Archive for September, 2009

Replacing NDS 2 NDS Certificates in Novells IDM

September 22, 2009

Had an issue today day where synchronisation was not occurring between our master directory and the student NDS tree.  The first thing I tried was to restart the IDM driver, but this didn’t seem to have any effect.  So I opened a remote console into the server running the driver in the student NDS tree and loaded DSTRACE, the switches I used were:

dstrace on screen on file off

dstrace -all +dxml +dvrs

When I then switched to the DSTRACE console I was greeted with the following error message


The error message itself was pretty self explainable, the SSL certificate had expired and was preventing  the driver from communicating.  To double check this in console one, I located the KMO object for the driver certificate. When i went into the properties for the public key certificate on the certificates tab, yes indeed the certificate had expired 4 days ago.


So how do the replace the SSL certificate, thankfully there isn’t much involved this you just use the NDS 2 NDS Certificate Wizard within IDM to recreate the certificate, exactly the same way you did initially when creating the driver.




September 18, 2009

Came across powershell v2.0 CTP release 3 today so I downloaded and tried to install it.  No go! First I get a message telling me that I need to install something call WS MAN.

What is WS MAN? From the Microsft website: (

WS-Management (also known as WinRM) OOB is a targeted release for supporting WS-Management functionality on the following platforms: Windows XP SP2, Windows Server 2003 SP1, Windows Server 2003 SP2, Windows 2003 Server R2. It replaces the WS-Management version that shipped in Windows Server 2003 R2. Customers are advised to update their Windows 2003 Server R2 with this update. This is a required component for Microsoft System Center Virtual Machine Manager 2007 and Microsoft System Center Operations Manager 2007 SP1

Ok that done I try again.  This time I get a warning telling me to uninstall previous versions of powershell (I had version 1 installed).  Ok not a problem I thought, so I opened up add/remove programs (shortcut appwiz.cpl) and scrolled down to windows powershell, but hang on its not there.  Thats strange I thought, so I went to the top of the list and scolled all the way down looking for powershell but still I can’t see it.  So how do I uninstall it?  A quick google search reveals that powershell actually comes down as a Windows update so i needed to check the box to show updates and hey presto problem solved powershell appears and I can uninstall it.

Renewing a self-signed certicate in Exchange 2007

September 16, 2009

While I was looking in the event logs of one of my Exchange 2007 Hub Transport Servers this morning I noticed the following warning message:


This is because Exchange 2007 issues a self-signed certificate for use with services like SMTP,IMAP,POP,IIS and UM and these certificates have validity period of 1 year.

To renew the certificate, open the Exchange Management Shell on the server in question and run the following powershell command:

Get-ExchangeCertificate -domain “fqdn of server”  | fl

Copy the thumbprint of the certificate which is displayed and then to renew the certificate run

Get-ExchangeCertificate -thumbprint “thumbprint” | New-ExchangeCertificate

When prompted enter y to continue, the new certificate is then generated and enabled.