Selecting to read from a different replica in iMonitor (proxy mode) results in error: -676

  • 7018242
  • 04-Nov-2016
  • 04-Nov-2016

Environment

NetIQ eDirectory 8.8 SP8

Situation

When using iMonitor in direct mode (using the replica server's ip address in the URL) there is no problem viewing an object.  However, if another server's replica is selected from the lower right pane, error -676 is returned.

Other errors are sometimes seen such as -625 and -626.  However, as above, using iMonitor in direct mode to the other server works fine.  There are also no problems if iMonitor is forced to accept unsecured connections.

Standalone: The servers in the replica ring are running different versions of eDirectory or different patch levels.

OES: This has been reported on fully patched OES as well.


Resolution

Standalone eDirectory

Cause:  The secure NCP code in NCPengine relies on OpenSSL code supplied by eDirectory.  Due to the number of vulnerabilities found and fixed in the last two years this code has changed frequently, even between patches.
Resolution:  This issue is not seen if all the servers in a replica ring are updated to the latest eDirectory version and patch level.

OES

Cause: Unknown at this time though Engineering has been notified.
Workaround: The issue is not seen if iMonitor is used in direct mode to read from a particular replica's information.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.