Appendix A

Error Messages

This appendix alphabetically lists some common error messages for the DNS, NIS and NIS+ naming services in the Solaris operating environment. For each message there is an explanation and, where appropriate, a solution or a cross-reference to some other portion of this manual.

About Error Messages

Some of the error messages documented in this chapter are documented more fully in the appropriate man pages.

Error Message Context

Error messages can appear in pop-up windows, shell tool command lines, user console window, or various log files. You can raise or lower the severity threshold level for reporting error conditions in your /etc/syslog.conf file.

In the most cases, the error messages that you see are generated by the commands you issued or the container object (file, map, table or directory) your command is addressing. However, in some cases an error message might be generated by a server invoked in response to your command (these messages usually show in syslog). For example, a "permission denied" message most likely refers to you, or the machine you are using, but it could also be caused by software on a server not having the correct permissions to carry out some function passed on to it by your command or your machine.

Similarly, some commands cause a number of different objects to be searched or queried. Some of these objects might not be obvious. Any one of these objects could return an error message regarding permissions, read-only state, unavailability, and so forth. In such cases the message might not be able to inform you of which object the problem occurred in.

In normal operation, the naming software and servers make routine function calls. Sometimes those calls fail and in doing so generate an error message. It occasionally happens that before a client or server processes your most recent command, then some other call fails and you see the resulting error message. Such a message might appear as if it were in response to your command, when in fact it is in response to some other operation.

Note - When working with a namespace you might encounter error messages generated by remote procedure calls. These RPC error messages are not documented here. Check your system documentation.

Context-Sensitive Meanings

A single error message might have slightly different meanings depending on which part of various naming software applications generated the message. For example, when a "Not Found" type message is generated by the nisls command, it means that there are no NIS+ objects that have the specified name, but when it is generated by the nismatch command it means that no table entries were found that meet the search criteria.

How Error Messages Are Alphabetized

The error messages in this appendix are sorted alphabetically according to the following rules:

Capitalization is ignored. Thus, messages that begin with "A" and "a" are alphabetized together.
Nonalphabetic symbols are ignored. Thus, a message that begins with _svcauth_des is listed with the other messages that begin with the letter "S."
Error messages beginning with (or containing) the word NIS+ are alphabetized after messages beginning with (or containing) the word NIS.
Some error messages might be preceded by a date or the name of the host, application, program, or routine that generated the error message, followed by a colon. In these cases, the initial name of the command is used to alphabetize the message.
Many messages contain variables such as user IDs, process numbers, domain names, host names, and so forth. In this appendix, these variables are indicated by an italic typeface. Because variables could be anything, they are not included in the sorting of the messages listed in this appendix. For example, the actual message sales: is not a table (where sales is a variable) would be listed in this appendix as: name: is not a table and would be alphabetized as: is not a table among those messages beginning with the letter "I".
Error messages that begin with asterisks, such as **ERROR: domainname does not exist, are generated by the NIS+ installation and setup scripts. Messages are alphabetized according to their first letter, ignoring the asterisks.

Numbers in Error Messages

Many messages include an IP address. IP addresses are indicated by n.n.n.n.
Some error messages include numbers such as process ID numbers, number of items, and so forth. Numbers in error messages are indicated: nnnn.

Common Namespace Error Messages

abort_transaction: Failed to action NIS+ objectname

The abort_transaction routine failed to back out of an incomplete transaction due to a server crash or some other unrecoverable error. See "NIS Troubleshooting" in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for further information.

abort_transaction: Internal database error abort_transaction: Internal error, log entry corrupt NIS+ objectname

These two messages indicate some form of corruption in a namespace database or log. See "NIS Troubleshooting" in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information.

add_cleanup: Cant allocate more rags.

This message indicates that your system is running low on available memory. See "NIS Troubleshooting" in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for information on insufficient memory problems.

add_pingitem: Couldn't add directoryname to pinglist (no memory)

See "NIS Troubleshooting" in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for information on low memory problems.

add_update: Attempt add transaction from read only child. add_update Warning: attempt add transaction from read only child

An attempt by a read-only child rpc.nisd process to add an entry to a log. An occasional appearance of this message in a log is not serious. If this message appears frequently, contact the Sun Solutions Center.

Attempting to free a free rag!

This message indicates a software problem with rpc.nisd. The rpc.nisd should have aborted. Run ps -ef | grep rpc.nisd to see if rpc.nisd is still running. If it is, kill it and restart it with the same options as previously used. If it is not running, restart it with the same options as previously used. Check /var/nis to see if a core file has been dumped. If there is a core file, delete it.
Note - If you started rpc.nisd with the -YB option, you must also kill the rpc.nisd_reply daemon.

Attempt to remove a non-empty table

An attempt has been made by nistbladm to remove an NIS+ table that still contains entries. Or by nisrmdir to remove a directory that contains files or subdirectories.
If you are trying to delete a table, use niscat to check the contents of the table and nistbladm to delete any existing contents.

If you are trying to delete a directory, use nisls -l -R to check for existing files or subdirectories and delete them first.

If you are trying to dissociate a replica from a domain with nisrmdir -s, and the replica is down or otherwise out of communication with the master, you will get this error message. In such cases, you can run nisrmdir -f -s replicaname on the master to force the dissociation. Note, however, that if you use nisrmdir -f -sto dissociate an out-of-communication replica, you must run nisrmdir -f -s again as soon as the replica is back on line in order to clean up the replica's /var/nis file system. If you fail to rerun nisrmdir -f -s replicaname when the replica is back in service, the old out-of-date information left on the replica could cause problems.

This message is generated by the NIS+ error code constant: NIS_NOTEMPTY. See the nis_tables man page for additional information.

authdes_marshal: DES encryption failure

DES encryption for some authentication data failed. Possible causes:
Corruption of a library function or argument.

A problem with a DES encryption chip, if you are using one.

Call the Sun Solutions Center for assistance.

authdes_refresh: keyserv is unable to encrypt session key

The keyserv process was unable to encrypt the session key with the public key that it was given. See "NIS Troubleshooting" in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information.

authdes_refresh: unable to encrypt conversation key

The keyserv process could not encrypt the session key with the public key that was given. This usually requires some action on your part. Possible causes are:
The keyserv process is dead or not responding. Use ps -ef to check whether the keyserv process is running on the keyserv host. If it is not, then start it, and then run keylogin.

The client has not performed a keylogin. Do a keylogin for the client and see if that corrects the problem.

The client host does not have credentials. Run nismatch on the client's home domain cred table to see if the client host has the proper credentials. If it does not, create them.

A DES encryption failure. See the authdes_marshal: DES encryption failure error message).

See "NIS Troubleshooting" in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information regarding security key problems.

authdes_refresh: unable to synchronize clock

This indicates a synchronization failure between client and server clocks. This will usually correct itself. However, if this message is followed by any time stamp related error, you should manually resynchronize the clocks. If the problem reoccurs, check that remote rpcbind is functioning correctly.

authdes_refresh: unable to synch up w/server

The client-server clock synchronization has failed. This could be caused by the rpcbind process on the server not responding. Use ps -ef on the server to see if rpcbind is running. If it is not, restart it. If this error message is followed by any time stamp-related message, then you need to use rdate servername to manually resync the client clock to the server clock.

authdes_seccreate: keyserv is unable to generate session key

This indicates that keyserv was unable to generate a random DES key for this session. This requires some action on your part:
Check to make sure that keyserv is running properly. If it is not, restart it along with all other long-running processes that use Secure RPC or make NIS+ calls such as automountd, rpc.nisd and sendmail. Then do a keylogin.

If keyserv is up and running properly, restart the process that logged this error.

authdes_seccreate: no public key found for servername

The client side cannot get a DES credential for the server named servername. This requires some action on your part:
Check to make sure that servername has DES credentials. If it does not, create them.

Check the switch configuration file to see which naming service is specified and then make sure that service is responding. If it is not responding, restart it.

authdes_seccreate: out of memory

See "NIS Troubleshooting" in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for information on insufficient memory problems.

authdes_seccreate: unable to gen conversation key

The keyserv process was unable to generate a random DES key. The most likely cause is that the keyserv process is down or otherwise not responding. Use ps -ef to check whether the keyserv process is running on the keyserv host. If it is not, then start it and run keylogin.

If restarting keyserv fails to correct the problem, it might be that other processes that use Secure RPC or make NIS+ calls are not running (for example, automountd, rpc.nisd, or sendmail). Check to see whether these processes are running; if they are not, restart them.

See "NIS Troubleshooting" in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information regarding security key problems.

authdes_validate: DES decryption failure

See authdes_marshal: DES decryption failure for authentication data failure.

authdes_validate: verifier mismatch

The time stamp that the client sent to the server does not match the one received from the server. (This is not recoverable within a Secure RPC session.) Possible causes:
Corruption of the session key or time stamp data in the client or server cache.

Server deleted from this cache a session key for a still active session.

Network data corruption.


	Appendix A Error Messages This appendix alphabetically lists some common error messages for the DNS, NIS and NIS+ naming services in the Solaris operating environment. For each message there is an explanation and, where appropriate, a solution or a cross-reference to some other portion of this manual. About Error Messages Some of the error messages documented in this chapter are documented more fully in the appropriate man pages. Error Message Context Error messages can appear in pop-up windows, shell tool command lines, user console window, or various log files. You can raise or lower the severity threshold level for reporting error conditions in your `/etc/syslog.conf` file. In the most cases, the error messages that you see are generated by the commands you issued or the container object (file, map, table or directory) your command is addressing. However, in some cases an error message might be generated by a server invoked in response to your command (these messages usually show in `syslog`). For example, a "`permission denied`" message most likely refers to you, or the machine you are using, but it could also be caused by software on a server not having the correct permissions to carry out some function passed on to it by your command or your machine. Similarly, some commands cause a number of different objects to be searched or queried. Some of these objects might not be obvious. Any one of these objects could return an error message regarding permissions, read-only state, unavailability, and so forth. In such cases the message might not be able to inform you of which object the problem occurred in. In normal operation, the naming software and servers make routine function calls. Sometimes those calls fail and in doing so generate an error message. It occasionally happens that before a client or server processes your most recent command, then some other call fails and you see the resulting error message. Such a message might appear as if it were in response to your command, when in fact it is in response to some other operation. Note - When working with a namespace you might encounter error messages generated by remote procedure calls. These RPC error messages are not documented here. Check your system documentation. Context-Sensitive Meanings A single error message might have slightly different meanings depending on which part of various naming software applications generated the message. For example, when a "`Not Found`" type message is generated by the `nisls` command, it means that there are no NIS+ objects that have the specified name, but when it is generated by the `nismatch` command it means that no table entries were found that meet the search criteria. How Error Messages Are Alphabetized The error messages in this appendix are sorted alphabetically according to the following rules: Capitalization is ignored. Thus, messages that begin with "A" and "a" are alphabetized together. Nonalphabetic symbols are ignored. Thus, a message that begins with `_svcauth_des` is listed with the other messages that begin with the letter "S." Error messages beginning with (or containing) the word NIS+ are alphabetized after messages beginning with (or containing) the word NIS. Some error messages might be preceded by a date or the name of the host, application, program, or routine that generated the error message, followed by a colon. In these cases, the initial name of the command is used to alphabetize the message. Many messages contain variables such as user IDs, process numbers, domain names, host names, and so forth. In this appendix, these variables are indicated by an italic typeface. Because variables could be anything, they are not included in the sorting of the messages listed in this appendix. For example, the actual message `sales: is not a table` (where `sales` is a variable) would be listed in this appendix as: name: is not a table and would be alphabetized as: `is not a table` among those messages beginning with the letter "I". Error messages that begin with asterisks, such as *ERROR: domainname* does not exist, are generated by the NIS+ installation and setup scripts. Messages are alphabetized according to their first letter, ignoring the asterisks. Numbers in Error Messages Many messages include an IP address. IP addresses are indicated by n.n.n.n. Some error messages include numbers such as process ID numbers, number of items, and so forth. Numbers in error messages are indicated: nnnn. Common Namespace Error Messages `abort_transaction: Failed to action NIS+ objectname` The `abort_transaction` routine failed to back out of an incomplete transaction due to a server crash or some other unrecoverable error. See "NIS Troubleshooting" in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for further information. `abort_transaction: Internal database error abort_transaction: Internal error, log entry corrupt NIS+ objectname` These two messages indicate some form of corruption in a namespace database or log. See "NIS Troubleshooting" in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information. `add_cleanup: Cant allocate more rags.` This message indicates that your system is running low on available memory. See "NIS Troubleshooting" in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for information on insufficient memory problems. `add_pingitem: Couldn't add directoryname to pinglist (no memory)` See "NIS Troubleshooting" in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for information on low memory problems. `add_update: Attempt add transaction from read only child. add_update Warning: attempt add transaction from read only child` An attempt by a read-only child `rpc.nisd` process to add an entry to a log. An occasional appearance of this message in a log is not serious. If this message appears frequently, contact the Sun Solutions Center. `Attempting to free a free rag!` This message indicates a software problem with `rpc.nisd`. The `rpc.nisd` should have aborted. Run `ps -ef \| grep rpc.nisd` to see if `rpc.nisd` is still running. If it is, kill it and restart it with the same options as previously used. If it is not running, restart it with the same options as previously used. Check `/var/nis` to see if a `core` file has been dumped. If there is a `core` file, delete it. Note - If you started `rpc.nisd` with the `-YB` option, you must also kill the `rpc.nisd_reply` daemon. `Attempt to remove a non-empty table` An attempt has been made by `nistbladm` to remove an NIS+ table that still contains entries. Or by `nisrmdir` to remove a directory that contains files or subdirectories. If you are trying to delete a table, use `niscat` to check the contents of the table and `nistbladm` to delete any existing contents. If you are trying to delete a directory, use `nisls` `-l` `-R` to check for existing files or subdirectories and delete them first. If you are trying to dissociate a replica from a domain with `nisrmdir` `-s`, and the replica is down or otherwise out of communication with the master, you will get this error message. In such cases, you can run `nisrmdir` `-f` `-s` replicaname on the master to force the dissociation. Note, however, that if you use `nisrmdir` `-f` `-s`to dissociate an out-of-communication replica, you must run `nisrmdir` `-f` `-s` again as soon as the replica is back on line in order to clean up the replica's `/var/nis` file system. If you fail to rerun `nisrmdir` `-f` `-s` replicaname when the replica is back in service, the old out-of-date information left on the replica could cause problems. This message is generated by the NIS+ error code constant: `NIS_NOTEMPTY`. See the `nis_tables` man page for additional information. `authdes_marshal: DES encryption failure` DES encryption for some authentication data failed. Possible causes: Corruption of a library function or argument. A problem with a DES encryption chip, if you are using one. Call the Sun Solutions Center for assistance. `authdes_refresh: keyserv is unable to encrypt session key` The `keyserv` process was unable to encrypt the session key with the public key that it was given. See "NIS Troubleshooting" in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information. `authdes_refresh: unable to encrypt conversation key` The `keyserv` process could not encrypt the session key with the public key that was given. This usually requires some action on your part. Possible causes are: The `keyserv` process is dead or not responding. Use `ps` `-ef` to check whether the `keyserv` process is running on the `keyserv` host. If it is not, then start it, and then run `keylogin`. The client has not performed a `keylogin`. Do a `keylogin` for the client and see if that corrects the problem. The client host does not have credentials. Run `nismatch` on the client's home domain cred table to see if the client host has the proper credentials. If it does not, create them. A DES encryption failure. See the authdes_marshal: DES encryption failure error message). See "NIS Troubleshooting" in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information regarding security key problems. `authdes_refresh: unable to synchronize clock` This indicates a synchronization failure between client and server clocks. This will usually correct itself. However, if this message is followed by any time stamp related error, you should manually resynchronize the clocks. If the problem reoccurs, check that remote `rpcbind` is functioning correctly. `authdes_refresh: unable to synch up w/server` The client-server clock synchronization has failed. This could be caused by the `rpcbind` process on the server not responding. Use `ps` `-ef` on the server to see if `rpcbind` is running. If it is not, restart it. If this error message is followed by any time stamp-related message, then you need to use `rdate` servername to manually resync the client clock to the server clock. `authdes_seccreate: keyserv is unable to generate session key` This indicates that `keyserv` was unable to generate a random DES key for this session. This requires some action on your part: Check to make sure that `keyserv` is running properly. If it is not, restart it along with all other long-running processes that use Secure RPC or make NIS+ calls such as `automountd`, `rpc.nisd` and `sendmail`. Then do a `keylogin`. If `keyserv` is up and running properly, restart the process that logged this error. `authdes_seccreate: no public key found for servername` The client side cannot get a DES credential for the server named servername. This requires some action on your part: Check to make sure that servername has DES credentials. If it does not, create them. Check the switch configuration file to see which naming service is specified and then make sure that service is responding. If it is not responding, restart it. `authdes_seccreate: out of memory` See "NIS Troubleshooting" in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for information on insufficient memory problems. `authdes_seccreate: unable to gen conversation key` The `keyserv` process was unable to generate a random DES key. The most likely cause is that the `keyserv` process is down or otherwise not responding. Use `ps` `-ef` to check whether the `keyserv` process is running on the `keyserv` host. If it is not, then start it and run `keylogin`. If restarting `keyserv` fails to correct the problem, it might be that other processes that use Secure RPC or make NIS+ calls are not running (for example, `automountd`, `rpc.nisd`, or `sendmail`). Check to see whether these processes are running; if they are not, restart them. See "NIS Troubleshooting" in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information regarding security key problems. `authdes_validate: DES decryption failure` See authdes_marshal: DES decryption failure for authentication data failure. `authdes_validate: verifier mismatch` The time stamp that the client sent to the server does not match the one received from the server. (This is not recoverable within a Secure RPC session.) Possible causes: Corruption of the session key or time stamp data in the client or server cache. Server deleted from this cache a session key for a still active session. Network data corruption.