Installing Directory Server Enterprise Edition 6.0

This entry takes you through Directory Server Enterprise Edition installation on Windows, showing screen shots taken while installing Directory Service Control Center with Directory Server and Directory Proxy Server on a Windows system.

Directory Server Enterprise Edition 6.0 comes in two installation distributions:

  • The Java Enterprise System native packaging distribution, which is installed as root on UNIX, Administrator on Windows.

    You install this distribution through the Java ES installer.

  • The zip distribution, which you can install as non-root.

    You install this distribution using a command called dsee_deploy.

One big difference between the distributions is that they do not include exactly the same software. The Java ES distribution gives you the web-based console, Directory Service Control Center. The Zip distribution gives you Identity Synchronization for Windows and Directory Editor.

So if you want to install Directory Service Control Center, as I will do below, you choose the Java ES distribution. For a longer explanation, see the DSEE Installation Guide.

Downloading Directory Server Enterprise Edition

You can download Directory Server Enterprise Edition 6.0 as part of Sun Java Identity Management Suite. See http://www.sun.com/software/swportfolio/get.jsp.

To install Directory Server Enterprise Edition with the web-based Directory Service Control Center on Windows, get the Windows .zip file, java_es-5-identsuite-ga-windows-x86.zip.

Installing Software With the Java ES Distribution

After you unpack the Java ES distribution download, run the setup program. I double-clicked setup.exe.

When you run setup.exe, you get the choice of doing a full install of everything in Java ES, or a custom install. The default is a full install. Pick custom to install just Directory Server Enterprise Edition. Custom install is not the default choice.

Select custom install

As you go through the installer wizard, there are two screens where you need to pay close attention. First, when you go to select what to install, clear the default. Pick just Directory Server Enterprise Edition instead.

Install only Directory Server Enterprise Edition

Second, choose Configure manually after installation. This gives you control over what Directory Server Enterprise Edition software you set up. You will set things up afterward with Directory Service Control Center.

Configure manually after installation

This “configure later” installation may seem to leave you high and dry when the install program finishes. The installer window closes. Nothing indicates what steps come next.

It turns out that a configure later installation only puts the software in the right places on your disk, and registers software with the system. Everything is awaiting your command. So the next thing to do is issue some commands.

(By the way, if you run the setup.exe again, you can use the installation program to remove software, or to modify your installation.)

Initializing Directory Service Control Center

The first command to issue is the one to set up Directory Service Control Center. Directory Service Control Center is the web-based console where you can set up Directory Server and Directory Proxy Server. The command to issue is dsccsetup initialize.

In order to get this to work, you first need to find the dsccsetup program. If you just accepted the default path, then you will find Directory Server Enterprise Edition software installed under C:\\Program Files\\Sun\\JavaES5\\DSEE.

Where files are located by default

So C:\\Program Files\\Sun\\JavaES5\\DSEE\\dscc6\\bin is where you will find the dsccsetup program.

Initializing DSCC

When you run dsccsetup initialize, you notice that it registers the Directory Service Control Center web application into Sun Java Web Console, and registers an agent into Cacao. Cacao, the Common Agent Container. Cacao is a sort of clearing house service for applications that do remote management. Cacao lets those applications register their local agents. Cacao then lets remote applications contact their local agents. The local agents can therefore do system level work - create a new server, start a server, etc. - that remote applications cannot easily do over the network.

The key step to notice, however, is that you pick a password for your Directory Service Manager. Keep track of that password. If you set everything up properly, you can use the Directory Service Manager password to do all sorts of directory service administration. Directory Service Manager is an account that is typically set up throughout your directory service.

Starting Directory Service Control Center

Directory Service Control Center is a Java Web Console application, a container for web applications. So you get to Directory Service Control Center through Java Web Console, which by default is at https://localhost:6789 where you install.

On Windows, the first time you login to Java Web Console, you must do so as a member of the local administrators' group. So this first login is done as a system user. The first login gets you to the Java Web Console page that shows all the applications you can manage.

Web Console login

I installed on a system with support for French, as you can see. Of course, you have your choice of several languages, including English.

After you log in through Java Web Console, you get a link to Directory Service Control Center.

Link to DSCC

Clicking that link takes you to the Directory Service Control Center login page. Here is where you need to remember the Directory Service Manager password. This second login is done as Directory Service Manager, a user whose credentials are stored in the DSCC Registry, not anywhere on the system. The second login takes you from the page of all applications you can manage to the page specifically for DSCC.

DSCC login

Successful login brings you finally to the Directory Service Control Center home page.

DSCC home page

Great! You are ready to set up directory services.


If you are a command line type, you probably did not read this far. Suffice it to say that the Zip distribution install, once you get to the dsee_deploy command, is quick. But you do not get the web-based console, just the command line tools for 6.0. To summarize, here is a dsee_deploy installation.

$ ./dsee_deploy install -c all -i /local/partition
$ 

Look at the dsee_deploy(1M) man page for more. Or read the DSEE Installation Guide. The DSEE Installation Guide also explains how to create servers with command line tools.

Comments:

I have installed this software on windows and successfully display the web console, but my authentication credentials fail. I use the user name password I supplied at install but they do not work. Is there a default set of credentials? Are the credentials supplied to the web console different the Directory Service Manager manager's credentials you supply at install? Any pointers are appreciated.

Posted by J.Rigsby on April 16, 2007 at 03:35 AM CEST #

At the end of the section detailing the Control Center installation (in the documentation), there is an instruction (8) to enable the Java Web Console to restart automatically, and an optional instruction (9) to enable the Common Agent Container (cacao) to restart automatically. On Windows, how does one do this? I tried issuing the command "smcwebserver enable" on the Windows command line, but I got the message "Use the platform service management facility to enable or disable the console." Thanks!

Posted by stephen on April 27, 2007 at 02:53 PM CEST #

Regarding authentication failure on Windows, the user to login to Sun Java Web Console is the same user who installed everything, one of the local administrators. Then when you login to Directory Service Control Center you login as the Directory Service admin. This user's credentials are stored in the Directory instance created when you set up DSCC. The Directory Service admin is not related to any operating system user. If you really cannot get into DSCC and you've forgotten the credentials, then you have no reason not to tear it down and start over. See the Troubleshooting Guide for some hints, http://docs.sun.com/app/docs/doc/820-1010/6ncn94s71?a=view

Posted by Mark on July 30, 2007 at 03:02 AM CEST #

To start Sun Java Web Console and the common agent container at boot time on Windows, you cannot quite do everything you need to do with Management Console. You will need to open a command prompt window.

Carole Hebrard suggests the following steps.

  1. Make sure the web app container service, such as Apache Tomcat, is set to start automatically using the Windows Management Console.
    Presumably, the Java ES installer takes care of this.
  2. Enable the common agent container to start at boot time:
    1. Run the following command: <tt>C:\\path\\to\\dsee6\\cacao_2\\bin\\cacaoadm enable -i default</tt>
    2. To work around bug 6581430, In Administrative Tools > Local Security Settings, edit the Privilege "Log On As A Service," and add the user used to start common agent container service. That is, the user who ran <tt>cacaoadm enable</tt>.
  3. Enable the DSCC Registry server instance to start at boot time:
    1. Run the following command to get the path to the server instance: <tt>C:\\path\\to\\dscc6\\bin\\dsccsetup status</tt>
    2. Stop the DSCC Registry instance using the following command: <tt>C:\\path\\to\\ds6\\bin\\dsadm stop dscc-registry-path</tt>
    3. Enable the DSCC Registry instance as a service: <tt>C:\\path\\to\\ds6\\bin\\dsadm enable-service dscc-registry-path</tt>

Posted by Mark on July 30, 2007 at 06:21 AM CEST #

Mixed Architecture Question:
Can I host my DSCC on Red Hat Linux and deploy my instances on Solaris 10 ?

I want to know if the Linux DSCC will deploy new instances for Solaris 10.

Posted by Jay Biddle on August 27, 2007 at 03:46 PM CEST #

Yes, you can host Directory Service Control Center on any supported platform, including Red Hat Enterprise Linux, and deploy your instances on Solaris 10, or any other supported platform.

The Red Hat based installation of Directory Service Control Center then communicates over the network with the DSCC agent installed on the Solaris 10 systems , and allows you to do all the same things you could do from DSCC installed on any other supported platform.

Posted by Mark on August 28, 2007 at 02:43 AM CEST #

I have forgotten my Directory Service Manager Username and Password, how can i retrieve it

Posted by Ppatel on October 11, 2007 at 10:58 AM CEST #

The Directory Service Manager username is the Common Name of the administrator user for the Registry. By default, the Directory Service Manager entry has DN cn=admin,cn=Administrators,cn=dscc, so the username is admin.

The tricky part is Directory Service Manager password. When you set up the Registry, the password you gave to Directory Service Manager was reused as the password for the Directory Manager of the Registry instance. Unfortunately, in order to change the Directory Service Manager's password, you'll need the Directory Manager's password... the password that's been forgotten!

So here's a workaround to fix that:

As described in the dsccsetup(1M) man page, http://docs.sun.com/app/docs/doc/819-0986/6n3chglmg?a=view, the default install location for the Registry (a Directory Server instance) "is /var/opt/SUNWdsee/dscc6/dcc/ads on Solaris systems, /var/opt/sun/dscc6/dcc/ads on HP-UX and Red Hat systems, and C:\\Program Files\\Sun\\DSEE\\var\\dscc6\\dcc\\ads on Windows systems." If you installed from the zip distribution, that might be something like /local/var/dscc6/dcc/ads. The default LDAP port is 3998.

Make sure your Registry instance is not running:
$ /local/ds6/bin/dsadm stop /local/var/dscc6/dcc/ads/
No ns-slapd PID file found. Server is probably not running.

Next, change the value of the Directory Manager password in the directory config file, dscc6/dcc/ads/config/dse.ldif. You'll want to change the value of nsslapd-rootpw to a cleartext password:
nsslapd-rootpw: changeme
Be careful not to add trailing spaces.

Then start the Registry server.
$ /local/ds6/bin/dsadm start /local/var/dscc6/dcc/ads/
Server started: pid=1557

Next, change the password for Directory Service Manager.
$ /local/dsrk6/bin/ldapmodify -D cn=Directory\\ Manager -w - -p 3998
Enter bind password:
dn: cn=admin,cn=Administrators,cn=dscc
changetype: modify
replace: userPassword
userPassword: newPassword

modifying entry cn=admin,cn=Administrators,cn=dscc

Finally, change the password for Directory Manager in the same way to avoid having it appear in clear text in the config file.

Posted by Mark on October 12, 2007 at 08:05 AM CEST #

I have install the sun one dir server 6.0 on windows. I am able to login at https://hostname/6789. But when I try to create a New Server in there, i use the ldap portsl 389 and SSL port 636, when I try to save the changes. it says make sure the Administrator has right to privileddged ports 389 and 636 and thus server cannot be created. How do i take care of this

Posted by Ppate on February 08, 2008 at 09:09 AM CET #

I believe there's a bit of a bug in Directory Service Control Center when using privileged ports. Theoretically on Windows systems you do not have privileged ports. On UNIX and Linux systems, however, port numbers less than 1024 are usually reserved, so you have to be the system admin (root, for example) or have special rights of the kind set using RBAC on Solaris systems to use ports like 389 and 636.

To workaround the issue, try using the command line tools to set up your instance and set the port numbers. My post, http://blogs.sun.com/marginNotes/entry/the_version_6_cli%3A_getting, shows you how to set up a server using dsadm and dsconf. You can then use dsconf set-server-prop ldap-port:389 ldap-secure-port:636 to set the ports to use. Finally, you can register your new instance in Directory Service Control Center using the wizard provided for registering existing servers.

Posted by Mark on February 11, 2008 at 02:54 AM CET #

Alternatively if you have already created the server with Directory Service Control Center, you can do all the work with command line tools:

1) dsccreg remove-server -h dscchost /local/myDS

2) dsconf set-server-prop -p 1389 ldap-port:389 ldap-secure-port:636

3) dsadm restart /local/myDS

4) dsccreg add-server -h dscchost /local/myDS

(Thanks to Carole Hebrard and Eric Le Ponner for help with these last two comments.)

Posted by Mark on February 11, 2008 at 05:40 AM CET #

Hi,

I have installed the DSEE as mentioned by you on a windows 2003 server.Now i want to upgrade it to DSEE 6.2. Is there a patch only for this please let me know.

Posted by Sandesh R Rao on February 25, 2008 at 06:39 AM CET #

Sorry for the slow response. I've been out of the office.

For DSEE 6.2 on Windows 2003, you can get the software in either patch form or in base full install. If you installed using the Java ES installer, then get the native package distribution, rather than the zip distribution.

The URL to the download center is http://www.sun.com/software/products/directory_srvr_ee/get1.jsp

Posted by Mark on February 29, 2008 at 12:44 AM CET #

I can't login into Java Web Console. I do the user as Administrator. What should be the password.

Also when i was initializing i got the following :C:\\Program Files\\Sun\\JavaES5\\DSEE\\dscc6\\bin>dsccsetup initialize
\*\*\*
Registering DSCC Application in Sun Java(TM) Web Console
This operation is going to stop Sun Java(TM) Web Console.
Do you want to continue ? [y,n] y
Stopping Sun Java(TM) Web Console...
Registration is on-going. Please wait...
DSCC is registered in Sun Java(TM) Web Console
Restarting Sun Java(TM) Web Console
Please wait : this may take several seconds...
Sun Java(TM) Web Console restarted successfully
\*\*\*
Registering DSCC Agent in Cacao...
Checking Cacao status...
Starting Cacao...
## Failed to run "C:/Program Files/Sun/JavaES5/share/cacao_2/bin/cacaoadm.bat" s
tart
####
#### Cannot start an unconfigured instance.
####
## Exit code is 1
Failed to register DSCC agent with Cacao.
\*\*\*

C:\\Program Files\\Sun\\JavaES5\\DSEE\\dscc6\\bin>dsccsetup initialize
\*\*\*
DSCC Application is already registered
\*\*\*
DSCC Agent is already registered
\*\*\*
Choose password for Directory Service Manager:
Confirm password for Directory Service Manager:
Creating DSCC registry...
DSCC Registry has been created successfully
\*\*\*

PLease let me know what you think.

Thanks

Posted by Neha on April 18, 2008 at 12:53 PM CEST #

Hi,
I cannot create directory server in Windows 2003 & XP. I recieve the following error:
An unexpected error occurred creating the new directory server

Thanks, Maimon

Posted by Maimon on April 21, 2008 at 09:22 AM CEST #

Hi,

I'm trying to Enable the common agent container to start at boot time on Win2003, running the following command: "C:\\Program Files\\Sun\\JavaES5\\share\\cacao_2\\bin>cacaoadm enable -i default". Unfortanately, I get the "Invalid command [enable]" message.

Can anybody help me?

Cheers,

Wouter

Posted by Wouter on May 15, 2008 at 09:39 AM CEST #

Neha, there are two passwords for logging in. The first, to log into Java Web Console, is the Administrator password for the Administrator user of the Windows system. The second is the Directory Service Control Center administrator password, the one you created when you ran the "dsccsetup initialize" command.

There is no default password.

Posted by Mark on May 23, 2008 at 08:34 AM CEST #

Maimon, when you get the unexpected error, what steps are you carrying out?

If you are creating a Directory Server instance with DSCC and you get an unexpected error, you may also get an explanation in the window. For example, in creating an instance on Windows XP, I got an unexpected error, but there were also a few lines of information about why: DSCC couldn't start the server instance.

This was happening because of a bug, "6495004:
On Windows systems, Directory Server has been seen to fail to start when the base name of the instance is ds." The bug is mentioned in the release notes, http://docs.sun.com/app/docs/doc/820-2759/ds-bugs

Posted by guest on May 23, 2008 at 08:54 AM CEST #

Wouter,

Cacaoadm needs you to provide your password in a file so that it can use that password to authenticate when enabling the service. Here password.txt is a text file containing my password.

C:\\Documents and Settings\\Mark Craig\\Desktop\\dsee6\\cacao_2\\bin>cacaoadm enable -
i default --file password.txt

C:\\Documents and Settings\\Mark Craig\\Desktop\\dsee6\\cacao_2\\bin>

Posted by Mark on May 23, 2008 at 10:14 AM CEST #

At least in Windows 2003 Server, the instance path you enter for newly created directory cannot contain subfolders such as c:\\local\\ds
Whenever I used such path I received the "An unexpected error occurred..." mentioned above
When I used just c:\\ds, the directory was created with no errors.
It took me days to find this, since I didn't imagine that the path I'm using (c:\\local\\ds) that was given as an example in the installation guide is the error cause....

Posted by Maimon Dahan on May 25, 2008 at 05:10 AM CEST #

Hi All,

I have installed the Sun Directory Server 6.2 and configured it in configured later mode using my account "sunny_ajmera". But I am unable to login in Web console of DS using my account name and password. Is there anyway to know the account name and password used for installing DS?

please help.

Thanks

Posted by sunny ajmera on March 30, 2009 at 04:03 AM CEST #

Assuming you are on Windows as in the above example... is the sunny_ajmera account in the local administrators group?

(The first time you login to the Sun Java Web Console, you need to do so as a member of the local administrators group.)

Posted by Mark Craig on March 31, 2009 at 03:25 PM CEST #

Yes, sunny_ajmera is part of administrator group and I tried giving the credentials through which i logon to the windows machine but it didn't help.

Isn't there any way to reset or recover the username and passsowrd or I have no other option except re-installing the Directory server?
Although, everywhere it is mentioned that you use account with root/admin privilieges to install the Directory server but my credentails are not working.

Please help.

Thanks

Posted by Sunny Ajmera on April 01, 2009 at 01:15 AM CEST #

Hi,

I am getting following error when trying to run dsccsetup initialize in the windows 2003 server.I followed the above document.But am i missing any hing here.Please help

C:\\Program Files\\Sun\\JavaES5\\DSEE\\dscc6\\bin>dsccsetup initialize
\*\*\*
Registering DSCC Application in Sun Java(TM) Web Console
This operation is going to stop Sun Java(TM) Web Console.
Do you want to continue ? [y,n] y
Stopping Sun Java(TM) Web Console...
Registration is on-going. Please wait...
DSCC is registered in Sun Java(TM) Web Console
Restarting Sun Java(TM) Web Console
Please wait : this may take several seconds...
Sun Java(TM) Web Console restarted successfully
\*\*\*
## Failed to run "C:/Program Files/Sun/JavaES5/share/cacao_2/bin/cacaoadm.bat" l
ist-modules -r
####
#### The system cannot find the path specified.
####
## Exit code is 1
\*\*\*

Thanks,
Rifdhy.

Posted by rifdhy on May 11, 2009 at 01:21 AM CEST #

What happens when you run cacaoadm directly? For example, do you see something like this?

C:\\Program Files\\Sun\\JavaES5\\DSEE\\dsee6\\cacao_2\\bin>cacaoadm list-modules -r
com.sun.cacao.command_stream_adaptor.xml
com.sun.cacao.efd.xml
com.sun.cacao.instrum.xml
com.sun.cacao.invoker.xml
com.sun.cacao.logging_manager.xml
com.sun.cacao.mib2simple.xml
com.sun.cacao.rmi.xml
com.sun.cacao.snmpv3_adaptor.xml
com.sun.cmm.ds.xml
com.sun.directory.nquick.xml
com.sun.mfwk.xml

Posted by Mark Craig on May 11, 2009 at 02:19 PM CEST #

Hi Mark,

Thank you for your response.I am unable to run cacaoadm list-modules -r.It says

C:\\Program Files\\Sun\\JavaES5\\share\\cacao_2\\bin>cacaoadm list-modules -r
The system cannot find the path specified.

is the path i mentioned correct?.because cacao_2 is not in the dsee6 as you mentioned.it is in share folder.

and when i try to run the cacaoadm enable -i

C:\\Program Files\\Sun\\JavaES5\\share\\cacao_2\\bin>cacaoadm enable -i
The system cannot find the path specified.

is this anything to do with the cacaoadm.bat file

And i followed the instructions as mention in following URL.am i doing any thing wrong here?

http://blogs.sun.com/marginNotes/entry/installing_directory_server_enterprise_edition

Thanks,
Rifdhy.

Posted by rifdhy on May 11, 2009 at 11:09 PM CEST #

Hi Mark,

Thank you for your response.I am unable to run cacaoadm list-modules -r.It says

C:\\Program Files\\Sun\\JavaES5\\share\\cacao_2\\bin>cacaoadm list-modules -r
The system cannot find the path specified.

is the path i mentioned correct?.because cacao_2 is not in the dsee6 as you mentioned.it is in share folder.

and when i try to run the cacaoadm enable -i

C:\\Program Files\\Sun\\JavaES5\\share\\cacao_2\\bin>cacaoadm enable -i
The system cannot find the path specified.

is this anything to do with the cacaoadm.bat file

And i followed the instructions as mention in following URL.am i doing any thing wrong here?

http://blogs.sun.com/marginNotes/entry/installing_directory_server_enterprise_edition

Thanks,
Rifdhy.

Posted by rifdhy on May 11, 2009 at 11:11 PM CEST #

Hmm... Maybe I took too short of a shortcut, installing from the ZIP distribution instead of the packages. From the prefix of your path, it looks like you have the package distribution.

Still, as documented in http://docs.sun.com/app/docs/doc/820-2765/binaries-ds and http://docs.sun.com/app/docs/doc/820-2765/default-paths-and-file-names, cacaoadm.bat should be under C:\\Program Files\\Sun\\JavaES5\\DSEE\\dsee6\\cacao_2\\bin\\.

I'm not clear on why dsccsetup would be looking in share\\cacao_2\\bin\\ instead.

Posted by Mark Craig on May 12, 2009 at 01:34 AM CEST #

After checking with the expert, Carole, C:\\Program Files\\Sun\\JavaES5\\share\\cacao_2\\bin in fact does sound right.

Are you sure the package for cacao was effectively installed?

Posted by Mark Craig on May 13, 2009 at 10:47 AM CEST #

Hi Ridhy,

Mark is right, the package for cacao wasn't installed properly. I will suggest you to do installation once again and manually configure the DS.

Posted by guest on May 13, 2009 at 11:37 PM CEST #

Hi Mark,

thank you.I will try another fresh installation again and get back to you.I did the installation from remote desktop.Can this be a reason? any way i am going to try from console.

Thanks,
Rifdhy.

Posted by rifdhy on May 14, 2009 at 02:19 AM CEST #

A few releases ago there were issues with installation under Terminal Services, which have morphed into Remote Desktop. As far as we know, however, those issues have been fixed.

It does look like the cacao shared component did not install correctly. Presumably a fresh install should correct the problem, especially if you are sure the shared components are getting installed.

Posted by Mark Craig on May 18, 2009 at 02:54 AM CEST #

I'm having the same problem as Ridfhy -- `cacaoadm.bat list-modules -r' fails with the message "The system cannot find the file specified." I've tried reinstall JES but that hasn't helped. I'm using the ZIP file java_es-5-ga-windows-x86.zip on Windows 2003 Server x86-64 Ent. Ed'n. SP1. Thanks!

Posted by Chris Waltham on June 01, 2009 at 12:47 PM CEST #

Just to check something here, cacaoadm.bat launches C:\\Program Files\\Sun\\JavaES5\\share\\cacao_2\\lib\\private\\perl\\bin\\perl.exe. Will cacaoadm.bat run for you? What's the output?

Posted by Mark Craig on June 03, 2009 at 01:41 AM CEST #

I had not done this for a while. So I installed Windows 2003 Server Enterprise Edition SP 1, updated to the latest and greatest service packs and security fixes and so forth, and installed Java ES 5 from java_es-5-ga-windows-x86.zip downloaded from the JES 5 site, according to the instructions above. Caveat: I installed the 32-bit version on VirtualBox 2.2.4 on my work laptop.

Here's the output I saw for dsccsetup initialize:

C:\\Program Files\\Sun\\JavaES5\\DSEE\\dscc6\\bin>dsccsetup initialize
\*\*\*
Registering DSCC Application in Sun Java(TM) Web Console
This operation is going to stop Sun Java(TM) Web Console.
Do you want to continue ? [y,n] y
Stopping Sun Java(TM) Web Console...
Registration is on-going. Please wait...
DSCC is registered in Sun Java(TM) Web Console
Restarting Sun Java(TM) Web Console
Please wait : this may take several seconds...
Sun Java(TM) Web Console restarted successfully
\*\*\*
Registering DSCC Agent in Cacao...
Checking Cacao status...
Deploying DSCC agent in Cacao...
DSCC agent has been successfully registered in Cacao.
\*\*\*
Choose password for Directory Service Manager:
Confirm password for Directory Service Manager:
Confirm password for Directory Service Manager:
Creating DSCC registry...
DSCC Registry has been created successfully
\*\*\*

C:\\Program Files\\Sun\\JavaES5\\DSEE\\dscc6\\bin>

IE 8 does not like the self-signed certificate from Sun Java Web Console, but other than that, it seemed to work for me on this 32-bit virtual machine.

My guess is that the issue is effectively related to the OS being 64-bit.

What do you get why you go to run cacaoadm.bat by hand? I see the following:

C:\\Program Files\\Sun\\JavaES5\\share\\cacao_2\\bin>cacaoadm.bat list-modules -r
com.sun.cacao.command_stream_adaptor.xml
com.sun.cacao.efd.xml
com.sun.cacao.invoker.xml
com.sun.cacao.logging_manager.xml
com.sun.cacao.mib2simple.xml
com.sun.cacao.rmi.xml
com.sun.cacao.snmpv3_adaptor.xml
com.sun.directory.nquick.xml
com.sun.mfwk.xml
C:\\Program Files\\Sun\\JavaES5\\share\\cacao_2\\bin>

Posted by Mark Craig on June 04, 2009 at 09:52 AM CEST #

I have the same configuration as you do, but this is what I get when I run dsccsetup initialize:

C:\\Program Files\\Sun\\JavaES5\\DSEE\\dscc6\\bin>dsccsetup initialize
\*\*\*
Registering DSCC Application in Sun Java(TM) Web Console
This operation is going to stop Sun Java(TM) Web Console.
Do you want to continue ? [y,n] y
Stopping Sun Java(TM) Web Console...
Registration is on-going. Please wait...
DSCC is registered in Sun Java(TM) Web Console
Restarting Sun Java(TM) Web Console
Please wait : this may take several seconds...
Sun Java(TM) Web Console restarted successfully
\*\*\*
Registering DSCC Agent in Cacao...
Checking Cacao status...
Deploying DSCC agent in Cacao...
DSCC agent has been successfully registered in Cacao.
\*\*\*
Choose password for Directory Service Manager:
Confirm password for Directory Service Manager:
Creating DSCC registry...
rc = 11
C:/Program Files/Sun/JavaES5/DSEE/ds6/bin/dsadm.exe exited with unexpected error
code 11
com.sun.directory.common.slapx.AdmCmdErrorException: "C:/Program Files/Sun/JavaE
S5/DSEE/ds6/bin/dsadm.exe" create -p 3998 -P 3999 --pwd-file C:\\DOCUME~1\\ADMINI~
1\\LOCALS~1\\Temp\\1\\ads19016.tmp "C:/Program Files/Sun/JavaES5/DSEE/var/dscc6/dcc/
ads"
at com.sun.directory.common.slapx.AdmCmd.run(AdmCmd.java:76)
at com.sun.directory.common.slapx.AdmCmd.run(AdmCmd.java:47)
at com.sun.directory.dcc.ads.ADSInstall.createADSInstance(ADSInstall.jav
a:626)
at com.sun.directory.dcc.ads.ADSInstall.create(ADSInstall.java:233)
at com.sun.directory.dcc.cli.setup.CmdAdsCreate.performCreate(CmdAdsCrea
te.java:125)
at com.sun.directory.dcc.cli.setup.CmdAdsCreate.perform(CmdAdsCreate.jav
a:55)
at com.sun.directory.dcc.cli.setup.CmdAdsCreate.perform(CmdAdsCreate.jav
a:31)
at com.sun.directory.dcc.cli.setup.CmdInitialize.perform(CmdInitialize.j
ava:51)
at com.sun.directory.clip.ClipSubcommand.execute(ClipSubcommand.java:84)

at com.sun.directory.clip.ClipParser.execute(ClipParser.java:192)
at com.sun.directory.dcc.cli.setup.SetupMain.main(SetupMain.java:12)
Sofware installation is probably incomplete or corrupted
\*\*\*

C:\\Program Files\\Sun\\JavaES5\\DSEE\\dscc6\\bin>

Note that, when installing JES, the only component I'm installing (well, I'm installing its subcomponents) is DSEE.

Posted by Chris Waltham on June 04, 2009 at 01:33 PM CEST #

I'll check with my colleagues who developed this. The exception's a bit generic and the errors such as code 11 are not in the docs. So I'm guessing.

But this smells like a "file not found" kind of error. Maybe there's something wrong with --pwd-file C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\1\\ads19016.tmp.

What output do you get when you create your own password file containing nothing but the password, for example "echo password > pwd.txt" and then run the following?
C:\\Program Files\\Sun\\JavaES5\\DSEE\\dscc6\\bin>dsccsetup ads-create -w pwd.txt

As described in the man page, the ads-create subcommand creates the DSCC Registry, called ADS because originally the name was Administration Directory Server.

dsccsetup ads-create [-w file]

Initialize the DSCC registry, a local Directory Server
instance for private use by DSCC to store configuration
information. DSCC requires that this instance reside
locally on the host where you run DSCC. Therefore, if
you replicate the data in the instance for high availa-
blity, set up one DSCC per replica host.

If you do not provide the Directory Manager password for
the DSCC registry in the file passed to the -w option,
the command prompts for the password.

The default port numbers used by the instance are 3998
for LDAP, and 3999 for LDAPS.

The default instance path is
/var/opt/SUNWdsee/dscc6/dcc/ads on Solaris systems,
/var/opt/sun/dscc6/dcc/ads on HP-UX and Red Hat systems,
and C:Program Files Windows systems.

The base DN for the suffix containing configuration
information is cn=dscc. Use the dsccsetup status subcom-
mand to read actual values for the DSCC registry
instance.

Posted by Mark Craig on June 05, 2009 at 01:36 AM CEST #

By the way, I did install on Windows 2003 Server Enterprise x64 Edition (updated to SP2) in a x64 virtual machine over Remote Desktop Connection.

The bits end up under "C:\\Program Files (x86)" and nothing seems broken.

C:\\Program Files (x86)\\Sun\\JavaES5\\DSEE\\dscc6\\bin>dsccsetup initialize
\*\*\*
Registering DSCC Application in Sun Java(TM) Web Console
This operation is going to stop Sun Java(TM) Web Console.
Do you want to continue ? [y,n] y
Stopping Sun Java(TM) Web Console...
Registration is on-going. Please wait...
DSCC is registered in Sun Java(TM) Web Console
Restarting Sun Java(TM) Web Console
Please wait : this may take several seconds...
Sun Java(TM) Web Console restarted successfully
\*\*\*
Registering DSCC Agent in Cacao...
Checking Cacao status...
Starting Cacao...
DSCC agent has been successfully registered in Cacao.
\*\*\*
Choose password for Directory Service Manager:
Confirm password for Directory Service Manager:
Creating DSCC registry...
DSCC Registry has been created successfully
\*\*\*

C:\\Program Files (x86)\\Sun\\JavaES5\\DSEE\\dscc6\\bin>

I also created a Directory Server instance, which seems to work. So I haven't managed to reproduce the problem, yet.

Posted by Mark Craig on June 05, 2009 at 01:43 AM CEST #

Chris, another possibility with an error 11 is with a password less than 8 characters, or password containing non-ASCII characters.

Posted by Mark Craig on June 09, 2009 at 06:01 AM CEST #

Hi,

I am not able to start cacaoadm it says
C:\\Program Files\\Sun\\JavaES5\\share\\cacao_2\\bin>cacaoadm start
Cannot start an unconfigured instance.

can anyone help.

Status of dsccsetup shows as:
C:\\Program Files\\Sun\\JavaES5\\DSEE\\dscc6\\bin>dsccsetup status
\*\*\*
DSCC Application is registered in Sun Java (TM) Web Console
\*\*\*
DSCC Agent is registered in Cacao
Cacao is down. Start it using:
C:/Program Files/Sun/JavaES5/share/cacao_2/bin/cacaoadm.bat start
Cacao uses a custom port number (-1)
\*\*\*
DSCC Registry has been created
Path of DSCC registry is C:/Program Files/Sun/JavaES5/DSEE/var/dscc6/dcc/ads
Port of DSCC registry is 3998
\*\*\*

C:\\Program Files\\Sun\\JavaES5\\DSEE\\dscc6\\bin>dsccsetup status
\*\*\*
DSCC Application is registered in Sun Java (TM) Web Console
\*\*\*
DSCC Agent is registered in Cacao
Cacao is down. Start it using:
C:/Program Files/Sun/JavaES5/share/cacao_2/bin/cacaoadm.bat start
Cacao uses a custom port number (-1)
\*\*\*
DSCC Registry has been created
Path of DSCC registry is C:/Program Files/Sun/JavaES5/DSEE/var/dscc6/dcc/ads
Port of DSCC registry is 3998
\*\*\*

Posted by Jagjit on July 29, 2009 at 07:31 AM CEST #

Hello. If the custom port number for Cacao is -1, that makes me think something strange is wrong. If you have not yet loaded your DSCC Registry with any important data, you could try starting over with the dismantle subcommand, then the intialize subcommand:

C:\\Program Files\\Sun\\JavaES5\\DSEE\\dscc6\\bin>dsccsetup dismantle
C:\\Program Files\\Sun\\JavaES5\\DSEE\\dscc6\\bin>dsccsetup initialize

Posted by Mark Craig on July 29, 2009 at 10:51 AM CEST #

Hi,
is possible to change https port number (6789) at web console? I have instaled IBM DB2 and one of DB2 services (db2jds.exe) listening at this port (6789).
I tryed to change it at /etc/webconsole/console/config.properties file but after I had problems to start smcwebserver (smcwebserver start >> Domain creation failed, exception creating instance console).
Any idea?

Thanx.

Posted by Ludovit Neupauer on September 29, 2009 at 08:47 AM CEST #

Unless I'm missing something, there does not appear to be an easy or well-supported way to change the Sun Java Web Console port number.

However, with the Java ES 6 version (Directory Server Enterprise Edition 6.3.1) you can use a different web application container and pick your own port number. Installation instructions are at http://docs.sun.com/app/docs/doc/820-2761/install-dscc-zip

Posted by Mark Craig on September 30, 2009 at 10:25 AM CEST #

You all are lucky! I can't even get past the initial install on Win2K3 SP2. The installer dies and complains that Portal~1.cab is missing from my install directory. Why the heck do I need Portal~1.cab? And If I do, why was it missing from the native package distro?

Posted by Darryl Price on October 30, 2009 at 08:43 AM CET #

I believe the Java ES installer counts on all the Java Enterprise System component packages being available, including those for Portal Server. So you need the full Java ES download to install the Windows native package version for example.

Posted by Mark Craig on November 02, 2009 at 03:04 AM CET #

I am trying to enable the cacao service with:

cacaoadm enable -i default -f password.txt

I keep getting

[enable] service failed. I'm confused. Am I aupposed to create the service first with sc create? I dug through the Sun Private perl and constructed this command from CacaoAdm::PlatformStarter:

"D:\\Program Files\\Sun\\JavaES5\\share\\cacao_2\\lib\\tools\\cacaosvc_ctrl.exe" -c -n "Common Agent Container 2" -u "Common Agent Container 2" -- "D:\\Program Files\\Sun\\JavaES5\\share\\cacao_2\\lib\\tools\\cacaosvc" "D:\\Program Files\\Sun\\JavaES5\\share\\cacao_2\\bin\\cacaoadm.bat" start -i default

This created the service, I'm just not sure if this is the right thing to do.

Posted by Darryl Price on November 04, 2009 at 05:52 AM CET #

Hmm... theoretically the documented method you cite ought to work. If not, you should be able to get official help from support.

On thing that worries me with digging into the Sun private perl content is there's no guarantee you might not accidentally overwrite with a subsequent patch.

Posted by Mark Craig on November 04, 2009 at 10:38 AM CET #

There's one other thing that's been bothering me. I frankly don't like the idea of shared accounts and passwords for anything. Audit logging is hugely important and unless everyone is forced to log into an account that they alone have access to, it becomes difficult to know what's going on with the directory topology. It's why I never liked the admin server and the admin,administrators,topologymanagement,netscaperoot user in 5.x.

Given that theseare just binddns and ACIs we're talking about, doesn't it makes sense to create unique accounts for DSCC admin users and then just proxy the system requests when necessary using the stored OS user account name and credentials? I suppose I could just grab the rootDSE from the DSCC, find the branch of the tree among the list of supported naming contexts, and then manually maintain the DSCC that way. Only thing is, would the console reject a login request from a user other than admin even one that exists in the same namespace as admin

Posted by Darryl Price on November 07, 2009 at 12:44 PM CET #

I've been a bit concerned about a migration to DSEE 6.x in terms of how I was going to do about getting rid of the legacy practice of sharing the admin user account via the console and over reliance on cn=Directory Manager when making configuration changes over protocol. The console and command line tools provide no means of creating additional console admins but a search of cn=config on the dscc registry (port 3998) provided a clue.

I created the following LDIF

dn: cn=dprice,cn=Administrators,cn=dscc
changetype: add
objectClass: top
objectClass: person
sn: price
cn: dprice
userPassword: \*\*\*\*\*\*\*\*

Then ran ldapmodify -h localhost -p 3998 -D"cn=admin,cn=Adminsitrators,cn=dscc -w<password>

Voila! I can now authenticate to the dscc as myself. Don't know if this is supported by sun but so far things seem to be working.

Posted by Adding new users to the DSCC on November 14, 2009 at 11:12 AM CET #

Thanks. Creating extra administrators is the right thing to do, yes.

(For some reason Roller thought your comment was spam and blocked it. I had to approve it manually. Strange.)

Posted by Mark Craig on November 18, 2009 at 08:01 AM CET #

Hi
I tried installing SUN DS on multiple times on multiple machines, but facing the same problem of DS not initilazing(dsccsetup initialize) properly due to CACAOADM.Please suggest if i am missing something.
I am installing using SUN JES Pakage (JES_5.0-Windows-x86)

C:\\Program Files\\Sun\\JavaES5\\DSEE\\dscc6\\bin>dsccsetup initialize
\*\*\*
DSCC Application is already registered
\*\*\*
## Failed to run "C:/Program Files/Sun/JavaES5/share/cacao_2/bin/cacaoadm.bat" l
ist-modules -r
####
#### The system cannot find the path specified.
####
## Exit code is 1
\*\*\*

However, if we manually try to start CACAOADM, then it
C:\\Program Files\\Sun\\JavaES5\\DSEE\\dscc6\\bin>"C:/Program Files/Sun/JavaES5/share/cacao_2/bin/cacaoadm.bat" list-module -r
The system cannot find the path specified.

C:\\Program Files\\Sun\\JavaES5\\DSEE\\dscc6\\bin>"C:/Program Files/Sun/JavaES5/share/
cacao_2/bin/cacaoadm.bat" start
The system cannot find the path specified.

Following env variable are set :-

CACAO_PATH="C:\\Program Files\\Sun\\JavaES5\\share\\cacao_2\\bin"
CLASSPATH=.
JAVA_HOME=C:\\PROGRA~1\\Java\\JDK16~1.0_1
JDK_HOME=C:\\PROGRA~1\\Java\\JDK16~1.0_1\\bin
JDMK_PATH=C:\\Program Files\\Sun\\JavaES5\\share\\lib
MFWK_PATH=C:/PROGRA~1/Sun/JavaES5/share/mfwk
PERL5LIB=C:\\Progra~1\\Sun\\JavaES5\\share\\cacao_2\\lib\\private\\perl

path="C:\\Program Files\\Sun\\JavaES5\\share\\lib";"C:\\Program Files\\Sun\\JavaES5\\share\\bin";%JAVA_HOME%\\bin;"C:\\Program Files\\Sun\\JavaES5\\share\\cacao_2\\bin";C:\\PROGRA~1\\Java\\JDK16~1.0_1\\bin;%JAVA_HOME%\\bin;E:\\oracle\\product\\10.2.0\\client_1;%SystemRoot%\\system32;%SystemRoot%;%SystemRoot%\\System32\\Wbem;"C:\\Program Files\\Java\\jdk1.6.0_13";C:\\Program Files\\MySQL\\MySQL Server 5.0\\bin;C:\\antroot\\bin;C:\\Program Files\\WindowsImaging\\;"C:\\Sun\\sun-one-policy-agent-2.2-sjsws_v70-WINNT\\web_agents\\sjsws_agent\\lib";c:\\ant\\bin;C:\\Program Files\\Common Files\\DivX Shared\\

Thanks

Posted by RAM on January 16, 2010 at 11:04 PM CET #

Not sure. From a distance, this looks like the same sort of issue Rifdhy was running into, described above. For Rifdhy, it looked like the package was not properly installed. I didn't see the final word on that, but reinstalling the packages might do the trick.

Alternatively, I shared mail with Ludovit Neupauer, who also wrote a comment above. Ludovit was having similar symptoms with 6.0. After an upgrade to 6.3.1 the problems went away.

Posted by Mark Craig on January 18, 2010 at 02:50 AM CET #

At description of patch for DS 6.3.1 is, that it fix some problems for DS 6.0 (and for other versions too).

More at: http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1

Now I haven't problems to create new Directory Servers.
For information, here is procedure for change webconsole port (6789 to other port): http://blogs.sun.com/augustus/entry/changing_sun_cluster_manager_3

Posted by Ludovit Neupauer on January 19, 2010 at 02:13 AM CET #

I am getting the following error when I do dsccsetup initialze
Starting Cacao...
## Failed to run "D:/Program Files/Sun/JavaES5/share/cacao_2/bin/cacaoadm.bat" start
#### user1
####
#### Error handling error: 1722, LookupAccountName at D:/PROGRA~1/Sun/JavaES5/share/cacao_2/lib/tools/scr
ipts/CacaoAdm/PlatformFileHelper.pm line 68.
####
## Exit code is 9
Failed to register DSCC agent with Cacao.
\*\*\*
can you please help me to resolve the same

Posted by Maria on February 05, 2010 at 03:28 AM CET #

Maria, which version of cacao is this specifically?
In other words, what's the output of D:/Program Files/Sun/JavaES5/share/cacao_2/bin/cacaoadm.bat -V ?

Emmanuel from the Cacao team suspects this issue might have been fixed in a patch since 6.0.

What user account are you logged on as when you run the dsccsetup initialize command?

Regards,
Mark

Posted by Mark Craig on February 10, 2010 at 04:00 AM CET #

I am using combo of Sun directory server 6.3.1 with RSA Access Manager 6.0. At some point they were saying that once they both are connected then if I create any user using Directory server console I will be able to see this same under RSA Access Manager admin console but I am unable to find a way using which I can create user from directory server console. Can you please guide me if and how can I create users using sun directory server console.

thanks

Posted by ahmar faraz on March 31, 2010 at 12:54 PM CEST #

After you login to Directory Service Control Center, you get to the "Common Tasks" page, as shown in the documentation at http://docs.sun.com/source/820-2761/images/dscc.gif.

From there, click Create New Entry under Directory Entry Management. The new entry you create can be of any type supported by Directory, so pick a type that corresponds to a user.

Hope it helps,
Mark

Posted by Mark Craig on April 01, 2010 at 01:17 AM CEST #

Hi Mark,
I am having issues here. I rebooted the machine which has Directory server installed on it. After this I am having whole lot of issues. I am unable to start directory server instance which I created before and when I tried to start it using start buton from directory server tab it is asking me to specify admin user name and password and as soon as I did that it throws this exception:

could not contact dscc agent on ldaprsa.dctmlabs.com. Use the command cacaoadm to check that the dscc agent is installed and running on port 11162

Later when I ran cacaoadm list-params I am getting this:
C:\\Program Files\\Sun\\JavaES5\\share\\cacao_2\\bin>cacaoadm list-params
java-home=C:\\Java\\JDK15~1.0_0
java-flags=-Xms4M -Xmx64M
nss-tools-home=C:\\PROGRA~1\\Sun\\JavaES5\\share\\bin
nss-lib-home=C:\\PROGRA~1\\Sun\\JavaES5\\share\\lib
secure-webserver-port=11165
enable-instrumentation=false
network-bind-address=0.0.0.0
snmp-adaptor-trap-port=11162
jdmk-home=C:\\PROGRA~1\\Sun\\JavaES5\\share
retries=4
jmxmp-connector-port=11162
snmp-adaptor-port=11161
rmi-registry-port=11164
commandstream-adaptor-port=11163

The output of dsccsetup initialize command showed:
C:\\Program Files\\Sun\\JavaES5\\DSEE\\dscc6\\bin>dsccsetup.exe initialize
\*\*\*
DSCC Application cannot be registered because it is not installed
\*\*\*
DSCC Agent is already registered
\*\*\*
DSCC Registry has already been created
\*\*\*

Can you please help me out here as I am unable to grab as to what is the cause of this.

Thanks
Ahmar

Posted by Ahmar on April 15, 2010 at 12:30 PM CEST #

Ahmar, thanks for your comment. I'm late getting back.

From what you have posted, I understand the Directory Service Control Center is not installed on the same system you rebooted, which houses Directory Server.

You could restart Directory Server by logging on to the system you rebooted, and running the dsadm start subcommand:
C:\\Program Files\\Sun\\JavaES5\\DSEE\\ds6\\bin>dsadm start <path-to-Directory-Server>

The output of dsccsetup status, may also tell you more than the initialize subcommand about the status of the components.
C:\\Program Files\\Sun\\JavaES5\\DSEE\\dscc6\\bin>dsccsetup status

Posted by Mark Craig on April 26, 2010 at 04:19 AM CEST #

Mark is right. The error 11 below is due to password less than 8 characters. When I gave a 8 letter password, the ads was created successfully.

4-digit password:

C:\\dsee7\\bin>dsccsetup ads-create
Choose password for Directory Service Manager:
Confirm password for Directory Service Manager:
Creating DSCC registry...
rc = 11
C:/dsee7/bin/dsadm.exe exited with unexpected error code 11
Sofware installation is probably incomplete or corrupted

8-letter password:

C:\\dsee7\\bin>dsccsetup ads-create
Choose password for Directory Service Manager:
Confirm password for Directory Service Manager:
Creating DSCC registry...
DSCC Registry has been created successfully

Posted by surya dandu on December 24, 2010 at 09:17 PM CET #

Mark is right. The error 11 below is due to password less than 8 characters. When I gave a 8 letter password, the ads was created successfully.

Posted by surya dandu on December 24, 2010 at 09:18 PM CET #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Mark Craig writes about Directory Services products and technologies. The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today