1.5 Server Health Checks

NetIQ eDirectory includes server health checks that help you determine whether your server health is safe before upgrading.

The server health checks run by default with every upgrade and occur before the actual package upgrade. However, you can also run the diagnostic tool ndscheck to do the health checks.

For more information about performing routine health check procedures, see Maintaining NetIQ eDirectory in the NetIQ eDirectory Administration Guide.

1.5.1 Need for Health Checks

In earlier releases of eDirectory, the upgrade did not check the health of the server before proceeding with the upgrade. If the heath was unstable, the upgrade operation would fail and eDirectory would be in an inconsistent state. In some cases, you probably could not roll back to the pre-upgrade settings.

This new health check tool resolves this, letting you to ensure that your server is ready to upgrade.

1.5.2 What Makes a Server Healthy?

The server health check utility performs certain health checks to ensure that the tree is healthy. The tree is declared healthy when all these health checks are completed successfully.

1.5.3 Performing Health Checks

You can perform server health checks in two ways:

NOTE:You need administrative rights to run the health check utility. The minimal right that can be set to run the utility is the Public right. However, with the Public right some of the NetWare Core Protocol (NCP) objects and partition information are not available.

With the Upgrade

The health checks are run by default every time you upgrade eDirectory.


Every time you upgrade, the health checks are run by default before the actual upgrade operation starts.

To skip the default health checks, you can use the -j option with the nds-install utility.


The server health checks happen as part of the installation wizard. You can enable or disable the health checks when prompted to do so.

As a Standalone Utility

You can run the server health checks as a standalone utility any time you want. The following table explains the health check utilities.

Table 1-1 Health Check Utilities


Utility Name




ndscheck -h hostname:port -a admin_FDN -F logfile_path --config-file configuration_file_name_and_path

NOTE:You can specify either -h or --config-file, but not both options.



1.5.4 Types of Health Checks

When you upgrade or run the ndscheck utility, the following types of health checks are done:

If you run the ndscheck utility, the results from the health checks are displayed on the screen and logged in to ndscheck.log. For more information on log files, refer to Log Files.

If the health checks are done as part of the upgrade, then after the health checks, based on the criticality of the error, either you are prompted to continue the upgrade process or the process is aborted. The details of the errors are described in Categorization of Health.

Basic Server Health

This is the first stage of the health check.The health check utility checks for the following:

  1. The eDirectory service is up. The DIB is open and able to read some basic tree information such as the tree name.

  2. The server is listening on the respective port numbers.

    For LDAP, it gets the TCP and the SSL port numbers and checks if the server is listening on these ports.

    Similarly, it gets the HTTP and HTTP secure port numbers and checks if the server is listening on these ports.

Partitions and Replica Health

After checking the basic server health, the next step is to check the partitions and replica health as follows:

  1. Checks the health of the replicas of the locally held partitions.

  2. Reads the replica ring of each and every partition held by the server and checks whether all servers in the replica ring are up and all the replicas are in the ON state.

  3. Checks the time synchronization of all the servers in the replica ring. This shows the time difference between the servers.

1.5.5 Categorization of Health

Based on the errors found while checking the health of a server, there can be the three categories of health. The status of the health checks is logged in to a log file. For more information, refer to Log Files.

The three categories of health Normal, Warning, and Critical.


The server health is normal when all the health checks were successful.

The upgrade proceeds without interruption.


The server health is in the warning category when minor errors are found while checking the health.

If the health check is run as part of the upgrade, you are prompted to either abort or continue.

Warnings normally occur in the following scenarios:

  1. Server not listening on LDAP and HTTP ports, either normal or secure or both.

  2. Unable to contact any of the nonmaster servers in the replica ring.

  3. Servers in the replica ring are not in sync.


The server health is critical when critical errors were found while checking the health.

If the health check is run as part of the upgrade, the upgrade operation is aborted.

The critical state normally occurs in the following cases:

  1. Unable to read or open the DIB. The DIB might be locked or corrupt.

  2. Unable to contact all the servers in the replica ring.

  3. Locally held partitions are busy.

  4. Replica is not in the ON state.

1.5.6 Log Files

Every server health check operation, whether it is run with the upgrade or as a standalone utility, maintains the status of the health in a log file.

The content of the log file is similar to the messages displayed on the screen when the checks are happening.

The health check log file contains the following:

  • Status of the health checks (normal, warning, or critical).

  • URLs to the NetIQ support site.

The following table gives you the locations for the log file on the various platforms:

Table 1-2 Health Check Log File Locations


Log File Name

Log File Location



Depends on the location you specified with the ndscheck -F utility.

If you did not use the -F option, the location of the ndscheck.log file is determined by the other options you used at the ndscheck command line as follows:

  1. If you used the -h option, the ndscheck.log file is saved in the user’s home directory.

  2. If you used the --config-file option, the ndscheck.log file is saved in the server instance’s log directory. You can also select an instance from the multiple instances list.