We are a small shop that has 40 users and 2 servers. We were running 5.1 on the servers with NDS7. We are in the process of trying to add a 6.5 server into the tree. We have gone through the steps detailed in the Deployment Manager and are stuck with security/key issues (we did not pay too much attention to security prior to this because we are a closed shop). Last night, I upgraded NDS 7 of our two 5.1 servers (SP8) to eDirectory 8.7.3 (NICI 2.6.4). By the grace of God, we are still here, but I can't seem to synchronize keys. PKIDIAG shows no errors, but this is what I get with SDIDIAG:

SDIDiag, Security Domain Infrastructure Diagnostic Utility
Version 2.2 (Jan 31 2006)
Copyright (C) 2003-2006 Novell, Inc. All rights reserved.

// My notes
// Check failed, no domain servers named

SDIDIAG> check
*** [Key Consistency Check - BEGIN] ***
[Checking SDI Domain]
SDI Check Domain Configuration...

SDI Domain Configuration Has Problems.
- No SDI Domain Key Servers found. You must have at
least one server designated as an SDI Domain Key
Server. This server must have NICI version 2.4.2
with eDirectory 85.0 or later installed. However,
eDirectory 87.1 (included with NetWare 6.5) with
NICI 2.6.0 is recommended.

The following servers are suggested:
"+" may need eDirectory or NICI upgrade.
"-" error accessing server.

- Use SDIDIAG commands "LS" to list current servers,
"AS" to add a server, and "RS" to remove
a server. Example:

SDIDIAG>AS -s .server1.org.novell.novell_tree.

adds "server1" in tree "novell_tree"
as an SDI Domain Key Server.

[Checking SDI Domain: PROBLEMS]


*** [Key Consistency Check - END] ***

// Tried to add server, failed

SDIDIAG> as -s .nostromo.xxx.xxx.
Add [FAILED] rc=-672
Error -672

// Tried to resync, looks like it worked with the first server, but not the second

SDIDIAG> resync -t

*** [RESYNC Domain - BEGIN] ***
[PASS 1 of 2]
[Looking for All Server Objects]
*** [Find Servers - BEGIN] ***
Found: .MILAGRO.xxx.xxx.
- Checking eDirectory version.
- Good.
Found: .NOSTROMO.xxx.xxx.
- Checking eDirectory version.
- Good.

*** [Find Servers - END] ***
[Processing Server 1 of 2]
Processing Server .NOSTROMO.xxx.xxx.
Synchronize Server .NOSTROMO.xxx.xxx. ...
- Synchronized.
- Moving keys to domain.
- Processing complete.
[Processing Server 2 of 2]
Processing Server .MILAGRO.xxx.xxx.
Synchronize Server .MILAGRO.xxx.xxx. ...

revoke on .MILAGRO.xxx.xxx.: [FAILED] rc=-255
- Could not be processed. (error = -255)
- Processing complete.

[Synchronizing SDI Domain Key Servers]
*** Error -708 accessing server .

*** Error synchronizing Security Domain. (error = -708)
*** The Security Domain is not synchronized becauses of errors.
- Could not complete. (error = -708)
*** Errors occurred during the RESYNC process.
*** [RESYNC Domain - END] ***
Error -708

any help would be appreciated - thanks