Users get "too many simultaneous connections" error after NDS removed from NetWare 6.5 server

Posted on 2006-05-05
Last Modified: 2012-06-27
We removed NDS from the server "M", after creating a new Master replica (of the single partition for this tree) on a new server "M6".  Other servers in this tree (M2, M4) have had Read/Write replicas for quite a while.  The goal was to phase out server M, which was no longer used except for a few print queues and to hold the master replica.  

(We discovered later that many print queues were still being used, and that issue was addressed under a different question at )

While removing NDS from the server M, all references to M were automatically removed as part of the process.  Any user that was connected to the server M now get an error regarding too many simulatneous connections.  Other than increasing the number of simultaneous connections for each of these many users, how can we correct this?

Is there a way to use DSRepair to clear all connection information other than current connections?  We have increased the number of connections for a few power users, but would like to avoid making this change for all users.
Question by:4RunnerBob
    LVL 35

    Expert Comment

    This being NW6.x, I can't help wondering if you've got your licensing installed wrong.

    Check your user license containers, and make sure they have no SERVER associations.  Only server licenses should be associated to a server.  The server association properties still exist in the user license objects, but they should not be used with NW6.0 and above.

    Side issues regarding licensing:

    Make sure user licenses are installed close to the user - in other words, and especially if you have no read/write replica of [Root] or if you're partitioned with separate [Root] and Organization partitions a read/write replica of org, at a location, then don't put all the user licenses in the org container.  Put them in the top-level OU for that site's partition, at or above the OU(s) that hold(s) that site's users.

    If you have a flat tree, you MUST have a read/write replica of the container that has the licenses at each site, or you'll be authenticating across the WAN.
    LVL 34

    Expert Comment

    I agree - its a licensing issue. Make sure the licence object in the eDirectory Tree is properly associated with the other servers.

    Author Comment

    There are three license objects, each associated to server M6, M4, M2 respectively:


    In the Security container, when I right-clicked on the W_Tree Organizational CA object, a message appeared titled "No Host Server Specified", which displayed the following text:  

    This object is non-functional because the "Host Server Attribute" is missing.  This attribute specifies the server which can process actions that require the private key for the associated public key certificate.  Operations associated with the certificates in this object will fail.  See Novell Technical Information Document (TID) 10056795.

    We tried to follow the instructions in TID 10056795, but found that the WO object (within the KAP container) did not contain the NDSPKI:SD Key Server DN as mentioned early in

    "b. Using ConsoleOne, open the Properties of the W0 object. Click the Other tab. Modify the NDSPKI:SD Key Server DN to refer to the server selected ..."

    Any ideas?
    LVL 35

    Accepted Solution

    If Server M was your "original" NetWare server, it had the Organizational CA on it.  If you did not take steps to move the Organizational CA to a different server before removing it, you need to follow the TID 10056795 starting with Step 7a.

    I'm not sure where you'd remove or unload the ConsoleOne snapin for Certificate Services, since it's part of eDirectory 8.7x now; there's no obvious "CertificateServices" snapin folder.  What you could probably do is download the latest C1 from the Novell website (the downloads page) and install it locally on your PC, to a different folder than where you may already have a copy.  That should install it without the eDirectory snapins.  Then, run C1 from that newly-installed instance to do the steps in the TID.

    Author Comment

    We will give the TID 10056795 a try, then report the results here.  Thanks.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
    For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now