IP Address or DNS errors on TED screen

Document ID:3476252
Creation Date:05-Nov-2007
Modified Date:30-Apr-2012
- Micro Focus Products:
  ZENworks Server Management

Environment

Novell ZENworks 7 Server Management - ZSM7 Tiered Electronic Distribution (TED)
Novell ZENworks 6.5 Server Management - ZSM6.5 Tiered Electronic Distribution (TED)
Novell ZENworks for Servers 3.0.2 - ZfS3.0.2 Tiered Electronic Distribution (TED)

Situation

ERROR:"This host is only known by an IP address. It is highly recommended that a DNS name be used."

ERROR:"The primary address could not be changed to the address found in our certificate"

ERROR:"Error "Certificate and primary DNS name mismatch has occurred! This node must be known as servername.domain.com or a new certificate must be minted."

SERVERNAME is an invalid DNS name and can't be used by TED.

Exception: java.lang.Exception: There are no valid DNS names or IP address by which TED can be known by.

Resolution

That brings up the following 3 questions:

1. What TED host (distributors and subscribers) needs to be able to do a reverse /forward DNS look up for what TED host? (Does the subscriber need to be able to do a reverse and /or forward DNS look up of a distributor server? and /or visa-versa?)

2. Do subscriber/distributor servers need to be able to do a reverse / forward DNS lookup for themselves?

3. Some companies are doing a distribution from one dual NIC server across the WAN to another dual NIC server (one NIC is private, the other NIC is public on both servers). What if each server resolves their public/private DNS names differently from different DNS servers?
Answer:
ZfS 3.0x Documentation states that each distributor and/or subscriber host needs to be able to do a forward DNS look up from itself of itself (from the distributor or subscriber server, PING its own FQDN and get its own IP address back from the DNS server). We also know that we're supposed to do a reverse DNS lookup from any administrative workstation of the IP address of the distributor or subscriber server (ping -a 137.65.85.135 should return the FQDN of the server)

Ideally, all TED hosts (distributors and subscribers) should have both a single "A" and a single "in-addr-arpa" record in DNS (commonly called forward and reverse lookup records). Every TED host needs to be able to resolve the forward and reverse DNS records of every other TED host in their environment. If multiple DNS Zones are involved, it is wise to configure regularly scheduled DNS Zone Transfers between them to replicate the "A" and"in-addr-arpa" records for the TED hosts.
Verifying "A" and "in-addr-arpa" DNS records for TED hosts

You can use the NSLOOKUP utility from either a NetWare Server Console or a Windows server CMD prompt to see verify if your DNS server(s) have valid "A" (forward lookup) and "in-addr-arpa" (reverse lookup) records for the TED host servers. Just type NSLOOKUP and you'll get a > prompt. Then type in the FQDN of another server to see if your DNS server will do forward lookups. Then you can type the IP address of another server to see if your DNS server will do reverse lookups on that server.
CONFIGURING MULTIHOMED OR MULTIPLE DNS ENTRY TED HOST SERVERS

Once the DNS forward and reverse lookup records are in place correctly, you may still get one of the DNS errors if you have multiple IP Addresses bound (i.e. multi-homed or multiple NICs with IP bound) or if DNS entries for a server contains multiple entries (i.e. in-addr-arpa with 2 or more DNS names or an "A" record with more than 1 IP address registered).

FOR ZSM 6.5 and 7:
In these cases you can modify the "Hosts" or"PrimaryHost" parameter in the SYS:\ZENworks\zfs-startup.xml file

Case 1 - Single DNS name, multiple IP Addresses

If you have a server that has multiple IP addresses bound, but only a single DNS entry, you need to set the Hosts parameter in the ZFS-STARTUP.XML file. This is true even if there is no "A" or "in-addr-arpa" records for the other IP address(es) or have the SET NCP EXCLUDE IP ADDRESSES parameter configured to exclude the unwanted address(es) or have ensured that the desired IP address is being loaded/bound first. Simply put, if you have multiple IP addresses bound no the server, you need to set this parameter to ensure which IP address is used when the Distributor/Subscriber attempts to do a reverse lookup on it's own IP address in DNS.

The Hosts line reads by default:

You change it to:
dnsname.domain.com

NOTE: This setting can contain either an IP address or a DNS name. If it contains a DNS name, it will resolve the name to an address, and then look this up in DNS as an in-addr-arpa record. So if you do opt to use a DNS entry here, it must have only a SINGLE IP address entry for the "A" record in DNS.

Case 2 - Single IP Address, multiple DNS names

If you have servers that have multiple DNS entries for the same address (i.e. the in-addr-arpa DNS record for your server's IP Address has links to multiple "A" DNS records), you need to set the PrimaryHost parameter in the ZFS-STARTUP.XML fle.

The PrimaryHost line reads by default:

You change it to:
dnsname.domain.com

NOTE: In most cases you will not need to change both parameters as they have different purposes. The Hosts parameter is for a server with dual NICs/IP addresses and the PrimaryHost parameter is for a server that is known by DNS as multiple DNS names.

BAD hosts file

Although nslookup returns the correct dns name, a host file may be taking prescedence over this. Check that the host file on the subscriber contains the correct information to resolve the dns name of the ted subscriber.

FOR ZFS 3.0.2:
For devices that are multihomed (devices that have more than one IP address/NIC), edit the following line in the SYS\ZENWORKS\PDS\TED\TED.NCF:

java -mx128M -envDISPLAY=127.0.0.1:0 -noclassgc -ns -jstedexit -snTed -classpath $tedpath com.novell.application.zenworks.ted.TED

Add the following switch after the . . .zenworks.ted.TED:

-hosts host1.dns.com;host2.dns.com;10.0.0.4;hostx.dns.com;10.0.0.1 (Note the semicolon between addresses)

This tells TED that the server is known by everything listed after the -hosts switch. So the line would read something like:

java -mx128M -envDISPLAY=127.0.0.1:0 -noclassgc -ns -jstedexit -snTed -classpath $tedpath com.novell.application.zenworks.ted.TED -hosts host1.dns.com;host2.dns.com;10.0.0.4

Additional Information

The two parameters"Hosts" and "Primaryhost" within the zfs-startup.xml file are used to properly configure the DNS configuration used for ZENworks Server Management, these setting's aren't used to specify the IP address that will be used to send the actual data, as such ZSM will just use the default interface on the server and doesn't force the usage of a specific address.

Formerly known as TID# 10076292