Error: -699 in replica synchronization caused by large attribute value

  • 7024247
  • 07-Nov-2019
  • 07-Nov-2019

Environment

eDirectory 9.X

Situation

Synchronization of a partition errors with a -699 error when attempting to send a value for a non stream attribute that is large.

ndstrace with +SKLK shows:

2397234944 SKLK: [2019/07/10 16:38:59.372] Sync - [001a0505] <.user1.users.context.FOO.> [2019/03/22 21:00:25, 1, 1].
2397234944 SKLK: [2019/07/10 16:38:59.372] Adding packet 39 to queue 
2397234944 SKLK: [2019/07/10 16:38:59.372] Sync - [001a0505] <.user1.users.context.FOO> [2019/03/22 21:00:25, 1, 1].
2397234944 SKLK: [2019/07/10 16:38:59.372] Adding packet 40 to queue 
2397234944 SKLK: [2019/07/10 16:38:59.372] Cannot increased skulk buffer from 65516 to 65516 for [00008055] <.FOOTREE.>, greater than 65496
2397234944 SKLK: [2019/07/10 16:38:59.375] Sending [001a0505] <.user1.users.context.FOO> from Sync Point 2 failed, fatal (-699)
2397234944 SKLK: [2019/07/10 16:38:59.375] Send Partition Updates ChangeCache processing completed in Seconds 25, in MilliSeconds 232 - Total objects 799 Total Changes 5886 processed 
2405623552 SKLK: [2019/07/10 16:38:59.376] Time taken for send/receive of packet with size 50936, in Seconds 0, in MilliSeconds 11,  Error if any 0 
2405623552 SKLK: [2019/07/10 16:38:59.377] Sending packet 35 to remote server - objects 7 Changes 42 
2405623552 SKLK: [2019/07/10 16:38:59.395] Time taken for send/receive of packet with size 58512, in Seconds 0, in MilliSeconds 18,  Error if any 0 
2405623552 SKLK: [2019/07/10 16:38:59.395] Sending packet 36 to remote server - objects 17 Changes 133 
2405623552 SKLK: [2019/07/10 16:38:59.426] Time taken for send/receive of packet with size 62072, in Seconds 0, in MilliSeconds 31,  Error if any 0 
2405623552 SKLK: [2019/07/10 16:38:59.427] Sending packet 37 to remote server - objects 25 Changes 187 
2405623552 SKLK: [2019/07/10 16:38:59.478] Time taken for send/receive of packet with size 65026, in Seconds 0, in MilliSeconds 51,  Error if any 0 
2405623552 SKLK: [2019/07/10 16:38:59.478] Sending packet 38 to remote server - objects 16 Changes 100 
2405623552 SKLK: [2019/07/10 16:38:59.505] Time taken for send/receive of packet with size 63480, in Seconds 0, in MilliSeconds 27,  Error if any 0 
2405623552 SKLK: [2019/07/10 16:38:59.505] Sending packet 39 to remote server - objects 17 Changes 113 
2405623552 SKLK: [2019/07/10 16:38:59.538] Time taken for send/receive of packet with size 51312, in Seconds 0, in MilliSeconds 33,  Error if any 0 
2405623552 SKLK: [2019/07/10 16:38:59.538] Sending packet 40 to remote server - objects 1 Changes 20 
2405623552 SKLK: [2019/07/10 16:38:59.539] Time taken for send/receive of packet with size 868, in Seconds 0, in MilliSeconds 1,  Error if any 0 
2405623552 SKLK: [2019/07/10 16:38:59.539] Dispatcher thread completed in Seconds 25, in MilliSeconds 395,  Error if any 0 
2397234944 SKLK: [2019/07/10 16:38:59.539] Send Partition Updates completed in Seconds 25, in MilliSeconds 396 - Total objects 799 Total Changes 5886, 40 Packet(s) Sent 
2397234944 SKLK: [2019/07/10 16:38:59.539] Sync - objects: 799, total changes: 5886, sent to server <.server1.servers.FOO.> for .FOOTREE..
2397234944 SKLK: [2019/07/10 16:38:59.539] Sync - Process: Send updates to <.server1.servers.FOO.> for .FOOTREE. failed, fatal (-699).

CHecking ndstrace on the inbound server with +SYNC shows the attribute with the large value causing the synchronization issue.

Resolution

Removing the value of the attribute causing the -699 error in synchronization resolves the issue.

The value needs to be removed using an ldap browser.

Cause

The large size of the attribute value causes the -699 error.

One such attribute is oidInstanceData updated by OSP.  The IDM 4.7 troubleshooting references a known issue with the size of this attribute: https://www.netiq.com/documentation/identity-manager-47/identity_apps_admin/data/authentication-issues-troubleshooting.html