Environment
Novell Open Enterprise Server 11 Support Pack 2 (OES11SP2)
Novell Open Enterprise Server 11 Support Pack 1 (OES11SP1)
Domain Services for Windows
DSfW
Windows 2012 Server
Remote Desktop
Situation
The Remote Desktop license server cannot update the license attributes for user
Resolution
What needs to be done is to update rights for this attribute.
One way is to give write rights to Public. This will involve selecting the Public trustee and adding the property for terminalServer attribute. I am guessing it currently has compare and read by default.
To give rights to Public do:
1. Open imanagerOne way is to give write rights to Public. This will involve selecting the Public trustee and adding the property for terminalServer attribute. I am guessing it currently has compare and read by default.
To give rights to Public do:
2. Roles and tasks> rights>modify trustees
3. Select the domain root partition
4. Click Assigned rights for Public Trustee.
5. Add terminalServer attribute to the Public Trustee
a) Click Add Property
b) Select termianlServer attribute and click ok.
6. Select write and inherit checkbox for the terminalServer attribute
7. restart the dsfw services.
Cause
The issue is insufficient rights to update terminalServer. LDAP is reporting a 602 because it can not update the terminalServer attribute.
The key traces needed are:
1) Packet Trace on both DSfW and Application server (tcpdump or wireshark) with secure channel encryption disabled (if application is running on windows server)
2) ldap/nmas ndstrace - TID 7009602
3) The /var/opt/novell/xad/log/kdc.log
4) The /var/log/samba/log.smbd (samba log) with debug enabled
5) The /var/log/messages
2) ldap/nmas ndstrace - TID 7009602
3) The /var/opt/novell/xad/log/kdc.log
4) The /var/log/samba/log.smbd (samba log) with debug enabled
5) The /var/log/messages
The packet traces and ndstrace ldap trace return the terminalServer attribute does not exist (error -602)
Since the attribute does not exist the DoModify can not modify the attribute.
Sample ndstrace.log
36321024 LDAP: [2015/01/21 18:50:57.595] DEBUG: (10.10.10.5:60566)(0x0b35:0x66) DoModify on connection 0xec4ee00
36321024 LDAP: [2015/01/21 18:50:57.596] DEBUG: (10.10.10.5:60566)(0x0b35:0x66) modify: dn (CN=rdpUser,OU=EMPLOYEES,DC=novell,dc=com)
36321024 LDAP: [2015/01/21 18:50:57.596] DEBUG: (10.10.10.5:60566)(0x0b35:0x66) modifications:
36321024 LDAP: [2015/01/21 18:50:57.596] DEBUG: (10.10.10.5:60566)(0x0b35:0x66) replace: terminalServer
36321024 LDAP: [2015/01/21 18:50:57.596] INFO: (10.10.10.5:60566)(0x0b35:0x66) DDCModifyEntry failed, err = no such value (-602)
36321024 LDAP: [2015/01/21 18:50:57.596] INFO: (10.10.10.5:60566)(0x0b35:0x66) Sending operation result 16:"":"NDS error: no such value (-602)" to connection 0xec4ee00