Environment
Novell Access Manager 3.1 Windows Access Administration
Situation
Administrator can login to Admin Console (AC) and make configuration changes to the setup. After the server has been up for a few days, the response from the Admin Console deteriorates to the point that the administrator cannot login anymore. When submitting the credentials into iManager, the "-649 Insufficient memory" error is reported back.
Resolution
Remove the extension from the SNMP Service by doing the following:
1) Stop SNMP Service
2) Load Regedit
3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents
4) Remove the NDS REG_SZ key
5) Start SNMP Service
1) Stop SNMP Service
2) Load Regedit
3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents
4) Remove the NDS REG_SZ key
5) Start SNMP Service
Additional Information
The root cause is a problem with the SNMP configuration. The result is that the maximum number of eDirectory contexts are assigned. A context is an internal eDirectory data structure used to return results from various operations. This can be verified in iMonitor.
1. Go to Connections -> Outbound Contexts.
2. The total number is about 25,000. This is the maximum number allowed.
3. The majority of the module names are Module ID 64400000 (C:\Novell\NDS\ndssnmp.dll)
The only way to recover from this situation is to restart the eDirectory service.
Another tool to confirm this is to use netstat to look at the established TCP connections (netstat -an). Thousands of visible TCP connections are established to both the LDAP server on the box from the SNMP agent.
Steps to fix the problem.
1. Stop the NDS Server0 service and the SNMP service.
2. Determine the source of the SNMP misconfiguration. There are a number of different possibilities. These are the most common:
- Validate the Windows SNMP Service settings are valid and correct. Make sure Security and Traps are alphanumeric values only.
- Validate the settings for the eDirectory SNMP Configuration. Use an LDAP Browser to make sure the SNMP Configuration object has the snmpServerList attribute to the Server Object DN and that the Server Object has the snmpGroupDN attribute to the SNMP Configuration Object DN.
3.Remove the C:\Novell\NDS\snmp\ndssnmp.dat file.
4. Start the SNMP service then the NDS Server0 service (you will be required to reenter authentication for ndssnmp). Look at the end of the C:\Novell\NDS\snmp\dssnmpsa.log file for a line similar to this:
Jun 12 08:23:44 theservername Information: Logged in successfully to 'theservername' eDirectory server.
5. Periodically check the Outbound Contexts page. You should only see one Context for Module ID 64400000 (C:\Novell\NDS\ndssnmp.dll).
1. Go to Connections -> Outbound Contexts.
2. The total number is about 25,000. This is the maximum number allowed.
3. The majority of the module names are Module ID 64400000 (C:\Novell\NDS\ndssnmp.dll)
The only way to recover from this situation is to restart the eDirectory service.
Another tool to confirm this is to use netstat to look at the established TCP connections (netstat -an). Thousands of visible TCP connections are established to both the LDAP server on the box from the SNMP agent.
Steps to fix the problem.
1. Stop the NDS Server0 service and the SNMP service.
2. Determine the source of the SNMP misconfiguration. There are a number of different possibilities. These are the most common:
- Validate the Windows SNMP Service settings are valid and correct. Make sure Security and Traps are alphanumeric values only.
- Validate the settings for the eDirectory SNMP Configuration. Use an LDAP Browser to make sure the SNMP Configuration object has the snmpServerList attribute to the Server Object DN and that the Server Object has the snmpGroupDN attribute to the SNMP Configuration Object DN.
3.Remove the C:\Novell\NDS\snmp\ndssnmp.dat file.
4. Start the SNMP service then the NDS Server0 service (you will be required to reenter authentication for ndssnmp). Look at the end of the C:\Novell\NDS\snmp\dssnmpsa.log file for a line similar to this:
Jun 12 08:23:44 theservername Information: Logged in successfully to 'theservername' eDirectory server.
5. Periodically check the Outbound Contexts page. You should only see one Context for Module ID 64400000 (C:\Novell\NDS\ndssnmp.dll).