Error: -626 during eDirectory synchronization and address repair

  • 7008263
  • 01-Apr-2011
  • 27-Apr-2012

Environment

Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.8 for Linux
SUSE Linux Enterprise Server 9
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 11 

Situation

All servers were replicating & synchronizing as expected until a certain point in time.  After that servers that were on the same subnet would synchronize fine with each other but when trying to sync with servers on the other subnet, a -626 error was returned.  Additional symptoms were recognized:
  • -625/-626 errors in synchronization and when running ndsrepair -N , for specific servers.
  • pings would fail from servers on one subnet to those on another subnet.
  • telnet would fail from servers on one subnet to those on another subnet.

Resolution

There is a routing issue where at least some packets are taking different routes and getting lost.  You need to contact your network infrastructure folks to insure the servers on one subnet can talk to servers on another subnet over port 524 (tcp & udp).  You may be able to configure a route in the local server's routing table but would need the assistance of your network personnel to obtain the correct subnet information to configure.

Additional Information

During trouble shooting, it was observed that ICMP pings between servers on one subnet failed going to servers on the second subnet but worked going to server(s) on the same subnet.  This can be an identifier for this problem *unless* the gateway/router on the subnet is configured to block ICMP ping.
 
Another trouble shooting tip is to try to telnet to port 524 from one server to another.  Normally, you should see the following when telnetting to an eDirectory server:
host1:~ # telnet 192.168.123.99 524
Trying 192.168.123.99...
Connected to 192.168.123.99.
Escape character is '^]'.
However, in this situation, we saw the following where the connection was immediately closed:
 
host1:~ # telnet 192.168.123.99 524
Trying 192.168.123.99...
Connected to 192.168.123.99.
Escape character is '^]'.
Connection closed by foreign host.