ACS replication and IP pools server
Hi, I have 2 ACS 3.3.2 with replication active and IP pools server function active.
I know that the IP pools definitions are not replicated but the group associations with pools are.
What's the best way to manage the IP pools on the 2 ACSs ?
60% of the pool on the first and 40% on the second ?
Or is there a way to infor the second ACS of the single IP assigned by the first ACS to avoid overlapping, in case of failure of the first ACS ?
Thank you in advance
greatings
Renato
IP pools are purposely not replicated automatically, no way around it. This is to avoid the situation where users authenticating to two different ACS servers get allocated the same IP address.
Basically there's nothing in ACS where the primary and backups talk to each other about what IP addresses they've allocated (this woul be huge task and require some new sort of communication mechanism between servers). If the same IP pool is configured on all 3 servers, they'll just blindly allocate the next available IP address to users, and you'll run into scenario's where two (or more) users get given the same address.
The pool is therefore purposely not replicated, which means you have to go in manually and configure it, making sure you configure a UNIQUE pool across the 3 servers. This only has to be done once and is then there forever.
Similar Messages
-
Hi all,
I've the following question: is it possible to set up a replication between 2 server running the same version of ACS, but with 1 server behind a PIX running static NAT (private IP address of one server is statically mapped to a public address)?
I was able to manage the replication when the two servers on the same LAN, but when I move the second server on the private LAN I obtain error "shared secret mismatch".
Any idea?
Thanks
Regards
RobertoACs versions 3.1 and greater will not work with replication and NAT'ing. The security of the replication process was increased in these version, and the originating server hashes it's own IP address (the non-NAT'd version of it) into the data to be used as part of the verification process.
If the receiving server sees this from a different IP address due to the NAT'ing then it will fail and produce the "shared secret mismatch" error you're seeing.
Sorry, no way around it unfortunately. -
Replication between Oracle Server and MS SQL Server
Hello,
Does anybody know of a well known or reliable software that can do data replication between Oracle Server and Microsoft SQL server.
I suppose I can write my own version using Heterogenous Services in Oracle but I would like to know if such an automated replication between Oracle and SQL is available commercially.
Thank you.Viacheslav Ostapenko wrote:
Sorry, Aman,
I couldn't find any info about replication to MS SQL. Is it possible at all? Could you provide link where we can read about this? It could be very interesting.Sorry Viacheslav, even I couldn't find anything for the same. I am not sure that it can be done or not, I haven't heard anyone in my contact doing so. The only place where I have seen Streams being used around me is within Oracle db only. May be someone else can help if he/she has done it.
Aman.... -
Hi All,
Please have a look in to the below mentioned environment.
primary site :SITE 1
server 1
server 2
secondary site :SITE 2
server 3
Note : All the above three servers are in single DAG .All the database are mounted on the server (server 1) which is located in the primary site (I.E SITE 1).
On that 5 databases we are having 3500 users .Based on the user designation we have allocated the mailbox size.
Query : Each and every day we are having the large no copy queue length for all the five databases to the server located in SITE 2.
Please help me out on this and also tell me is there any tool available to exactly get the required bandwidth for the exchange servers located between the active directory sites.
Thanks & Regards S.NithyanandhamI don't know of any tool that can calculate things for you but latency is the biggest thing you have to worry about. The other issues is looking at the network gear between the 2 sites. I have seen many times were switches get maxed out if they are set to
1 GB or even ports getting maxed out and need to bonded for more throughput. Test your latency from the edge of each site then test it within to see if there is a difference.
Regardless of their geographic location relative to other DAG members, each member of the DAG must have round trip network latency no greater than 500 milliseconds between each other member.
As the round trip latency between two Mailbox servers hosting copies of a database increases, the potential for replication not being up to date also increases. Regardless of the latency of the solution, customers should validate that the networks between
all DAG members is capable of satisfying the data protection and availability goals of the deployment. Configurations with higher latency values may require special tuning of DAG, replication, and network parameters, such as increasing the number of databases
or decreasing the number of mailboxes per database, to achieve the desired goals.
Round trip latency requirements may not be the most stringent network bandwidth and latency requirement for a multi-datacenter configuration. You must evaluate the total network load, which
includes client access, Active Directory, transport, continuous replication, and other application traffic, to determine the necessary network requirements for your environment.
http://technet.microsoft.com/en-us/library/dd638104(v=exchg.150).aspx
DJ Grijalva | MCITP: EMA 2007/2010 SPA 2010 | www.persistentcerebro.com -
ACS replication issue on VMware ESX 3.5
I have just installed ACS 4.2 on two VMware hosts. I've configured database replication but it won't work. The error message is "shared secret mismatch". This error message occurs if a NAT device is in the path (which it isn't in this case) or if the tcp header is otherwise changed during transmission. I'm wondering if VMware is adding something to the TCP header. Has anyone come across this problem before or has anyone successfully implemented ACS replication when both hosts are on VMware?
Thanks.Hi,
I see that you are getting "shared secret mismatch error" under database replication logs. Just wanted to inform you that this is not because of nat'ed device. This happens when we have different keys for AAA servers on primary and secondary ACS.
The primary server must be configured as an AAA server and must have a key.
The secondary server must have the primary server configured as an AAA
server and its key for the primary server must match the primary servers own
key. The shared secret key should be same on the both the ACS's.
I am sending you one link for Setting Up Replication for Cisco Secure ACS, I
am sure this example with screen shots gives you better understanding.
Please visit the below suggested ULR:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration
_example09186a00800e518a.shtml
If that doesn't resolve the issue, please let me know if you see any server with this ip address 127.0.0.1.
HTH
JK
-Plz rate helpful posts- -
We have 2 ACS appliances that are separated by a WAN.
Both appliances are at the same software version and I have replication set up per Cisco's (as well as others') directions.
When I run replication, I get the error "Cannot replicate to 'ciscoacs2' - server not responding".
If I try replication in the other direction, I get the same error.
I can ping both appliances and access the web interface from both subnets.
There is a firewall between them, but I have port 2000 open and I do not see any other deny messages relating to the ACS replication in the firewall logging.
I ran a sniffer on the receiving appliance's port and got the following:
10.127.101.5 10.127.80.63 TCP evb-elm > cisco-sccp [SYN] Seq=0 Win=65535 Len=0 MSS=1380
10.127.101.5 10.127.80.63 TCP evb-elm > cisco-sccp [ACK] Seq=1 Ack=1 Win=65535 Len=0
10.127.80.63 10.127.101.5 TCP cisco-sccp > evb-elm [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
10.127.101.5 10.127.80.63 TCP evb-elm > cisco-sccp [RST] Seq=25 Win=0 Len=0
10.127.80.63 10.127.101.5 TCP [TCP Dup ACK 1515#1] cisco-sccp > evb-elm [ACK] Seq=1 Ack=1 Win=65535 Len=0
Logging on the devices themselves is terrible, so I really have no idea what would be causing replication to fail.
Thanks.
JasonOne update if it will help. I've been doing some research and I found that ACS replication doesn't like NAT and replication will fail if the IP address is changed through NAT.
While NAT is running on the firewall that our ACS appliance is behind, there is a static mapping to basically keep the NAT address the same. So NAT is being applied, but NAT is just giving it the same address.
I don't know if the NAT process is what's causing the problem? Based on the sniff I posted earlier, the source address of 101.5 is the IP of the ACS appliance.
Taking the device out from behind the firewall could be an option, but it would be a last resort because we would then need to reconfigure all of our equipment to point to the new address, and we have a lot of equipment.
Thanks.
Jason -
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that
the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)(Microsoft SQL Server, Error: 2)
The system cannot find the file specified
Cannot connect to COWBOYS.
Here are the technical details===================================
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider:
Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (.Net SqlClient Data Provider)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=2&LinkId=20476
Error Number: 2
Severity: 20
State: 0
Program Location:
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, Boolean withFailover)
at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover)
at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer
timeout)
at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance)
at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance,
SqlConnectionString userConnectionOptions, SessionData reconnectSessionData)
at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)
at System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup, DbConnectionOptions userOptions)
at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)
at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
at System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
at System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry)
at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry)
at System.Data.SqlClient.SqlConnection.Open()
at Microsoft.SqlServer.Management.SqlStudio.Explorer.ObjectExplorerService.ValidateConnection(UIConnectionInfo ci, IServerType server)
at Microsoft.SqlServer.Management.UI.ConnectionDlg.Connector.ConnectionThreadUser()
===================================
The system cannot find the file specified
I have tried from so many forms. This is so frustrating. Thank for everyone/anyone who wants to help. So this is what happened: I had to uninstall my previous sqlserver 2012(which worked great) for some reason, and I uninstalled everything from that download.
Then I installed the trial edition of sql server 2012 (64 Bit) and It wouldn't connect to the database. (Error mentioned above.) My local DB is COWBOYS. (COWBOYS is also my computer name.) After this, I have tried downloading sqlexpress and sqlserver 64bit
many times and cannot connect to my local DB.
How do I connect to my Local DB?
Also, I think this might help: (When I run sqlserve.exe, which I was able to find in C:\Program Files\Microsoft SQL Server\110\LocalDB\Binn, I get an error: Your SQL server installation is either corrupt or has been tampered with(Error getting
instance ID from name). Please uninstall then re-run setup to correct this problem.
I would happily re install it, if it wasn't my 20th time.
I don't have any remote connections, I don't use username/password, only window authentication. I work mostly on visual studio, but without able to store /retrieve data, I don't know how to survive.
May be the solution is very simple, but I am too frustrated.
Some of the things I have tried:
From a command prompt, enter one of the following commands:
net start "SQL Server Agent (MSSQLSERVER)" OR
net start "SQL Server Agent(instancename)"(for instance)
on my sql configuration, I cannot start anything because there is nothing there to start. I can post more details, if that would help. Also, some more details about the error:
Details
Product:
SQL Server
ID:
2
Source:
MSSQLServer
Version:
10.0
Component:
SQLEngine
Message:
An error has occurred while establishing a connection to the server. When connecting to SQL Server, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error:
40 - Could not open a connection to SQL Server) (.Net SqlClient Data Provider)
Explanation
SQL Server did not respond to the client request because the server is probably not started.
User Action
Make sure that the server is started.
Version:
9.0
Component:
SQLEngine
Message:
An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error:
40 - Could not open a connection to SQL Server) (.Net SqlClient Data Provider)
Explanation
SQL Server did not respond to the client request because the server is probably not started.
User Action
Make sure that the server is started.
Any one that can help me, I will be greatful. Thank you so much. p.s. please ask me anything if you have any questions.It sounds like there are a couple things going on here. First check if you have a successful install of SQL Server, then we'll figure out the connection issues.
Can you launch SQL Server Configuration Manager and check for SQL Server (MSSQLSERVER) if default instance or SQL Server (other name) if you've configured your instance as a named instance. Once you find this, make sure the service is started.
If not started, try to start it and see if it throws an error. If you get an error, post the error message your hitting. If the service starts, you can then launch SSMS and try to connect. If you have a default instance, you can use the machine
name in the connection dialog. Ex: "COWBOYS" where Cowboys is the machine name. However, if you named the SQL Server instance during install, you'll need to connect using the machine\instance format. Ex: COWBOYS\Romo (where Romo
is the instance name you set during install).
You can also look at the summary.txt file in the SQL Server setup error logs to see what happened on the most recent install. Past install history is archived in the log folder if you need to dig those up to help troubleshoot, but the most
recent one may help get to the bottom of it if there is an issue with setup detecting a prior instance that needs to be repaired.
Thanks,
Sam Lester (MSFT)
http://blogs.msdn.com/b/samlester
This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click
"Mark as Answer" and
"Vote as Helpful" on posts that help you. This can be beneficial to other community members reading the thread. -
Lync 2013 Enterprise load balancing on the front end and edge pool
Hi,
I am setting up a Lync 2013 Enterprise deployment consisting of a Front End pool (x2 FE servers) and an Edge pool (x2 Edge servers). I'm seeing some conflicting advice regarding load balancing using hardware or DNS for the front end and the edge.
On the front end I have 2 internal DNS records 'lyncfepool1.contoso.local' each of which map to one of the IPs of the FE servers. I've used my details to populate the Detailed Design Planner excel spreadsheet and am told that I require a HLB to load
balance my front end pool. I'm aware of the need to load balance HTTPS traffic internally (which will be done by TMG) however other traffic to the front end (SIP, etc) can be balanced by DNS only, and not require a HLB?
Can someone clarify the front end requirement?
Also - looking now at the edge pool - this site again have two edge servers in a pool. We are using a total of six private IP addresses, two per edge service (2 x av.contoso.com, 2 x sip.contoso.com and 2 x webcon.contoso.com). These will be
NAT'ed by the external firewall and directed to the respective external (DMZ) IP addresses on the Edge servers on port 443. I know this isn't true roundrobin due to the intelligence of the Lync client when connecting (in that the Lync client will connect
to one of the public IPs and if it can't connect, it will know to connect to the other service IP), however I want to clarify this set up, particularly the need to direct the external public IP traffic at the DMZ Edge IP specified in the topology builder.
I've attached a basic diagram of the external/DMZ/Edge side which hopefully helps with this question
Persevere, Persevere, Per..That is because you will always need HLB for a front-end server since it hosts the Lync webservices which use HTTP/HTTPS traffic.
The description on the calculation tool also describes this correctly:
Supports Standard and Enterprise pools (up to 12 nodes), with pure device-based load balancing or a combination of DNS load balancing and device-based load balancing (for
Lync web services)
You can use either Hardware or DNS loadbalancing for SIP traffic only, but you will always need a HLB for the webservices. Both are applicable for the Front-End so you have either
full HLB for both SIP and HTTP(S) traffic
DNS LB for SIP traffic and HLB for HTTP(S) traffic
Hope this is more clear :-)
Lync Server MVP | MCITP Lync Server 2010 | If you think my post is the answer to your question, please mark it as answer so future visitors can easily find it. -
Questions on replication and h/w load balancer
Why does h/w load balancer have to support passive cookies and inspect them to
dispatch the request to the primary server first? If we have in-memory replication
and if h/w loadbalancer just dispatches the http request from the client to any
of the weblogic servers in the cluster wouldnt this work?
Is it to pin the session to the creator server to minimize the chance of replication
misses due to n/w issues, member server slow speed, buffer overwrite etc.
-Shiraz
Yes, and previous to 6.1 (?) if the request showed up at the wrong server it
would fail.
Peace,
Cameron Purdy
Tangosol Inc.
Tangosol Coherence: Clustered Coherent Cache for J2EE
Information at http://www.tangosol.com/
"Shiraz Zaidi" <[email protected]> wrote in message
news:3c15aa10$[email protected]..
>
> Why does h/w load balancer have to support passive cookies and inspect
them to
> dispatch the request to the primary server first? If we have in-memory
replication
> and if h/w loadbalancer just dispatches the http request from the client
to any
> of the weblogic servers in the cluster wouldnt this work?
>
> Is it to pin the session to the creator server to minimize the chance of
replication
> misses due to n/w issues, member server slow speed, buffer overwrite etc.
>
> -Shiraz
-
Hi,
I am Shanmugavel, SharePoint developer,
I am facing the below SharePoint 2013 deployment issue while deploying using VS2012.
If i will deploy the same wsp or existing wsp
(last build) using direct powershell deployment, the solution adding properly, but the same timeout exception coming while activation the features. Please find the below error.
I tried the below activists:
1. Restarted my dev server, DB server.
2. tried the same solution id different server
3. tried existing wsp file (last build version)
4. Deactivated all the features, including project Active deployment configuration.... but still i am facing the same issue.
I hope this is not coding level issue, because still my code is not start running, before that some problem coming.
Please help me any one..... Last two days i am struck because of this...What you need to understand is the installation of a WSP does not do much. It just makes sure that you relevant solution files are deployed to the SharePoint farm.
Next comes the point when you activate the features. It is when the code which you have written to "Activate" certain features for your custom solution.
Regarding the error you are getting, it typically means that you have more connections (default is I guess 100) open for a SQL database then you are allowed to.
If you have a custom database and you are opening a connection, make sure you close it as well.
Look at the similar discussion here:
The timeout period elapsed prior to obtaining a connection from the pool. This may have occurred because all pooled connections were in use and max pool
size was reached[^]
I would suggest further to look at the
ULS logs[^] to get better insight.
Manas Bhardwaj's Stream : www.manasbhardwaj.net -
I have a scenario with the three nodes with server 2012 standard, each running an instance of SQL Server 2012 enterprise, participate in a
single Windows Server Failover Cluster (WSFC) that spans two data centers.
If the nodes in the primary data center are unavailable due to data center outage. Then how I can able to access node in the WSFC (Windows Server Failover Cluster) in the secondary disaster recovery data center automatically with some script.
I want to write script that can be able to check primary data center by pinging some IP after every 5 or 10 minutes.
If that IP is unable to respond then script can be able to Perform Forced Manual Failover of Availability Group (SQL Server) and WSFC (Windows Server Failover Cluster)
Can you please guide me for script writing for automatic failover in case of primary datacenter outage?You are trying to implement manually what should be happening automatically in the cluster. If the primary SQL Server becomes unavailable in the data center, it should fail over to the secondary SQL Server automatically. Is that not working?
You also might want to run this configuration by some SQL experts. I am not a SQL expert, but if you have both hosts in the data center in a cluster, there is no need for replication between those two nodes as they would be accessing
the database from some form of shared storage. Then it looks like you are trying to implement Always On to the DR site. I'm not sure you can mix both types of failover in a single configuration.
FYI, it would make more sense to establish a file share witness in your DR site instead of placing a third node in the data center for Node Majority quorum.
. : | : . : | : . tim -
[Fwd: Re: rdbms realm and connection pool]
Hi,
One reason why I would like to use the connection pool for the RDBMS
realm is because there is the retry machanism built into the connection
pool. With this retry, I don't need to re-start WebLogic if the DB
server is somehow re-started. With the current implementation, all the
connections maintained by the realm will become invalid if the DB server
has been restarted independently.
-------- Original Message --------
Subject: Re: rdbms realm and connection pool
Date: Wed, 27 Sep 2000 09:32:47 +0100
From: "Terry" <[email protected]>
Reply-To: "Terry" <[email protected]>
Organization: BEA SYSTEMS Inc
Newsgroups: weblogic.developer.interest.security
References: <[email protected]>
I believe not- the realm restricts access to connection pools to those
who
are allowed it, so if the realm needs the connection pool to start up,
and
you can't open the connection pool without the realm then you have a bit
of
a no-chicken and no-egg situation, which is I believe one of the reasons
why
there is no use of connection pools, ejbs, jndi, servlets etc. in the
realm
(along with other reasons, like why would it be provided with a servlet)
The delegate pool acts somewhat similarly to a connection pool, and can
even
use the same database, so I'm not sure what the advantage would be
Terry
Nirmala devi <[email protected]> wrote in message
news:[email protected]..
>
I think the rdbms realm uses different connection as it need to be setbefore
the connection pool for Database.Is there any that i can point my rdbmsrealm to use
the connection pool for Database instead
Thanks in advance
NirmalaI believe not- the realm restricts access to connection pools to those who
are allowed it, so if the realm needs the connection pool to start up, and
you can't open the connection pool without the realm then you have a bit of
a no-chicken and no-egg situation, which is I believe one of the reasons why
there is no use of connection pools, ejbs, jndi, servlets etc. in the realm
(along with other reasons, like why would it be provided with a servlet)
The delegate pool acts somewhat similarly to a connection pool, and can even
use the same database, so I'm not sure what the advantage would be
Terry
Nirmala devi <[email protected]> wrote in message
news:[email protected]..
>
I think the rdbms realm uses different connection as it need to be setbefore
the connection pool for Database.Is there any that i can point my rdbmsrealm to use
the connection pool for Database instead
Thanks in advance
Nirmala -
Comparision between Multimaster replication and data guard
Hi,
I have some questions regarding Multimaster Replication and Data Guard. Like
*1.)* I have a web site having database in oracle 10.2.0 and multimaster replication configured on it. But whenever i need to change the structure of the tables i
need to stop replication. So my web site is unavailable but my first priority is availability. So will it be useful for me to configure data guard.
*2.)* I have configured data guard for testing . My Database is Named as Gard and physical standby database is like stan.
it is working fine.
suppose my main database server get corrupted i have no option to start main database server. Now i left with only standby server how i can start standby server
as database main server.
*3.)* Is there any if main database stop working Standby database start working as main without dba intervention.
Thanks
Umesh
Edited by: Umesh Sharma on Jan 14, 2009 4:17 AMHi Umesh,
first of all you should be aware that Dataguard and Replication are two completely different things.
While the database where you replicate to is always up and open in read write mode, a physical standby can either be recovering or open in read only mode.
1.) I think from what you are telling you probably should consider using dataguard with a logical standby database, but be aware that there will be some limitations regarding datatypes.
2.) you can do a failover or a switchover, depending on your database version switchback may not be possible
3.) have a look at dataguard broker, you can use it to automate the failover
Best regards,
PP -
Windows 2012 - SYSVOL replication and NETLOGON share
After reading 100 tons of articles and links i decided to open this thread.
I know today is 1st of april, but unfortunately for me this is not a joke.
given:
two 2003 DC's - physical servers
two 2008 DC's - VM's on ESX 5.1 hosts
two 2012 DC's - VM's on ESX 5.5 hosts
domian fucntional level 2003
situation:
we plan to decom the 2003's.
The 2008 DC's are in place since a while and working ok.
We plan to upgrade to 2012 and here it is where the trouble starts.
Firstly, I couldn't, by any means, to promote 2012 as DC's until i moved all the FSMO roles from the 2003 DC's to the 2008 DC's.
After lots of work with the network team we made all the right connections opened the firewalls, made the DCDIAG and DNS tests and the only problem reported are the SYSVOL replication and NETLOGON share.
I tried all the tools out there to check the replication and the last one is Microsoft's AdRplstatus Tool which made me think that either Microsoft makes fun of me, either i'm the dumbest windows admin on this planet.
This tool reports that there are NO ERRORS in replicating SYSVOL, but when i run the command 'net share' the 'domain.com\sysvol\scripts' is not there. Further more checking, i try to access '\\domain.com\sysvol' - directory under which i must find the 'policies'
and 'scripts' folders and, Sysvol is empty - obviously these are present when i do this check from the 2008 DC's or 2003 DC's.
Is there a known issue for these problems regarding 2012 and ESX 5.5 ? - still, i doubt it.
DCDIAG /TEST:DNS
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = dc-p01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: dc-p01
Starting test: Connectivity
......................... dc-p01 passed test Connectivity
Doing primary tests
Testing server: dc-p01
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... dc-p01 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : domain
Running enterprise tests on : domain.com
Starting test: DNS
Test results for domain controllers:
DC: dc-p01.domain.com
Domain: domain.com
TEST: Dynamic update (Dyn)
Warning: Failed to delete the test record dcdiag-test-record i
n zone domain.com
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 184.134.0.97 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 184.134.0.97
dc-p01 PASS
PASS PASS PASS WARN PASS n/a
......................... domain.com passed test DNS
The PTR record query for 1.0.0.127 is still there but i will change it manually, my DNS is set as primary to point to the server itself by it's IP and not 127.0.0.1.
still, that DNS server with that error is a linux DNS, but all my DC's have DNS role on and fully replicating and working, including the 2012's.
DCDIAG:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = dc-p01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: dc-p01
Starting test: Connectivity
......................... dc-p01 passed test Connectivity
Doing primary tests
Testing server: dc-p01
Starting test: Advertising
......................... dc-p01 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... dc-p01 passed test FrsEvent
Starting test: DFSREvent
......................... dc-p01 passed test DFSREvent
Starting test: SysVolCheck
......................... dc-p01 passed test SysVolCheck
Starting test: KccEvent
......................... dc-p01 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... dc-p01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... dc-p01 passed test MachineAccount
Starting test: NCSecDesc
......................... dc-p01 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\dc-p01\netlogon)
[dc-p01] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... dc-p01 failed test NetLogons
Starting test: ObjectsReplicated
......................... dc-p01 passed test ObjectsReplicated
Starting test: Replications
REPLICATION-RECEIVED LATENCY WARNING
dc-p01: Current time is 2014-04-01 10:25:09.
DC=ForestDnsZones,DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:22:40
DC=DomainDnsZones,DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:22:40
CN=Schema,CN=Configuration,DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:22:40
CN=Configuration,DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:25:50
DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:22:40
......................... dc-p01 passed test Replications
Starting test: RidManager
......................... dc-p01 passed test RidManager
Starting test: Services
......................... dc-p01 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 09:26:35
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:27:52
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID fdc (C:\Windows\s
ystem32\taskhost.exe).
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 09:31:14
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 09:32:13
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:32:53
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID c18 (C:\Windows\s
ystem32\taskhost.exe).
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 09:35:33
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:37:54
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID 950 (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:42:54
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID 5c4 (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:47:55
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID ee0 (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:52:56
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID e48 (C:\Windows\s
ystem32\taskhost.exe).
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 09:53:30
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:57:57
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID a20 (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 10:02:58
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID 1bc (C:\Windows\s
ystem32\taskhost.exe).
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 10:06:04
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 10:07:58
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID 14c (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 10:12:59
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID 90c (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 10:18:00
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID 558 (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 10:23:01
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID f00 (C:\Windows\s
ystem32\taskhost.exe).
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 10:23:56
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
......................... dc-p01 failed test SystemLog
Starting test: VerifyReferences
......................... dc-p01 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : mydomain
Starting test: CheckSDRefDom
......................... mydomain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... mydomain passed test CrossRefValidation
Running enterprise tests on : domain.comn
Starting test: LocatorCheck
......................... domain.comn passed test LocatorCheck
Starting test: Intersite
......................... domain.comn passed test Intersite
in Active DIrecotry Sites adn Services when i try to replicate FROM a valid SYSVOL Domain Controller towards my 2012 DC i get this:
The following error ocurred during the attempt to contact the domain controller dc-p01:
Directory object not found
i cannot upload picture yet because Ms ...didn t verified me.Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\dc-p01\netlogon)
[dc-p01] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... dc-p01 failed test NetLogons
Starting test: ObjectsReplicated
......................... dc-p01 passed test ObjectsReplicated
Starting test: Replications
REPLICATION-RECEIVED LATENCY WARNING
dc-p01: Current time is 2014-04-01 10:25:09.
DC=ForestDnsZones,DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:22:40
DC=DomainDnsZones,DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:22:40
To perform non-authoritative restore of sysvol, you set the Burflag value & system will automatically tries to sync contents of sysvol with its replicating partner DC. Its not mandatory to select any particular DC for sysvol replication becasue in a
same domain, all DC's shares the same sysvol content.
Sometime, if initialization of FRS doesn't start, you have to follow the below article. Its also applicable to windows 2008 even as long as your using FRS for replication.
http://support.microsoft.com/kb/290762/en-us
To force the replication of sysvol using cmdline, refer below link.
http://blogs.technet.com/b/justinturner/archive/2007/04/27/quick-tip-force-frs-replication.aspx
Its better to find out what went wrong with the overall AD domain infra that sysvol has not been able to contact its partner for sysvol replication using depth assessment of the domain. It can be the network,firewall,antivirus or in-built firewall port issues
which might have broken sysvol replication.
http://msmvps.com/blogs/ad/archive/2008/06/03/active-directory-health-checks-for-domain-controllers.aspx
Awinish Vishwakarma - MVP
My Blog: awinish.wordpress.com
Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
How can I make WL 8.1 flush the cache and/or pool for 1.1 EJBs
Hi,
I'm using 1.1 deployment descriptors for my CMP entity bean that were previously
used in the WL 5.1 version of my project.
Things do get deployed but I've observed confusing information when monitoring
the EJB via Admin Console.
What appears is that the Weblogic container is not flushing the cache and/or pool
after the bean has finished processing and also a sufficient time has expired
(i.e. the idle-timeout-seconds)
From what I've understood via the on-line information is that each EJB has its
own cache (since I've not done anything special for that) and the instance in
cache is only passivated when the cache is full and the server need to activate
another instance. On passivation, it appears to be returning the instance to the
pool. But its unclear/undocumented when the pool is cleared, if at all.
What I want is that:
1. A way to get my cached instance passivated
2. A way to get my pooled instance flushed.
The reason I'm looking into this is becasue in my case it appears that the cached/pooled
instance are contributing to OutOfMemory errors and because of the nature of requirements,
etc. we need to have the cache size be high for certain processing.
Thanks
ParasherI think it's probably best to contact technical support about this.
There are different patches for different versions of WLS.
I'd mention 'CR128026' to them to get started.
-thorick
"Parasher" <[email protected]> wrote:
>
Hi,
Thank you for your reply !
How can I get more information about this patch and the patch itself
Is there a way I can look it up online or do I have to contact the support
folks
and if so what should I need to tell them to convey which patch I'm talking
about.
Thank you in advance.
Parasher
"thorick" <[email protected]> wrote:
Hi,
If you use 'Database' concurrency, then there is a patch available for
some 8.1
service
packs to enable idle-timeout-seconds on the cache. I believe that this
will be
standard
feature with the next service pack. There is no comparable mechanism
for the
pool in 8.1,
this is a feature that is coming with the next major release of WLS.
If the
8.1 patch works
for you, it can save you memory during off peak usage times. Notethat
this
patch does not
work for 'Exclusive' concurrency.
-thorick
Maybe you are looking for
-
Cant read a part of xml file using AS3
Hi i can read everything from my xml file except a part that i can always get teh first items of each category (it will make more sence in a sec) So here is my xml [HTML]<?xml version="1.0" encoding="UTF-8"?> <flashxml> <second_page> <sp text="
-
Can't get transitions to execute
Hi folks, I'm building my first Flex app, which is a typical simple quiz. Intro state, string of questions, then a result. I'm stuck right now in that my transitions are not running. I suspect it has something to do with the fact that I extended the
-
Link translation without content type
i am trying to publish a website which uses a XMLHttpRequest without defining a content type. the result i am getting is that www.internalurl.com/internalPath/?somedatabutnofile is translated in www.externalurl.com/externalPath/internalPath/?somedata
-
Viewing and printing a .dwg file
I am using the pro version of adobe acrobat. I try opening a .dwg file and it seems to revert to an 8.5 x 11.00 in rather than the original 24.0 x 36.0 in size. How can I get the file to open to original size?
-
I have a workflow that has to wait for a process on anotehr system. In the workflow I suspend the process after sending information to another system. I then execute the following procedure using sqlplus, execute immediate: function FINISH_PROCESS (p