-1497/-1214 or other decryption errors on reinstalling NICI on Unix/Linux

  • 3667383
  • 01-Aug-2007
  • 26-Apr-2012

Environment


non root install of eDirectory 882 on *nix
Novell eDirectory 8.8 for Linux
Novell eDirectory 8.8 for Solaris
Novell eDirectory 8.8 for HP-UX
Novell eDirectory 8.8 for AIX
Novell eDirectory 8.7.3 for Solaris
Novell eDirectory 8.7.3 for Linux
Novell eDirectory 8.7.3 for AIX
Novell eDirectory 8.7.3 for HP-UX
Novell International Cryptographic Infrastructure (NICI) 2.7

The NICI system directory (/var/opt/novell/nici or /var/novell/nici/) was renamed and the NICI package was reinstalled.

Situation

NICI was reinstalled after renaming the NICI directory and NICI and PKI initialisation does not work any more. No certificates (LDAPS or HTTPS) can be used and iManager does not work as well.

ndsconfig upgrade or ndsconfig add -m sas throws the following error:
"Configuring SAS service... Failed to configure SAS service: unknown error -1214 (fffffb42 hex) err=-1214"

Resolution

Check the NICI system directory again. If it contains a file called""nicifk.new", but not the "nicifk" file, the NICI foundation Key file is missing on this system and NICI and all the dependant services like PKI, NMAS, iManager etc will not work because of the absence of this file.

Go to the NICI directory and run the "set_server_mode" script. This should generate the nicifk file and NICI initialisation should now work.

If you are dealing with a non root install of eDirectory 882, which requires root install of the nici package, it may be that nici was not installed in server mode and running the set_server_mode script will also be necessary. In some testing cases we noticed that it may require reconfiguring the instance and not just performing a "ndsconfig add -m sas" as that still produced the -1214 error.