Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Enterprise Directory won't start

 
Jeremy Begg
Trusted Contributor

Enterprise Directory won't start

Hi,

Today I did a fresh install of Enterprise Directory V5.5-ECO1 on a system running OpenVMS IA64 V8.3-1H1, DECnet-Plus and MultiNet V5.2.

First I installed and started the OSAK software (which had not been previously installed) then I installed the Enterprise Directory (DXD) software.

My first problem was that the DXD$DSA_CONFIGURE.COM procedure didn't work; it hung in the DXD$NCL program, trying to determine the DSA state. Eventually I overcame this by rebooting the machine. (I guess this fixed a missing link between OSAK, DECnet and TCP/IP.)

After rebooting I was able to run DXD$DSA_CONFIGURE then I could create the DSA and the DSA NAMING CONTEXT in NCL. However my attempt to start the DSA failed:

NCL>enable dsa
%%%%%%%%%%% OPCOM 27-OCT-2008 22:43:58.74 %%%%%%%%%%%
Message from user SYSTEM on LICKER
Event: State Change from: Node LOCAL:.LICKER DSA,
at: 2008-10-27-23:43:58.746+11:00Iinf
Old State=Off,
New State=Enabling
eventUid BE580D94-A478-11DD-A35D-AA0004003629
entityUid E7D9E2C0-A453-11DD-9DC6-AA0004003629
streamUid 68FD8971-A453-11DD-885E-AA0004003629


%%%%%%%%%%% OPCOM 27-OCT-2008 22:43:58.75 %%%%%%%%%%%
Message from user SYSTEM on LICKER
Event: Communication Failure from: Node LOCAL:.LICKER DSA,
at: 2008-10-27-23:43:58.752+11:00Iinf
Protocol=LDAP Protocol,
Interface=DSA socket interface,
Diagnostic="errno is 49"
eventUid BE58F7F4-A478-11DD-A35F-AA0004003629
entityUid E7D9E2C0-A453-11DD-9DC6-AA0004003629
streamUid 68FD8971-A453-11DD-885E-AA0004003629



%%%%%%%%%%% OPCOM 27-OCT-2008 22:44:03.75 %%%%%%%%%%%
Message from user SYSTEM on LICKER
Event: State Change from: Node LOCAL:.LICKER DSA,
at: 2008-10-27-23:44:03.753+11:00Iinf
Old State=Enabling,
New State=Off
eventUid C154314E-A478-11DD-A58D-AA0004003629
entityUid E7D9E2C0-A453-11DD-9DC6-AA0004003629
streamUid 68FD8971-A453-11DD-885E-AA0004003629


Node 0 DSA
at 2008-10-27-23:44:03.753+11:00Iinf

command failed due to:
no resources available

NCL>exit

The DXD server log file isn't much more helpful despite enabling a fair amount of debugging:

30:LDAPDaemon_rtn: LDAP Security Protocol set to SSLv23
30:LDAPDaemon_rtn: Can't get PK Passphrase
30:LDAPDaemon: LDAP Listener started
30:Call to bind failed with error 49
30:LDAPDaemon_rtn: Call to bind failed with error 49
30:LDAPDaemon_rtn: thread alerted
30:LDAPDaemon: exiting with ldap_sockerr_cnt 0
30:LDAPDaemon: shutdown listening socket with status 49
30:LDAPDaemon: close listening socket with status 49
30:LDAPDaemon: gone

'errno 49', is "EADDRNOTAVAIL Can't assign requested address".

Of course the problem now is that I don't know for sure what address it's trying to assign! There is definitely no other process listening on port 389 (or 636 for that matter).

As you can imagine, this has brought our LDAP experiment to a grinding halt ... any help would be much appreciated!

Thanks,
Jeremy Begg

13 REPLIES 13
Ian P
Occasional Advisor

Re: Enterprise Directory won't start

Hi,

Could this be something to do with the lines
30:LDAPDaemon_rtn: LDAP Security Protocol set to SSLv23
30:LDAPDaemon_rtn: Can't get PK Passphrase

Did you set up the key pairs, and distribute the public keys? It also implies that if you did, then you set it up with a password, not wise!

Cheers, Ian.
Jeremy Begg
Trusted Contributor

Re: Enterprise Directory won't start

I don't think it's an SSL problem as I haven't tried to set up or use LDAP over SSL. (I know the HP SSL software has been started because we have other applications using it.)
Steven Schweda
Honored Contributor

Re: Enterprise Directory won't start

I know nothing, but I gather that one might
expect EADDRNOTAVAIL when trying to use an IP
address which is not available on the local
system. That is, not a port problem, but an
address problem. Is there some config file
somewhere with a typo in it? (Or a wrong
host name? Or something?)

I always prefer error messages which tell you
what was being attempted, along with the
reason for the failure. (I lead a sad,
miserable life.)
Jeremy Begg
Trusted Contributor

Re: Enterprise Directory won't start

Hi Steven,

I'm not aware of anywhere you configure the IP address for it, except as part of the DSA presentation address (which appears to be correct, or at least reasonable).

I agree 100% with your sentiments on the error message itself!

Regards,
Jeremy Begg
Bengt Torin
Occasional Advisor

Re: Enterprise Directory won't start

Hi Jeremy,
I have seen this error or a similar when the configuration failed detecting the correct IP-name or the availability of an IP-net.
If You manually do the following command: mc ncl show osi transport local nsap * Name, Net Serv, with Net Serv <> any.

If You do not get a line with Name = IP_ANY and Network Service = RFC1006 then try a set host using a IP-name as host.domain.com before You run the configuration routine.

Regards

Bengt
Jeremy Begg
Trusted Contributor

Re: Enterprise Directory won't start

That's interesting , Bengt -- but apparently not the problem:

Node 0 OSI Transport Local NSAP 49000AAA000400362921
at 2008-10-30-11:32:15.527+11:00Iinf
with Network Service <> ANY

Identifiers

Name = 49000AAA000400362921

Status

Network Service = CLNS


Node 0 OSI Transport Local NSAP IP_ANY
at 2008-10-30-11:32:15.527+11:00Iinf
with Network Service <> ANY

Identifiers

Name = IP_ANY

Status

Network Service = RFC1006

But I wonder if the RFC21006 service has bound to the wrong IP address: this machine has three -- two physical ethernet ports (on separate subnets) and a pseudo-interface attached to one of the ethernet interfaces.

se0 (Shared VMS Ethernet/FDDI)
[TCP/IP: 192.168.1.2, IP-SubNet: 255.255.254.0, IP-Broadcast: 192.168.1.255]
[VMS Device: EWA0, Link Level: Ethernet ]
pd0 (Secondary Ethernet Address)
[TCP/IP: 192.168.1.14, IP-SubNet: 255.255.254.0, IP-Broadcast: 192.168.1.255]
[Hardware-Device: se0]
se1 (Shared VMS Ethernet/FDDI)
[TCP/IP: 192.168.2.2, IP-SubNet: 255.255.254.0, IP-Broadcast: 192.168.3.255]
[VMS Device: EWB0, Link Level: Ethernet ]

Maybe I should try forcing the IP_ANY NSAP (RFC1006) to bind to the 192.168.1.2 address, but how? I see the IP address for it is set to "".
Jeremy Begg
Trusted Contributor

Re: Enterprise Directory won't start

Yesterday I upgraded this system to DXD V5.6 but got the same error.

As it happens I have a second Integrity server at my disposal, also running VMS 8.3-1H1 and MultiNet 5.2. So I installed the OSAK and DXD software there, and it started without any problems!

I guess now I'll try and make the second server fail in the same way as the first (by gradually changing its configuration). With any luck this will nail down the problem.
Bengt Torin
Occasional Advisor

Re: Enterprise Directory won't start

Hi Jeremy,
Ok it was a test since I have seen the behaviour on systems where the IP-stack is configured OK but all network traffic uses more or less only DECNet. Some information need to be "loaded" before You get the correct information.

About binding, could be, we are running the ED at 7 systems, 7 alpha 1 IA64, all with multiple NICs, but we have only seen an error message similar to Yours at one system.
If You check the presentation address, does it contain a ref to the RFC1006 and the correct host name ?

/bengt
Highlighted
Jeremy Begg
Trusted Contributor

Re: Enterprise Directory won't start

Presentation address looks good to me:

Presentation Address = """DSA""/""DSA""/""DSA""/NS+49000AAA000400362921,CLNS|RFC1006+host.domain.com.au,RFC1006"

(I have replaced the real hostname by 'host.domain' in the above output.)