8.6 Troubleshooting NIT

Unspecified GSS failure. Minor code may provide more information (Ticket expired)

Description: Ticket Granting Ticket (TGT) expiration errors are seen if the NIT setting ad-tgt-refresh-timeout is more than the "Maximum lifetime for a user ticket" in the Kerberos policy of the domain.

Action: To avoid TGT expiration errors, ensure that the ad-tgt-refresh-timeout value is less than Active Directory TGT expiration time.

Invalid UID Obtained

Description: If the Active Directory user is denied access possibly the user is not assigned a valid UID.

Cause: Run the nitconfig get command and check if ad-uid-generate-mode parameter is set to 0. Setting this parameter to 0 means NIT operates in Fetch mode for Active Directory users and tries to fetch UIDs for those users from Active Directory. If the users do not have UIDs assigned in Active Directory you might encounter this error.

Action: When you choose to fetch UID for Active Directory users, NIT fetches the uidNumber attribute set in Active Directory for all the Active Directory users. If UID is not set for a particular user, that user cannot access NSS file systems. If you are configuring NIT in fetch mode for Active Directory users, ensure that the Active Directory users who require access to NSS filesystems have UID numbers set in the Active Directory. Add the uidNumber attribute explicitly to the Global Catalog server as it is not part of default attributes. For more information about replicating UID numbers to the Global Catalog server, refer to the Microsoft Support website.

Unable to fetch tree name, error:11

Description: eDirectory is down and NIT is not able to fetch tree name.


  1. Start eDirectory by running the rcndsd start command.

  2. Start NIT by running the rcnovell-nit start command