This is a brief guide for installing this particular service-pack. As time moves on, post-SP patches will be added to this document. The information here is gleaned from Novell-provided information, and the collective wisdom of the Support Forums. Feel free to edit this page if you find errors or if you have additional information to provide. However if you have questions or comments, please post them on the discussion page.
Since the Service Pack was released on 6 November 2006, new patches have come out. The Service Pack as first shipped had a few major bugs in it.
NW65SP6 has been released a bit out of sync of the normal "consolidated support pack" batch. It is only called NW65 SP6, but it is not OES SP3. OES SP3 will probably only be used for the next support pack that also updates OES Linux.
Installing NW65 SP6
Besides including all the post SP5 patches released prior to SP6, it also includes new functionality for a number of products included with NetWare 6.5.
The main download URL for SP6 is http://download.novell.com/Download?buildid=J7J_dvKpjrI~ this is the file you need to update existing servers.
Expand the Service Pack
Unlike previous support packs which were distributed as DOS/Windows executable files, NW65SP6 is being distributed as a ZIP file called NW65SP6.ZIP. This is very convenient as you can now extract it on any platform that has a tool to unzip files. For instance, you can copy NW65SP6.ZIP to a remote server and then run UNZIP.NLM from the server console to unzip it. It is recommended to unzip the support pack to the root of one of the server's volumes - it does not have to be SYS. All the support pack files except for the readme will then be in a subdirectory called NW65SP6.
Verify SERVER.EXE is present
Some Antivirus software is configured to consider SERVER.EXE to be spyware and will not allow it to hit disk. McAfee VirusScan is well known for this. Verify that the file is present where it should be, under nw65sp6\STARTUP\SERVER.EXE. With some unzip utilities, the symptom of the problem is that you get asked for a password to unzip the file. However the zip file is not password protected.
For details on this problem go here.
Disable Transactions on NSS volumes
In some cases, the server may abend at startup because of incompatibilities in the transaction tracking system between SP6 and earlier versions. This is documented in TID3463889. To avoid this problem, you should disable the transaction tracking system prior to installing SP6 by using the console command:
Load NWCONFIG and apply the service pack
The method for installing a service pack through NWCONFIG is well documented in the README. Here are just some comments on the questions asked during the SP install
Backup files replaced by NetWare Support Pack?
If you reply "yes" to this question, a backup of all the files replaced by SP6 will be made. You can later back out SP6 if you did the backup. I would strongly recommend always selecting the backup option unless you really have too little space left on your SYS volume. You can always delete the BACKSP6 directory later if you see that you don't need the backup. If you apply SP6 several times, you should only use the backup option on the first SP6 install and disable it on later installs.
Do you want to Update the Storage/LAN/PSM/WAN drivers currently in use?
It is highly recommended that you always enable the option to update drivers. People are often reluctant to enable this option because they are not sure the drivers included with SP6 do really work with their hardware. This however leads to many people having subtle problems later on because of outdated drivers. While it sometimes happens that drivers included with SP6 are incompatible with the hardware being used, the failure is generally immediate and you can manually backrev the specific driver that failed. If you don't use the driver update option, you will also miss out the important updates on Novell drivers like IDEATA.HAM, IDECD.CDM and SCSIHD.CDM. Generally, you should not just allow SP6 to update your drivers, but you should also take advantage of the SP install to check your hardware vendor for updated drivers and firmware.
Do you want to install iManager plugins now?
The SP6 iManager installation logic is very confusing and documented in TID3968737.
Reboot the server after copying files?
You should install SP6 when users are not working on your server and you should reboot after installing the SP. Enabling the reboot option will cause the reboot to occur automatically after the SP install. Note however that open files can force you to confirm the reboot on the server console.
The main purpose of the login prompt is to extend the schema of your tree. That means the user you specify at the login prompt should not just have supervisor rights to this server, but it needs supervisor access to the root of the tree, at least for the first SP6 you install into your tree.
Reboot & Verify services
Reboot like you should and make sure things are working. If you had to uncomment things to get java unloaded, put them back here. If you've made any hand-edits to files such as httpd.conf verify their state before putting the server back into production.
Fix and reenable the transaction tracking system
To avoid potential problems with the transaction tracking system causing future abends as described in TID3463889, delete the file UXACTION.LOG from the root of every volume on your server where the file exists. If you need transaction tracking on one of your volumes, you can enable it again using the following command:
Post SP6 Patches
Even though they have newer file dates, updates edir8739.exe, nipp426.exe and psm7.exe are all included in NW65SP6.
This is an important CIFS update that fixes a number of issues, the most important being:
- server hang when using domain mode authentication
- abend in CIFSRPOX.NLM when using PODC emulation
- better Vista compatibility
iPrint was certainly the weakest part of NW65SP6 exposing most problems. Novell has created the following patch containing new versions of NDPSM.NLM, RMANSRVR.NLM and NDPSGW.NLM:
This is already the 6th post SP6 iPrint patch to fix the issues. While for NDPSM.NLM, there has only been a single update, there were already 4 different versions of NDPSGW.NLM. It remains to be seen whether Novell got it right this time. Here is the list of issues that are supposed to be fixed by the latest patch:
- ABEND with NDPSGW.NLM from SP6 for NW 6.5
- High CPU Utilization with iPrint after applying SP6 for NW 6.5
- NDPSGW.NLM intercepts all commands starting with GW after installing SP6
- NDPS/iPrint printing to Windows LPD stops working with SP6
- Printer Agents show NOT BOUND status after applying SP6
- LPR Communication Failed status for some Printer Agents and problems with printing jobs restarting in the middle
If you have any remaining "LPR communication" issues with this latest gateway, it is essential that you follow the debug procedure from TID3233501 as that is the only way you can make sure that Novell is made aware of your problem and can potentially fix it in future versions of NDPSGW.NLM. As a last resort, you can revert NDPSGW.NLM to the SP5 version, but only do this if the debugging steps don't produce any results.
If you made any changes to your iPrint configuration after installing SP6, don't backrev NDPSM.NLM to the SP5 version as there have been changes to the Manager database that make the SP5 version of NDPSM.NLM incompatible with SP6 servers.
CLIB and LIBC
The first update fixes the REQUESTR.NLM abend described below under Abend issues. The second update fixes a LIBC performance issue introduced by the first patch. You need both fixes, as the 2nd does not include legacy libraries.
This update fixes a number of issues with the Media Manager MM.NLM. Check the readme of this patch to see if you need this patch.
This update fixes the ConsoleOne 1.3.6f issue mentioned below.
Note that this patch is only for the Windows version of ConsoleOne
This update should now fix all known winsock related abends, especially the spinlock abends described below under Abend issues.
Security Services 2.0.5
The Security Services 2.0.5 update is available from http://download.novell.com/Download?buildid=XQEMjWhXA4Y~ contains new versions of the Certificate Server, NICI, NMAS and NTLS. It fixes a number of issues, for instance, the page fault abend in XENGEXP.NLM and the abend in APACHE2/NLDAP described below under Abend issues and the security issue described in TID3260550.
The newer portal.nlm fixes a couple of abend issues related to the health screen or using the "Reports and Log" screen
NBI update for Dell servers
This patch is required if you have a 9th generation Dell server with a PERC/5 RAID controller. IT fixes hang issues or driver load issues at startup.
NetStorage menu is not working in German version of Firefox or IE after applying NetWare 6.5 SP6.
This is an updated server.exe that fixes an abend issue which may especially happen when using Symantec Antivirus. TID3200596 has more information on the issue.
Post SP6 known issues
SP6 has a few very annoying but easy to fix issues.
SP6 includes iManager 2.6, but only installs iManager and all the iManager plugins if there is iManager 2.5 installed prior to the SP6 install. If you have iManager 2.0.2 or 2.6, then your iManager will not be touched. For more details, check TID3968737.
SP6 includes the IDM (Identitity Manager) 2.1 plugins for iManager. If you already have IDM 3.x installed, then tell the install not to update your iManager plugins as they might cause conflicts with your IDM 3.x plugins.
iManager storage plugin issues
When trying to use one of the storage related plugins (NSS, NFAP, NCS ...), you may get an error message like This user does not have the correct credentials to authenticate to the CIMOM client.
Before SP6, iManager used access to the _ADMIN volume to manage these components. With SP6, Novell introduced a new architecture where a a common plugin storagemgmt.npm does that communication with the server and now preferably uses OpenWbem/CIMOM to access the server and only uses the _ADMIN volume if CIMOM is not running on the server. Now the problem is that CIMOM uses LDAP authentication based on the user's uniqueID rather than the CN attribute. Especially users created with old tools like NWADMN32.EXE may not have their uniqueID set and therefore authentication will fail. This is the same situation as described in TID3153340 and the same solution applies. Another quick workaround is to not load openWbem on the server. This workaround is however less friendly for mobile iManager.
iPrint is really the sore point of SP6, accounting for most of the problems with SP6.
The first iPrint issue is due to enhancements Novell made to the handling of deleted printers. Unfortunately, this was done in a non backwards-compatible way and you may get into trouble if you previously deleted and recreated iPrint printers prior to SP6. For more details on this issue and for an easy way to fix the broken printers, see TID3111078. There is now also a patch for the issue as noted above.
Most iPrint issues however are due to one single file NDPSGW.NLM, the Novell NDPS Gateway. The issues are now supposed to be fixed in the patch mentioned above. If you have any remaining issues with the gateway, make sure you perform the debugging steps and provide feedback to Novell.
At this time, there is at least 3 common abend issues in SP6. For 2 of them, patches are available:
- Abend after installing NetWare 6.5 SP6 in Thread Owned by APACHE2.NLM. This is documented in TID3131742 and the problem is fixed in the Security Services 2.0.4 update mentioned above.
- Abend in NDPSGW.NLM. See the NDPS/iPrint update section for a patch that fixes the issue.
- Abend in REQUESTR.NLM caused by broadcast messages. This is documented in TID3230967 and fixed by the LIBC update mentioned above. There are also two workarounds for this Abend if you don't want to apply the new LIBC update yet:
- Backrev requestr.nlm to the version included in nwlig6g.exe.
- Disable Server Broadcasts on the sending server by issuing the following command: "SET Disable Broadcast Notifications Process = ON"
- Spinlock abends caused by the winsock modules. Novell has released updated winosck files which are supposed to fix the issue but it seems that for a number of users, the problems continue. Another solution is to backrev the winsock modules to their SP5 versions. This means the following 3 files should be used from SP5:
- One apparently uncommon abend is in CIFSPROXY.NLM, possibly tied to ZenWorks 7 Middle Tier server on NetWare and Primary Domain Controller Mode (reproducible with Pre and Post SP6 CIFS Modules Installed). See Discussion tab for more details.
- Page fault abend in XENGEXP.NLM when dealing with empty passwords. This is actually an abend caused by NMAS 3.1.2 and can also occur on servers with older support packs if the Security Services 2.0.3 update is installed. TID3316189 describes the abend and the fix is the Security Services 2.0.4 update mentioned above.
- Abend while replaying Transaction Log file.
If you did not follow the recommendation of disabling Transactions before installing SP6, then you may see this issue which is described in TID3463889. To fix the abend, it is not necessary to do the down server upgrade as described in the TID, but it is enough to copy NSS.NLM and the *.NSS files from NW65SP5 to the C:\NWSERVER directory of your server, then start the server with SERVER -na and from the server console, execute the command NSS /Notransaction=ALL. Then copy the SP6 version of the NSS modules to c:\nwserver again and reboot your server. Once running again, you should clean your transaction tracking system as described under Fix and reenable the transaction tracking system
- Abends in portal.nlm (NoRM), TID3825523
- divide error processor exception abend issue which could occur in the health screen
- pagefault abend which could occur when accessing the remote manager's "Reports and Logs" option.
- divide error processor exception on boot TID3030346, to fix, backrev to SP5 version of PORTAL.NLM
- Abend in NDSINST.NLM (NDS instrumention module). This abend is actually not specifc to SP6 but also to older SPs. It has just been recently discovered. It can be caused by special SNMP requests to the server. The easiest way to avoid this abend is not to load the NetWare Management Agents (disable the line NMA5.NCF in AUTOEXEC.NCF), or if you need the management agents for soem SNMP based management tool, then make sure you change the community string so as to disable public SNMP access.
ConsoleOne 1.3.6f issue
Nw65SP6 will install ConsoleOne 1.3.6f on the server. This version of ConsoleOne has a bug when making users members of a group. Not all required attributes are set. For details, see the following discussion. The current workaround to the problem is to avoid managing group memberships with ConsoleOne 1.3.6f. Note that ConsoleOne 1.3.6e does not have this bug.
For more details, see TID3091197
There is now a patch for the issue.
Universal Password considerations
The following applies mainly to people who initially installed their server as NetWare 6.5 before OES was released (i.e. before SP3) and implemented Universal Password at that time. With the initial release Universal Password was managed with a couple of default password policies and iManager had a Universal Password option in the NMAS menu. Starting with OES and the inclusion of IDM2 components, Novell switched to the more elaborate password policy management found in the Password menu in iManager. However many people are not aware of these changes and continue to use the old method. It's only with the release of SP6 where Novell includes new iManager plugins that people suddenly see their Universal Password menu option disappear and they are wondering how to manage Universal Password now.
The QL2X00.HAM driver included with SP6 does not work at all with certain Qlogic cards. It will fail to load with the message SERVER-5.70-1553: Module initialization failed. The solution in that case is to use a previous version of the driver or check the Qlogic web site to see if in the meantime, they have a newer driver that works.
In addition with IBM 4GB fibre networks, the IBM recommended version of 6.90h will not work with the LISMPE multipath solution. The fix is to use the QL2X00 driver available from Qlogic version 6.90o or later.
Some servers using the IBM IPSRAID.HAM driver will appear to hang at startup shortly after loading the IPSRAID.HAM driver. In reality, there isn't a permanent hang, but a very annoying 5 minute delay after which the server continues its startup normally. The problem appears to be unrelated to the version of IPSRAID.HAM being used, but rather it seems to be a conflict between IPSRAID.HAM and the version of NBI.NLM included with SP6. As a workaround, try using NBI.NLM from SP5.
There are 2 problems being reported for AACRAID.HAM:
- spinlock abends during backup on multiprocessor or multicore machines. The only workaround known so far is to make the server run in uniprocessor mode. The easiest way to achieve this without disabling the PSM is to add the following like to the server's STARTUP.NCF file:
set Auto Start Processors = OFF
- very long delay while the server is scanning for devices and partitions on IBM servers with a ServeRAID 8k SAS RAID controller. There is no known solution or workaround so far.
DST Java issues
- NW65SP6 does not contain any Java updates that fix the Java DST issues. Furthermore, the various java update methods for making it DST ready do not leave a version stamp in the product database. As such, if you applied any Java patches before SP6, install SP6 will overwrite those Java patches and will revert your Java to a non DST ready version. This applies both to the server and the ConsoleOne versions of Java.
- There are certain conditions that can cause a memory leak in JSOCK6X.NLM
Both of the above issues are fixed by JVM 1.4.2_13