Hey gurus,

I'm working with a client that is running IDM 2.0.1 and they are having
issues with their edir drivers. I know it's an SSL connection issue,
but we've wiped their certificates and ran an NDS2NDS Driver
Certificates wizard. The connection is being dropped on the secondary
tree, and no connection can be established. Does anyone know if the
wizard should not be used to generate the certificates, or if there
might be another issue?

Here is their current environment:
- 2 separate servers with 2 separate trees (IDV and FP)
- Same port 8197
- edir 2.0.5 driver version
- driver object passwords set for both
- the authentication ID is automatically filled in with the certs
generated from the NDS2NDS wizard in iManager


Here is the part of the trace where the connection can not be
established:
[10/17/08 13:39:25.712]: IDVtoFP ST: NdsToNds Subscriber - IDV to FP
eDir Connector: Need new connection.
[10/17/08 13:39:25.712]: IDVtoFP ST: NdsToNds Subscriber - IDV to FP
eDir Connector: Connecting to remote Publisher at 137.104.9.10:8197
[10/17/08 13:39:25.713]: IDVtoFP ST: NdsToNds Subscriber - IDV to FP
eDir Connector: Creating an NTLSSocket
[10/17/08 13:39:25.801]: IDVtoFP ST: NdsToNds Subscriber - IDV to FP
eDir Connector: NTLS Socket: AES256-SHA SSLv3 Kx=RSA
Au=RSA Enc=AES(256) Mac=SHA1
[10/17/08 13:39:25.801]: IDVtoFP ST: NdsToNds Subscriber - IDV to FP
eDir Connector: Opening connection...
[10/17/08 13:39:25.802]: IDVtoFP ST: NdsToNds Subscriber - IDV to FP
eDir Connector: Connection opened.
[10/17/08 13:39:25.802]: IDVtoFP ST: NdsToNds Subscriber - IDV to FP
eDir Connector: handshake
[10/17/08 13:39:25.802]: IDVtoFP ST: NdsToNds Subscriber - IDV to FP
eDir Connector: send password
[10/17/08 13:39:25.802]: IDVtoFP ST: NdsToNds Subscriber - IDV to FP
eDir Connector: send key
[10/17/08 13:39:25.802]: IDVtoFP ST: NdsToNds Subscriber - IDV to FP
eDir Connector: Sending...
[10/17/08 13:39:25.802]: IDVtoFP ST: NdsToNds Subscriber - IDV to FP
eDir Connector: Document sent.
[10/17/08 13:39:25.803]: IDVtoFP ST: NdsToNds Subscriber - IDV to FP
eDir Connector: Waiting for receive...
[10/17/08 13:39:25.832]: IDVtoFP ST: NdsToNds Subscriber - IDV to FP
eDir Connector: Receiving...
[10/17/08 13:39:25.833]: IDVtoFP ST: NdsToNds Subscriber - IDV to FP
eDir Connector: Received.
[10/17/08 13:39:25.833]: IDVtoFP ST: NdsToNds Subscriber - IDV to FP
eDir Connector: Closing connection...
[10/17/08 13:39:25.833]: IDVtoFP ST: NdsToNds Subscriber - IDV to FP
eDir Connector: Connection closed
[10/17/08 13:39:25.834]: IDVtoFP ST: SubscriptionShim.execute()
returned:
[10/17/08 13:39:25.834]: IDVtoFP ST:
<nds dtdversion="2.0">
<source>
<product instance="IDV to FP eDir Connector" version="2.0.5.51
">DirXML Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="retry" type="driver-general">java.lang.Exception: No
status returned from handshake with remote publisher</status>
</output>
</nds>

Things we have already tried:
-Switching which tree goes first for NDS2NDS wizard
-Following this guide: '10099778: IDM -9046 or Invalid password
specified for check-password'
(http://support.novell.com/docs/Tids/.../10099778.html)
-The CA is still valid on both trees
-Changed the SSL port used in connection context
-Manually created certificates using C1

I've read all the other posts relating to this and have tried most of
the methods. I'm assuming this is something wrong with either the CA or
the cert creation as the connection fails when it needs to set up the
connection through the publisher shim.


--
mlee22
------------------------------------------------------------------------
mlee22's Profile: http://forums.novell.com/member.php?userid=25018
View this thread: http://forums.novell.com/showthread.php?t=347812