Lion Server problem - Computer is already a network directory server

Craig,

By "repair" do you mean "Key Chain First Aid...Repair"?

Also, by "OD install" do you mean changing the role from standalone to OD master?

Sorry to pedantic but your reply seems like it might be a good lead but I still change my standalone to an OD master.

Awesome! After resigning to the fact that I'd be doing a complete fresh Lion install *again* I figured I'd try deleting pretty much everything in the system key chain except for my wireless network password. And what do you know? I can finally change the role back to OD Master!

Thanks Craig.

I think I managed to solve this accidentially and in an unexpected way...

I went to Network in System Preferences and changed the machine IP address (and made it fixed at the same time). I had been unable to do this via Server.

When I restarted Server, an alert was showing, saying the network configuration had changed. Under that was 'Recovery Options' and the option to 'Update services' - 'Apply the new network configuration to your sevices'.

I'd not seen this option anywhere else so clicked 'Recover' and after a few seconds, was able to set up a Network Directory Server no problem.

I'm yet to get all my services working so may encouter related problems later, but this got me over the hurdle described here.

This certainly seems worth doing if you change the hostname automatically assigned to the server, as I did.

Hope this helps.

yes to both questions. Keychain first aid was the solution to the roadblock of a deleted keychain item that was still in the list.

And yes, The Open Directory Master was created successfully after removal of all references to the server name. In my case I am using a dyndns server name to expose myself on the internet, so it was distinctive.

Same here

forward and reverse DNS is OK

sudo changeip -checkhostname is OK

can't promote to OD master

I found the best results (i.e. it's now working) from Craig Weston.

• Check DNS - both forward and reverse zones
• Certificates

The key I found was that you must remember to check your certificates *on the server*. If you're running Server.app from another machine and you use Certificate Assistant (the application that opens when you select "Custom" for the certificate and then "Manage Certificates") you are accessing the *local* keychain. However, when you "Change Role" of the OD server that process, of course, uses the keychain on the server. Stupidity sieve struck again for me "Item 7: Are you running on the machine you think you're running on?" ;-)

Let me know if that helps.

@andrew2011 - sounds like your problem may have been DNS related. Lion Server is very very picky about both DNS and certs - way pickier than SLS even was.

In my case I was always on the server itself (with ARD) but still can't get my OD back :-(

What certs appear in the System Keychain?

A single self signed certficate with the FQDN for my server.

Before I had deleted the all other certs from the system keychain

What is the error in your "Configuration Log" from "Server Admin" when you try to promote the OD to a Master?

In the configuration log there's nothing

in the LDAP-log:

Sep 13 16:01:10 ocserver slapd[734]: @(#) $OpenLDAP: slapd 2.4.23 (Jun 25 2011 03:21:20) $

root@b1004.apple.com:/private/var/tmp/OpenLDAP/OpenLDAP-186~22/servers/slapd

Sep 13 16:01:10 ocserver slapd[734]: daemon: SLAP_SOCK_INIT: dtblsize=8192

Sep 13 16:01:12 ocserver slapd[734]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable

Sep 13 16:01:12 ocserver slapd[734]: slapd starting

Sep 13 16:01:12 ocserver slapd[734]: daemon: posting com.apple.slapd.startup notification

Sep 13 16:01:26 ocserver slapd[734]: daemon: shutdown requested and initiated.

Sep 13 16:01:26 ocserver slapd[734]: daemon: posting daemon shutdown notification.

Sep 13 16:01:26 ocserver slapd[734]: slapd shutdown: waiting for 1 operations/tasks to finish

Sep 13 16:01:32 ocserver slapd[734]: slapd stopped.

Sep 13 16:01:33 ocserver slapd[752]: @(#) $OpenLDAP: slapd 2.4.23 (Jun 25 2011 03:21:20) $

root@b1004.apple.com:/private/var/tmp/OpenLDAP/OpenLDAP-186~22/servers/slapd

Sep 13 16:01:33 ocserver slapd[752]: daemon: SLAP_SOCK_INIT: dtblsize=8192

Sep 13 16:01:33 ocserver slapd[752]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable

Sep 13 16:01:33 ocserver slapd[752]: slapd starting

Sep 13 16:01:33 ocserver slapd[752]: daemon: posting com.apple.slapd.startup notification

Sep 13 16:01:38 ocserver slapd[752]: daemon: shutdown requested and initiated.

Sep 13 16:01:38 ocserver slapd[752]: daemon: posting daemon shutdown notification.

Sep 13 16:01:38 ocserver slapd[752]: slapd shutdown: waiting for 0 operations/tasks to finish

Sep 13 16:01:40 ocserver slapd[752]: slapd stopped.

Sep 13 16:01:40 ocserver slapd[771]: @(#) $OpenLDAP: slapd 2.4.23 (Jun 25 2011 03:21:20) $

root@b1004.apple.com:/private/var/tmp/OpenLDAP/OpenLDAP-186~22/servers/slapd

Sep 13 16:01:40 ocserver slapd[771]: daemon: SLAP_SOCK_INIT: dtblsize=8192

Sep 13 16:01:40 ocserver slapd[771]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable

Sep 13 16:01:40 ocserver slapd[771]: slapd starting

Sep 13 16:01:40 ocserver slapd[771]: daemon: posting com.apple.slapd.startup notification

Sep 13 16:01:43 ocserver slapd[771]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

Sep 13 16:01:43 ocserver slapd[771]: conn=1014 op=6: attribute "entryCSN" index delete failure

Sep 13 16:01:47 ocserver slapd[771]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

Sep 13 16:01:47 ocserver slapd[771]: conn=1014 op=37: attribute "entryCSN" index delete failure

Sep 13 16:01:51 ocserver slapd[771]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

Sep 13 16:01:51 ocserver slapd[771]: conn=1014 op=70: attribute "entryCSN" index delete failure

Sep 13 16:01:55 ocserver slapd[771]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

Sep 13 16:01:55 ocserver slapd[771]: conn=1014 op=101: attribute "entryCSN" index delete failure

Sep 13 16:01:58 ocserver slapd[771]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

Sep 13 16:01:58 ocserver slapd[771]: conn=1014 op=132: attribute "entryCSN" index delete failure

Sep 13 16:02:24 ocserver slapd[771]: daemon: shutdown requested and initiated.

Sep 13 16:02:24 ocserver slapd[771]: daemon: posting daemon shutdown notification.

Sep 13 16:02:24 ocserver slapd[771]: slapd shutdown: waiting for 0 operations/tasks to finish

Sep 13 16:02:27 ocserver slapd[771]: slapd stopped.

Maybe there's something wrong with the permissions along the way?

Try doing a system repair permissions from the recovery partition.

It turned out to be a problem with de local DNS-zone after all.

The DNS-zone that was created was the FQDN of my server

myserver.mydomain.private and

the administrator email for it was info@myserver.mydomain.private.

I changed the zone to myprivatedomain.com and forward en reverse lookup worked fine.

Then I changed the admin email to my personal emailaddress (info@myprovider.com) and OD troubles began.

Everthing working now except that I still can't enrol devices (another discussion).

Hi,

I have this issue and its driving me nuts.

I've read through all the suggestions but can't seem to resolve this at all.

Anyone got any hints or advice as I just can't get a local OD to premote with getting the CA error.

2011-10-08 17:05:59 +0000 ***Error creating intermediate CA. Error - The specified item already exists in the keychain.

2011-10-08 17:05:59 +0000 Intermediate CA creation failed with error - -25299

2011-10-08 17:05:59 +0000 Destroying OD master as CA creation failed with error 75

Thanks for any advice you might be able to offer.