[ Back | Print ]
Technical Information Document
NDS Health Check Procedures - Cross Platform - TID10060600 (last modified 18FEB2003)
printer friendly tell a friend
Click here if this does not solve your problem
10060600 10060600 10060600
fact

Novell NetWare 4.11

Novell NetWare 5.0

Novell NetWare 5.1

Novell NetWare 6.0

RedHat Linux

Solaris 2.6 and above

Tru64 Unix

Windows NT 4.0

Windows 2000 Server

Windows 2000 Advanced Server

Novell Directory Services

Novell eDirectory 8.5.x

Novell eDirectory 8.6.x

Novell Directory Services 8

Novell Directory Services 7

Novell Directory Services 6

Formerly TID 10012858

symptom

NDS Health Check Procedures - Cross Platform

fix

To maintain NetWare Directory Services (NDS/eDirectory) health, and as a preventative measure you should perform the following operations once a week for a dynamic directory environment, and once a month for a static directory environment on every server (the frequency of the Health Check is a general rule). To determine whether you have a dynamic tree or static tree please read the following definitions:

Static NDS Tree

A static tree has minimal routine changes. For example, you only make simple changes such as adding or deleting user objects, or you create a partition or add a server every couple of months. Because you make fewer changes to a static NDS tree, you only perform NDS health checks once a month.

Dynamic NDS Tree

A dynamic tree has frequent non-routine changes. For example, you create partition or add a server weekly, or you are process of developing the tree.

If your organization has a dynamic NDS tree, you should perform an NDS health check once a week. However, as the pace of change decreases and the NDS tree becomes more static, you can begin to perform NDS health checks less frequently.

It is also recommended that a NDS health check be performed on tree before executing a major NDS operation such as: moving or deleting large numbers of objects, performing a partition operation, or adding or deleting servers.

The utilities used on a Unix platform to `check' the health of Directory Services are installed by default when the NDS server package is installed.  The two commonly used utilities which will be referred to are:  ndsrepair and ndstrace.    For more detailed information about these utilities, there is a Unix `man' pages available from the console prompt.  Thus one would enter:

        man ndsrepair  OR  man ndstrace


STEP 1. Verifying DS Versions - All NDS versions should be at the latest version on their respective operating system platforms. You can verify all DS version that exist in your tree by using the DSREPAIR utility (this includes Unix/Linux and Windows NT/2000 environments). All servers in the tree should be patched to the latest available versions.

a. NetWare - Performing a time synchronization check within DSREPAIR (DSREPAIR.NLM | Time Synchronization) will report the DS version for each server in the tree. Load DSREPAIR.NLM from the server console and execute 'Time Synchronization'.

b. Unix/Linux - Execute ndsrepair  -T, which shows DS version on the servers, displayed in the list. If all servers in the tree are not displayed you may have to run this command on those servers separately.  Or individually you could execute ndsrepair -E (remember Unix is "case sensitive"), and it shows the DS version at the beginning of the displayed information.

c. Windows NT/2000 - Perform time synchronization check within DSREPAIR to report the DS version for each server in the tree. Load DSREPAIR.DLM from the server by opening the 'NDS Services' under the Control Panel and highlighting the DSREPAIR.DLM and pushing the 'Start' button. Inside of DSREPAIR.DLM select the REPAIR menu and 'Time Synchronization'.


STEP 2. Time Synchronization - NDS communication uses timestamps to uniquely identify objects and the objects modification time for synchronization purposes.  If servers in the tree are not synchronized to the correct local time (or more importantly, to each other) replica synchronization will not be reliable and severe object corruption and data loss can be experienced.  To avoid these problems, time must be in sync across all servers in the network.  The following steps outline how to check time synchronization for each platform:

a. NetWare - Load DSREPAIR.NLM from the server console and execute 'Time Synchronization'. This process will check every server in the tree (including NT, Unix and Linux servers) and report whether the server's time is synchronized to the network.

b. Unix/Linux - Execute ndsrepair -T from the server command-line.

c. Windows NT/2000 - Perform time synchronization check within DSREPAIR to report the time on each of the servers in the tree. Load DSREPAIR.DLM from the server by opening the 'NDS Services' under the Control Panel and highlighting the  DSREPAIR.DLM and pushing the 'Start' button. Inside of DSREPAIR.DLM select the REPAIR menu and 'Time Synchronization'.


STEP 3. Server-to-Server Synchronization - NDS servers communicate changes made to objects and partitions boundaries. This step is used to verify that no errors exist when NDS performs synchronization process. To perform this step, a server must have a replica to display the needed NDS trace information.

a. NetWare - From the file server console prompt type:

        SET DSTRACE=ON (this activates the NDS eDirectory transactions screen)
        SET DSTRACE=NODEBUG (turns off all preset filters)
        SET DSTRACE=+S (this makes it so you can see the synchronization)
        SET DSTRACE=*H (this initiates NDS eDirectory synchronization between servers)

        Once you have enough trace information type the following to turn DSTRACE off.
       
        SET DSTRACE=NODEBUG
        SET DSTRACE=OFF

The NDS eDirectory trace screen can be viewed by selecting 'Directory Services' from the list of Current Screens made available by pressing the two keys <CTRL><ESC> simultaneously. If there are not any errors, there will be a line displaying 'All Processed = Yes.' This message will be displayed for each partition contained on this server. If the information is more than can fit on a single screen, use the following command to save it to a file for viewing:

        SET TTF=ON (sends DSTRACE screen to SYS:SYSTEM\DSTRACE.DBG file, which can be viewed in any text editor)
        SET DSTRACE=*R (resets the DSTRACE.DBG file to 0 bytes)
        SET TTF=OFF (once NDS eDirectory has completed synchronizing all partitions)

You can then map a drive to your server's SYS:SYSTEM directory and bring the DSTRACE.DBG file up in a text editor. Search for '-6' and '-7' (this will show any NDS errors during synchronization, such as -625 or -746), or 'YES' (this will show successful synchronization for a partition).

b. Unix/Linux - Execute ndstrace from the server command-line. Within the ndstrace utility enter:

        SET NDSTRACE=ON (enables file logging to /var/nds/DSTRACE.LOG)
        SET NDSTRACE=NODEBUG (turns off all preset filters)
        SET NDSTRACE=+SKLK (enables filter of synchronization traffic)
        SET NDSTRACE=*H (initiates synchronization between file servers)

The displayed information is also saved in the DSTRACE.LOG file, which can be viewed by any text editor.

c. Windows NT/2000 - Load NDS Server Trace Utility from the server by opening the 'NDS Services' under the Control Panel and highlighting the DSTRACE.DLM and then selecting the 'Start' button. From the 'NDS Server Trace Utility' select the EDIT menu and push the 'Clear All' button, check the 'Partition' and 'Sync Detail' boxes and push the 'OK' button.

To force a partition synchronization highlight the DS.DLM under the 'NDS Services' screen and select the 'Configure' button. Select the 'Triggers' tab and then the 'Replica Sync' button. This will force partition synchronization with other servers. You can view the synchronization activity by going to the NDS Server Trace Utility screen and scrolling through the synchronization process.


STEP 4. Replica Synchronization - This step reports replica synchronization status for every partition that has a replica on the current server. This operation reads the Synchronization Status attribute from the replica object on each server that holds replicas of the partitions. It displays the time the last successful synchronization to all servers and any errors that have occurred since the last synchronization.

a. NetWare - DSREPAIR.NLM | Report Synchronization Status.

b. Unix/Linux - Execute ndsrepair -E from the server command-line.

c. Windows NT/2000 - Load DSREPAIR.DLM from the server by opening the 'NDS Services' under the Control Panel and selecting DSREPAIR.DLM and then pushing the 'Start' button. Inside of DSREPAIR.DLM select the REPAIR menu and then 'Report Synchronization Status'.


STEP 5. External References - This step checks each external reference object to determine if a replica containing the object can be located. It will also display obituaries and will show you the states of all servers in the back link lists for the obituaries.

a. NetWare - DSREPAIR.NLM | Advanced Options Menu | Check External References

b. Unix/Linux - Execute ndsrepair -c from the server command-line.

c. Windows NT/2000 - Load DSREPAIR.DLM from the server by opening the 'NDS Services' under the Control Panel and selecting DSREPAIR.DLM and then pushing the 'Start' button. Inside of DSREPAIR.DLM select the REPAIR menu and then 'Check External References.'


STEP 6. Replica States - This step lists partitions and states of the replicas stored in the current server's NDS database files.

a. NetWare - DSREPAIR.NLM | Advanced Option Menu | Replica and Partition Operations

b. Unix/Linux - Execute ndsrepair -P from the server command-line.

c. Windows NT/2000  - Load DSREPAIR.DLM from the server by opening the 'NDS Services' under the Control Panel and selecting DSREPAIR.DLM and then pushing the 'Start' button. Inside of DSREPAIR.DLM expand the 'Partitions' tree to list each of the partitions. Highlight each partition to find the states of the replicas, which is listed in the right window.


STEP 7. Schema Synchronization - Each of the NDS servers have schema definitions that are used for creating and maintaining objects. This step is used verify that schema synchronization between servers is working correctly. To perform this step, a server must have a replica to display the needed NDS trace information.

a. NetWare - From the file server console prompt, type:

        SET DSTRACE=ON (this activates the NDS eDirectory transactions screen)
        SET DSTRACE=NODEBUG (turns off all preset filters)
        SET DSTRACE=+SCHEMA (this will display schema information)
        SET DSTRACE=*SS (this initiates schema synchronization)

       Once you have enough trace information type the following to turn DSTRACE off.
       
        SET DSTRACE=NODEBUG
        SET DSTRACE=OFF

The NDS eDirectory trace screen can be viewed by selecting 'Directory Services' from the list of Current Screens made available by pressing the two keys <CTRL><ESC> simultaneously. Check for the message 'SCHEMA: All Processed = Yes.'

b. Unix/Linux  - Execute ndstrace

From within the ndstrace utility enter:

        SET NDSTRACE=ON (enables file logging to /var/nds/DSTRACE.LOG)
        SET NDSTRACE=NODEBUG (turn off all preset filters)
        SET NDSTRACE=+SCMA (enables filter of schema synchronization traffic)

Additionally you can look at the schema-related operations for both inbound and outbound by entering:

        SET NDSTRACE=+SCMD
        SET NDSTRACE=*SS (initiates synchronization of all schemas)

The displayed information is also saved in the DSTRACE.LOG file, which can be viewed by any text editor.  

c. Windows NT/2000 - Load NDS Server Trace Utility from the server by opening the 'NDS Services' under the Control Panel and highlighting the DSTRACE.DLM and then selecting  the 'Start' button. From the 'NDS Server Trace Utility' select the EDIT menu and push the 'Clear All' button, check the 'Schema' check box and push the 'OK' button.

To force a schema synchronization highlight the DS.DLM under the 'NDS Services' screen and select the 'Configure' button. Select the 'Triggers' tab and then the 'Schema Sync' button. This will force schema synchronization with other servers. You can view the synchronization activity by going to the NDS Server Trace Utility screen and scrolling through the synchronization process.


STEP 8 - Repair Local Database

If while following the above outlined Health Check Procedures you encounter DS errors or if you suspect problems with a server's DS database, the Repair Local Database option within DSREPAIR is a valuable tool to check a server's DS database.  "Repair Local Database" checks the integrity of the database and fixes any problems it encounters, as well as reports information that may be useful.  "Repair Local Database" does not need to be run at either a specific time or specific interval.  It should be used in accordance with your organization's specific needs or used as a tool to maintain DS databases.

a. NetWare - Load DSREPAIR | Advanced Options | Repair Local DS Database

b. Windows NT/2000 -  Load NDS Server Trace Utility from the server by opening the 'NDS Services' under the Control Panel and highlighting the DSREPAIR.DLM and then selecting  the 'Start' button.  Inside of DSREPAIR.DLM select the REPAIR menu and then 'Local Database Repair.'

c. Unix/Linux - execute ndsrepair -R from the server command-line

For more information about resolving specific error messages, please refer to your documentation, Novell Support Connection, http://support.novell.com, or Novell Technical Support.  If you do need to call Novell Technical Support, have your DSREPAIR log file ready to send to the support technician for review.

.
Document Title: NDS Health Check Procedures - Cross Platform
Document ID: 10060600
Solution ID: NOVL40434
Creation Date: 20FEB2001
Modified Date: 18FEB2003
Novell Product Class: Beta
Connectivity Products
Developer Support
End of Life
Groupware
Management Products
NetWare
Novell BorderManager Services
Novell eDirectory

Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.


[ Back | Print ]