5.2 Installation Issues

5.2.1 File Data Conflict During Installation

If you receive a message indicating that a newer file exists from the previous installation, you should select to always overwrite the newer file.

5.2.2 Incomplete List of Servers

The list of servers shown during the installation might not list servers that are configured to use only IP. You can install Novell Certificate Server™ on a server whose name is not listed by typing the name of the server in the text box.

5.2.3 Error Creating SAS Service Object During Install

When installing Novell Certificate Server, you might encounter an error stating that the Security Domain key server could not be contacted. The first server in your network that you install Novell Single Sign-on, NMAS™, or Novell Certificate Server on is set up to be the Security Domain key server.

All subsequent servers that are installed with any of these products contact the Security Domain key server during their installation process. If the Security Domain key server cannot be contacted, the installation fails and a message is displayed indicating that the SAS service object could not be created.

To avoid the SAS service creation error message:

  • Make sure the Security Domain key server machine is up and running nicisdi.nlm.

  • Use a common protocol (IP and/or IPX™) between the Security Domain key server and all other servers that are installed with Novell Single Sign-on, NMAS, and Novell Certificate Server.

  • Make sure the network connection between the Security Domain key server and the server being installed is active.

You can determine which server is the Security Domain key server by running iManager. Open the properties page for the W0 object. This object is located in the KAP container, which is inside the Security Container. Click the Other tab. Click NDSPKI:SD Key Server DN. The value displayed is the distinguished name of the Security Domain key server.

5.2.4 NISP:GET_PDB_PRODUCT:Returned a BTRIEVE error:4

If you receive this error one or more times during the installation, ignore it and continue with the installation.

5.2.5 Failures During Installation

If the installation fails during the creation of the Organizational CA or the server certificate, or during the exportation of the trusted root certificate, the installation doesn't need to be repeated. The software has been successfully installed at this point. You can use iManager to create an Organizational CA and server certificates and export the trusted root.

5.2.6 Installation Fails with a -1443 Error

If a Novell Certificate Server installation fails during installation and you receive a -1443 error message, this means that the Security Domain key server and the server that you are installing Certificate Server on are not communicating properly. If the server cannot get a copy of the Security Domain key, the installation fails.

A likely reason is that the server that Certificate Server is being installed to fragments of the (NetWare Core Protocol) NCP™ extensions, and the fragments are not being reassembled correctly by the Security Domain key server.

One solution to this problem is to increase the MTU of both servers to greater than 576 (the default minimum size).

To increase the MTU on a server:

  1. Enter LOAD MONITOR !h from the command line of the server.

  2. Select Server Parameters > click Communications.

  3. Select Maximum Interface MTU, then set this value to something higher than 576.