Error 0x6F (NDS ERROR 111) while logging into iManager

  • 3118974
  • 06-Jun-2007
  • 27-Apr-2012

Environment

Novell eDirectory 8.7.3.9 for Linux
Novell iManager 2.6
Novell ConsoleOne 1.3.6
Novell SUSE Linux Enterprise Server 9
The server has multiple NICs

Situation

"error 0x6F (NDS Error 111)" when trying to log in to iManager
"Failed to retrieve a certificate .... The returned error Code is -321" in ConsoleOne
when trying to open the servers DNS Certificate or IP Certificate

The customer uses 3 Interfaces in 3 Subnets:
One for eDirectory sync / incoming LDAP Queries (eth0)
One for eDirectory Administration (eth2)
One for the Servers Backend Communication. (eth1)

Admin Tools were not able to connect to eDirectory. 

Resolution

Solution 1:

Issuing the following commands at the server console:

  1. ndsconfig set n4u.server.interfaces=eth0,eth1,eth2
  2. ndsconfig set n4u http.server.interfaces=eth2
  3. ndsconfig set n4u https.server.interfaces=eth2
  4. rcndsd restart
fixed the issue. While eth2 in this case is a dedicated eDirectory administration Interface.


Solution 2:

eDirectory isn't loaded on the target server.

To Check: enter /etc/init.d/ndsstat
To Start : enter /etc.init.d/ndsd start

Solution 3: 

eDirectory runs on a port different from 524:
 Specify the port while Login into the Administration tool might help. 
Tree:<serverip>:<portnumber>
Server: <serverip>:<portnumber>

better use standard port 524 for eDirectory




Additional Information

Troubleshooting:
used "ndsconfig get" to check eDirectory configuration and found
- eDirectory was just configured on one NIC
- http.server.interfaces and https.server.interfaces have not been configured at all

Notes:
The reason for configuring eDirectory just on one Interface is to prevent other Networks to access the database (IP Routing on the Server running eDirectory is set to off).
eDirectory was only configured for the sync / incoming LDAP Queries Interface. Therefore no connection could be obtained on the admin interface.