If you receive a message indicating that a newer file exists from the previous installation, you should select to always overwrite the newer file.
The list of servers shown during the installation might not list servers that are configured to use only IP. You can install Novell Certificate ServerTM on a server whose name is not listed by typing the name of the server in the text box.
When installing Novell Certificate Server, you might encounter an error stating that the Security Domain key server could not be contacted. The first server in your network that you install Novell Single Sign-on, NMAS, or Novell Certificate Server on is set up to be the Security Domain key server.
All subsequent servers that are installed with any of these products contact the Security Domain key server during their installation process. If the Security Domain key server cannot be contacted, the installation will fail and a message will be displayed indicating that the SAS service object could not be created.
To avoid the SAS service creation error message:
You can determine which server is the Security Domain key server by running ConsoleOne®. Open the properties page for the W0 object. This object is located in the KAP container, which is inside the Security Container. Click the Other tab. Click NDSPKI:SD Key Server DN. The value displayed is the distinguished name of the Security Domain key server.
If you receive this error one or more times during the installation, ignore it and continue with the installation.
If the installation fails during the creation of the Organizational CA or the server certificate, or during the exportation of the trusted root certificate, the installation doesn't need to be repeated. The software has been successfully installed at this point. You can use ConsoleOne to create an Organizational CA and server certificates and export the trusted root.
If a Novell Certificate Server installation fails during installation and you receive a -1443 error message, this means that the Security Domain key server and the server that you are installing Certificate Server on are not communicating properly. If the server cannot get a copy of the Security Domain key, the installation fails.
A likely reason is that the server that Certificate Server is being installed to fragments the NCPTM extensions, and the fragments are not being reassembled correctly by the Security Domain key server.
One solution to this problem is to increase the MTU of both servers to greater than 576 (the default minimum size).
To increase the MTU on a server:
Type LOAD MONITOR !h from the command line of the server.
Select Server Parameters > click Communications.
Select Maximum Interface MTU > set this value to something higher than 576.