Environment
Novell eDirectory 8.7.3 for Linux
Open Enterprise Server (Linux based)
Situation
eDirectory server crashed
eDirectory server won't start
eDirectory server database is corrupted
Resolution
eDirectory needs to be removed from a server for one of these reasons:
a)Hardware failure
b)eDirectory corruption
Note: If eDirectory still starts up on the 'crashed' server, ndsconfig rm should be run on the 'crashed' server to remove eDirectory.
Note: Else, use the following commands on a valid eDirectory server that is up and communicating with the rest of the tree. (Preferably the Master replica holder where the crashed server object resides.)
Warning:
If this crashed server is a print server or a certificate authority server, make sure the print services are migrated to another server, and a new certificate authority server has been created.
1) Verify time is synchronized with 'ndsrepair -T'
/opt/novell/eDirectory/bin/ndsrepair -T
All servers shown in the time sync screen should show as YES -
(vmware servers or servers on wan link may be shown as not in sync)
2) Migrate any master replicas off the crashed server. If the server doesn't have any replicas, skip to step #3.
a. Go to another replica holding server in the tree and typing the command.
/opt/novell/eDirectory/bin/ndsrepair -P -Ad
Select the partition
Option - 10 or view replica ring
It will show a list of all the servers in the replica ring of that partition.
b. If the crashed server is the master of that particular partition - make sure another server holding a read / write replica of the same partition is made the master.
From the server which is to be promoted as the new master of the partition type the command.
/opt/novell/eDirectory/bin/ndsrepair -P -Ad
Select the partition
Option 5 -or- Designate this server as the new Master Replica.
If the crashed server is the master of that particular partition - and there is no other server holding read / write replica of the same partition and the only other replica type is sub reference - then you have lost all the objects in that particular partition.
WARNING: DO NOT designate a Subordinate Reference replica as the new Master replica unless no R/W or Read Only replica exists of that partition. Doing so will cause all of your partition objects to go unknown and you will have to recreate them manually.
3. Remove the NCP server object of the crashed server.
a. Verify that each replica ring is consistent and valid
On the every server in the tree - type
/opt/novell/eDirectory/bin/ndsrepair -P -Ad
Select the partition
Option - 10 or view replica ring
if the crashed server still exists - select it and go to the option remove server from the replica ring.
Note - sometimes after removing sub ref from the replica ring it still shows in the replica ring - you would need to manually to remove the crashed server from the replica ring of that particular server.
b. Go to the container that contains the NCP server object
c. Remove the NCP server object. (Note: Make sure to remove the correct server object.)
4. Cleaning up the Tree - Removing the objects
Delete all the other objects relating to the server:
- Http Server
- LDAP Server
- LDAP Group
- Snmp Group
- SAS Service
- PS object
- Four certificates
- IP AG
- SSL Certificate IP
- DNS AG
- SSL Certificate DNS
5) Force immediate synchronization
Linux - Execute "/opt/novell/eDirectory/bin/ndstrace" from the server command-line. Within the ndstrace utility enter:
SET NDSTRACE=ON (enables file logging to /var/nds/DSTRACE.LOG)
SET NDSTRACE=NODEBUG (turns off all preset filters)
SET NDSTRACE=+SKLK (enables filter of synchronization traffic)
SET NDSTRACE=*H (initiates synchronization between servers)
6)Final check -
Verify time is in sync and there are no errors or references pointing to the crashed server in report sync status.
time sync -
/opt/novell/eDirectory/bin/ndsrepair -T
report sync -
/opt/novell/eDirectory/bin/ndsrepair -E
Additional Information
Step 1,Step2,Step4,Step5
DO NOT Follow Step 3