Error 603 when installing eDirectory. Missing attribute on SAS object

  • 7014319
  • 18-Dec-2013
  • 12-Feb-2014

Environment

SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 11
Novell Open Enterprise Server 2 (OES 2) Linux
Novell Open Enterprise Server 11 (OES 11) Linux
NetIQ eDirectory

Situation

When installing eDirectory or reconfiguring eDirectory an error is thrown in the ndsd.log file.
Error 603 missing attribute when configuring the SAS object of the server.
603 missing attribute when installing eDirectory 

Resolution

The 603 missing attribute is pointing to the Certificate Authority. The Certificate Authority is missing its Host Server attribute.
 
To resolve this the corrupted Certificate Authority must be deleted and a new Certificate Authority must be created. 
  1. Log into iManager
  2. Click View Objects on the upper tool bar
  3. Click the Security container
  4. Click the current CA object to verify that its “host server” attribute is blank
  5. In the security container delete the following
    a.     The current CA
    b.     The CRL container and all objects inside it
  6. Click Roles and Tasks on the upper tool bar
  7. Click “Novell Certificate Server
  8. Click “Configure Certificate Authority
  9. Select the server you want to host your new CA
  10. This server can be any server running eDirectory in your environment however it is recommended to choose a server with read/write or master replicas of all partitions.
  11. Click next then finish.
  12. The new Certificate Authority has been created 

Now please continue with the installation and/or upgrading of eDirectory.
It is recommended that with the new Certificate Authority all previous certificates in the environment be recreated with the new Certificate Authority to prevent any premature expiration and breaking of other components.

Cause

A missing host server attribute can happen when there is corruption in eDirectory or when a server is removed from the environment and this server happened to be the previous CA host. Removing the CA host does not delete a certificate authority but it does remove its host server attribute effectively rendering the certificate authority useless.