Event ID 12291 — Server for NIS Service Availability

  • Article

Applies To: Windows Server 2008

Server for NIS service availability indicates the functional state of the Server for NIS service. When Server for NIS is available, it updates NIS maps on all subordinate servers in the domain if it is running as an NIS master server, and accepts NIS replication data from Active Directory if it is running as a subordinate server.

Event Details

Product: Windows Identity Management for UNIX
ID: 12291
Source: Microsoft-Windows-IDMU-ServerForNIS
Version: 6.0
Symbolic Name: MSG_BAIL_ON_FAILURE
Message: Info: Function exited with bail_on_failure. %1.

Diagnose

An error occured while the Server for NIS service was running.

Server for NIS service failures typically occur for one or more of the following reasons:

  • Server for NIS cannot communicate with the LDAP service
  • Windows does not have sufficient virtual memory
  • Server for NIS does not have appropriate permissions to write to the MapCache file or directory
  • The Server for NIS service does not have appropriate registry permissions

The following procedures can help you diagnose the cause of the problem.

Server for NIS cannot communicate with the LDAP service

To check LDAP health:

  1. Open the Services snap-in.
  2. Verify that the LDAP service is running.
  3. If the service is running, refer to "Start the Domain Controller service."

Windows does not have sufficient virtual memory

To check virtual memory:

  1. Right-click My Computer and then click Properties.
  2. On the Advanced tab, in the Performance area, click Settings.
  3. On the Advanced tab of the Performance Options dialog box, in the Virtual Memory area, view the amount of virtual memory allocated on the computer.
  4. Click Change to view the maximum allowable virtual memory.
  5. If necessary, change allocated virtual memory to the size recommended in the Total paging file size for all drives area of the Virtual Memory dialog box.
  6. If virtual memory use is set to maximum, perform the steps in "Correct memory error."

Server for NIS does not have appropriate permissions to write to the MapCache file or directory

To check directory and file permissions

  1. In the directory %windir%/IdMU/NIS, verify that the SYSTEM user account has full control permissions on the MapCache directory.
  2. In the MapCache directory, open the directory for the NIS domain on which the error was logged.
  3. Verify that the SYSTEM user account has full control permissions on the MapCache directory.
  4. If the SYSTEM user account does not have permissions to modify either the MapCache or NIS domain directories, see the resolver "Correct file or directory permissions" for more information.

The Server for NIS service does not have appropriate registry permissions

To confirm that the computer running Server for NIS has access permissions to the Windows registry:

  1. Open the Registry Editor.
    • Click Start, click Run, type regedit in the Open text box, and then click OK.
  2. In the hierarchy pane, navigate to the registry key identified by the error message.
  3. If the error message does not show the path to the registry key on which the problem occurred, navigate to the key HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Identity Management.
  4. With the key highlighted, click Permissions on the Edit menu to open the Permissions for Registry Key dialog box.
  5. Verify that the user SYSTEM has Full Control permissions.
  6. Click Add to add the SYSTEM user if it is not already listed in the Group or user names list on the Security tab. If needed, assign Full Control permissions to SYSTEM in the Permissions for User list.
  7. Click OK.
  8. Close the Registry Editor.

Resolve

Check Registry permissions

Server for NIS experienced an error reading or modifying a specific registry key. The error message in Event Viewer should provide the registry key path and name.

To confirm that the computer running Server for NIS has access permissions to the Windows registry:

  1. Open the Registry Editor.
    • Click Start, click Run, type regedit in the Open text box, and then click OK.
  2. In the hierarchy pane, navigate to the registry key identified by the error message.
  3. If the error message does not show the path to the registry key on which the problem occurred, navigate to the key HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Identity Management.
  4. With the key highlighted, click Permissions on the Edit menu to open the Permissions for Registry Key dialog box.
  5. Verify that the user SYSTEM has Full Control permissions.
  6. Click Add to add the SYSTEM user if it is not already listed in the Group or user names list on the Security tab. If needed, assign Full Control permissions to SYSTEM in the Permissions for User list.
  7. Click OK.
  8. Close the Registry Editor.

Restart Server for NIS

For some rare and undiagnosable errors, restarting Server for NIS can clear the error.

To restart Server for NIS by using the Windows interface:

  1. Open the Identity Management for UNIX management console.
  2. If necessary, connect to the computer you want to manage.
  3. Right-click Server for NIS, and then click Stop.
  4. Right-click Server for NIS again, and then click Start.

To restart Server for NIS by using a command line:

  1. Open a Command Prompt window.
  2. Type the following, and then press ENTER.
    • nisadmin [server] stop [–u user [–p password]]
  3. Type the following, and then press ENTER.
    • nisadmin [server] start [–u user [–p password]]

For more information, see the topic "Start or stop Identity Management for UNIX components" in the Identity Management for UNIX Help.

Correct RPC error

Server for NIS is closing because of an error either creating an RPC service or registering with an RPC service.

To resolve this problem:

  1. Verify that the RPC service is installed and running.
    • Open the Services MMC snap-in (Services.msc) by clicking Start, pointing to Administrative Tools, and then clicking Services.
  2. Open the rpcinfo utility to delete port registrations for YPSERV and YPPASSWD. To delete port registrations, do the following.
    1. In a command window, type the following command to list all port bindings:
      • rpcinfo -pserver_name
    2. Locate the port bindings for YPSERV and YPPASSWD.
    3. Type rpcinfo -dport_binding to delete port registration for YPSERV and YPPASSWD.
    4. Restart Server for NIS. If the RPC service is not running, start the RPC service in the Services management console.

Check command usage

Server for NIS was started with incorrect command arguments. Check the command-line parameters used to start Server for NIS. For more information, see the syntax of the nisadmin command in the Server for NIS Help.

Syntax of nisadmin:

  • nisadmin [computer] [-u usr [-p pword]]
  • nisadmin [computer] [-u usr [-p pword]] mkmaster -d domain
  • nisadmin [computer] [-u usr [-p pword]] mkslave -d domain -m server
  • nisadmin [computer] [-u usr [-p pword]] config option[...]
  • nisadmin [computer] [-u usr [-p pword]] syncall
  • nisadmin [computer] [-u usr [-p pword]] start
  • nisadmin [computer] [-u usr [-p pword]] stop
  • nisadmin [computer] [-u usr [-p pword]] pause
  • nisadmin [computer] [-u usr [-p pword]] continue
  • nisadmin [computer] [-u usr [-p pword]] encryptiontype -d domain {crypt | md5}

Close some applications and restart Server for NIS

A server thread creation failure occurred. This can occur if the Windows operating system is running low on virtual memory, or if the server's performance or health is significantly degraded. Close unused applications, or close all applications and restart Server for NIS. If that fails to correct the problem, close all applications and restart the server.

Restart Server for NIS by using the Windows interface

To restart Server for NIS by using the Windows interface:

  1. Open the Identity Management for UNIX management console.
  2. If necessary, connect to the computer you want to manage.
  3. Right-click Server for NIS, and then click Stop.
  4. Right-click Server for NIS again, and then click Start.

Restart Server for NIS by using a command line

To restart Server for NIS by using a command line:

  1. Open a Command Prompt window.
  2. Type the following, and then press ENTER.
    • nisadmin [server] stop [–u user [–p password]]
  3. Type the following, and then press ENTER.
    • nisadmin [server] start [–u user [–p password]]

For more information, see the topic "Start or stop Identity Management for UNIX components" in the Identity Management for UNIX Help.

To restart the computer:

  • Click Start, click the arrow next to the Lock button, and then click Restart.

Make sure that Server for NIS configuration is present in AD

Server for NIS is unable to start. Initial copying of User and Netid maps to the Server for NIS cache failed. It is possible that configuration information is missing from Active Directory® Domain Services.

Try running niscnfg.exe, typically found in the directory %windir%\idmu\setup\niscnfg.exe, to restore the Server for NIS configuration in Active Directory Domain Services.

To run niscnfg.exe:

  1. Open a Command Prompt window.
    • Click Start, type cmd in the Start Search text box, and then press Enter.
  2. Change to the directory %windir%\idmu\setup by typing the following, and then pressing Enter.
    • cd%windir%\idmu\setup
  3. Type niscnfg.exe, and then press Enter. When the prompt returns, the utility has completed its restoration.

Check LDAP status

Server for NIS has closed because a Lightweight Directory Access Protocol (LDAP) error has occurred. Server for NIS was unable to communicate with the LDAP server or the LDAP server returned an unexpected failure response.

To resolve this problem:

  1. Open Event Viewer and read the associated error message, which describes the cause of this error. A possible cause of this error is that the server on which Server for NIS is running is no longer an Active Directory® Domain Services domain controller. Server for NIS can only run on a domain controller.
  2. Verify that the LDAP service is running on the host computer by doing the following:
    1. Open the Services MMC snap-in (Services.msc) by clicking Start, pointing to Administrative Tools, and then clicking Services.
    2. Verify that the Active Directory Domain Services domain controller service is running.
      • If the domain controller service does not exist, the computer is probably not a domain controller. Server for NIS can run only on an Active Directory Domain Services domain controller. To promote the computer to a domain controller, see the Active Directory Domain Services Help. Run the dcpromo utility and view the Help available with the dcpromo wizard.
    3. If the service is not running, double-click the service in the results pane.
    4. On the General tab of the Properties dialog box, set Startup type to Automatic.
    5. Click OK.

Make sure the feature has been installed correctly on this version of Windows

Server for NIS is not supported on this edition of the Windows operating system. This version of Server for NIS runs on Active Directory Domain Services domain controllers that are running the following server-class operating systems:

  • Windows® Server 2003 Release 2 (R2)
  • Windows Server 2008

Start the domain controller service

Server for NIS was unable to communicate with the LDAP service. Possible causes of this error can be either of the following:

  • The server on which Server for NIS is running is no longer an Active Directory Domain Services domain controller.
  • The LDAP service is not running.

To resolve this problem:

  1. Open the Services MMC snap-in (Services.msc) by clicking Start, pointing to Administrative Tools, and then clicking Services.
  2. Verify that the Active Directory Domain Services domain controller service is running.
    • If the domain controller service does not exist, the computer is probably not a domain controller. Server for NIS can only run on an Active Directory Domain Services domain controller. To promote the computer to a domain controller, see the Active Directory Domain Services Help. Run the dcpromo utility and view the Help available with the dcpromo wizard.
  3. If the service is not running, double-click the service in the results pane.
  4. On the General tab of the Properties dialog box, set Startup type to Automatic.
  5. In the Service status area, click Start to start the service.
  6. Click OK.

Correct memory allocation error

Memory allocation has failed in Server for NIS. This can occur if the Windows Server operating system has insufficient virtual memory. Try closing some applications and programs that are not required and are using large amounts of virtual memory, and then restart Server for NIS. If this fails to correct the problem, try restarting the computer.

If the problem persists, verify that the computer is not configured to use the maximum amount of virtual memory.

To solve this problem:

  1. Right-click My Computer and then click Properties.
  2. On the Advanced tab, in the Performance area, click Settings.
  3. On the Advanced tab of the Performance Options dialog box, in the Virtual Memory area, view the amount of virtual memory allocated on the machine.
  4. Click Change to view the maximum allowable virtual memory.
  5. If necessary, change allocated virtual memory to the size recommended in the Total paging file size for all drives area of the Virtual Memory dialog box.
  6. If you have changed the allotted virtual memory amount, click Set, and then click OK.

Correct file or directory permissions

A problem occurred while attempting to create, read, or write to a directory or file (the mapcache directory or the mapcache file). Verify that the SYSTEM account has Full Control permissions on the file or the directory that was diagnosed to be missing this permission. The text of the error message in Event Viewer should contain the name of the directory or directories for which the SYSTEM account had difficulty writing changes.

To correct file or directory permissions:

  1. Open the directory %windir%/IdMU/NIS.
  2. Verify that the SYSTEM user account has full control permissions on the MapCache directory.
  3. Right-click the MapCache directory, and then click Properties.
  4. On the Security tab, in the Group or user names list, select the SYSTEM user.
  5. In the Permissions for list, select Full Control, and then click OK.
  6. In the MapCache directory, open the directory for the NIS domain on which the error was logged.
  7. Verify that the SYSTEM user account has full control permissions on the MapCache directory by repeating Steps 3 through 5 on the NIS domain directory.

Restart the operation that resulted in this error to verify that the problem has been solved.

Fix possible failures for Win32 socket initialization API

Server for NIS is closing because it experienced a failure attempting to initialize the Windows socket layer. The full text of the error message in Event Viewer contains the exact Windows error code.

To correct the error, try the following steps in order, moving on to the next step only if the current action failed to clear the error condition:

  1. Free virtual memory by closing unused applications.
  2. Restart the Server for NIS service.
  3. Restart the computer on which the error was generated.

Fix possible failures for Win32 API

Server for NIS is closing because it experienced a failure attempting to call a Windows API. Read the full text of the error message in Event Viewer to obtain the exact Windows error code.

To correct the error, try the following steps in order, moving on to the next step only if the current action failed to clear the error condition:

  1. Free virtual memory by closing unused applications.
  2. Restart the Server for NIS service.
  3. Restart the computer on which the error was generated.

Verify

Open the Services MMC and verify that Server for NIS is operational. If the Server for NIS service properties show that the service is not running, errors are preventing Server for NIS from operating normally.

To verify that Server for NIS is running

  1. Click Start, point to Administrative Tools, and then click Services.
  2. In the Results pane of the Services MMC, double-click Server for NIS.
  3. In the Service status area of the Server for NIS Properties dialog box, verify that the Server for NIS service shows as Started.

Use the ypcat command on a client computer in the domain on which the error was generated to verify that the Server for NIS service is available.

To use the ypcat command to verify Server for NIS service availability:

  1. On a client computer in the domain on which the error was generated, open a Windows Command Prompt with elevated privileges. To do this, right click Command Prompt on the Start menu, and then click Run as administrator.
  2. Type the following command, and then press Enter: ypcat -hNISServer-dDomain Mapname. NISServer represents the name of the server on which you want to verify that the Server for NIS Service is available. Domain represents the domain name on which you want to verify that the Server for NIS service is available. Mapname represents the name or nickname of a specific NIS map that the server on which you want to verify Server for NIS availability is expected to update.
  3. If you are prompted to provide the domain administrator account name and password, type the account name and password, and then press Enter.
  4. The ypcat Windows command-line utility prints the values of all keys from the NIS database specified by Mapname, which can be a map name or a map nickname. If the ypcat utility returns a list of key values for the maps you specified, the Server for NIS service is available.

Server for NIS Service Availability

Identity Management for UNIX