Environment
Novell NetWare 6.5
Novell Modular Authentication Service (NMAS)
Situation
Error -1697 while setting a Universal password
Error saving the Universal password for user to the
directory
Error -16049 when trying to check the Universal Password
Status on a user
-16049 - NMAS_E_ENTRY_ATTRIBUTE_NOT_FOUND
-1697 - FFFFF95F NMAS_E_INVALID_SPM_REQUEST
-1643 - FFFFF995 NMAS E INVALID PARAMETER
Search: 1697 -1697 1643 -1643 16049 -16049
Resolution
1. Verify there is Universal Pasword Policy assigned to
the user, users container, or the partition where the user
resides.
2. Verify that the server keys are correct and all the
same on all servers. Use
KB 3455150 - Using SDIDiag to gather specific SDKey information
from servers to verify the that all servers have the same
tree keys.
If you need to generate new keys for your tree, see TID 3840110 - Using SDIDiag - Switches and
Options, and look particularly at the SD command with the -G
option to revoke and issue a new key. The RD command
can then be used to sync keys out
Additional Information
In this case the servers had all the same keys, but they were all
revoked. No keys were valid. So there were no keys to
create the universal password with. Revoked keys are
only used to unencyrpt information and not encrypt new
information. So all servers must have a valid key and
any revoked keys that any other server in the tree might
have.