Troubleshooting Communication Issues Notes
Error messages from eDirectory indicating the inability to communicate may include:
622 |
ERR_INVALID_TRANSPORT |
624 |
REPLICA ALREADY EXISTS |
625 |
TRANSPORT FAILURE |
626 |
ALL REFERRALS FAILED |
634 |
NO REFERRALS |
636 |
UNREACHABLE SERVER |
663 |
DS LOCKED |
Fixing the underlying communication problem often resolves the eDirectory problems and errors as well.
A -254 error, though not specifically a communication error, can indicate a communication problem.
Authentication Failures
If the public key for the new server on any of the other servers becomes corrupt, the other servers cannot connect to the new server and the new server will return a -632 error when the other servers try to connect. This condition is not very common in eDirectory, to troubleshoot it, do the following:
- Remove eDirectory from the affected server. This is not recommended because you permanently lose data. If re-creating lost data is not a big issue, then remove eDirectory and reinstall eDirectory.
- Call Novell Technical Support.
Routers
Routers can cause -625 errors if they are not routing packets properly.
Locked Database
If a server holding replicas has the database locked or the database is unavailable because the eDirectory agent is not running, you will get -663 errors.
Filtering
Make sure you are not inhibiting eDirectory communication by filtering out protocol packets in use by eDirectory.
The following packet types should not be filtered in order for eDirectory to function properly:
Packet Type |
Purpose |
Source Port |
TCP 524 |
NCP requests |
High port (1024-65535)
If running in pure IP (not compatibility mode) and not dependant on SLP for locating servers, all communication will happen on this port.
If you create an exception to allow a destination TCP port 524 coming in and a source TCP port 524 out, you will be covered.
The actual source port used by the client making contact to the server will be a high port (1024-65535). |
UDP 524 |
NCP for time synchronization |
High port. |
UDP 123 |
NTP for time synchronization |
123
Can negotiate high ports. |
UDP 427
TCP 427 |
SLP requests |
427
To locate servers using SLP you must allow communication through TCP and UDP port 427.
Both the source and destination will be port 427. The User Agent will contact the Service Agent or Directory Agent using a UDP packet.
If the response is larger than 1 packet can hold it will respond with as much information as it can and set the overflow bit.
The User Agent will then connect using TCP and will make the same request again to get the complete response. |
TCP 2302 |
CMD |
High port. |
UDP 2645 |
CMD |
2645
A Compatibility Mode Driver (CMD) is necessary when an IP device must communicate with an IPX device or an application that is running requires a direct IPX interface.
Both the source and destination ports will use the same port number. All communication destined for an IPX device through a Migration Agent will use UDP packets.
Devices communicating to the Migration Agent for information on services available and routes to those services will use the following protocols:
- NetWare server running SCMD to Migration Agent: TCP
- Client running CMD to Migration Agent: UDP
- Migration Agent to Migration Agent: UDP
|
SAP 278 (IPX) |
eDirectory replication |
|
SAP 26b (IPX) |
Time synchronization |
|
SAP 004 |
File server |
|
SAP 107 |
NetWare Remote Console |
|
ALL RIP packets |
Route Discovery |
|
Increasing Ping Packet Size
eDirectory uses the largest packet size it can negotiate. You should increase the packet size and observe the results for more than just a few seconds. Novell recommends you use a packet size of at least 1600 bytes. The following table shows the default packet size and the syntax for increasing the ping packet size on the various platforms:
Platform |
Default Packet Size |
Command |
Windows |
32 bytes |
PING –L <size> -T <IP address> |
Unix |
64 bytes |
PING –s <size> <IP address> |
Netware |
40 bytes |
PING <IP address> -S <size> |
If the percentage of successful packets is below 100% or the speed is 200 milliseconds or slower the physical network might not be reliable/fast enough to support eDirectory and must be examined.
Troubleshoot SLP Communication Issues
Displaying all the services that a Service Agent can see makes it difficult to troubleshoot a specific problem. You need to narrow down the report of services by using the following syntax:
DISPLAY SLP SERVICES [[service type]/[scope list]/[predicate query]]/
Service Type |
Description |
nlsmeter.novell |
Licensing metering services |
smdr.novell |
Backup services |
nwserver.novell |
Any service potentially available on a particular server |
rconsole.novell |
Rconsole services |
portal.novell |
NetWare Management Portal or NetWare Remote Manager |
ndap.novell |
NDS partitions that SA can see |
bindery.novell |
NCP services |
timesync.novell |
Timesync services |
sapsrv.novell |
IPX services available of SCMD host |
SRS.novell |
NDPS |
SET SLP DEBUG allows you to view what the current SLP debug mode is set to. You can send the debug information to a file by entering SLP OPEN SLP.LOG. Load SLPDA on the server and then reboot all other servers. Once all other servers come up, close the log by entering SLP CLOSE. The log file will be in SYS:\SLP.LOG.
|
