Hello... Earlier this month we had an issue with one of our domain controllers (Win2003) and took it down. It was the one the directory server was pointing to for synchronization. Ever since then, no sync has occurred and I am back to getting the -81 (Peer's Certificate issuer is not recognized.) I have checked the DC, and all looks well. We were merely moving the logs to another volume, so it should not have an effect on ldap connections. I did some fiddling and at one point I removed the native java since I had installed the IBM version. Jessie depended on it, so that was removed as well. I have since gotten new certs and CA certs, and installed them, but still no luck on the connection. Certutil no longer worked, so I installed mozilla-nss, and now it does not work for other reasons: NSS_Initialize failed: An I/O error occurred during security authorization. All certificate management via the console seems to work fine... So, my questions are: Is there a way to get my ssl libraries so they line up with what FDS wants? Was jessie even involved in this issue? I already have all our data in this directory, so is there a way for me to get this thing syncing again without a wipe and reinstall? If I delete the sync agreement, and create a new one, what happens on the first sync? Will it just pick up where it left off, or will it choke on all the objects that were a part of the previous sync agreement? Will I have problems with my data since it has been over 10 days since the last sync? -- Daniel Shackelford Systems Administrator Technology Services Spring Arbor University 517 750-6648 "For even the Son of Man did not come to be served, but to serve, and to give His life a ransom for many" Mark 10:45
