ndsconfig failed to upgrade and start eDirectory

  • 7002554
  • 05-Feb-2009
  • 27-Apr-2012

Environment

Novell eDirectory 8.8.4 for Linux
Novell Open Enterprise Server 2 SP1 (OES 2 SP1)

Situation

Purpose
Insert a new OES2 SP1 server into an existing eDirectory tree

Symptom
The OES2 SP1 installation process stops while configuring and installing eDirectory, with the following error:

ndsconfig failed to configure and start eDirectory

Details windows shows:

Configuring SAS Service... Failed to configure SAS service: no such attribute err=-603

/var/opt/novell/eDirectory/log/ndsd.log shows:

[...]
Successfully started Novell PKI Services
SecurityInstall: Calling pkiInstallSetIdentity . . .
SecurityInstall: Returned from pkiInstallSetIdentity.
FSecurityInstall: Calling pkiInstallsetCRLfile . . .
SecurityInstall: Returned from pkiInstallsetCRLfile.
SecurityInstall: Returned from pkiInstallGetDistributionPointInfo.
SecurityInstall: Error from pkiInstallCreatePKIObjects (ccode = -603; retval = 0).
Configuring Distribution Points for Certificate Revocation List:
An error occurred while configuring product SAS. Error description no such attribute.-603
NDSIInstallDSProduct: Returning -603.
DHModuleInit_dsi: Returning -603.
Module dsi is not loaded
[...]

Changes

The Certificate authority object in the existing eDirectory Tree is missing the Host Server attribute.

Resolution

The error "ndsconfig failed to upgrade and start eDirectory" received when installing a new OES2 SP1 server into an existing tree may be caused by several different issues, however most of the root causes are related to the health status of the existing tree. As "rule of thumb" a complete eDirectory health check needs to be made before adding any new server into the tree, the TID 3564075 explains how to perform the check on multiple platforms.

In this specific scenario was found that the Certificate Authority object was missing the Host Server attribute, and this was causing the error -603.

In order to fix this issue, the Certificate Authority needs to be recreated, either from scratch or importing it from a previous export operation made when the CA was still healthy. The TID 3618399 outlines the step needed for this operation and all the related implications.

Once the Certificate Authority had been recreated, the OES2 SP1 installation process completed successfully.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.