I have a legacy NetWare 6.5 server that offers file shares to about 40 clients. It also acts as the router between our two internal subnets and our parent agency's network. We are planning on replacing the routing functionality with a Juniper product. At the same time we are refactoring our physical network infrastructure - currently the NetWare server has an IP presence on both subnets. I would like to disable two of its three interfaces so it only has one connection to the network.
Unfortunately, I cannot figure out how the Novell Client (4.91.5.20080922 on Windows XP SP3) resolves the NDS tree netware_server.department.mycorp to an actual IP address. Testing has shown that if those interfaces are no longer there, clients will fail to "resolve" the NDS object to the correct (still existant) IP address and chaos will ensue.
I have tried setting the "Server Cache Timeout" to 0 in an effort to force a "name resolution" of netware_server so I can look at the actual TCP/IP conversation in Wireshark. I have also tried adding an entry to the C:\WINDOWS\system32\drivers\etc\hosts file with the NetWare server's NDS Object Name and then limiting the Novell's Client's Name Space Providers (Properties - Protocol Preferences) to just "Host File" trying to force a new "lookup" using the /etc/hosts file instead of whatever arcane method is currently used. Both of these attempts came from this TID10057730. Both have failed.
How does the Novell Client resolve an NDS Object Name like netware_server.department.mycorp to an actual IP address? How can I force the clearing of any client-side "NDS name" cache? How can I force that "NDS name" resolution to always resolve to an IP address that I manually specify?
EDIT: First off, we're running pure IP. If you happen to still be running IPX the Novell Client behaves quite differently.
The Novell Client needs to identify what IP address/es the server hosting NetWare Services is located at before it can actually login. This information is gathered through what Novell calls "Name Space Providers" (NSPs); since we're on IP only we're limited to using just SLP, DNS, a HOST/NWHOST file, or DHCP (TID10057730). You can access and disable which of these NSPs is available for the Novell Client to use by selecting or de-selecting them in the Properties - Protocol Preferences as mentioned earlier. According to the same TID after NT/2000 the Novell Client polls the NSPs in an "asynchronous" manner, so there is no "order" (unfortunately) in which they're polled.
Additionally, the Novell Client will cache these "service names" locally. The default setting is to hold this cache for 21 days. If, you're trying to force the clients to look for the same NDS tree on a different IP address clearing this cache might be something to consider (Advanced Settings - Server Cache Timeout or HKLM\SYSTEM\CurrentControlSet\Services\NetWareWorkstation\Parameters\ServerCacheTimeout). More information about how the Novell Client uses which "Name Service" provider can be found here. SLP however seems to be a method that is used in my shop. Novell has info out about how the Novell Client uses SLP here.
However, as mentioned the best most "fool-proof" way to force the Novell Client to only access NetWare Service from one IP address is to manually specifying that IP in the 'Server:' prompt of the utility. This should in theory override any of the hints (i.e., netware_server.department.mycorp) and anything in the cache, but you will probably want to double-check somehow.
I'm going to assume you have IPX turned off. If not, let me know and I'll expand.
The fastest way to make sure you connect to one interface and only one interface is to put the IP address you want to connect to in the "Server" field during login.
Name resolution comes from several methods.
It has been just long enough that I no longer the exact order it'll use to perform the lookups, so this may be wrong. I believe the first thing it tries is an SLP query for the requested resource (the "Server" if that was populated, but "Tree" will trump server if both are populated). The values in the SLP scope are populated by the server on a regular basis, so if both server interfaces have IP addresses it'll advertise both of them. Once one has been turned off, it'll take a while for it to stale out of the SLP scope.
If SLP resolution fails, it falls back on DNS. It uses the values in the Server, Tree, and Context fields to try and locate a server via DNS. Unless your eDir tree is DNS-rooted, this fails.
One thing you might try is issuing the Set command needed to force the server to not advertise one of your network interfaces. I did this a decade ago when I was setting up a dedicated backup LAN, as I didn't want my clients connecting to the backup-LAN interface.
That will exclude that particular address from NCP serving. It won't get advertised via SLP, and assuming SLP is working should force all client-initiated NCP traffic to the remaining interface.