miggui and OES2 SP3

Have you been seeing this error lately?

Authentication to the server failed. Unable to retrieve the tree certificate. Verify the eDirectory credentials. Refer to the migration.log for more details.

Novell has a TID related to it, #7008691 that notes it has been reported to engineering and that there is a development build of the utility that you can contact Novell support for.  Calling Novell support may not be an option for some (as most of the time you have to open a call that then is "supposed" to be reimbursed - yeah, right).  Good News Everyone!  (Imagine this in Professor Farnsworth's voice - the old guy from Futurama - and it seems much funnier).  I have a work around for this.

Are you ready?  It's really rather annoyingly simple.

1. Verify logins are enabled on the source server.  Just to save yourself a SMH later on like I did late last night.
2. Launch the miggui utility on the target Linux server.
3. Log into the target server FIRST.
4. Log into the source server LAST.

If you still get the error, then close the miggui (don't save the project) and try again.  It's usually worth the effort and has worked at sites where they're experiencing issues with SLP or DHCP or just some unknown infrastructure issue.

If that still doesn't work and you need to look at the migration.log file, simply click on the "View Logs" icon to the left of the miggui screen.  Or you can find it in the /var/opt/novell/migration//log directory.  Project Name would be whatever you saved it as.  Default names are usually NewProj#, where the # just increments by 1 the more times you launch the utility.

Refer to Novell TID#7002862 for a litany of troubleshooting tips if you're still having issues.  Or feel free to email me - although I may be slow to respond and I'll try to lend a hand.

I was very annoyed with this late last night as I've been using the miggui smoothly for sometime.  It never mattered before which way I logged into a server, and usually I could start a new project without any issues.  I'm currently working on a project where we're consolidating file structures to new servers and I need to run several iterations to attach to different servers.  It's the first project with this particular consolidation pattern on OES2 SP3 that I've had this year. Imagine my surprise when I found I have to close the miggui in between projects simply to be able to attach successfully to the next server in the list to consolidate.  Grrrr.....

How to Remove an OES Linux server from an eDirectory tree

OES2-Linux has a different method for removing eDirectory than most NetWare folks are used to.  Long gone is the familiar  NWCONFIG | Remove Directory Services menu options with all the appropriate warnings.  Backpedal to text-based interfaces.  Don’t get me wrong, I love text interfaces and it’s one of my biggest whines about Apple OSes.  But for NetWare folks, trying to find the quick and dirty method to remove a server from a tree so they can put it into another tree is mind-numbingly annoying.  Thus this blog post.  (And I promise to add screen captures to this post at a later date).

Here’s the step-by-step to remove a Linux server from a tree followed by how to add it to a new tree.

1. Make sure time is in sync on both trees:  ndsrepair –T
2. Verify the server being removed has no replicas on it: ndsrepair –P
3. Remove the server from the tree:  ndsconfig  rm  -a cn=admin.o=company
• NOTE: There is no need to stop the ndsd service as ndsconfig will do it for you
4. Use ConsoleOne or iManager to remove any remaining server related objects (average server will have somewhere around 12).

To add a server to an existing tree:

1. Using: ndsconfig  add -t treename –n servercontext  -S servername -a cn=admin.o=company gets you the error message of “This Operation is not Allowed in OES”
2. Use YAST2 | OES Install and Configuration  - make sure you have your OES media handy
3. Click accept, on the next screen you’ll notice all the options have “Reconfigure is disabled” next to each component.  Simply click on the word “disabled” to change it to “enabled” in order to reconfigure eDirectory (and any other components you may wish to change)
4. Click on eDirectory to enter the tree name, point to a server holding a replica, provide the needed credentials, input the context, NTP time servers, and configure SLP settings.

To create a new tree using the server:

1. Use YAST2 in the same fashion as above, but instead of selecting “Existing Tree”, select “New Tree” and the rest of the steps are the same.
2. If this is the first server in a new tree, you’ll want to make it an SLPDA now just to make your life easier.
3. Use an outside source for NTP Time Server such as us.pool.ntp.org

A dash of humor

Note to self: Don't use your Android phone as a means of creating a blog post for here.  The auto correct is most annoying and requires that we log back in at a later date and fix it.

Ever had one of those days where your forehead begins to hurt from the self-inflicgted slaps to the head when having a D'oh moment?  My week's been kind of like that.  First, I allowed myself to be talked into a GroupWise upgrade and migration in the same day.  Which lead to the second error of forgetting to setup the NCPFS so the Linux-only server hosting the POA could chat appropriately with the OES server hosting the MTA and GWIA.  Third slap came from the "damn, I forgot to buy oil for the old truck" when realizing it needed not 1 but 2 quarts of oil.  Fourth and fifth slaps came later that night/wee morning hours when I realized I'd forgotten to register the codes for an OES box that I was rebuilding for the 2nd time to host WebAccess.  It was a long day.

Today I had another one when I realized that I had inadverenty missed renaming the database.zmg file for the the workstation image I was creating for a customer with a failing workstation hard drive and I've effectively overwritten our company's image database.  (Luckily for me we're small and only have 2 hardware-independent images).  Still, rough end to a long week.  I think I deserve a Jack & Pepsi tonight, too bad there's none in the house.