2.6 Step 6: Check the Tree for SDI Key Consistency

Verify that all instances of cryptographic keys are consistent throughout the tree. To ensure that each server has the cryptographic keys necessary to securely communicate with the other servers in the tree:

  1. At a NetWare server console, load sdidiag.nlm.

    or

    At a Windows server command prompt, run sdidiag.exe.

  2. Enter the command CHECK -v >> sys:system\sdinotes.txt -n container DN.

    For example, if user Bob exists in container USR in the organization Acme within the Acme_Inc tree, you would type .USR.Acme.Acme_Inc. for the container DN.

    This reports if there are any key consistency problems among the various servers and the Key Domain servers.

    The output to the screen displays the results of the CHECK command.

  3. If no problems are reported, you are ready to enable Universal Password. Go to Step 7: Enable Universal Password.

    or

    If problems are reported, follow the instructions in the sdinotes.txt file.

    In most cases, you are prompted to run the command RESYNC -T. This command can be repeated any time NMAS reports -1418 or -1460 errors during authentication with Universal Password.

    For more information on SDIDIAG options and operations, refer to the following: