-672 FFFFFD60 NO ACCESS

Source

eDirectory™

Explanation

The requester does not have sufficient rights to the information specified in a request.

Warning: Applying all solutions mentioned in this topic could make the problem worse if the actual cause of the problem is not known. Before following a course of action, make sure that you understand the cause of the error and the consequences for the actions suggested.

Possible Cause

A request was received by eDirectory (ds.nlm) to return an object or an object's attribute information when the requester does not have sufficient rights to the specified object or its attributes.

Action

Ensure that the user has the appropriate rights for that object.

Possible Cause

A request was received to perform an eDirectory partition operation when the requester does not have sufficient rights to the specified partition root objects.

Action

Ensure that the user performing the partition operation has the appropriate rights to each partition root object applicable.

Possible Cause

A request was received from a server to set its RSA (Rivest-Shamir-Adleman) keys when its eDirectory object already has a RSA public key.

Action

Contact a NetIQ* support provider.

Possible Cause

A request was received to start inbound replica synchronization on an eDirectory partition in a New replica state. However, the source server (requester) does not hold the master replica of the partition. This can be an indication of multiple master replicas being in a replica ring.

Action

Handle this as a Replica Ring Discrepancy issue.

Possible Cause

A request was received to synchronize an eDirectory partition. However, the eDirectory object for the source server is not present in the local database of the target server.

Action

Handle this as a Replica Ring Discrepancy issue.

Possible Cause

A request was received to synchronize an eDirectory schema. However, the eDirectory object for the source server is not present in the local database of the target server.

Action

Handle this as a Replica Ring Discrepancy issue.

Possible Cause

An attempt was made by an eDirectory server to begin inbound replica synchronization. However, the source server does not exist in the replica ring of the specified eDirectory partition as held by the target server.

Action

Handle this as a Replica Ring Discrepancy issue.

Possible Cause

An attempt was made by an eDirectory server to update the eDirectory schema. One of the following conditions caused the error:

Action

Updates to the schema for an eDirectory server can only be made by source servers that have a lower replica depth than the target server and, if the target server holds any eDirectory partitions, the source server exists in the replica ring of the eDirectory partition closest to the [Root] on the target server.

Possible Cause

An attempt was made by an eDirectory server to modify the replica type of an eDirectory partition held by the target server. However, the source server does not exist in the eDirectory database for the target server. If using DSTRACE on the target server with the Schema Synchronization flag set, the following message will be displayed:

LinkReplica: DSALinkReplica for partition [PartitionRootObjectEntryID] <PartitionRootObjectName> from [SourceServerEntryID] <SourceServerName> failed, error = -672

Action

Verify that both the source and target servers hold a replica of the partition returning the error and that the replica rings are consistent. If the target server does not actually hold a replica of the partition, then remove the server from the replica ring of the source server using DSREPAIR.

A trademark symbol (®, TM, etc.) denotes a NetIQ trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.