Hello,
Recently I was trying to insert a new 6.5 server in our existing tree for iprint services, along w/ iManager. The server installed in the tree NP, but seems to have a few errors pertaining to LDAPS and SSL.

Here are the errors on the new Server, but I think that the issue is with the CA server.

Error on new Server
LDAP connectivity not found on ldap://localhost:636
Please load NLDAP and then manually execute command:
sys:/tomcat/4/bin/startup

java: Class com.novell.application.tomcat.util.tccheck.LDAPVer ifier
exited successfully
LDAP connectivity not found on ldap://localhost:636
Please load NLDAP and then manually execute command:
sys:/tomcat/4/bin/startup
config sys:/adminsrv/conf/admin_tomcat.xml
java: Class com.novell.application.tomcat.util.tccheck.LDAPVer ifier
exited successfully


I ran PKIDIAG on both servers and here are the results:
CA Server
PKIDiag 2.78 -- (compiled Jul 18 2005 17:19:11).
(Check the end of the log for the last repair results)
Current Time: Wed Jun 24 10:27:14 2009
User logged-in as: monroe.computer center.gac.adelphi.
Fixing mode
Rename and create mode
Rename and create when necessary

--> Server Name = 'EINSTEIN'
---------------------------------------------------------------------------

Step 1 Verifying the Server's link to the SAS Service Object.
Server 'EINSTEIN.GAC.ADELPHI' points to SAS Service object 'SAS Service - EINSTEIN.GAC.ADELPHI'
Step 1 succeeded.

Step 2 Verifying the SAS Service Object
SAS Service object 'SAS Service - EINSTEIN.GAC.ADELPHI' is backlinked to server 'EINSTEIN.GAC.ADELPHI'.
Step 2 succeeded.

Step 3 Verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service - EINSTEIN.GAC.ADELPHI'.
--> No KMOs are linked to Service object 'SAS Service - EINSTEIN.GAC.ADELPHI'.
Step 3 succeeded.

Step 4 Verifying the KMOs
---> Testing KMO 'SSL CertificateIP - TRITON.GAC.ADELPHI'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.

---> Testing KMO 'SSL CertificateIP - EINSTEIN.GAC.ADELPHI'.
Rights check -- OK.
Back link -- OK.
Private Key -- Failed.

---> Testing KMO 'SSL CertificateDNS - TRITON.GAC.ADELPHI'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'SSL CertificateDNS - EINSTEIN.GAC.ADELPHI'.
Rights check -- OK.
Back link -- OK.
Private Key -- Failed.

---> Testing KMO 'IP AG 198\.138\.80\.160 - TRITON.GAC.ADELPHI'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'DNS AG triton\.adelphi\.edu - TRITON.GAC.ADELPHI'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'DNS AG TRITON - TRITON.GAC.ADELPHI'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.

Step 4 succeeded.

Step 5 Re-verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service - EINSTEIN.GAC.ADELPHI'.
--> No KMOs are linked to Service object 'SAS Service - EINSTEIN.GAC.ADELPHI'.
INFO: kmo SSL CertificateIP - EINSTEIN.GAC.ADELPHI should probably be deleted.
INFO: kmo SSL CertificateDNS - EINSTEIN.GAC.ADELPHI should probably be deleted.
Step 5 succeeded.

Step 6 Creating IP and DNS Certificates if necessary.
--> Number of Server IP addresses = 1
--> The default IP address is: 10.3.12.70
PROBLEM: A SSL CertificateIP does not exist
FIXING: Creating SSL CertificateIP (10.3.12.70)
Pausing for 5 seconds because of error -1418
ERROR -1418 creating SSL CertificateIP.
--> Number of Server DNS names for the IP address 10.3.12.70 = 1
--> The server's default DNS name is:
EINSTEIN.adelphi.edu
PROBLEM: A SSL CertificateDNS does not exist
FIXING: Creating SSL CertificateDNS (EINSTEIN.adelphi.edu)
Pausing for 5 seconds because of error -1418
ERROR -1418 creating SSL CertificateDNS.
Step 6 failed -1418.


Note: Occasionally multiple problems will be solved with a single fix.

Fixable problems found: 2
Problems fixed: 0
Un-fixable problems found: 0







New Server
---------------------------------------------------------------------------
PKIDiag 2.78 -- (compiled Jul 18 2005 17:19:11).
(Check the end of the log for the last repair results)
Current Time: Tue Jun 23 14:58:23 2009
User logged-in as: monroe.computer center.gac.adelphi.
Fixing mode
Rename and create mode
Rename and create when necessary

--> Server Name = 'JULIET'
---------------------------------------------------------------------------

Step 1 Verifying the Server's link to the SAS Service Object.
Server 'JULIET.Juliet.SERVERS.GAC.ADELPHI' points to SAS Service object 'SAS Service - JULIET.Juliet.SERVERS.GAC.ADELPHI'
Step 1 succeeded.

Step 2 Verifying the SAS Service Object
SAS Service object 'SAS Service - JULIET.Juliet.SERVERS.GAC.ADELPHI' is backlinked to server 'JULIET.Juliet.SERVERS.GAC.ADELPHI'.
Step 2 succeeded.

Step 3 Verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service - JULIET.Juliet.SERVERS.GAC.ADELPHI'.
--->KMO IP AG 10\.3\.12\.88 - JULIET.Juliet.SERVERS.GAC.ADELPHI is linked.
--->KMO SSL CertificateIP - JULIET.Juliet.SERVERS.GAC.ADELPHI is linked.
--->KMO DNS AG juliet\.adelphi\.edu - JULIET.Juliet.SERVERS.GAC.ADELPHI is linked.
--->KMO SSL CertificateDNS - JULIET.Juliet.SERVERS.GAC.ADELPHI is linked.
Step 3 succeeded.

Step 4 Verifying the KMOs
---> Testing KMO 'SSL CertificateDNS - JULIET.Juliet.SERVERS.GAC.ADELPHI'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.

---> Testing KMO 'DNS AG juliet\.adelphi\.edu - JULIET.Juliet.SERVERS.GAC.ADELPHI'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.

---> Testing KMO 'SSL CertificateIP - JULIET.Juliet.SERVERS.GAC.ADELPHI'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.

---> Testing KMO 'IP AG 10\.3\.12\.88 - JULIET.Juliet.SERVERS.GAC.ADELPHI'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.
Step 4 succeeded.

Step 5 Re-verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service - JULIET.Juliet.SERVERS.GAC.ADELPHI'.
KMO 'IP AG 10\.3\.12\.88 - JULIET.Juliet.SERVERS.GAC.ADELPHI' is linked.
KMO 'SSL CertificateIP - JULIET.Juliet.SERVERS.GAC.ADELPHI' is linked.
KMO 'DNS AG juliet\.adelphi\.edu - JULIET.Juliet.SERVERS.GAC.ADELPHI' is linked.
KMO 'SSL CertificateDNS - JULIET.Juliet.SERVERS.GAC.ADELPHI' is linked.
Step 5 succeeded.

Step 6 Creating IP and DNS Certificates if necessary.
--> Number of Server IP addresses = 1
--> The default IP address is: 10.3.12.88
ERROR -1794549432. The KMO SSL CertificateIP exists, but I can't decode it.
PROBLEM: Need to rename 'SSL CertificateIP - JULIET.Juliet.SERVERS.GAC.ADELPHI'.
Fix: Successfully changed 'SSL CertificateIP - JULIET.Juliet.SERVERS.GAC.ADELPHI' to 'Old1 SSL CertificateIP - JULIET.Juliet.SERVERS.GAC.ADELPHI'.
FIXING: Creating SSL CertificateIP (10.3.12.88)
Pausing for 5 seconds because of error -1211
Pausing for 5 seconds because of error -1211
Pausing for 5 seconds because of error -1418
ERROR -1418 creating SSL CertificateIP.
--> Number of Server DNS names for the IP address 10.3.12.88 = 1
--> The server's default DNS name is:
juliet.adelphi.edu
ERROR -1240. The KMO SSL CertificateDNS exists, but we can't decode it.
PROBLEM: Need to rename 'SSL CertificateDNS - JULIET.Juliet.SERVERS.GAC.ADELPHI'.
Fix: Successfully changed 'SSL CertificateDNS - JULIET.Juliet.SERVERS.GAC.ADELPHI' to 'Old1 SSL CertificateDNS - JULIET.Juliet.SERVERS.GAC.ADELPHI'.
FIXING: Creating SSL CertificateDNS (juliet.adelphi.edu)
Pausing for 5 seconds because of error -1211
Pausing for 5 seconds because of error -1211
Pausing for 5 seconds because of error -1418
ERROR -1418 creating SSL CertificateDNS.
Step 6 failed -1418.


Note: Occasionally multiple problems will be solved with a single fix.

Fixable problems found: 0
Problems fixed: 0
Un-fixable problems found: 0







Any help would be much appreciated. Im not sure that this is related but we are also having problems downloading files from netstorage. You can get into it, but files selected for download never do so.

Also if this is the wrong place to post this, my apologies.