 |
Installation
Guide Netscape Directory Server |
| Previous |
Contents |
Index |
DocHome | Next |
This chapter describes the most common installation problems and how to solve them. It also provides some tips on checking patch levels and kernel parameter settings for your system.
This chapter has the following sections:
The dsktune utility provides an easy and reliable way of checking the patch levels and kernel parameter settings for your system. You must install the Directory Server before you can run dsktune. dsktune is not available for Windows platforms.
On Solaris platform, if you run the dsktune utility, you need to be aware that it will report as missing any of the patches from the Sun recommended patch list that are not installed on your system, even if they relate to packages that you have not installed.
Netscape Directory Server system tuning
analysis version 15-MAY-2003.
NOTICE : System is
usparc-SUNW,Ultra-5_10-solaris5.8_s28s_u7wos_08a (1
processor).
ERROR : Patch 108528-18 is present, but
108528-19 (Feb/21/2003: SunOS 5.8:
kernel update patch) is a more recent version.
ERROR : Patch 108727-19 is present, but
108727-22 (Feb/21/2003: SunOS 5.8:
/kernel/fs/nfs and /kernel/fs/sparcv9/nfs patch) is a more recent
version.
ERROR : Patch 108827-35 is present, but
108827-40 (Feb/07/2003: SunOS 5.8:
/usr/lib/libthread.so.1 patch) is a more recent version.
ERROR : Patch 108919-15 is present, but
108919-16 (Jan/31/2003: CDE 1.4:
dtlogin patch) is a more recent version.
ERROR : Patch 108968-07 is present, but
108968-08 (Jan/22/2003: SunOS 5.8:
vol/vold/rmmount/dev_pcmem.so.1 patch) is a more recent version.
ERROR : Patch 108993-12 is present, but
108993-13 (Jan/30/2003: SunOS 5.8: nss
and ldap patch) is a more recent version.
ERROR : Patch 109007-08 is present, but
109007-09 (Jan/27/2003: SunOS 5.8:
at/atrm/batch/cron patch) is a more recent version.
ERROR : Patch 109318-28 is present, but
109318-31 (Feb/07/2003: SunOS 5.8:
suninstall Patch) is a more recent version.
ERROR : Patch 109326-09 is present, but
109326-10 (Feb/03/2003: SunOS 5.8:
libresolv.so.2 and in.named patch) is a more recent version.
ERROR : Patch 109805-14 is present, but
109805-15 (Jan/23/2003: SunOS 5.8:
/usr/lib/security/pam_krb5.so.1 patch) is a more recent version.
ERROR : Patch 109888-18 is present, but
109888-20 (Feb/21/2003: SunOS 5.8:
platform drivers patch) is a more recent version.
ERROR : Patch 110453-03 is present, but
110453-04 (Feb/21/2003: SunOS 5.8:
admintool Patch) is a more recent version.
ERROR : Patch 110842-08 is present, but
110842-10 (Feb/06/2003: SunOS 5.8:
hpc3130 driver patch for SUNW,Sun-Fire-880) is a more recent version.
ERROR : Patch 110934-10 is present, but
110934-11 (Feb/20/2003: SunOS 5.8:
pkgtrans, pkgadd, pkgchk and libpkg.a patch) is a more recent version.
ERROR : Patch 111874-05 is present, but
111874-06 (Jan/23/2003: SunOS 5.8:
usr/bin/mail patch) is a more recent version.
ERROR : Patch 111879-01 (Aug/27/2001: SunOS
5.8: Solaris Product Registry
patch SUNWwsr) is required but not installed.
ERROR : Patch 112237-06 is present, but
112237-07 (Jan/15/2003: SunOS 5.8:
mech_krb5.so.1 patch) is a more recent version.
ERROR : Patch 113650-01 (Jan/08/2003: SunOS
5.8: /usr/lib/utmp_update patch)
is required but not installed.
NOTICE : Solaris patches can be obtained from
http://sunsolve.sun.com or your
Solaris support representative. Solaris patches listed as required by
the
JRE are located at
http://www.sun.com/software/solaris/jre/download.html or
can be obtained from your Solaris support representative.
WARNING: 384MB of physical memory is
available on the system. 1024MB is
recommended for best performance on large production system.
WARNING: This program should be run by the
superuser to collect kernel
information on the overriding maximum backlog queue size and IP tuning.
WARNING: The tcp_close_wait_interval is set
to 240000 milliseconds
(240 seconds). This value should be reduced to allow for more
simultaneous connections to the server. A line similar to the following
should be added to the /etc/init.d/inetinit file:
ndd -set /dev/tcp tcp_time_wait_interval 30000
NOTICE : The tcp_conn_req_max_q value is
currently 128, which will limit the
value of listen backlog which can be configured. It can be raised by
adding
to /etc/init.d/inetinit, after any adb command, a line similar to:
ndd -set /dev/tcp tcp_conn_req_max_q 1024
NOTICE : The tcp_keepalive_interval is set to
7200000 milliseconds
(120 minutes). This may cause temporary server congestion from lost
client connections.
NOTICE : The tcp_keepalive_interval can be
reduced by adding the following line
to /etc/init.d/inetinit:
ndd -set /dev/tcp tcp_keepalive_interval 600000
NOTICE : The NDD tcp_rexmit_interval_initial
is currently set to 3000
milliseconds (3 seconds). This may cause packet loss for clients on
Solaris 2.5.1 due to a bug in that version of Solaris. If the clients
are not
using Solaris 2.5.1, no problems should occur.
NOTICE : If the directory service is intended
only for LAN or private
high-speed WAN environment, this interval can be reduced by adding to
/etc/init.d/inetinit:
ndd -set /dev/tcp tcp_rexmit_interval_initial 500
NOTICE : The NDD tcp_ip_abort_cinterval is
currently set to 180000
milliseconds (180 seconds). This may cause long delays in establishing
outgoing connections if the destination server is down.
NOTICE : If the directory service is intended
only for LAN or private
high-speed WAN environment, this interval can be reduced by adding to
/etc/init.d/inetinit:
ndd -set /dev/tcp tcp_ip_abort_cinterval 10000
NOTICE : The NDD tcp_ip_abort_interval is
currently set to 180000
milliseconds (180 seconds). This may cause long delays in detecting
connection failure if the destination server is down.
NOTICE : If the directory service is intended
only for LAN or private
high-speed WAN environment, this interval can be reduced by adding to
/etc/init.d/inetinit:
ndd -set /dev/tcp tcp_ip_abort_interval 60000
NOTICE : The NDD tcp_smallest_anon_port is
currently 32768. This allows a
maximum of 32768 simultaneous connections. More ports can be made
available by
adding a line to /etc/init.d/inetinit:
ndd -set /dev/tcp tcp_smallest_anon_port 8192
WARNING: tcp_deferred_ack_interval is
currently 100 milliseconds. This will
cause Solaris to insert artificial delays in the LDAP protocol. It
should
be reduced during load testing.
This line can be added to the /etc/init.d/inetinit file:
ndd -set /dev/tcp tcp_deferred_ack_interval 5
WARNING: There are only 1024 file descriptors
(hard limit) available, which
limit the number of simultaneous connections. Additional file
descriptors,
up to 65536, are available by adding to /etc/system a line like
set rlim_fd_max=4096
WARNING: There are only 256 file descriptors
(soft limit) available, which
limit the number of simultaneous connections. Additional file
descriptors,
up to 1024 (hard limit), are available by issuing 'ulimit' ('limit' for
tcsh)
command with proper arguments.
ulimit -n 4096
ERROR : The above errors MUST be corrected before proceeding.
Clients cannot locate the server.
First, try using the host name. If that does not work, use the fully qualified name (such as www.domain.com), and make sure the server is listed in the DNS. If that does not work, use the IP address.
If your NIS domain is different from your DNS domain, the fully qualified host and domain name presented by the installer may be incorrect. These values must be corrected to use the DNS domain name.
Installation cannot determine the Domain
Name for this Host. Your network settings may not be correct, or your
host may be on a DHCP network.
Windows 2000 requires setting of domain names in two places, one is the default for the whole computer and the other is the one to use for the specific network connection. If you have not specified the domain name to use for the specific network connection, when installing Directory Server, you will notice the warning message shown below:
Setup Warning: Installation cannot determine the Domain Name for this Host. Your network settings may not be correct, or your host may be on a DHCP network. If you are using TCP/IP, your Domain Name must be filed in.
To verify yor Domain Name TCP/IP setting, go to Control Panel Network Settings, and ensure that your TCP/IP DNS properties have the Domain Name filled out. Do you want to continue?
You probably did not shut down a server before you upgraded it. Shut down the old server, then manually start the upgraded one.
Another installed server might be using the port. Make sure the port you have chosen is not already being used by another server.
LDAP
authentication error causes install to fail.
If you are installing Directory Server in a network which uses NIS naming rather than DNS naming, you may get the following error:
ERROR: Ldap
authentication failed for url ldap://incorrect.DNS.address
user id admin (151:Unknown error.)
Fatal Slapd
Did not add Directory Server information to Configuration Server.
ERROR.
Failure installing Netscape Directory Server. Do you want to continue
[y/n]?
This error occurs when a machine is not correctly configured to use DNS naming. The default fully qualified host and domain name presented during installation is not correct. If you accept the defaults, you receive the LDAP authentication error.
To successfully install, you need to provide a fully qualified domain name that consists of a local host name along with its domain name. A host name is the logical name assigned to a computer. For example, mycomputer is a host name and example.com is a fully qualified domain name.
A fully qualified domain name should be sufficient to determine a unique Internet address for any host on the Internet. The same naming scheme is also used for some hosts that are not on the Internet, but share the same namespace for electronic mail addressing.
"Failure
(4322): Configuration initialization failed" error message on Linux.
libjvm.so (from JRE 1.4), which the Administration Server uses to run servlets requires that the compat-libstdc++-6.2 package (RPM) be installed when running the server on Redhat Advanced Server.
The RPM may or may not be installed depending on the options that were chosen when the operating system was installed. If the RPM is not installed, you will get an error similar to the one shown below.
[18/Jun/2002:10:56:39]
failure (4322): Configuration initialization failed:
Error running
init function load-modules: dlopen of
/export/dstest/bin/https/lib/libNSServletPlugin.so failed
(libstdc++-libc6.1-1.so.2:
cannot open shared object file: No such file or directory)
For more information on RPM, check the JRE's release notes at this URL: http://java.sun.com/j2se/1.4/install-linux.html
I have forgotten the Directory manager DN
and password.
You can find out what the Directory Manager DN is by examining serverRoot/slapd-serverID/config/dse.ldif and looking for the nsslapd-rootdn attribute.
If you have forgotten the Directory Manager DN password, you can reset it by doing the following:
Is there a
way to debug Directory Server installation and uninstallation problems?
Some problems may develop when you uninstall
Directory Server and then reinstall. Logging has been enhanced to
report setup and uninstall problems with detailed error messages to
provide you with enough information to fix the problem. The setup log
file is located in the following path:
serverRoot/setup/setup.log.
The uninstall log file, uninst.log,
is stored in the system TEMP directory. On UNIX, this directory is
usually
/tmp or
/var/tmp. On Windows, check the system properties to see the
value assigned to the TEMP environment variable (alternatively, you can
open a command window and type
echo %TEMP%).
| Previous |
Contents |
Index |
DocHome | Next |