[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Users get "too many simultaneous connections" error after NDS removed from NetWare 6.5 server

Posted on 2006-05-05
7
Medium Priority
?
368 Views
Last Modified: 2012-06-27
We removed NDS from the server "M", after creating a new Master replica (of the single partition for this tree) on a new server "M6".  Other servers in this tree (M2, M4) have had Read/Write replicas for quite a while.  The goal was to phase out server M, which was no longer used except for a few print queues and to hold the master replica.  

(We discovered later that many print queues were still being used, and that issue was addressed under a different question at http://www.experts-exchange.com/Networking/Netware/Q_21830584.html )

While removing NDS from the server M, all references to M were automatically removed as part of the process.  Any user that was connected to the server M now get an error regarding too many simulatneous connections.  Other than increasing the number of simultaneous connections for each of these many users, how can we correct this?

Is there a way to use DSRepair to clear all connection information other than current connections?  We have increased the number of connections for a few power users, but would like to avoid making this change for all users.
0
Comment
Question by:4RunnerBob
  • 2
  • 2
5 Comments
 
LVL 35

Expert Comment

by:ShineOn
ID: 16615256
This being NW6.x, I can't help wondering if you've got your licensing installed wrong.

Check your user license containers, and make sure they have no SERVER associations.  Only server licenses should be associated to a server.  The server association properties still exist in the user license objects, but they should not be used with NW6.0 and above.

Side issues regarding licensing:

Make sure user licenses are installed close to the user - in other words, and especially if you have no read/write replica of [Root] or if you're partitioned with separate [Root] and Organization partitions a read/write replica of org, at a location, then don't put all the user licenses in the org container.  Put them in the top-level OU for that site's partition, at or above the OU(s) that hold(s) that site's users.

If you have a flat tree, you MUST have a read/write replica of the container that has the licenses at each site, or you'll be authenticating across the WAN.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 16617070
I agree - its a licensing issue. Make sure the licence object in the eDirectory Tree is properly associated with the other servers.
0
 

Author Comment

by:4RunnerBob
ID: 16645508
There are three license objects, each associated to server M6, M4, M2 respectively:

NLS_LSP_M6
NLS_LSP_M4
NLS_LSP_M2

In the Security container, when I right-clicked on the W_Tree Organizational CA object, a message appeared titled "No Host Server Specified", which displayed the following text:  

This object is non-functional because the "Host Server Attribute" is missing.  This attribute specifies the server which can process actions that require the private key for the associated public key certificate.  Operations associated with the certificates in this object will fail.  See Novell Technical Information Document (TID) 10056795.

We tried to follow the instructions in TID 10056795, but found that the WO object (within the KAP container) did not contain the NDSPKI:SD Key Server DN as mentioned early in

"b. Using ConsoleOne, open the Properties of the W0 object. Click the Other tab. Modify the NDSPKI:SD Key Server DN to refer to the server selected ..."

Any ideas?
0
 
LVL 35

Accepted Solution

by:
ShineOn earned 2000 total points
ID: 16649453
If Server M was your "original" NetWare server, it had the Organizational CA on it.  If you did not take steps to move the Organizational CA to a different server before removing it, you need to follow the TID 10056795 starting with Step 7a.

I'm not sure where you'd remove or unload the ConsoleOne snapin for Certificate Services, since it's part of eDirectory 8.7x now; there's no obvious "CertificateServices" snapin folder.  What you could probably do is download the latest C1 from the Novell website (the downloads page) and install it locally on your PC, to a different folder than where you may already have a copy.  That should install it without the eDirectory snapins.  Then, run C1 from that newly-installed instance to do the steps in the TID.
0
 

Author Comment

by:4RunnerBob
ID: 16726622
We will give the TID 10056795 a try, then report the results here.  Thanks.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This shares a stored procedure to retrieve permissions for a given user on the current database or across all databases on a server.
Most folks would know the basics of how Dropbox works, so that’s not the purpose of this article. Security is what it’s all about, so here I’ll share how I choose to secure my Dropbox Account and the Data it contains.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question