9D994C90 EIP:908954D1 LOGEVENT.NLM|LogGetEnabledEvents+3E5
ESP:9D994CEC EIP:90896509 LOGEVENT.NLM|LogOpen+682
ESP:9D994E74 EIP:B425A56C DXEVENT.NLM|DxSetEventID+2761
ESP:9D994EA4 EIP:B424F2FD DXEVENT.NLM|DxFreeCacheBlock+290A
ESP:9D994EE8 EIP:B42472FF DXEVENT.NLM|getDirXMLInterface+BB7
ESP:9D994EEC EIP:8FEC366F DS.NLM|InitializeEventCache+30
ESP:9D994EF8 EIP:8FE6D68F DS.NLM|DSAgentOpenLocal+3D4
ESP:9D994FC8 EIP:8F0CF149 DSLOADER.NLM|DDSOpenLocalAgent+12
ESP:9D994FCC EIP:909FD412 DSREPAIR.NLM|+2D412
ESP:9D994FE4 EIP:909EF3C2 DSREPAIR.NLM|+1F3C2
ESP:9D994FF8 EIP:909EF78A DSREPAIR.NLM|+1F78A
ESP:9D995088 EIP:90A155C5 DSREPAIR.NLM|+455C5
ESP:9D995108 EIP:909D79CE DSREPAIR.NLM|+79CE
ESP:9D99512C EIP:909D77A5 DSREPAIR.NLM|+77A5
ESP:9D995284 EIP:909D7119 DSREPAIR.NLM|+7119
ESP:9D99528C EIP:901B6646 NWSNUT.NLM|NWSMenuAction+27
ESP:9D9952A4 EIP:901B698D NWSNUT.NLM|NWSLList+1FD
ESP:9D9952F8 EIP:901B6C1D NWSNUT.NLM|NWSList+46
ESP:9D995344 EIP:901B660C NWSNUT.NLM|NWSMenu+D8
ESP:9D995394 EIP:909D7068 DSREPAIR.NLM|+7068
ESP:9D9953C4 EIP:909D68C3 DSREPAIR.NLM|+68C3
ESP:9D9953CC EIP:909D6776 DSREPAIR.NLM|+6776
ESP:9D9953E8 EIP:8F22A340 SAL.NLM|SAL_TZOffset+D0
ESP:9D9953F8 EIP:883EAD28 LIBC.NLM|ThreadStartFunc+D8
ESP:9D99540C EIP:00226E38 SERVER.NLM|TcoNewSystemThreadEntryPoint+40
(stack end)
P00#

LOGEVENT.NLM Nsure Audit Platform Agent (Build 24)
Version 2.00.02 August 31, 2006

DXEVENT.NLM DirXML Event Handler for Novell Directory Services 3.0.1
Version 3.00.10 June 30, 2006