Verify NICI Keys

It is recommended that you check your eDirectory* tree for SDI key consistency. If invalid keys exist they should be fixed by running SDIDIAG at the server console.

Note: The following products may not work after installing NetWare* 6.5 if the tree contains invalid SDI keys:

To validate SDI keys do the following:

  1. Load SDIDIAG at the server console.
  2. Log in.
  3. Enter the command: CHECK -v >> sys:system\sdinotes.txt.
  4. If no problems are found, continue with the installation. If problems are found, follow the instructions written to the sys:system\sdinotes.txt file to resolve any configuration and key issues.

To verify that the SDI Domain Key Servers are Running NICI 2.4.2 or later:

  1. From the server console, execute the NetWare command M NICISDI.NLM.
  2. The version must be 24212.98 or later.

    We recommend that NetWare 6.5 be installed on your SDI Domain Key servers. However, this is not required. At a minimum, you must install NICI 2.4.2 or later on these servers.

    If the version is earlier, you must do ONE of the following:

    1. Update the servers' NICI to version 2.4.2, which requires eDirectory 85.1 or later.
    2. Note: You can download NICI version 2.4.2 from the Novell* Free Download site. Select Novell International Cryptographic Infrastructure from the Choose a Product drop-down list, then click Submit Search. NICI 2.4.2 requires eDirectory 85.1 or later.

    3. Reinstall NICI 2.4.2 or later if you install an eDirectory upgrade after installing NICI. This issue will be resolved with the Consolidated Support Pack 10.

Continue by doing the following:

  1. Update the SDI Domain Key servers to NetWare 6.5.
  2. Remove the servers as SDI Domain Key Servers and add a server that meets these requirements.
  3. To remove a server as an SDI Domain Key Server:

    1. At the server console, load SDIDIAG.
    2. Log in as an Administrator that has management rights over the Security container and the W0.KAP.Security objects by entering the tree name, the server, the context, the user name, and the password.
    3. Enter the command: RS -s servername.
    4. For example, if server1 exists in container PRV in the organization Novell within the Novell_Inc tree, you would type .server1.PRV.Novell.Novell_Inc. for servername.

    To add a server as an SDI Domain Key Server:

    1. At the server console, load SDIDIAG.
    2. Log in as an Administrator by entering the Tree name, the Server, the Context, the User name, and the password.
    3. Enter the command: AS -s servername.
    4. For example, if server1 exists in container PRV in the organization Novell within the Novell_Inc tree, you would type .server1.PRV.Novell.Novell_Inc. for servername.

After completing one of the options above, rerun the SDIDIAG check command.

For more information on SDIDIAG options and operations, refer to Novell TID 10081773.

 

*Novell trademark. **Third-party trademark. For more information, see Legal Notices.