How do I manually create an ADAM instance on a Primary or Secondary server? (NETIQKB70852)

  • 7770852
  • 24-Dec-2007
  • 20-Oct-2010

Environment

Directory and Resource Administrator 8.1

Situation

How do I manually create an ADAM instance on a Primary or Secondary server?

How do I reinstall an ADAM instance?

How do I manually create a primary ADAM instance?

How do I manually create a secondary ADAM instance?
ADAM Instance fails to create during initial installation of, or upgrade to, Directory and Resource Administrator 8.1

ADAM Installed on the Directory and Resource Administrator server, but failed to create the instance.

Resolution

Open Add/Remove Programs and locate the ADAM instance name specified during the installation or upgrade of DRA 8.1 and remove the instance.  If the ADAM instance being removed is not the only ADAM instance in the server, recycle the ADAM service (typically called DRASecureStorage) on all other servers hosting ADAM instances to clear the entry from the configuration partition to avoid replication errors.

If this instance will be on the Primary DRA Server follow this process, if this instance is being created on a Secondary DRA Server, skip this process and proceed to the next portion of the article beginning with Creating a Replica instance on a Secondary DRA Server.

  1. Open the registry on the Primary DRA Server and navigate to:
    • HKLM\Mission Critical Software\OnePoint\Administration\Modules\Server Configuration
      • Set ADAMInstallationFlag to 1
      • Set AQSchemaExtensionsFlag to 1
      • Set InstanceCreationFlag to 1
      • Set RootContainersFlag to 1
      • Set VASchemaExtensionsFlag to 1
      • Set AdminAccount to the Domain Local Security Group that contains the ADAM Administrators
      • Set InstanceName to the EXACT name to be used during manual instance creation.
      • Set LDAPPort to the EXACT port you will enter during manual instance creation.
      • Set SSLPort to the EXACT port you will you will use during manual instance creation.
  2. The Primary ADAM configuration may need to be updated as well.  Open the following location while in the registry:
    • HKLM\Mission Critical Software\OnePoint\Administration\Data\Modules\Server Configuration\PrimaryAdamConfiguration
      • Set PrimaryInstanceStatusFlag to 1
      • PrimaryAdminAccount should be set to the Domain Local Security Group that contains the ADAM Administrators
      • Primary LDAP port should be set to the EXACT port that will be specified during manual instance creation.
  3. Browse to the DRA installation folder (<install drive>\Program Files\NetIQ\DRA) and create a new empty folder named exactly what you wish the new ADAM instance is to be named (i.e. DraSecureStorage1)
  4. Copy the following files from within the DRA directory in to the Microsoft ADAM directory (<install drive>\Windows\ADAM)
    • DRA_LDAP_QUERIES.LDF
    • DRA_VIRTUAL_ATTRIBUTES.LDF
    • DRA_ROOT_CONTAINERS.LDF
  5. Navigate to Start-Programs-ADAM and Select Create an ADAM Instance
      • Select a Unique Instance <next>
      • Enter the EXACT instance name you specified in the registry and in the folder you created. <next>
      • Enter the EXACT LDAP and SSL ports you specified in the registry. <next>
      • Select 'Yes, create an application directory partition".
      • Enter the partition name of DC=DRA,DC=COM. <next>
      • Change the Data Location to the path of the empty folder you created in the DRA directory.
      • Recovery files can be placed at any location you choose, or left at the default. <next>
      • Select Network Service Account. <next>
      • Select "This Account" and enter the Domain Local Security Group that contains the ADAM Administrators. <next>
      • Select "Do not import LDIF files for this instance of ADAM". <next>
      • Review the summary and check for any mistakes.  <next>
  6. Launch the ADAM Command Prompt (If you have not copied the .LDF files as detailed above do so now)
  7. Enter the following three commands entering your server name, port, account (the account specified in the domain local security group that will administer ADAM), flat domain name, and password (to the the ADAM Administrator Account).  (Note: the DC=X should not be altered to read DC=Domain Controller, the "X" should be left in place)
    1. ldifde -i -f DRA_LDAP_QUERIES.LDF -s server name:port -b account domain password -k -c "cn=schema,cn=configuration,dc=x" #schemaNamingcontext
    2. ldifde -i -f DRA_VIRTUAL_ATTRIBUTES.LDF -s server name:port -b account domain password -k -c "cn=schema,cn=configuration,dc=x" #schemaNamingcontext
    3. ldifde -i -f DRA_ROOT_CONTAINERS.LDF -s server name:port -b account domain password -k -j . (Period must be included in syntax)

 

Creating a Replica instance on a Secondary DRA Server.

If the ADAM Instance that you are creating will be a Replica ADAM instance residing on a Secondary DRA Server, follow the steps below

  1. Prior to beginning this process, uninstall all ADAM instances on the Secondary via Add/Remove Programs.

    1.     Open Regedit on the DRA Secondary Server

    2.     Expand HKLM - Software - Mission Critical Software - OnePoint - Administration - Modules - ServerConfiguration - ADAMConfiguration

    3.     Change the Instance Creation Flag to 0

    4.     Change the LDAP port to an alternate port (I.E. 50001)

    5.     Change the SSL Port to an alternate port (I.E.> 50002)

    6.     Change the Instance Name to an alternate name (any name other than what is currently used is acceptable)

    7.     Log on to the Primary DRA Server and expand the Configuration Management node and select Administration Servers

    8.     Select the Primary DRA server and right click on it.

    9.     Choose Synchronize - Full Refresh

    10.   Allow for enough time to pass for the instance to be created

    The Primary ADAM instance partition will now replicate to the newly created instance which may take several minutes to complete.  Once the process completes you should be able to create Advanced Queries and Virtual Attributes on either your Primary or Secondary servers and they will replicate to one another at the selected time intervals.  You will not see immediate replication in DRA.

Cause

Proper credentials were not given to the installer program during the installation of Directory and Resource Administrator 8.1

 

Additional Information

Formerly known as NETIQKB70852

Warning: Using the Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. NetIQ Technical Support cannot guarantee that problems resulting from the incorrect use of the Registry Editor can be resolved. Make sure that you back up your Registry prior to making any changes.