jspωiki
Web Blog_blogentry_010415_1

2015-04-01#

Upgrades and Troubleshooting#

We have been trying for more than a month to get current on EDirectory and DirXML products and have encountered several issues.

As the client was behind in several of their versions, we decided to upgrade:

DirXML Engine JVM Changes#

Web Blog_blogentry_010415_1 upgrades the DirXML Engine JVM from 1.6 to 1.7. As the DirXML Engine JVM is the same as the EDirectory JVM, we had issues with the Drivers and DirXML Remote Loader.

Because of these issues, we decided to go from EDirectory 8.8.7.6 (20707.00) to EDirectory 8.8.8.0 (20801.46).

GUID Search Crash Bug 846920#

When we tried to go from EDirectory 8.8.7.6 (20707.00) to EDirectory 8.8.8.0 (20801.46) we had issues with Bug 846920 that caused the ndsd crash but because this is eDirectory base code (v20801.46) and not SP1 (v20802.09). Since we wrongly assumed that as it was fixed in 8.8 SP7 Patch 5, we wrongly assumed it should also be fixed in 8.8 SP8.

DirXML 4.0.2.7#

The documenation for DirXML 4.0.2.7 implies that the DirXML Engine JVM is upgraded to 1.7, when you look at the documentation for DirXML 4.0.2.2, it was an optional upgrade. We do not know when or if there was ever a forced update to DirXML Engine JVM to 1.7 for DirXML, but Web Blog_blogentry_010415_1 is a forced upgrade.

DirXML 4.0.2.7 and Poodle#

DirXML 4.0.2.7 has some fixes for Poodle and from what we can tell, it disables the use of SSLv3 and will only use TLS 1.0 (Or maybe better).

However, this requires that the DirXML Remote Loaders be upgraded at the same time as the DirXML Engine.

We have tried a couple of upgrades to the DirXML Remote Loader and they have failed. Further, as far as we know, the only way to tell if the upgrade has worked is to have the DirXML Engine side stopped and to look in the log for the

'TCP server socket, port 8090, address localhost, using TLSv1'…

There must be a way to see what the installer is doing and determine if it is failing.

AD Driver version 4.0.0.1 to AD Driver version 4.0.0.3 #

At this client, we only had DirXML Remote Loaders for Microsoft Active Directory so we thought we would upgrade form AD Driver version 4.0.0.1 to AD Driver version 4.0.0.3 at the same time.

Next Steps#

As we have several servers, we will hold off of upgrading DirXML 4.0.2.7 on two of our boxes and move the DirXML Drivers with DirXML Remote Loaders and any Edir-2-Edir drivers that are not upgraded to DirXML 4.0.2.7 to these servers.

More Information#

There might be more information for this subject on one of the following: ...nobody