Information passed to this operation 
     was not valid.
 

Chapter 23. Analyzing Problems -- Enhanced Integration for NetWare

This chapter provides information on problem analysis when you are running Enhanced Integration for NetWare. 


User Enrollment Problems

This section describes how you can view the QNETWARE and QPRFSYNCH job logs and work with enrollment status to solve the various problems that you might encounter when you enroll AS/400 profiles on NetWare. 

QNETWARE Job Log

The QNETWARE job handles the NetWare profile enrollment requests. The QNETWARE job, which runs in the QSYSWRK subsystem under the QSYS profile, logs error messages received during all profile enrollment operations. Most errors are written to the QNETWARE job log; more severe errors are written to the QSYSOPR message queue. 

To view the status of the QNETWARE job, and to obtain a list of previous QNETWARE jobs: 

  1. Enter WRKJOB QNETWARE
  2. Specify option 1 (Select) next to the active QNETWARE job. 

  3.  

     
     
     
     
     

    Note: QNETWARE jobs that have previously ended are included in this display only if the QGPL/QBATCH *JOBD specifies
    LOG(4 00 *SECLVL)

+--------------------------------------------------------------------------------+
|                                   Select Job                         ROCHSYS   |
|                                                           07/31/96  10:20:38   |
| Type option, press Enter.                                                      |
|   1=Select                                                                     |
|                                                                                |
|                                                                     Entered    |
| Option  Job         User        Number  Type      -----Status-----  System     |
| 1       QNETWARE    QSYS        001476  BATCH     ACTIVE            07/30/96   |
|         QNETWARE    QSYS        000962  BATCH     OUTQ              07/19/96   |
|                                                                                |
|                                                                                |
|                                                                                |
|                                                                                |
|                                                                                |
|                                                                                |
|                                                                                |
|                                                                                |
|                                                                                |
|                                                                                |
|                                                                                |
|                                                                                |
|                                                                      Bottom    |
| F3=Exit   F12=Cancel                                                           |
|                                                                                |
+--------------------------------------------------------------------------------+


  1. When the Work with Job display appears, select option 10 to view the job log. 
QPRFSYNCH Job Log

The QPRFSYNCH job (program QSYS/QFPAPRFJ) is used to evaluate user profile create or change requests, and to determine if the requests require enrollment on any NetWare servers. If enrollment is required, this job notifies the QNETWARE job of the necessary work to be done. 

This job runs when: 

  • AS/400 group or user profiles are defined to be enrolled on NetWare 
  • Enhanced Integration for NetWare is installed 
Starting the QPRFSYNCH and QNETWARE jobs

When the QSYSWRK subsystem is started, an autostart job (QFSIOPJOB) runs and submits both the QNETWARE and QPRFSYNCH jobs to run in this subsystem. 

If either job ends, the jobs are restarted automatically when one of the following actions occur: 

  • The QSYSWRK subsystem is started if Enhanced Integration for NetWare is installed and AS/400 group or user profiles are being enrolled on NetWare. 
  • Option 6 (Retry entry) is used for any group or user profile on the Work with NWS User Enrollment display. The entry can be in a *CURRENT state or any other pending or failed state. 
  • A CHGNWSA or CHGNWSUSRA command is issued that causes a change in the enrollment of a group or user profile on NetWare. 
  • A CRTUSRPRF, CHGUSRPRF or RSTUSRPRF command is issued for a user or group that is enrolled and one of the following values is set or changed: 
    • password 
    • password expiration date 
    • password expiration interval 
    • status (enabled/disabled) 
    • text description 

    •  

       
       
       
       
       

      Note: Password information does not apply to group profiles. 

  • The CHGPWD command is issued for a user profile that is enrolled on NetWare. 
  • The DLTUSRPRF command is issued for a user profile that was previously enrolled on NetWare. 
The QNETWARE and QPRFSYNCH jobs remain active while the QSYSWRK subsystem is active. There are no user interfaces (other than the ENDJOB and ENDSBS commands) to end these functions. Their role is to remain active while any profile enrollment requests are active or pending. 

User Enrollment Error Codes

If an error code appears, use option 16 to view the error message that is associated with the error code. Although the message text associated with the error appears, substitution text, such as the server name, does not. However, when the message is sent to the QNETWARE job log, the substitution text does appear. 

  Some error codes have a one-to-one relationship with an associated error message. Many of the NetWare-specific messages, however, simply show the NetWare error code, with a generic message indicating an error occurred while calling a NetWare function. In this case, the error message has some explanatory text for some of the common NetWare errors. Not all errors, however, are described in the message text. 

The following error codes might appear: 
 
Negative error code These error codes generally indicate some sort of communication error while trying to send requests to a NetWare server. Generally, only the final error is shown. If you know a server is inactive, this probably explains the error. If you think a server is running properly, look in the QNETWARE job log for related error messages that might help isolate the problem. 
0-999 Error codes returned from NetWare functional calls. 
 
216 The password is too short. Change the password on AS/400 to a longer value. 
220 The account is disabled. Re-enable the QNETWARE profile on the NDS tree or NetWare 3.12 server. 
238 Another object already exists with the same name as the profile being propagated. Either end propagation of the profile from the AS/400 side, or rename the matching object from a NetWare client so it does not conflict with the profile name. 
242-254 The QNETWARE profile on the NDS tree or NetWare 3.12 server does not have sufficient access rights to make the necessary user or group object changes. From a NetWare client, make sure the QNETWARE profile has the authority to process user and group objects, either by making the object an ADMIN user, or the security equivalence to an ADMIN user. 
333 Indicates a connection failure has occurred. If this error occurs, end the QNETWARE job and then restart it by issuing a Retry entry option from the WRKNWSENR status display for the failing profile. 
601 This normally indicates an incorrect context was specified for an NDS context. Check the NDS context field specified in the CHGNWSUSRA command for the profile in error, or the NDS context field in the CHGNWSA command if *NWSA is specified in the CHGNWSUSRA command. 
606 Another object already exists in the NetWare 3.12 Bindery or in the NDS tree with the same name as the profile being propagated. Either end propagation of the profile from the AS/400 side, or rename the matching object from a NetWare client so it does not conflict with the profile name. 
611 An incorrect container name was specified. Check the NDS context field for the failing group or user profile. 
637 An update or delete operation is being attempted to a user or group profile that has a move in progress. Usually this means replication of an NDS tree has not yet completed. If the operation changes to an *UPDFAIL or *DLTFAIL status, use the Retry entry option on the WRKNWSENR status display for the failing profile. 
654 A NetWare partition is busy. If the operation goes to a status of *UPDFAIL or *DLTFAIL before the error is cleared, use the Retry entry option on the WRKNWSENR status display for the failing entry. 
668 An incorrect container name was specified. Check the NDS context field for the failing group or user profile. 
672 The QNETWARE profile on the NDS tree or NetWare 3.12 server does not have sufficient access rights to make the necessary group or user object changes. From a NetWare client, make sure the QNETWARE profile has the authority to process group and user objects, either by making the object an ADMIN user, or the security equivalence to an ADMIN user. 
6000 Occurs when trying to send a request to an NDS tree. It indicates that the context for the QNETWARE profile in the tree cannot be determined. To correct the error, either use the ADDNTWAUTE command to create a NetWare authentication entry for the QNETWARE profile in the tree, or use the CHGNWSUSRA command to define such a context. 
6001 There is no QNETWARE profile on AS/400. Use the CRTUSRPRF command to create the profile. This profile is automatically created when Enhanced Integration for NetWare is installed, but it might have been deleted by a system administrator. 
6002 An error occurred while trying to access the QNETWARE profile enrollment information. Either the profile object is locked by another job, or the object has been damaged. If the profile object is damaged, create the QNETWARE user profile again. 
6003 The user enrollment task could not contact the requested NetWare 3.12 server, or a server in an NDS tree. Either the servers are inactive, or they are not running the Enhanced Integration for NetWare NLM. To recover, start the inactive servers or load the Enhanced Integration for NetWare NLM. 
6004 An authentication error occurred while trying to log in the QNETWARE user to a server. Either the QNETWARE profile does not exist on the tree or server, or the AS/400 password information does not match that currently on the NetWare server or NDS tree. Either change the AS/400 password information to match the server, or change the QNETWARE password from a NetWare utility such as NWADMIN. 
6005 An unexpected communication error occurred while trying to connect to a NetWare server. Look in the QNETWARE job log for more detailed errors that might help diagnose the problem. 
6006 An error occurred while trying to get the QNETWARE authentication information. Use the ADDNTWAUTE command to add an authentication entry for the QNETWARE profile. If one already exists, there may be some damage, so delete and recreate the QNETWARE profile. 
6007 An error occurred trying to retrieve user or group profile enrollment information. Try the operation again. If the error persists, the profile may be damaged. Either create the user profile again, or restore the profile from a saved version. 
6008 An error occurred while trying to create an authentication entry for an AS/400 profile. Try the operation again. If the error persists, look in the QNETWARE job log for any related errors that might indicate the source of the problem. 
6009 An error occurred while trying to update the status of a profile on a server. Try the operation again. If the problem persists, either delete and then re-create the profile or restore the profile from a saved version. 
6011 No password is available for the user profile. This error occurs when the QRETSVRSEC system value is set to 0, meaning that security information is not retained on the AS/400. In this situation, passwords can only be retrieved when the password is actually changed, or the user signs on to the system. 

For example, if a new group profile is created and then defined to have all its group members enrolled on a NetWare server. If the QRETSVRSEC value is set to 0, passwords for the group members are not immediately available, so the 6011 error appears for all the group members. If one of these users signs on to AS/400, the password information is captured automatically and the 6011 error is resolved. Until the user signs on, or the password is changed using the CHGPWD or CHGUSRPRF command, this profile remains in a pending state. 

This error can also occur if the QRETSVRSEC system value is set to 1, and the user password has never been set or changed since the system value was set. To resolve the error, either the user needs to sign on to AS/400 or the password needs to be changed using the CHGPWD or CHGUSRPRF command. 

6012 A profile update request was sent to a server, but no response was returned within 10 minutes. The AS/400 retries the operation. If the error persists for a particular user, check the detailed error messages in the QNETWARE job log for more information. 

Authentication Errors

Message FPE0232 - User not connected to server

Read the second level help text of this message. Usually the problem is because there is not an authentication entry in the user profile for the server specified. See previous messages and if the diagnostic error is FPE0215, then an authentication entry does not exist. Use the WRKNTWAUTE command and add an authentication entry for the NDS tree the server is in (or the server if the server is NetWare 3.12). Another option is to use the STRNTWCNN command to manually start a connection to the server that is documented in the second level help text of this error. Note that the STRNTWCNN is active only until the user signs off, whereas setting up an authentication entry automates this process. Another way to automate this process by having the authentication entries automatically created for you, is to use AS/400 user enrollment. See Chapter 21. "Managing User Enrollment"

If the previous diagnostic error is FPE0234, then an authentication entry was used, but the password in the authentication entry was *STRNTWCNN. This can happen if it is purposely set this way, or the QRETSVRSEC system value is set to 0 (passwords cannot be stored in the authentication entry). See page reference #5 for changing the QRETSVRSEC system value. After this is done, you then need to update the authentication entries with the correct password by using the WRKNTWAUTE command. Another option is to manually start a connection and specify the password. This is only active for the current session. 

System Operator Right Errors

If AS/400 returns error FPE023F when a user enters the End NetWare Connection (ENDNTWCNN) command or error CPFA448 when a user enters the Submit NWS Command (SBMNWSCMD) command, the user does not have operator rights to the system object. 
If you want the user to have the rights to do this function, you must add the user to the system object in the NDS tree. 

  • For NetWare 4.1 servers, use the NetWare NWADMIN utility to find the system object for your NetWare server and then update the operator list for this object. 
  • For NetWare 3.12 servers, use the NetWare SYSCON utility. Select Supervisor Options and then File Server Console Operators to view or change the list of operators. 
Communication Errors

Message FPE0250 - Request to server failed with communication error

Read the second level text. If the reason code is not documented then it is most likely the server is not active. Use the documented recovery actions by checking the IPX status using the WRKIPXSTS command, option 3. 

CPFE00E from WRKIPXSTS means that IPX has not been started. In order to use Enhanced Integration for NetWare, you must start IPX using the STRIPX command. See page Chapter 15. "Configuring Enhanced Integration for NetWare" for configuring IPX support. 

Cannot access the NetWare Enhanced Integration NLM

If trying to use commands that access the Enhanced Integration for NetWare NLM on a server, such as using the QNetWare file system, WRKNTWVOL, or WRKNTWCNN for starting a connection, and the server is not responding, your problem could be that you have either not installed the NLM or you have installed the NLM, but it is not loaded. If you have not installed the NLM on the server (a local Integrated PC Server or a remote server), see "Step 3--Install the Enhanced Integration for NetWare NLM on the Servers". This section also explains how to automatically have the NLM loaded whenever the server is restarted. 

To see if AS/400 has the server in its IPX list, use the WRKIPXSTS command, option 3. If the server is in the list with a service type of *ENHNTWINTG, the Enhanced Integration for NetWare NLM is running on the server. 

If you get the error CPFE00E from WRKIPXSTS, then you have not started IPX. See page Chapter 15. "Configuring Enhanced Integration for NetWare" for configuring IPX support. 

You can also do RCONSOLE to the server and use the NetWare command MODULES to see if the AS4NW410 or AS4NW312 NLM is loaded. If the server is a local Integrated PC Server, use the command: 

SBMNWSCMD CMD(MODULES) SERVER(server_name) 

SVRTYPE(*NETWARE) CMDTYPE(*NETWARE)
 
 
 

Tip:
If this command doesn't work, use CMDTYPE(*LCLNTW) instead if you're submitting requests to NetWare servers on local Integrated PC Servers. Press F10 to see the output. If the NLM is not loaded, you can then load it using the following command: 

SBMNWSCMD CMD('LOAD SYS:AS4NW\AS4NW410') 

SERVER(server_name) SVRTYPE(*NETWARE) 

CMDTYPE(*NETWARE)
 
 
 

Storage space not automatically partitioned

A new network server storage space for a local Integrated PC Server is automatically partitioned by the monitor job if the Enhanced Integration for NetWare NLM is loaded and is contacted by the monitor job. Sometimes this takes a few minutes. If you need to create a volume for the storage space and it has not been partitioned yet, you can use LOAD INSTALL from RCONSOLE and manually partition it. This would need to be done if you do not have Enhanced Integration for NetWare as well. 

If the Enhanced Integration for NetWare NLM is not running on the local Integrated PC Server, then automatic partitioning cannot occur. Use the SBMNWSCMD command, as documented in the previous section, to see what modules are loaded on your local server. 

If automatic partitioning is still not occurring, you can try to restart the monitor job from the WRKNWSSTS panel, option 14. Sometimes the Enhanced Integration for NetWare NLM is loaded after the monitor job has stopped retrying to contact it. 


QNetWare File System Problems

This section describes various problems that you might encounter when you work with the QNetWare file system. 
 
Server does not show up under /QNetWare Make sure the Enhanced Integration for NetWare NLM is loaded on the server. 

Make sure AS/400 can see the NLM by using WRKIPXSTS option 3 and looking for a *NTWEHNINTG entry for the server. 

For better performance, the list of servers is only updated periodically. To force the entire list of servers to be updated, enter CALL QFPNTWE/QFPZCTL PARM(*UPDSRVL). 

Users can't see below the server volumes Make sure the user either has a connection started to the NetWare server or has an authentication entry for the NetWare server or NDS tree. 
Users can't be authorized to a file or directory The following message appears: 
  Information passed to this
  operation was not valid.


For NetWare 3.12, make sure the user exists in the NetWare Bindery for the server. 

For NetWare 4.1, make sure the user exists in the NDS tree and that the NDS context is correct. The user's context must be set either to the context the user exists in or to the job context, or the system context must be set to the correct context. 

Users can't make a directory with MKDIR command One of the following messages appears: 
  • Function not supported by file system. 

  •  

     
     
     
     
     

    Auditing is not supported by QNetWare so you need to specify CRTOBJAUD(*NONE). 
     

  • Information passed to this 
     operation was not valid. 
     
     
     

    Do one of the following: 

    • Specify no *PUBLIC authority:
    • DTAAUT(*NONE) OBJAUT(*NONE)
      
      
      
    • Make sure NetWare group EVERYONE was created in your NDS tree and that your job or system NDS context is set to the context that EVERYONE is in. 
Users can't move a file with the MOV command. The following message appears: 
 
 
 
 

For NetWare 3.12, make sure that each user authorized to the file and the owner of the file exist in the NetWare Bindery for the server. 

For NetWare 4.1, make sure that each user authorized to the file and the owner of the file exist in the NDS tree and that their NDS context is correct. The user's context must be set either to the context the user exists in or to the job context, or the system context must be set to the correct context. 

You can use the DSPAUT command to display the authorized users and owner of a file. 

Users want to check the NDS context Users may want to check the NDS context if they experience problems, such as authorizing other users to files or directories or moving a file with the MOV command. To display or change the current context, use one of the following commands:
 
Display  Change 
User  DSPNWSUSRA  CHGNWSUSRA 
Job  DSPNDSCTX  CHGNDSCTX 
System  DSPNWSA  CHGNWSA 

Note:
You can only be logged in to one NDS tree at a time. If you want to access files on other NDS trees, you must use bindery emulation. 

Additional information about NDS contexts: 

Requests for network resources or services require identification of the NDS object context so the object can be located or created. The current context is the position of the NetWare object in the NDS tree The current context remains in effect until the job ends or until you change it using the CHGNDSCTX command. The current context is changed only for the job in which the command is run. 

To identify NDS objects, list the current context and the path from the object to the current position in the NDS tree. 

When creating files using Client Access or a ILE C/400 program the file is always created as read-only See "NetWare File Mode Support". File modes control how file attributes are set when a file is created. 


Applying a PTF to an Enhanced Integration for NetWare NLM

When you apply a PTF to an Enhanced Integration for NetWare NLM, AS/400 does not automatically activate the changes. The PTF puts the updated version of the NLM into the AS/400 Integrated File System in the /qdls/qfpntwe directory. To activate the changes when applying a PTF to an NLM, copy the appropriate NLM from the AS/400 Integrated File System to the AS4NW directory on the SYS: volume of each NetWare server in your network that has the Enhanced Integration for NetWare NLM product installed on it. 

To apply a PTF to the AS/400 Enhanced Integration for NetWare NLM: Do the following on each NetWare server to be updated: 

  1. Load the Enhanced Integration for NetWare NLM on the server if the NLM is not already loaded. 

  2.  

     
     
     
     
     

    If the server is running NetWare 4.10 or higher, run the following command at the server's console: 

    load sys:as4nw\as4nw410
     
     
     

    If the server is running NetWare 3.12, run the following command at the server's console:

    load sys:as4nw\as4nw312
     
     
     

  3. Enter the following command at the server's console:

  4.  

     
     
     

    modules
     
     
     

    The description of the Enhanced Integration for NetWare NLM provides its version number. If the version currently on the server is equal to or greater than the NLM version listed in the PTF cover letter, you do not need to update the NLM on this server. Skip the remaining instructions. 

  5. Copy the updated NLM to the server. 

  6.  

     
     
     
     
     

    Note:
    The method for doing this that follows uses the AS/400 Integrated File System to copy the NLM. Other methods for copying the updated NLM are possible using Client Access and a NetWare client workstation or FTP and a NetWare client workstation. These methods are not described here. 

  7. On the AS/400 system where the PTF was installed (Enhanced Integration for NetWare must be installed), do the following: 
    1. Start IPX if it is not already running, using the STRIPX command. 
    2. Ensure that your user ID is enrolled in the AS/400 directory. 

    3.  

       
       
       
       
       

      You must be enrolled in the AS/400 directory to access /qdls/qfpntwe. If you are not enrolled in the directory, use the ADDDIRE command to enroll. 

    4. Establish a connection to the server. 

    5.  

       
       
       
       
       

      To establish a connection to the server, enter WRKNWSSTS. Page down to the server and select Start connection. 

      If you don't have an authentication entry for the server being updated, establish a connection to the server using the STRNTWCNN command. 

    6. Remove the link and copy the object, substituting the name of your server for server1 

    7.  

       
       
       
       
       

      If the server is running NetWare 4.10 or higher run 

      RMVLNK BJLNK('/qnetware/server1.svr/sys
      /as4nw/as4nw410.nlm')
       
       

      CPY OBJ('/qdls/qfpntwe/as4nw410.nlm')
       

      TODIR('/qnetware/server1.svr/sys/as4nw')
       
       

      If the server is running NetWare 3.12 run 

      RMVLNK OBJLNK('/qnetware/server1.svr/
      sys/as4nw/as4nw312.nlm')

      CPY OBJ('/qdls/qfpntwe/as4nw312.nlm')
       

      TODIR('/qnetware/server1.svr/sys/as4nw')
       
       

  8. Unload the Enhanced Integration for NetWare NLM and reload the updated NLM. 

  9.  

     
     
     
     
     

    Wait until the server's file system in not use by the Integrated File System of any AS/400 system. 

    If the server is running NetWare 4.10 or higher, run the following commands at the server's console: 

    unload as4nw410

    load sys:as4nw\as4nw410
     
     
     

    If the server is running NetWare 3.12, run the following commands at the server's console: 

    unload as4nw312

load sys:as4nw\as4nw312
 
If you remove the PTF after being temporarily applied, follow the same activation procedures to restore the previous version of the NLM on each server that was updated. 

[ Top of Page | Previous Page | Next Page | Table of Contents | Index