Environment
Novell Identity Manager 3.6.1
Novell Identity Manager 4.0.1
Novell Modular Authentication Service (NMAS) version 3.3.3
Novell Identity Manager 4.0.1
Novell Modular Authentication Service (NMAS) version 3.3.3
Situation
The main symptom of this problem is that eDirectory opens thousands
of connections with himself on port 524. This occurs only on
servers with IDM installed on it. When checking with netstat -na,
it's possible to see that the server opens several connections to
itself and that the number grows constantly.
Another symptom is when looking with iMonitor on the Connections | Contexts page. The number of contexts spawned grows as well. In the last column it can be seen that most context are either for jclnt or nmas.
An NMAS trace in the server will show the following error every minute:
17:42:00 130 NMAS: 262201: Create NMAS Session
17:42:00 130 NMAS: 262201: NMAS Client supplied user DN
17:42:00 130 NMAS: ERROR: -1648 Failed to create context for
17:42:00 130 NMAS: 262201: ERROR: -1648 Creating local session for , attempting remote session
17:42:00 130 NMAS: 262201: No NMAS 2.0 Server Found
17:42:00 130 NMAS: 262201: ERROR: -1673 Failed to open connection to remote server protocol
Notice that no DN is actually reported.
On the IDM trace, this error is reported:
17:43:00 5D0 Drvrs: novell.jclient.JCException: login -779 ERR_CANNOT_GO_REMOTE
17:43:00 5D0 Drvrs:
17:43:00 5D0 Drvrs: at novell.jclient.JCContext.login(Native Method)
17:43:00 5D0 Drvrs:
17:43:00 5D0 Drvrs: at
com.novell.nds.dirxml.job.ckdrvhealth.CheckDriverHealthJob$DriverList.getDriversFromScope(CheckDriverHealthJob.java:4766)
Another symptom is when looking with iMonitor on the Connections | Contexts page. The number of contexts spawned grows as well. In the last column it can be seen that most context are either for jclnt or nmas.
An NMAS trace in the server will show the following error every minute:
17:42:00 130 NMAS: 262201: Create NMAS Session
17:42:00 130 NMAS: 262201: NMAS Client supplied user DN
17:42:00 130 NMAS: ERROR: -1648 Failed to create context for
17:42:00 130 NMAS: 262201: ERROR: -1648 Creating local session for , attempting remote session
17:42:00 130 NMAS: 262201: No NMAS 2.0 Server Found
17:42:00 130 NMAS: 262201: ERROR: -1673 Failed to open connection to remote server protocol
Notice that no DN is actually reported.
On the IDM trace, this error is reported:
17:43:00 5D0 Drvrs: novell.jclient.JCException: login -779 ERR_CANNOT_GO_REMOTE
17:43:00 5D0 Drvrs:
17:43:00 5D0 Drvrs: at novell.jclient.JCContext.login(Native Method)
17:43:00 5D0 Drvrs:
17:43:00 5D0 Drvrs: at
com.novell.nds.dirxml.job.ckdrvhealth.CheckDriverHealthJob$DriverList.getDriversFromScope(CheckDriverHealthJob.java:4766)
Resolution
The reason for this problem is an incorrectly configured Driver
Health Job. This issue will occur if the field "loginID" is left empty but it can also happen with an incorrectly formatted user
name.
The default configuration of a Driver Health Job is to run every minute. This is controlled by the crontab like string specified of * * * * *.
To test that the Driver Health Job is configured properly, in iManager go to the Identity Manager Overview, select your Driver Set, go to the Jobs tab, select the Driver Health job and click on"Run Now". This option should report if there are problems with the credentials specified for the job or if it manages to execute correctly.
The default configuration of a Driver Health Job is to run every minute. This is controlled by the crontab like string specified of * * * * *.
To test that the Driver Health Job is configured properly, in iManager go to the Identity Manager Overview, select your Driver Set, go to the Jobs tab, select the Driver Health job and click on"Run Now". This option should report if there are problems with the credentials specified for the job or if it manages to execute correctly.