The addition of the NICI SDI Health check will minimize synchronization issues. Output from the health check will help to identify any issues that can’t be automatically fixed by the health check. In addition, more detailed synchronization messages can be seen and captured in DSTrace.
Regardless of the platform/OS, the nicisdi.key file is server-unique and should not be copied from one machine to another. Manual creation of a new key typically causes more problems by introducing a new key on the server.
With the advent of the SDI Health check, NICI SDI is designed to fix itself. However, we will continue to provide SDIDiag as a Security Domain Infrastructure diagnostic and repair utility. Among other things, SDIDiag allows an administrator to:
Run CHECK to verify that all Security Domain servers have a consistent key set
View the various keys within an eDirectory container or tree
Ensure that all servers are synchronized with consistent keys
For information about using this utility, see TID #319224010081773.
IMPORTANT:If you have installed eDirectory to use a non-standard port, you must specify the port number with the IP address when you run SDIDiag. For example, xxx.xxx.xxx.xxx:port.