Hello,

I tried to install a OES2 Netware SP8 server into a existing tree.
The new server is located in a private network, the other servers are in the public network.
The installation was successful except for one mistake. The valid SSL certificates, KMOs, were not properly registered.
A unattended full repair of all server was successful without errors.
Time synchronisation was successful.
The new server has all replicas too.
Report synchronisation status is without any errors.
All servers have eDirectory 8.8.5 SP2 (edir885_ftf2).

I tried it with the PKIDiag to enter, but the attempt failed with the following message:

---------------------------------------------------------------------------
PKIDiag 2.78 -- (compiled Feb 01 2007 17:06:17).
(Check the end of the log for the last repair results)
Current Time: Tue Jan 12 11:49:32 2010
User logged-in as: admin.fh-muenchen.
Fixing mode
Rename and create mode
Rename and create when necessary

--> Server Name = 'FK14S1'
---------------------------------------------------------------------------

Step 1 Verifying the Server's link to the SAS Service Object.
Server 'FK14S1.FB14.fh-muenchen' points to SAS Service object 'SAS Service -
FK14S1.FB14.fh-muenchen'
Step 1 succeeded.

Step 2 Verifying the SAS Service Object
SAS Service object 'SAS Service - FK14S1.FB14.fh-muenchen' is backlinked to server
'FK14S1.FB14.fh-muenchen'.
Step 2 succeeded.

Step 3 Verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service - FK14S1.FB14.fh-muenchen'.
--->KMO IP AG 10\.26\.63\.21 - FK14S1.FB14.fh-muenchen is linked.
--->KMO DNS AG fk14s1\.to\.private\.hm\.edu - FK14S1.FB14.fh-muenchen is linked.
--->KMO SSL CertificateIP - FK14S1.FB14.fh-muenchen is linked.
--->KMO SSL CertificateDNS - FK14S1.FB14.fh-muenchen is linked.
Step 3 succeeded.

Step 4 Verifying the KMOs
---> Testing KMO 'SSL CertificateIP - FK14S1.FB14.fh-muenchen'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.

---> Testing KMO 'SSL CertificateDNS - FK14S1.FB14.fh-muenchen'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.

---> Testing KMO 'IP AG 10\.26\.63\.21 - FK14S1.FB14.fh-muenchen'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.

---> Testing KMO 'DNS AG fk14s1\.to\.private\.hm\.edu - FK14S1.FB14.fh-muenchen'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.
Step 4 succeeded.

Step 5 Re-verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service - FK14S1.FB14.fh-muenchen'.
KMO 'IP AG 10\.26\.63\.21 - FK14S1.FB14.fh-muenchen' is linked.
KMO 'DNS AG fk14s1\.to\.private\.hm\.edu - FK14S1.FB14.fh-muenchen' is linked.
KMO 'SSL CertificateIP - FK14S1.FB14.fh-muenchen' is linked.
KMO 'SSL CertificateDNS - FK14S1.FB14.fh-muenchen' is linked.
Step 5 succeeded.

Step 6 Creating IP and DNS Certificates if necessary.
--> Number of Server IP addresses = 1
--> The default IP address is: 10.26.63.21
ERROR -1503894072. The KMO SSL CertificateIP exists, but I can't decode it.
PROBLEM: Need to rename 'SSL CertificateIP - FK14S1.FB14.fh-muenchen'.
Fix: Successfully changed 'SSL CertificateIP - FK14S1.FB14.fh-muenchen' to 'Old1 SSL
CertificateIP - FK14S1.FB14.fh-muenchen'.
FIXING: Creating SSL CertificateIP (10.26.63.21)
Pausing for 5 seconds because of error 49934
ERROR 49934 creating SSL CertificateIP.
--> Number of Server DNS names for the IP address 10.26.63.21 = 1
--> The server's default DNS name is:
fk14s1.to.private.hm.edu
ERROR -1240. The KMO SSL CertificateDNS exists, but we can't decode it.
PROBLEM: Need to rename 'SSL CertificateDNS - FK14S1.FB14.fh-muenchen'.
Fix: Successfully changed 'SSL CertificateDNS - FK14S1.FB14.fh-muenchen' to 'Old1 SSL
CertificateDNS - FK14S1.FB14.fh-muenchen'.
FIXING: Creating SSL CertificateDNS (fk14s1.to.private.hm.edu)
Pausing for 5 seconds because of error 49934
ERROR 49934 creating SSL CertificateDNS.
Step 6 failed 49934.

Note: Occasionally multiple problems will be solved with a single fix.

Fixable problems found: 0
Problems fixed: 0
Un-fixable problems found: 0

With SDIDIAG I cant see the new server FK14S1.
The message from SDIDIAG:

The >>>>>SDIDIAG Begin: Tue Jan 12 11:38:43 2010


SDIDIAG> check >> sdidiag.txt
*** [Key Consistency Check - BEGIN] ***
[Checking SDI Domain]
SDI Check Domain Configuration...
SDI Domain Key Server .FHMFB10S1.FB10.fh-muenchen.FHMRZ.
- Configuration is good.
SDI Domain Key Server .FHMRZ1.RZ.fh-muenchen.FHMRZ.
- Configuration is good.
SDI Domain Key Server .FHMRZ5.rz5.fh-muenchen.FHMRZ.
- Configuration is good.
*** SDI Check Domain Configuration is [GOOD]
SDI Check Domain Keys...
SDI Domain Key Server .FHMRZ5.rz5.fh-muenchen.FHMRZ.
- Keys are good.
SDI Domain Key Server .FHMFB10S1.FB10.fh-muenchen.FHMRZ.
- Keys are good.
SDI Domain Key Server .FHMRZ1.RZ.fh-muenchen.FHMRZ.
- Keys are good.
*** SDI Check Domain Keys are [GOOD]

[Checking SDI Domain: GOOD]

*** No Problems Found ***

*** [Key Consistency Check - END] ***

Can someone give me a hint, what should I do?

Thanks, Jaro.