• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 331
  • Last Modified:

Novell Account Management

We use Novell Account Management 2.1 on our NT domain controllers. We have Edirectory 8.7 running on Netware 5.5, 6.0 & 6.5.

Most of  our clients are windows XP and some are Windows 2000 , all part of the NT domain running AM 2.1.  Our applications are running on W2K/IIS with integrated authentication. When a user logs in on his/her workstation using the Novell 4.9 client, he is automatically signed on to the NT domain in the background . He then accesses the applications running on IIS and is automatically signed in since he has already authenticated to the domain.

Every few days are users experience a problem when accessing the IIS applications, ie. they are prompted for an id and password for the IIS applications. Although they have signed in to the domain. When we remote console to the PDC , we find that we cannot login on the PDC as well. The only solution is to restart the pdc after which authentication for both IIS apps and Client login is fine.

We have 1 PDC and 1 BDC, both running NT 4.0 , SP6.

Does anyone have a idea on how we can solve this.. ?

Thanks
0
pintoa2000
Asked:
pintoa2000
2 Solutions
 
pintoa2000Author Commented:
The event log of the PDC has only these errors, 5722, 5723, 5721.
0
 
waybadmojoCommented:
Here's a great TID to look at first when you are having Acct. MgMt issues:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10075375.htm

0
 
hendrixlCommented:
Pintoa2000,

How many clients do you have accessing the BDC/PDC?  I found the following Microsoft documentation that references these error messages.

http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3B154398

It makes reference to installing NT 4.0 SP6a
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
PsiCopCommented:
And just an FYI, seeing as you have NetWare v6.5 in your network - NetWare v6.5 with SP2 or later can function as a DC in the Windoze Domain. So, if you're willing to re-engineer a bit, you might not even need to have an actual Windoze DC.
0
 
pintoa2000Author Commented:
Psi,

That is real news to me.. Do you have any documentation that I can refer to. We are at the cross roads here with NT 4 becoming end of life in December. Since I dont like MS AD and since we have a robust Edirectory setup, we were looking at putting in Linux/Samba . But your suggestion is an excellent one and I will investigate this further , however if you could send me more information that would be great.

0
 
pintoa2000Author Commented:
hendrixl,

we have sp6a on the DC's.

mojo,

Checked the TID no information I can use there.


Really need to fix this problem.

Thanks

0
 
PsiCopCommented:
I'll dig up where I found that reference. I saw it in black-n-white, but I'll be Micro$ofted if I can remember where right this second.
0
 
PsiCopCommented:
For the info straight from Novell, take a look at the NetWare v6.5 documentation (http://www.novell.com/documentation/nw65/index.html), specifically the Native File Access Protocols Guide, about page 95 of the PFD (http://www.novell.com/documentation/nw65/pdfdoc/native/native.pdf), also accessible in HTML (http://www.novell.com/documentation/nw65/native/data/bqls7eg.html).

Additionally, I found this NetApp article --> http://www.netapp.com/tech_library/3343.html
0
 
pintoa2000Author Commented:
Will look through them and get back to you if this is feasible in our environment.. cant think why not .

Also , any cluse on the the problem.

Thanks

0
 
ShineOnCommented:
Sounds more like a PDC problem than a NAM problem.

How about the PDC's swapfile/paging file?  Is is a fixed size, and is it on a different volume than the SAM database?

How big is the SAM database?  Have you ever compacted it?  (one of the joys of using Windoze domains...)

Has the PDC been defragged lately?

0
 
pintoa2000Author Commented:
Shineon

That is a really good  question and we have never looked into any of the aspects that you mention.

Will look into it  tommorrow and get back to you.

I think you may have something there.. too bad the points are only 500.. cos if any of your suggestions are good  I think its worth a lot more..

Maybe you and Psi should think about moving to more lucrative surroundings.



0
 
PsiCopCommented:
*chuckle* In another Question, we traded info on where the 3 of us (DSPoole, ShineOn and myself) were located, and found out we have the whole country covered (West Coast, Middle North America, East Coast; in that order).

I just not the salesman to hang out my own shingle - I can't lie...excuse me, exaggerate...to prospective customers enuf to impress them more than the smooth-talking salesperson who's next in line for the decision-maker's time. Altho I do a little freelancing.

And all that's fascinating, I'm sure, but it doesn't get you any closer to a solution, pintoa2000. Cleaning up the NT disk environment is a good idea; even if it doesn't solve this particular problem, it may solve/prevent others.
0
 
twkerbyCommented:
It sounds like one of 2 events likely happened:

1. The revision count on the Domain object got out of sync and forced a constant recache of the domain object from nds/edir.
2. The connectivity between the PDC and eDir is broken.

To start off with I would download the latest patch for AM 2.10, which has a great many enhancements to eDir connectivity (server failover timers and such). The samsrv.dll from the PT8 patch is dated 12/02/2003. You can check your existing file in C:\WINNT\SYSTEM32 to see how close to this date it is already. FYI the URL to download this patch is:

http://support.novell.com/servlet/filedownload/uns/pub/am210pt8.exe/

To apply it, you simply rename your existing SAMSRV.DLL, copy this one in, and then reboot.

Next I would use the current version of NDS 4 NT toolbox. It is downloadable from the following URL:

http://support.novell.com/servlet/filedownload/uns/pub/nds4ntt5.exe/

It can be used to report the revision number on all eDir replicas. If these aren't the same, then this can cause cache looping and will likely cause the PDC/BDCs to be unable to authenticate anyone.

Post back in here if you patch the server, don't have a revision mismatch, and still are having problems authenticating to the domain.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now