LDAP, Synchronization and IDM periodically stop working on eDirectory for Windows

  • 7003555
  • 16-Jun-2009
  • 26-Apr-2012

Environment

Novell eDirectory 8.8 for Windows 2003
Novell eDirectory 8.8 for Windows 2000
Novell Identity Manager 3.6

Situation

Outbound synchronization stops.

All ldap operations fail.  The LDAP server log contains the following error messages -  Sending operation result 80:"":"NDS error: insufficient buffer
(-649)"

IDM starts reporting errors.  The IDM log contains the following error messages -  Message: (-9956) DirXMLVerbHandler::construct: An error occurred while constructing an object: failed, insufficient buffer (-649)

eDirectory SNMP has been configured on the Windows server.

Resolution

The root cause is a problem with the SNMP configuration.  The result is that the maximum number of  eDirectory contexts are assigned.  A context is an internal eDirectory data structure used to return results from various operations.  This can be verified in iMonitor.

1. Go to Connections -> Outbound Contexts.

2. The total number is about 25,000.  This is the maximum number allowed.

3. The majority of the module names are Module ID 64400000 (C:\Novell\NDS\ndssnmp.dll)

The only way to recover from this situation is to restart the eDirectory service.


Steps to fix the problem.

1. Stop the NDS Server0 service and the SNMP service.

2. Determine the source of the SNMP misconfiguration.  There are a number of different possibilities.  These are the most common:

- Validate the Windows SNMP Service settings are valid and correct. Make sure Security and Traps are alphanumeric values only.

- Validate the settings for the eDirectory SNMP Configuration. Use an LDAP Browser to make sure the SNMP Configuration object has the snmpServerList attribute to the Server Object DN and that the Server Object has the snmpGroupDN attribute to the SNMP Configuration Object DN.

3.Remove the C:\Novell\NDS\snmp\ndssnmp.dat file.

4. Start the SNMP service then the NDS Server0 service (you will be required to reenter authentication for ndssnmp). Look at the end of the C:\Novell\NDS\snmp\dssnmpsa.log file for a line similar to this:
 
Jun 12 08:23:44 theservername Information: Logged in successfully to 'theservername' eDirectory server.

5. Periodically check the Outbound Contexts page.  You should only see one Context for Module ID 64400000 (C:\Novell\NDS\ndssnmp.dll).