Event ID 8200 — Server for NIS Service Availability

Event ID 8200 — Server for NIS Service Availability

Updated: November 14, 2007

Applies To: Windows Server 2008

Server for NIS service availability indicates the functional state of the Server for NIS service. When Server for NIS is available, it updates NIS maps on all subordinate servers in the domain if it is running as an NIS master server, and accepts NIS replication data from Active Directory if it is running as a subordinate server.

Event Details

Product: Windows Identity Management for UNIX
ID: 8200
Source: Microsoft-Windows-IDMU-ServerForNIS
Version: 6.0
Symbolic Name: MSG_SCM_FAIL
Message: Unable to start Server for NIS. Failure in communicating with Service Control Manager.

Resolve
Fix possible failures for Win32 API

Server for NIS is closing because it experienced a failure attempting to call a Windows API. Read the full text of the error message in Event Viewer to obtain the exact Windows error code.

To correct the error, try the following steps in order, moving on to the next step only if the current action failed to clear the error condition:

  1. Free virtual memory by closing unused applications.
  2. Restart the Server for NIS service.
  3. Restart the computer on which the error was generated.

Verify

Open the Services MMC and verify that Server for NIS is operational. If the Server for NIS service properties show that the service is not running, errors are preventing Server for NIS from operating normally.

To verify that Server for NIS is running

  1. Click Start, point to Administrative Tools, and then click Services.
  2. In the Results pane of the Services MMC, double-click Server for NIS.
  3. In the Service status area of the Server for NIS Properties dialog box, verify that the Server for NIS service shows as Started.

Use the ypcat command on a client computer in the domain on which the error was generated to verify that the Server for NIS service is available.

To use the ypcat command to verify Server for NIS service availability:

  1. On a client computer in the domain on which the error was generated, open a Windows Command Prompt with elevated privileges. To do this, right click Command Prompt on the Start menu, and then click Run as administrator.
  2. Type the following command, and then press Enter: ypcat -hNISServer-dDomain Mapname. NISServer represents the name of the server on which you want to verify that the Server for NIS Service is available. Domain represents the domain name on which you want to verify that the Server for NIS service is available. Mapname represents the name or nickname of a specific NIS map that the server on which you want to verify Server for NIS availability is expected to update.
  3. If you are prompted to provide the domain administrator account name and password, type the account name and password, and then press Enter.
  4. The ypcat Windows command-line utility prints the values of all keys from the NIS database specified by Mapname, which can be a map name or a map nickname. If the ypcat utility returns a list of key values for the maps you specified, the Server for NIS service is available.

Related Management Information

Server for NIS Service Availability

Identity Management for UNIX

Related:

Event ID 8199 — Server for NIS Service Availability

Event ID 8199 — Server for NIS Service Availability

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

Server for NIS service availability indicates the functional state of the Server for NIS service. When Server for NIS is available, it updates NIS maps on all subordinate servers in the domain if it is running as an NIS master server, and accepts NIS replication data from Active Directory if it is running as a subordinate server.

Event Details

Product: Windows Identity Management for UNIX
ID: 8199
Source: Microsoft-Windows-IDMU-ServerForNIS
Version: 6.0
Symbolic Name: MSG_YPSERV_FREE_ARG
Message: Unable to free arguments.

Resolve
Restart Server for NIS

For some rare and undiagnosable errors, restarting Server for NIS can clear the error.

To restart Server for NIS by using the Windows interface:

  1. Open the Identity Management for UNIX management console.
  2. If necessary, connect to the computer you want to manage.
  3. Right-click Server for NIS, and then click Stop.
  4. Right-click Server for NIS again, and then click Start.

To restart Server for NIS by using a command line:

  1. Open a Command Prompt window.
  2. Type the following, and then press ENTER.
    • nisadmin [server] stop [–u user [–p password]]
  3. Type the following, and then press ENTER.
    • nisadmin [server] start [–u user [–p password]]

For more information, see the topic “Start or stop Identity Management for UNIX components” in the Identity Management for UNIX Help.

Verify

Open the Services MMC and verify that Server for NIS is operational. If the Server for NIS service properties show that the service is not running, errors are preventing Server for NIS from operating normally.

To verify that Server for NIS is running

  1. Click Start, point to Administrative Tools, and then click Services.
  2. In the Results pane of the Services MMC, double-click Server for NIS.
  3. In the Service status area of the Server for NIS Properties dialog box, verify that the Server for NIS service shows as Started.

Use the ypcat command on a client computer in the domain on which the error was generated to verify that the Server for NIS service is available.

To use the ypcat command to verify Server for NIS service availability:

  1. On a client computer in the domain on which the error was generated, open a Windows Command Prompt with elevated privileges. To do this, right click Command Prompt on the Start menu, and then click Run as administrator.
  2. Type the following command, and then press Enter: ypcat -hNISServer-dDomain Mapname. NISServer represents the name of the server on which you want to verify that the Server for NIS Service is available. Domain represents the domain name on which you want to verify that the Server for NIS service is available. Mapname represents the name or nickname of a specific NIS map that the server on which you want to verify Server for NIS availability is expected to update.
  3. If you are prompted to provide the domain administrator account name and password, type the account name and password, and then press Enter.
  4. The ypcat Windows command-line utility prints the values of all keys from the NIS database specified by Mapname, which can be a map name or a map nickname. If the ypcat utility returns a list of key values for the maps you specified, the Server for NIS service is available.

Related Management Information

Server for NIS Service Availability

Identity Management for UNIX

Related:

Event ID 8198 — Server for NIS Functionality — Push Service

Event ID 8198 — Server for NIS Functionality — Push Service

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

Server for NIS synchronizes and propagates NIS map changes to UNIX-based NIS subordinate (also known as slave) servers. The NIS master server supports the following transfer modes:

  • Periodic transfer of NIS maps
  • On-demand transfer of NIS maps to subordinate servers

Typically, NIS maps are transferred to subordinate servers upon change by using the make utility. The Windows-based NIS server does not use make; instead, the server pushes immediately.

Subordinate NIS servers can request transfer of maps at any time. Server for NIS Server Functionality — Push Service provides information to help you interpret system messages indicating the functional state of the NIS map push service.

Event Details

Product: Windows Identity Management for UNIX
ID: 8198
Source: Microsoft-Windows-IDMU-ServerForNIS
Version: 6.0
Symbolic Name: MSG_PUSH_STOPPED
Message: Server for NIS yppush service has stopped.

Diagnose

An error occurred while the Server for NIS service was running. Server for NIS service failures typically occur for one or more of the following reasons:

  • Cannot communicate with Lightweight Directory Access Protocol (LDAP) service
  • Insufficient memory

The following procedures can help you diagnose the cause of the problem.

Cannot communicate with LDAP service

To verify LDAP health:

  1. Open the Services snap-in.
  2. Verify that the LDAP service is running.
  3. If the service is running, refer to the resolver, “Start the domain controller service.”

Insufficient memory

To verify virtual memory:

  1. Right-click My Computer and then click Properties.
  2. On the Advanced tab, in the Performance area, click Settings.
  3. On the Advanced tab of the Performance Options dialog box, in the Virtual Memory area, view the amount of virtual memory allocated on the machine.
  4. Click Change to view the maximum allowable virtual memory.
  5. If necessary, change allocated virtual memory to the size recommended in the Total paging file size for all drives area of the Virtual Memory dialog box.
  6. If virtual memory use is set to maximum, perform the steps in the resolver “Correct memory error.”

Resolve

To resolve this issue, use the resolution that corresponds to the cause you identified in the Diagnose section. After performing the resolution, see the Verify section to confirm that the feature is operating properly

Cause

Resolution

Cannot communicate with LDAP service

Start the domain controller service

Insufficient memory

Correct memory allocation error

Start the domain controller service

Server for NIS was unable to communicate with the LDAP service. Possible causes of this error can be either of the following:

  • The server on which Server for NIS is running is no longer an Active Directory Domain Services domain controller.
  • The LDAP service is not running.

To resolve this problem:

  1. Open the Services MMC snap-in (Services.msc) by clicking Start, pointing to Administrative Tools, and then clicking Services.
  2. Verify that the Active Directory Domain Services domain controller service is running.
    • If the domain controller service does not exist, the computer is probably not a domain controller.  Server for NIS can run only on an Active Directory Domain Services domain controller. To promote the computer to a domain controller, see the Active Directory Domain Services Help. Run the dcpromo utility and view the Help available with the dcpromo wizard.
  3. If the service is not running, double-click the service in the results pane.
  4. On the General tab of the Properties dialog box, set Startup type to Automatic. Click OK.

Correct memory allocation error

Memory allocation has failed in Server for NIS. This can occur if the Windows Server operating system has insufficient virtual memory. Try closing some applications and programs that are not required and are using large amounts of virtual memory, and then restart Server for NIS. If this fails to correct the problem, try restarting the computer.

If the problem persists, verify that the computer is not configured to use the maximum amount of virtual memory:

  1. Right-click My Computer and then click Properties.
  2. On the Advanced tab, in the Performance area, click Settings.
  3. On the Advanced tab of the Performance Options dialog box, in the Virtual Memory area, view the amount of virtual memory allocated on the machine.
  4. Click Change to view the maximum allowable virtual memory.
  5. If necessary, change allocated virtual memory to the size recommended in the Total paging file size for all drives area of the Virtual Memory dialog box.
  6. If you have changed the allotted virtual memory amount, click Set, and then click OK.

Verify

Server for NIS push service functionality can be verified by pushing maps to subordinate servers.

To test the functionality of the push service, change a map entry for an NIS user (you can use the users nisadmin or AdminUI for the purposes of your test). Wait for the refresh interval to elapse, and then view the NIS map stored on a UNIX-based subordinate of the master server. If your changed values are reflected in the NIS map stored on the UNIX-based NIS subordinate server, then the Server for NIS master server is functioning as expected.

In the absence of any of the following error messages, the push service is functioning normally. If any of these messages occur, the push service can continue working, but warning conditions exist.

  • IDMU Server for NIS event 8198
  • IDMU Server for NIS event 12288
  • IDMU Server for NIS event 12289

Related Management Information

Server for NIS Functionality — Push Service

Identity Management for UNIX

Related:

Event ID 8197 — Windows to UNIX Password Synchronization — Configuration Issues

Event ID 8197 — Windows to UNIX Password Synchronization — Configuration Issues

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

Windows to UNIX Password Synchronization — Configuration Issues indicates the completeness or usability of settings that are configured for Windows to UNIX password synchronization.

When Password Synchronization is properly configured for Windows-to-UNIX synchronization, and a password is changed on a Windows-based computer running Password Synchronization, the Password Synchronization service determines whether the user’s password is to be synchronized on UNIX computers. When the Password Synchronization service is operating normally, and encryption keys in both the UNIX and Windows environments match, it encrypts the password and sends it to the Password Synchronization daemon on each computer with which the Windows-based computer is configured to be synchronized. The daemon then decrypts the password and changes the password on the UNIX host.

Event Details

Product: Windows Identity Management for UNIX
ID: 8197
Source: Microsoft-Windows-IDMU-PSync
Version: 6.0
Symbolic Name: MSG_ERROR_CONNECTING_HOST
Message: Error in connecting to host at the specified port. %rhost = %1 %rport = %2 %rPlease verify that the host is up and is running SSOD on the specified port. Windows Sockets error is in the message data.

Resolve
Check SSOD

Verify that the UNIX host computer is operational, and that the UNIX host is running the single sign-on daemon (SSOD) on the specified port. A Windows Sockets error is logged in the Event Viewer message data providing the exact failure error code.

For more information, see the topic “Install the Password Synchronization daemon on UNIX-based computers” in the Password Synchronization Help.

Verify

Retry Windows to UNIX password synchronization for any failed user password change attempts to verify that Password Synchronization is operating normally. Password Synchronization is operating normally when password synchronization succeeds and is operating under warning conditions if synchronization fails for some passwords but succeeds for others.

If password synchronization succeeds for some passwords but fails for others, Windows to UNIX Password Synchronization Configuration is likely fully operational, but there might be account- or computer-specific configuration problems preventing password changes from being synchronized on UNIX-based hosts.

Related Management Information

Windows to UNIX Password Synchronization — Configuration Issues

Identity Management for UNIX

Related:

Event ID 8196 — Windows to UNIX Password Synchronization Service — Run-time Issues

Event ID 8196 — Windows to UNIX Password Synchronization Service — Run-time Issues

Updated: November 14, 2007

Applies To: Windows Server 2008

Windows to UNIX Password Synchronization Service — Run-time Issues indicates the functionality of Windows to UNIX password synchronization operations.

When Password Synchronization is configured for Windows-to-UNIX synchronization, and a password is changed on a Windows-based computer running Password Synchronization, the Password Synchronization service determines whether the user’s password is to be synchronized on UNIX computers. When the Password Synchronization service is operating normally, it encrypts the password and sends it to the Password Synchronization daemon on each computer with which the Windows-based computer is configured to be synchronized. The daemon then decrypts the password and changes the password on the UNIX host.

Event Details

Product: Windows Identity Management for UNIX
ID: 8196
Source: Microsoft-Windows-IDMU-PSync
Version: 6.0
Symbolic Name: MSG_PSWD_CHANGE_PROP_ERROR
Message: Error in password propagation. %ruser = %1 %rhost = %2

Resolve
Check preceding messages in Event Viewer for exact nature of failure

This error is logged if the synchronization service from Windows-based computers to UNIX-based computers fails for the configured number of retries. Error messages preceding this error typically contain the exact point of failure. Read resolution suggestions for those errors to resolve this issue.

If there is no error message preceding this error that contains usable information, and if this error occurs multiple times, then try restarting the computer to resolve this issue.

To restart the computer:

  • To restart the computer, click Start, click the arrow next to the Lock button, and then click Restart.

Verify

Retry Windows to UNIX password synchronization for failed user password changes to verify that it is operational. Password Synchronization is fully operational when the password synchronization succeeds, and operating under warning conditions if password synchronization fails for some passwords but succeeds for others.

If password synchronization succeeds for some passwords but fails for others, the Windows to UNIX Password Synchronization Service is likely fully operational, but there might be account- or computer-specific configuration problems preventing password changes from being synchronized on UNIX-based hosts.

Related Management Information

Windows to UNIX Password Synchronization Service — Run-time Issues

Identity Management for UNIX

Related:

Event ID 8195 — Server for NIS Service Availability

Event ID 8195 — Server for NIS Service Availability

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

Server for NIS service availability indicates the functional state of the Server for NIS service. When Server for NIS is available, it updates NIS maps on all subordinate servers in the domain if it is running as an NIS master server, and accepts NIS replication data from Active Directory if it is running as a subordinate server.

Event Details

Product: Windows Identity Management for UNIX
ID: 8195
Source: Microsoft-Windows-IDMU-ServerForNIS
Version: 6.0
Symbolic Name: MSG_MEMORY_ERROR
Message: Memory allocation failed.

Resolve
Correct memory allocation error

Memory allocation has failed in Server for NIS. This can occur if the Windows Server operating system has insufficient virtual memory. Try closing some applications and programs that are not required and are using large amounts of virtual memory, and then restart Server for NIS. If this fails to correct the problem, try restarting the computer.

If the problem persists, verify that the computer is not configured to use the maximum amount of virtual memory.

To solve this problem:

  1. Right-click My Computer and then click Properties.
  2. On the Advanced tab, in the Performance area, click Settings.
  3. On the Advanced tab of the Performance Options dialog box, in the Virtual Memory area, view the amount of virtual memory allocated on the machine.
  4. Click Change to view the maximum allowable virtual memory.
  5. If necessary, change allocated virtual memory to the size recommended in the Total paging file size for all drives area of the Virtual Memory dialog box.
  6. If you have changed the allotted virtual memory amount, click Set, and then click OK.

Verify

Open the Services MMC and verify that Server for NIS is operational. If the Server for NIS service properties show that the service is not running, errors are preventing Server for NIS from operating normally.

To verify that Server for NIS is running

  1. Click Start, point to Administrative Tools, and then click Services.
  2. In the Results pane of the Services MMC, double-click Server for NIS.
  3. In the Service status area of the Server for NIS Properties dialog box, verify that the Server for NIS service shows as Started.

Use the ypcat command on a client computer in the domain on which the error was generated to verify that the Server for NIS service is available.

To use the ypcat command to verify Server for NIS service availability:

  1. On a client computer in the domain on which the error was generated, open a Windows Command Prompt with elevated privileges. To do this, right click Command Prompt on the Start menu, and then click Run as administrator.
  2. Type the following command, and then press Enter: ypcat -hNISServer-dDomain Mapname. NISServer represents the name of the server on which you want to verify that the Server for NIS Service is available. Domain represents the domain name on which you want to verify that the Server for NIS service is available. Mapname represents the name or nickname of a specific NIS map that the server on which you want to verify Server for NIS availability is expected to update.
  3. If you are prompted to provide the domain administrator account name and password, type the account name and password, and then press Enter.
  4. The ypcat Windows command-line utility prints the values of all keys from the NIS database specified by Mapname, which can be a map name or a map nickname. If the ypcat utility returns a list of key values for the maps you specified, the Server for NIS service is available.

Related Management Information

Server for NIS Service Availability

Identity Management for UNIX

Related:

Event ID 8193 — Windows to UNIX Password Synchronization Service Availability

Event ID 8193 — Windows to UNIX Password Synchronization Service Availability

Updated: November 14, 2007

Applies To: Windows Server 2008

Windows to UNIX Password Synchronization Service Availability indicates the operational state of the Windows to UNIX password synchronization service and its availability to synchronize user account passwords to the UNIX environment that are changed in the Windows environment.

When Password Synchronization is configured for Windows-to-UNIX synchronization, and a password is changed on a Windows-based computer running Password Synchronization, the Password Synchronization service determines whether the user’s password is to be synchronized on UNIX computers. When the Password Synchronization service is operating normally, it encrypts the password and sends it to the Password Synchronization daemon on each computer with which the Windows-based computer is configured to be synchronized. The daemon then decrypts the password and changes the password on the UNIX host.

Generally, the service is available if it has read and modify permissions in the Windows Registry, and if the computer on which Password Synchronization is installed remains an Active Directory® Domain Services domain controller.

Event Details

Product: Windows Identity Management for UNIX
ID: 8193
Source: Microsoft-Windows-IDMU-PSync
Version: 6.0
Symbolic Name: MSG_ERROR_READING_CONFIG
Message: Failure reading Password Synchronization configuration. %rApply configuration changes again and if the problem persists, verify that Password Synchronization has been configured in accordance with guidance in the Password Synchronization Help.

Resolve
Fix registry error

Password Synchronization encountered an error reading or writing to a specific Windows registry key. Open Event Viewer and read the associated error message, which describes the root cause of this error.

Confirm that the computer running Password Synchronization has access permissions to the Windows registry by doing the following:

  1. Open the Registry Editor.
    • Click Start, click Run, type regedit in the Open text box, and then click OK.
  2. In the hierarchy pane, navigate to the registry key identified by the error message.
  3. If the error message does not show the path to the registry key on which the problem occurred, navigate to the key HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Identity Management.
  4. With the key highlighted, click Permissions on the Edit menu to open the Permissions for Registry Key dialog box.
  5. Verify that the user SYSTEM has Full Control permissions.
  6. Click Add to add the SYSTEM user if it is not already listed in the Group or user names list on the Security tab. If needed, assign Full Control permissions to SYSTEM in the Permissions for User list.
  7. Click OK. Close the Registry Editor.

Verify

The Windows to UNIX password synchronization service is functioning normally in the absence of any of the following messages in Event Viewer. If any of the following messages are logged in Event Viewer, the service cannot function normally.

  • IDMU Password Synchronization event 16388
  • IDMU Password Synchronization event 8194
  • IDMU Password Synchronization event 8193

Related Management Information

Windows to UNIX Password Synchronization Service Availability

Identity Management for UNIX

Related:

Event ID 4104 — Windows to UNIX Password Synchronization Service — Run-time Issues

Event ID 4104 — Windows to UNIX Password Synchronization Service — Run-time Issues

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

Windows to UNIX Password Synchronization Service — Run-time Issues indicates the functionality of Windows to UNIX password synchronization operations.

When Password Synchronization is configured for Windows-to-UNIX synchronization, and a password is changed on a Windows-based computer running Password Synchronization, the Password Synchronization service determines whether the user’s password is to be synchronized on UNIX computers. When the Password Synchronization service is operating normally, it encrypts the password and sends it to the Password Synchronization daemon on each computer with which the Windows-based computer is configured to be synchronized. The daemon then decrypts the password and changes the password on the UNIX host.

Event Details

Product: Windows Identity Management for UNIX
ID: 4104
Source: Microsoft-Windows-IDMU-PSync
Version: 6.0
Symbolic Name: MSG_MACHINE_ACCT_IGNORED_INFO
Message: Password change request for computer account ignored. %rAccount = %1

Resolve

This is a normal condition. No further action is required.

Related Management Information

Windows to UNIX Password Synchronization Service — Run-time Issues

Identity Management for UNIX

Related:

Event ID 4098 — Server for NIS Service Availability

Event ID 4098 — Server for NIS Service Availability

Updated: November 14, 2007

Applies To: Windows Server 2008

Server for NIS service availability indicates the functional state of the Server for NIS service. When Server for NIS is available, it updates NIS maps on all subordinate servers in the domain if it is running as an NIS master server, and accepts NIS replication data from Active Directory if it is running as a subordinate server.

Event Details

Product: Windows Identity Management for UNIX
ID: 4098
Source: Microsoft-Windows-IDMU-ServerForNIS
Version: 6.0
Symbolic Name: MSG_STOP_INFO
Message: Server for NIS has stopped.

Resolve

This is a normal condition. No further action is required.

Related Management Information

Server for NIS Service Availability

Identity Management for UNIX

Related:

Event ID 4096 — Windows to UNIX Password Synchronization Service Availability

Event ID 4096 — Windows to UNIX Password Synchronization Service Availability

Updated: November 14, 2007

Applies To: Windows Server 2008

Windows to UNIX Password Synchronization Service Availability indicates the operational state of the Windows to UNIX password synchronization service and its availability to synchronize user account passwords to the UNIX environment that are changed in the Windows environment.

When Password Synchronization is configured for Windows-to-UNIX synchronization, and a password is changed on a Windows-based computer running Password Synchronization, the Password Synchronization service determines whether the user’s password is to be synchronized on UNIX computers. When the Password Synchronization service is operating normally, it encrypts the password and sends it to the Password Synchronization daemon on each computer with which the Windows-based computer is configured to be synchronized. The daemon then decrypts the password and changes the password on the UNIX host.

Generally, the service is available if it has read and modify permissions in the Windows Registry, and if the computer on which Password Synchronization is installed remains an Active Directory® Domain Services domain controller.

Event Details

Product: Windows Identity Management for UNIX
ID: 4096
Source: Microsoft-Windows-IDMU-PSync
Version: 6.0
Symbolic Name: MSG_STARTUP_INFO
Message: Password Synchronization service between Windows and UNIX was started.

Resolve

This is a normal condition. No further action is required.

Related Management Information

Windows to UNIX Password Synchronization Service Availability

Identity Management for UNIX

Related: