8.11 Running eDirectory and iManager on the Same Machine (Windows only)

If iManager was installed before eDirectory, you might experience any of the following errors when using iManager, LDAP(S), or HTTP(S) to access eDirectory.

-340 error when trying to access encrypted attributes with iManager

  • LDAP : SSL_CTX_use_KMO failed. Error stack: error:1412D0D4:SSL routines:SSL_CTX_use_KMO:read wrong packet type (err = -1418)
  • HTTP : 0016 TLS operation failed, err: 1, result: -1 -- HTTP : -- error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
  • HTTP : 0017 TLS operation failed, err: 1, result: -1 -- HTTP : -- error:1406B0BD:SSL routines:GET_CLIENT_MASTER_KEY:no p rivatekey
  • HTTP : Unable to access server certificate and key, handshakes will fail -- HTTP : -- error:1412D0D4:SSL routines:SSL_CTX_use_KMO:read wrong packet type
  • Limber : Error while setting NCP Key Material Name SSL CertificateDNS to server, Err: failed, -340 (0xfffffeac)... Limber : Error During syncKeyMaterialInfo -340 (0xfffffeac)

It could be that eDirectory’s initial system configuration has not occurred. The user who installed eDirectory and the user who is running the eDirectory server must coordinate the eDirectory configuration. Generally, eDirectory is installed as administrator and is run as SYSTEM. You can manually correct this issue, but an understanding of eDirectory, iManager, NICI, and other currently installed products is necessary. You must determine if the following steps are safe to perform. You should also check the product’s documentation and dependencies to see if any long-term encrypted data or secrets are used.

If eDirectory and iManager are installed on the same physical machine, you can manually configure eDirectory after eDirectory installation.

NOTE:You should not do this if eDirectory was installed at a previous time and has been successfully running on the current machine.

  1. Log in as an administrator.

  2. Stop the eDirectory server and the Tomcat service.

    Also stop any other service that may be using NICI.

  3. Take ownership of the %systemroot%\system32\novell\NICI\SYSTEM directory.

    Do this from the file properties' Security > Advanced Options.

  4. Save the contents of the SYSTEM directory in a backup directory.

  5. Delete the contents of the SYSTEM directory.

  6. Copy the contents of %systemroot%\system32\novell\NICI\Administrator to %systemroot%\system32\novell\NICI\SYSTEM.

  7. You can reset the permissions of %systemroot%\system32\novell\NICI\SYSTEM and its contents so that only SYSTEM has access.

  8. Restart the NDS Server and Tomcat services and any other service you may have stopped.