Netware 6.5 Abend while setting the Application Password on Identity Manager 3.5

  • 3262735
  • 23-Aug-2007
  • 26-Apr-2012

Environment

Novell Netware 6.5 Support Pack 5 or Support Pack 6
Novell eDirectory 8.7.3.7 or 8.7.3.8 or 8.7.3.9
Novell Security Services 2.0.4
Novell Identity Manager 3.5

Situation

- Drivers won't start, hanging in the "Starting" state. Some -1418 messages about not being able to decrypt the Keys on several types of encryption algorithms show in DSTRACE +DXML +DVRS. Also, the message in the trace that identifies this problem is the following:
DirXML Log Event -------------------
Status: Error
Message: (-9993) An error occurred initializing DirXML subsystem 'wire data decryption': failed, -1418 (0xfffffa76)
.
- Setting the application password on the driver properties Abends the server on SAL.NLM

Resolution

The probable cause for this issue is problems or changes in the server's NICI keys, and the solution is to use DXCMD to regenerate the IDM server's keys used by IDM, after making sure PKI and SDI keys are valid. The steps to do that are:

01) On the server console, type DXCMD
02) Login with user name and password
03) Select option 4 (Driver set operations...)
04) Select option 4 again (Regenerate Identity Manager server key pair)
05) Type "yes" (without the double quotes) and hit enter
06) Select option 99 twice to leave DXCMD

After those steps unloading/reloading DS.NLM should get IDM running properly without the -9993 error. A server reboot can be done instead of unloading/reloading DS.NLM.

Additional Information

It should be noted that if indeed the underlying NICI keys have changed it invalidates all IDM data that is stored encrypted. This includes the
application and remote loader passwords, any encrypted attribute values in the cache (not applicable in this case since it is 8.7.3), any encrypted passwords in the cache (for job-generated passwords), and any named passwords on any object.
Excerpt from the Abend.log:

*********************************************************
Novell Open Enterprise Server, NetWare 6.5
PVER: 6.50.06

Server IDMFS2 halted Thursday, August 16, 2007 7:59:07.801 am
Abend 1 on P00: Server-5.70.06: Page Fault Processor Exception (Error code 00000002)

Registers:
CS = 0008 DS = 0010 ES = 0010 FS = 0010 GS = 0010 SS = 0010
EAX = 00000001 EBX = 00000000 ECX = 00000000 EDX = 00000000
ESI = 82F0B9AC EDI = 890D90C0 EBP = 82F0B9B0 ESP = 82F0B978
EIP = 8687F0B9 FLAGS = 00010286
8687F0B9 F00FC101(LOCK) XADD [ECX]=?, EAX
EIP in SAL.NLM at code start +000030B9h
Access Location: 0x00000000

The violation occurred while processing the following instruction:
8687F0B9 F00FC101(LOCK) XADD [ECX], EAX
8687F0BD 40 INC EAX
8687F0BE C3 RET
8687F0BF 008B4C2404B8 ADD [EBX-47FBDBB4], CL
8687F0C5 FFFF ??U5 EDI
8687F0C7 FFFF ??U5 EDI
8687F0C9 F00FC101(LOCK) XADD [ECX], EAX
8687F0CD 48 DEC EAX
8687F0CE C3 RET
8687F0CF 005589 ADD [EBP-77], DL

Running process: Server 00:6 Process
Thread Owned by NLM: SERVER.NLM
Stack pointer: 82F0BF40
OS Stack limit: 82F04000
Scheduling priority: 67371008
Wait state: 50500F0 Waiting for work
Stack: 88FBB262 (DXEVENT.NLM|getDirXMLInterface+B1A)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
88FD3783 (DXEVENT.NLM|DxDDSEASecureChannel+C31)

Feedback service temporarily unavailable. For content questions or problems, please contact Support.