My Primary DC is down

Hi all my Primary DC has been down since yesterday due to a hardware failure and should be back up on friday, already started having issues with users not been able to logon with error "Cannot not establish trust relationship". From research I have
to seize the PDC emulator role on my second DC. The question i have is after this is done, on friday when my Primary domain controller is UP can i transfer my PDC Role back to it and what Should I/Should I not do.
PS: My OS is Win Server 2008 R2 for both DC's.

You should not consider sizing as long as you will be bringing back the down DC. I have documented the impacts here: http://social.technet.microsoft.com/wiki/contents/articles/20420.possible-impacts-when-putting-online-an-old-fsmo-role-holder.aspx
Does rejoining the computers to the domain fix the issue? If yes then consider this as a workaround.
Please be careful with the time sync as, if it deviates with 5 minutes, your computers will have Kerberos failures and won't be able to login. I would recommend that you check the time of your DC every day and manually adjust it in case it becomes incorrect.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile

Similar Messages

How to setup a backup web application in iis When primary application is down

This is my Scenarios:
Scenario 1:
I have a web application(www.abc.com) hosted in IIS windows server 2008 R2. we use the the application over the intranet connected with LAN. we have the same application hosted in IIS in Different Name too.
Primary : www.abc.com , Backup : www.abc1.com
If the primary application is down for any reason the backup application should handle the request for the primary one.
How to monitor the Primary application for unexpected DOWN and how to UP the backup automatically ones it detected the down of primary ?
Scenario 2:
This scenario is meant of Fail-safe server setup, I googled but can't get a clear brief idea.
Note : web Application is used inside the organisation . can't accessed via internet
Same as First Scenario But the the application hosted in two different servers at same location/Different location with different IP address
If the primary Server is down for any reason the backup Server should handle the request for the primary one.
How to monitor the Primary Server for unexpected DOWN and how to UP the backup automatically ones it detected the down of primary ?
Is there any free tools are available ?
Kindly provide me solution for these Scenarios .

Hi Rajakrishnan17
1. Your question is more suited for Windows Server forum, not for Windows 7.
2. What you try to achieve cannot be configured with out-of-the-box features in Windows 7.
3. You may try to see if Network LoadBbalancing (NLB) feature in Windows Server 2008 and later fits your requirements.

Repository Service Error: JMS primary node is down

Hi All
I have create a repository service which moves files from one folder to another and I am currently having a problem. Once I attach the service to the CM Repository the portal stops functioning. e.g. Portal Fav don't appear, Item not Found errors everywhere.
I have checked the log and get the following message:
May 3, 2006 1:42:37 PM com.sapportals.config.fwk.meta.MetaConfigArchiveManifest [SAPEngine_Application_Thread[impl:3]_28] Error      invalid name [News_CopyNews.prjconfig] for meta archive [NewsCopyNews.prjconfig] (expected CMA-name:NewsCopyNews.prjconfig): please, check the manifest of this CMA!
May 3, 2006 1:42:37 PM com.sapportals.config.fwk.meta.MetaConfigManager_V2 [SAPEngine_Application_Thread[impl:3]_28] Error      [meta_v2_config://local] error while migrating [metarchive_portal]. The configMetaArchive needs to be removed or migrated 'manually' : ConfigException: Configuration framework system error: "source [config://pcd/local/meta/lib] already contain the configMetaArchive."
May 3, 2006 1:46:34 PM com.sapportals.portal.prt.service.config.ConfigNotificationHandler [SAPEngine_Application_Thread[impl:3]_4] Fatal      An exception has been received from the JMS Connection
[EXCEPTION]
com.sap.jms.server.exception.JMSServerException: JMS primary node is down! Please recreate all used jms resources.
     at com.sap.jms.server.context.impl.ConnectionContextImpl.exit(ConnectionContextImpl.java:349)
     at com.sap.jms.server.JMSServerInstance.stop(JMSServerInstance.java:318)
     at com.sap.jms.server.JMSServerContainer.stopJMSServerInstance(JMSServerContainer.java:197)
     at com.sap.jms.server.JMSServerContainer.stop(JMSServerContainer.java:287)
     at com.sap.jms.server.JMSServerFrame.stop(JMSServerFrame.java:420)
     at com.sap.engine.core.service630.container.ServiceStopper.run(ServiceStopper.java:31)
     at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
     at com.sap.engine.core.thread.impl5.SingleThread.execute(SingleThread.java:79)
     at com.sap.engine.core.thread.impl5.SingleThread.run(SingleThread.java:150)
Hope this makes some sense to some one, I have also included the code for my Service below.
Thanks in advance.
Phil
SERVICE CODE:
package newsCopy;
import com.sapportals.wcm.repository.service.AbstractRepositoryService;
import com.sapportals.wcm.repository.service.ServiceNotAvailableException;
import com.sapportals.wcm.repository.manager.IResourceEventReceiver;
import com.sapportals.wcm.repository.manager.IRepositoryManager;
import com.sapportals.wcm.util.events.IEvent;
import com.sapportals.wcm.crt.component.*;
import com.sapportals.wcm.crt.configuration.*;
import com.sapportals.wcm.WcmException;
import java.util.Collection;
// New SAP Imports
import com.sapportals.wcm.repository.*;
import com.sapportals.wcm.util.uri.RID;
import com.sap.tc.logging.Location;
import com.sapportals.wcm.repository.manager.ResourceEvent;
//Java Imports
import java.util.Iterator;
// implements IMyNewRepositoryService interface
Note: IReconfigurable and IResourceEventReceiver interfaces are optional
public class newsCopy extends AbstractRepositoryService implements IReconfigurable, IResourceEventReceiver {
private static final String TYPE = "newsCopy";
public newsCopy() {
    super();
    // Do not add code here. Add it to startUpImpl() instead
public String getServiceType() {
    return newsCopy.TYPE;
protected void startUpImpl(Collection repositoryManagers) throws ConfigurationException, StartupException {
     //On Service Startup
     log.errorT("******* startUpImpl");
     try {
     }     catch (Exception e) {
          throw new StartupException(e.getMessage(), e);
     Iterator it = repositoryManagers.iterator();
     while (it.hasNext()){
     try {
          addRepositoryAssignment((IRepositoryManager) it.next());
     } catch (ServiceNotAvailableException e) {
          log.errorT("******* startUpImpl service not available"); }
protected void shutDownImpl() { }
protected void addRepositoryAssignment(IRepositoryManager mgr) throws ServiceNotAvailableException {
     log.errorT("******* addRepositoryAssignment");
     try{
          mgr.getEventBroker().register(this, new ResourceEvent(ResourceEvent.CREATE_CHILD, null));
     }     catch(WcmException e)      {
          log.errorT("******* addRepositoryAssignment_Exception");
protected void removeRepositoryAssignment(IRepositoryManager mgr) throws WcmException {
     log.errorT("******* removeRepositoryAssignment");
public void reconfigure(IConfiguration config) throws ConfigurationException {
    this.stateHandler.preReconfigure();
     log.errorT("******* Reconfigure");
    this.config = config;
    this.stateHandler.postReconfigure();
private static final Location log = Location.getLocation(newsCopy.class);
public void received(IEvent event) {
     IResource resource = (IResource)event.getParameter();
     IResource sourceResource = resource;
     RID destinationRid = null;
     try {
          destinationRid = RID.getRID("/arco_news/LatestNews/" + resource.getName());
     }      catch (ResourceException e1) {
          log.errorT("********** No. 1 Resource Exception!");
     ICopyParameter cp = new CopyParameter();
     cp.setIgnorePropertyFailures(true);
     cp.setOverwrite(true);
     if (sourceResource != null && destinationRid != null){
          try {
               sourceResource.copy(destinationRid,cp);
          } catch (NotSupportedException e) {
               log.errorT("******* No. 2 NotSupportedException");
          } catch (AccessDeniedException e) {
               log.errorT("******* No. 3 AccessDeniedException");
          } catch (ResourceException e) {
               log.errorT("******* No. 4 ResourceException");
               log.errorT("******* No. 5 Completed");

Yes, basically there was a problem with the repository service. When I had created it and uploaded it to the portal, I had applied it to a KM folder. When I had removed the service I forgot to remove it from the KM folder.
Once this was done all worked fine!
Hope this helps
Phil

Primary Server went down going to get a fresh object elsewhere in the clust

C:\>java -cp c:/oc4j_extended/j2ee/home/oc4j.jar;c:/how-to-ejb-clustering/lib/st
ackClient.jar cluster.client.ClusterClient
[One]
[One, Two]
[One, Two, Three]
Kill current server and press Enter to continue.
Primary Server went down going to get a fresh object elsewhere in the cluster
Exception in thread "main" com.evermind.server.rmi.RMIConnectionException: Serve
r shutdown
at com.evermind.server.rmi.RemoteInvocationHandler.invoke(RemoteInvocati
onHandler.java:50)
at com.evermind.server.rmi.RecoverableRemoteInvocationHandler.invoke(Rec
overableRemoteInvocationHandler.java:22)
at com.evermind.server.ejb.StatefulSessionRemoteInvocationHandler.invoke
(StatefulSessionRemoteInvocationHandler.java:40)
at __Proxy2.push(Unknown Source)
at cluster.client.ClusterClient.main(ClusterClient.java:45)

Upss,i forgot to inform :
i have my BC4J deployed ( +- 10 Entity objects/View objects ) , 1 Application Module
i also developed java client to access this BC4J component,and calculate the average process time.
Thanks
Regards,
Ricky HP

ASA has to be failed over when primary ISP goes down.

I have an outside 7206 router that is configured with BGP. Behind that I have an ASA 5520 with a failover. Everytime my primary ISP goes down I have to failover the ASA to restablish a connection to the secondary ISP. When the primary comes back on line I have to fail it over again. I have had Cisco TAC look at the ASA and they didn't see anything misconfigured on the ASA. Doesn't seem to be any problems with the router config either. Any Ideas on what could be causing this?

Thanks for your responses. Sorry, I'm new to this. Here are the configs and a simple pic of the primary asa and router the way thery are deployed. I've been dealing with issue for a while. Hoping to get some help here.
7206 router:
show runn
Building configuration...
Current configuration : 4678 bytes
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname lee-border
boot-start-marker
boot-end-marker
enable secret 5 **********************
no aaa new-model
ip subnet-zero
ip cef
ip name-server 206.77.62.152
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface GigabitEthernet0/1
description Univ. of Texas OTS for ISP and Inet2
no ip address
duplex full
speed 100
media-type rj45
negotiation auto
interface GigabitEthernet0/1.7
description Internet2 Access
encapsulation dot1Q 7
ip address 192.88.12.238 255.255.255.252
interface GigabitEthernet0/1.16
description THENet-Access
encapsulation dot1Q 16
ip address 207.80.110.134 255.255.255.252
interface GigabitEthernet0/1.743
description UT OTS TX-BB Peering
encapsulation dot1Q 743
ip address 192.124.228.114 255.255.255.252
interface GigabitEthernet0/2
description Phonoscope ISP Service
ip address 66.60.235.146 255.255.255.248
duplex full
speed 100
media-type rj45
negotiation auto
interface GigabitEthernet0/3
description Lee College Internal LANs
ip address 68.232.208.241 255.255.255.240 secondary
ip address 68.232.208.1 255.255.255.248
duplex full
speed auto
media-type rj45
negotiation auto
interface ATM1/0
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/1
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/2
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/3
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/4
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/5
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/6
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/7
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface FastEthernet2/0
no ip address
shutdown
duplex half
interface FastEthernet4/0
no ip address
duplex auto
speed auto
interface FastEthernet4/1
no ip address
shutdown
duplex auto
speed auto
router bgp 46094
no synchronization
bgp log-neighbor-changes
network 68.232.208.0 mask 255.255.240.0
network 198.216.112.0 mask 255.255.252.0
network 207.80.120.0 mask 255.255.252.0
neighbor 66.60.235.145 remote-as 22442
neighbor 66.60.235.145 description Phonoscope
neighbor 66.60.235.145 next-hop-self
neighbor 66.60.235.145 send-community
neighbor 66.60.235.145 version 4
neighbor 66.60.235.145 soft-reconfiguration inbound
neighbor 66.60.235.145 route-map Lee-out out
neighbor 192.88.12.237 remote-as 276
neighbor 192.88.12.237 description Internet2 Peering
neighbor 192.88.12.237 send-community
neighbor 192.88.12.237 version 4
neighbor 192.88.12.237 route-map I2-in in
neighbor 192.88.12.237 route-map Lee-I2-out out
neighbor 192.88.12.237 password 7 132C4546070901
neighbor 192.124.228.113 remote-as 6922
neighbor 192.124.228.113 description UT-Commodity
neighbor 192.124.228.113 send-community
neighbor 192.124.228.113 soft-reconfiguration inbound
neighbor 192.124.228.113 route-map OTS-in in
neighbor 192.124.228.113 route-map OTS-out out
no auto-summary
ip default-gateway 192.124.228.113
ip classless
ip route 68.232.208.0 255.255.240.0 Null0 250
ip route 68.232.209.0 255.255.255.0 68.232.208.2
ip route 68.232.211.0 255.255.255.0 68.232.208.2
ip route 68.232.212.0 255.255.252.0 68.232.208.2
ip route 68.232.216.0 255.255.248.0 68.232.208.2
ip route 198.216.112.0 255.255.252.0 Null0 250
ip route 198.216.113.0 255.255.255.0 198.216.115.1
ip route 198.216.114.0 255.255.255.0 198.216.115.1
ip route 207.80.8.0 255.255.255.0 198.216.115.1
ip route 207.80.120.0 255.255.252.0 Null0 250
ip route 207.80.120.0 255.255.255.0 198.216.115.1
ip route 207.80.121.0 255.255.255.0 198.216.115.1
ip route 207.80.122.0 255.255.255.0 198.216.115.1
ip route 207.80.123.0 255.255.255.0 198.216.115.1
no ip http server
access-list 90 permit 68.232.208.0 0.0.15.255
access-list 90 deny any
access-list 91 permit 198.216.112.0 0.0.3.255
access-list 91 permit 207.80.112.0 0.0.15.255
access-list 91 deny any
route-map OTS-out permit 10
match ip address 90
route-map Lee-out permit 10
match ip address 90
route-map I2-in permit 10
set local-preference 200
route-map Lee-I2-out permit 10
match ip address 90
route-map Lee-I2-out permit 20
match ip address 91
route-map OTS-in permit 10
set local-preference 150
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 *****************
login
end
ASA (Primary)
logging permit-hostdown
mtu Outside 1500
mtu inside 1500
mtu LeeDMZ 1500
mtu management 1500
failover
failover lan unit secondary
failover lan interface failover GigabitEthernet0/3
failover link failover GigabitEthernet0/3
failover interface ip failover 172.16.1.1 255.255.255.0 standby 172.16.1.2
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any LeeDMZ
asdm image disk0:/asdm-623.bin
no asdm history enable
arp timeout 14400
global (Outside) 1 68.232.211.1-68.232.223.253
global (Outside) 1 interface
global (Outside) 1 68.232.223.254
global (Outside) 2 68.232.209.25
global (LeeDMZ) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0 tcp 16384 12000
nat (LeeDMZ) 2 access-list NAT_NEW_ISA
nat (LeeDMZ) 1 192.168.10.0 255.255.255.0
static (inside,Outside) 68.232.209.10 10.1.200.253 netmask 255.255.255.255
static (inside,LeeDMZ) 10.1.0.0 10.1.0.0 netmask 255.255.0.0
static (inside,LeeDMZ) 192.168.3.0 192.168.3.0 netmask 255.255.255.0
static (inside,Outside) 68.232.209.53 10.1.254.3 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.5 192.168.10.5 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.6 192.168.10.6 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.51 192.168.10.51 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.37 192.168.10.37 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.75 192.168.10.75 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.101 192.168.10.101 netmask 255.255.255.255
static (inside,LeeDMZ) 192.168.2.0 192.168.2.0 netmask 255.255.255.0
static (LeeDMZ,Outside) 68.232.209.102 192.168.10.102 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.38 192.168.10.38 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.23 192.168.10.23 netmask 255.255.255.255
static (inside,Outside) 68.232.209.136 10.1.7.37 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.111 192.168.10.111 netmask 255.255.255.255
static (inside,Outside) 68.232.209.8 10.1.13.8 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.103 192.168.10.103 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.92 192.168.10.92 netmask 255.255.255.255
static (inside,Outside) 68.232.209.4 10.1.6.2 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.219 192.168.10.219 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.217 192.168.10.217 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.206 192.168.10.206 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.234 192.168.10.234 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.33 192.168.10.33 netmask 255.255.255.255
static (inside,Outside) 68.232.209.246 10.1.1.246 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.11 192.168.10.11 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.100 192.168.10.100 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.120 192.168.10.120 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.70 192.168.10.70 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.36 192.168.10.36 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.50 192.168.10.50 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.22 192.168.10.22 netmask 255.255.255.255
static (inside,Outside) 68.232.209.121 10.1.1.121 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.20 192.168.10.20 netmask 255.255.255.255
static (inside,Outside) 68.232.209.203 10.1.55.203 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.15 192.168.10.15 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.25 192.168.10.25 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.55 192.168.10.55 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.143 192.168.10.143 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.34 192.168.10.34 netmask 255.255.255.255
access-group out-in in interface Outside
access-group 170 in interface inside
access-group dmz in interface LeeDMZ
route Outside 0.0.0.0 0.0.0.0 68.232.208.1 1
route inside 10.1.0.0 255.255.0.0 10.1.200.1 1
route inside 192.168.2.0 255.255.255.0 10.1.200.254 1
route inside 192.168.3.0 255.255.255.0 10.1.200.254 1
route inside 192.168.5.0 255.255.255.0 10.1.200.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
url-server (inside) vendor websense host 10.1.1.66 timeout 10 protocol TCP version 1 connections 5
aaa authentication ssh console LOCAL
filter url except 10.1.4.4 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.4.136 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.4.30 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 0.0.0.0 0.0.0.0 192.168.10.36 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 192.168.10.22 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 192.168.10.100 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.1.27 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.1.30 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.89.2 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.1.11 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.1.61 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.1.7 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 192.168.10.38 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.89.10 255.255.255.255 allow
filter url except 10.1.56.189 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.4.15 255.255.255.255 0.0.0.0 0.0.0.0
filter https except 10.1.4.30 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.1.0 255.255.255.0 0.0.0.0 0.0.0.0
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
filter ftp 21 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
http server enable
http 192.168.1.0 255.255.255.0 management
http 10.1.4.29 255.255.255.255 management
http 10.1.4.30 255.255.255.255 management
http 10.1.4.31 255.255.255.255 management
http 10.1.4.4 255.255.255.255 management
snmp-server host inside 10.1.1.215 community *****
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
service resetoutside
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map Outside_map 1 match address Outside_1_cryptomap
crypto map Outside_map 1 set peer 216.168.57.82
crypto map Outside_map 1 set transform-set ESP-3DES-SHA
crypto map Outside_map interface Outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=LEE-ASA
crl configure
crypto ca trustpoint ASDM_Lee
enrollment self
subject-name CN=LEE-ASA
crl configure
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 10.1.4.29 255.255.255.255 management
telnet 10.1.4.30 255.255.255.255 management
telnet 10.1.4.31 255.255.255.255 management
telnet 10.1.4.4 255.255.255.255 management
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 LeeDMZ
ssh 0.0.0.0 0.0.0.0 management
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address 10.1.4.0 255.255.255.0
threat-detection scanning-threat shun duration 3600
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
url-block url-mempool 2500
url-block url-size 4
dynamic-filter updater-client enable
dynamic-filter use-database
dynamic-filter enable interface Outside
dynamic-filter drop blacklist interface Outside
dynamic-filter whitelist
address 192.168.10.0 255.255.255.0
address 10.1.1.6 255.255.255.255
address 10.1.1.2 255.255.255.255
dynamic-filter blacklist
address 46.249.59.47 255.255.255.255
address 95.215.2.8 255.255.255.255
address 94.75.201.36 255.255.255.255
ntp server 64.250.229.100 source Outside
ntp server 24.56.178.140 source Outside prefer
webvpn
username **********************************
username **************************************
username ************************************
tunnel-group 216.168.57.82 type ipsec-l2l
tunnel-group 216.168.57.82 ipsec-attributes
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect dns migrated_dns_map_1 dynamic-filter-snoop
inspect rtsp
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:************************************: end

Secondary DNS failing to redirect clients when Primary DNS goes down

I have a single domain with two Windows 2008 servers, DC1 (physical) and DC2 (virtual). Both servers run DNS and are GC servers, and the entire domain is on the same subnet (192.168.0.x).
All clients on the network are configured to use DC1 as primary DNS, DC2 as secondary DNS.
DHCP is enabled only on DC1. (This might be part of the issue, not sure).
The problem is that when DC1 goes down for a reboot or repair, we lose access to the internet from our clients. Trying to pull up any website results in a "Page cannot be displayed" error. DC2 is available during this time and can be
pinged from any client but does not resolve DNS requests, even if I specify it as the primary DNS server on one of my workstations. However I can log on to DC2 locally and browse the web.
Here are the results of a DCdiag /dnsall from DC2 (I bolded areas of concern):
Directory Server Diagnosis
Performing initial setup:
   * Connecting to directory service on server DC2.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.
Doing initial required tests
   Testing server: Default-First-Site-Name\DC2
      Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... DC2 passed test Connectivity
Doing primary tests
   Testing server: Default-First-Site-Name\DC2
      Test omitted by user request: Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Test omitted by user request: FrsEvent
      Test omitted by user request: DFSREvent
      Test omitted by user request: SysVolCheck
      Test omitted by user request: KccEvent
      Test omitted by user request: KnowsOfRoleHolders
      Test omitted by user request: MachineAccount
      Test omitted by user request: NCSecDesc
      Test omitted by user request: NetLogons
      Test omitted by user request: ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Test omitted by user request: Replications
      Test omitted by user request: RidManager
      Test omitted by user request: Services
      Test omitted by user request: SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
     Test omitted by user request: VerifyReferences
      Test omitted by user request: VerifyReplicas
      Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... DC2 passed test DNS
   Running partition tests on : ForestDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   Running partition tests on : DomainDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   Running partition tests on : Schema
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   Running partition tests on : Configuration
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   Running partition tests on : mydomain
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   Running enterprise tests on : mydomain.com
      Starting test: DNS
Test results for domain controllers:
DC: DC2.mydomain.com
Domain: mydomain.com
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
                  Microsoftr Windows Serverr 2008 Standard
(Service Pack level: 2.0)
is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
                  DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000006] Intel(R) PRO/1000 MT Network Connection:
MAC address is 00:0C:29:91:59:68
IP Address is static
IP address: 192.168.0.249
DNS servers:
192.168.0.105 (DC1.mydomain.com.) [Valid]
127.0.0.1 (DC2) [Valid]
The A host record(s) for this DC was found
Warning: The AAAA record for this DC was not found
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.) - mydomain.com]
                  The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
192.168.0.105 (DC1.mydomain.com.) [Valid]
192.168.0.7 (<name unavailable>) [Invalid (unreachable)]
Error: Forwarders list has invalid forwarder: 192.168.0.7 (<name unavailable>)
TEST: Delegations (Del)
Delegation information for the zone: mydomain.com.
Delegated domain name: _msdcs.mydomain.com.
DNS server: DC1.mydomain.com. IP:192.168.0.105 [Valid]
TEST: Dynamic update (Dyn)
Test record _dcdiag_test_record added successfully in zone mydomain.com
Test record _dcdiag_test_record deleted successfully in zone mydomain.com
TEST: Records registration (RReg)
Network Adapter
[00000006] Intel(R) PRO/1000 MT Network Connection:
Matching CNAME record found at DNS server 192.168.0.105:
a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.105:
DC2.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.105:
DC2.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._udp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kpasswd._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.gc._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.105:
gc._msdcs.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.105:
gc._msdcs.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.105:
_gc._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com
Matching CNAME record found at DNS server 192.168.0.249:
        a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.249:
DC2.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.249:
DC2.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com
             Matching
SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._udp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kpasswd._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
           Matching
SRV record found at DNS server 192.168.0.249:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.gc._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.249:
gc._msdcs.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.249:
gc._msdcs.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.249:
_gc._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com
Warning: Record Registrations not found in some network adapters
TEST: External name resolution (Ext)
Internet name www.microsoft.com was resolved successfully
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.0.7 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.0.7
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.168.0.105 (DC1.mydomain.com.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.mydomain.com. is operational on IP 192.168.0.105
DNS server: 192.168.0.249 (DC2)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: mydomain.com
DC2
PASS WARN FAIL PASS PASS WARN PASS
......................... mydomain.com failed test DNS
      Test omitted by user request: LocatorCheck
      Test omitted by user request: Intersite

Looks like it may be trying to forward to a machine that's down (DC1 and another 192.168.0.7) and root hints aren't available.
Check out this article:
http://technet.microsoft.com/en-us/library/ff807391(v=ws.10).aspx
See if you can enable DNS access through the firewall to the Internet if it's not already available. Try to match whatever forwarder settings are on DC1, or remove them entirely and let the server resolve DNS from Internet root servers. Alternativly,
you could change your forwarder to a public DNS server you have access to, your ISP should supply this or you could test with something common like 4.2.2.2.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications

Nslookup: DNS request timed out. time out was 2 seconds. (When the primary DNS is down)

Hi All,
I have set up 2 Windows Server 2012 domain controllers (DCA & DCB). DCA points at DCB as the primary DNS, and itself as the alternate DNS. DCB points at DCA as the primary DNS, and itself as the alternate DNS.
When both DCs are running and if I do an nslookup on DCA: The result is as follows:
Default Server: dcb.testdomain.com
Address: 30.30.30.2
nslookup on DCB:
Default Server: dca.testdomain.com
Address: 30.30.30.1
Client PC (Windows 7 Pro):
1st DNS : 30.30.30.31
Alternate DNS: 30.30.30.32
nslookup on the client PC
Default Server: dca.testdomain.com
Address: 30.30.30.1
Up to here everything is fine. Now if I turn off DCA, and do an nslookup, the result is as follows:
DCB nslookup:
DNS request timed out.
time out was 2 seconds.
Default Server Unknown
Address: 30.30.30.31
Client PC nslookup:
DNS request timed out.
time out was 2 seconds.
Default Server Unknown
Address: 30.30.30.31
I waited for more than 15 minutes an tried again, it didn't help.
I have been reading a few similar posts on this matter, but couldn't find the answer.
I would expected it to display the DCB when I do an nslookup.
Question 1: Shouldn't that display DCB rather than displaying a time out message when I do nslookup?
Question 2: The fact that it displays a time out message, does it mean that more configuration needs to be done? If so please kindly advice what needs to be done.
I did an ipconfig /displaydns command. I realized that the order of DNS have changed on both DCB and the Client PC:
Now, they both display DCB on the top of the list, whereas they were displaying DCA on the top of the list prior to the shut down.
Question 3: Does it mean that the Client PC now knows that the 1st DNS is down and so it's using the 2nd DNS?
If so, why does the nslookup display the time out message?
Question 4: Is it possible to configure either of DNS Server or the DNS client, so it displays the 2nd DNS when the first DNS is not accessible and when I do nslookup?
Thank you for.

Hi Ton_2013,
Based on my understanding, the issue we are experiencing is that: when the primary DNS server is down, the result of the tool Nslookup is to diaplay the time out message at first. Right?
Based on my knowledge, timed out message is means that the server did not respond to a request after a certain amount of time and a certain number of retries. Because the primary DNS server is down, it can't respond to this request and time is out. When
the primary DNS server can't respond, the secondary DNS server works to ensure effective work. And the order is changed as you said.
As to the reason why the result is still the same even when the order has changed, we can try to use Network Monitor to capture network traffic and view and analyze it to find the cause. And the cause may be the cache. For your information, please refer
to the following link to download the tool Network Monitor:
http://www.microsoft.com/en-hk/download/details.aspx?id=4865
Regards,
Lany Zhang

Unable to login to Switch & Router through secondary Acs ,when primary ACS is down.

Dear All,
i have configured primary ACS in DC data center and secondary ACS in DR data center, i have configured replication , and it is working well, but when we put down primary ACS , we are unable to login in switch and router through secondary ACS , i ahve dedicated link between core dc sw to core dr sw through which all traffic is getting replicated . All user , mgmt vlan are created in FWSM firewall.Kindly help.
Regards
Amit Kulshrestha

Hi Bro
I'm assuming you've configured your ACS correctly and the Cisco network devices correctly. Perhaps, this could be a bug. The reason I say this is because last week, I was implementing 2 units of Cisco ACS 1121 v5.3 (in HA mode) for a client, and i had similar issues myself. When I down the primary ACS, I'm unable to login to my network devices, eventhough my secondary ACS is UP and PINGable from all network devices.
Hence, I downloaded and applied the latest cummulative patch from the CCO website 5-3-0-40-4.tar.gpg (Release Date: 27/May/2012) and my problem solved.
Perhaps, your ACS version isn't 5.3, but the morale of the story here is, maybe patching is required for your case!!
Please do let me know the outcome. May the force be with you, bro!

Sequenced primary key slowed down my database!

I have a table (11 million rows) which was extremely slow for searches (more than 30 seconds) and I thought it's because the records were not unique and I did not have primary key for it. So I decided to add a column and put a sequence in it with a trigger for inserts that fills the field as a primary key. I also updated the statistics for the table. But this alone made the searches a lot slower. Just a sorting takes more than 10 minutes now. Does anybody have any idea what could have gone wrong?!
I'm working with application express 4.1 and oracle 11g if that matters.
I appreciate any help.

I don't know if this helps:
SQL> show parameter optimizer
NAME                                 TYPE        VALUE
optimizer_capture_sql_plan_baselines boolean     FALSE
optimizer_dynamic_sampling           integer     2
optimizer_features_enable            string      11.2.0.1
optimizer_index_caching              integer     0
optimizer_index_cost_adj             integer     100
optimizer_mode                       string      ALL_ROWS
optimizer_secure_view_merging        boolean     TRUE
optimizer_use_invisible_indexes      boolean     FALSE
optimizer_use_pending_statistics     boolean     FALSE
optimizer_use_sql_plan_baselines     boolean     TRUE
SQL> show parameter db_file_multi
NAME                                 TYPE        VALUE
db_file_multiblock_read_count        integer     64
SQL> show parameter db_block_size
NAME                                 TYPE        VALUE
db_block_size                        integer     8192
SQL> show parameter cursor_sharing
NAME                                 TYPE        VALUE
cursor_sharing                       string      EXACT
SQL> column sname format a20
SQL> column pname format a20
SQL> column pval2 format a20
SQL>
SQL> select
2 sname
3 , pname
4 , pval1
5 , pval2
6 from
7 sys.aux_stats$;
SNAME                PNAME                     PVAL1 PVAL2
SYSSTATS_INFO        STATUS                          COMPLETED
SYSSTATS_INFO        DSTART                          04-02-2010 14:19
SYSSTATS_INFO        DSTOP                           04-02-2010 14:19
SYSSTATS_INFO        FLAGS                         1
SYSSTATS_MAIN        CPUSPEEDNW           1683.65129
SYSSTATS_MAIN        IOSEEKTIM                    10
SYSSTATS_MAIN        IOTFRSPEED                 4096
SYSSTATS_MAIN        SREADTIM
SYSSTATS_MAIN        MREADTIM
SYSSTATS_MAIN        CPUSPEED
SYSSTATS_MAIN        MBRC
SNAME                PNAME                     PVAL1 PVAL2
SYSSTATS_MAIN        MAXTHR
SYSSTATS_MAIN        SLAVETHR
13 rows selected.

ISE 1.2.1 - RADIUS service down after Promoting Secondary PAN

Hi Experts,
I have currently a ISE deployment where I run a Dual Node construct (both 3495)
ISE-1: PAN (Primary), MNT (Secondary), PSN
ISE-2: PAN (Secondary), MNT (Primary), PSN
When ISE-1 fails and ISE-2 is promoted to Primary PAN then the services are restarted. This causes also the radius service to go down which causes a full RADIUS outage. Also if ISE-1 is online again and is re-promoted, also both ISE instances restart simultanious the services which includes the RADIUS service. Again full RADIUS outage.
A ISE service restart takes about 10-15 minutes.
Is this "workes as designed" or a bug? I think this behavior was different in ACS 5.X
Best Regards Michael

List of working (Y) and Non Working (N) if Primary PAP is down
Existing internal user radius auth : Y
Existing/New AD user radius auth : Y
Existing endpoint with no profile change : Y
Existing endpoint with profile change : Y
New endpoint learned via profiling : Y
Existing guest (LWA) : Y
Existing guest (CWA) : Y
Guest - Change Password : N (user must log in using old password)
Guest - AUP : Y (displayed for every login)
Guest - Max Failed Login Enforcement : N
New guest (Sponsored or Self-Registration) : N
Posture : Y
New Device Registration : N
Existing registered device : Y

Health Service Heartbeat Failure Alert for Generated when one Management Server Down,

Hi,
I have Two Management Server, every one manage about 100 server, when one Management Server goes down unexpected, I receive 100 Alert for 100 Server Health Service Heartbeat Failure.
My Question, why when the Management Server down, it send that all Managed agent Health Service Heartbeat Failure?
Is there a way to change this?

SCOM 2012 agent will autofailover when primary server is down. You can check the failover management server by using the following powershell cmdlet:
#Verify Failover for Agents reporting to MS1
$Agents = Get-SCOMAgent | where {$_.PrimaryManagementServerName -eq 'MS1.DOMAIN.COM'}
$Agents | sort | foreach {
Write-Host "";
"Agent :: " + $_.Name;
"--Primary MS :: " + ($_.GetPrimaryManagementServer()).ComputerName;
$failoverServers = $_.getFailoverManagementServers();
foreach ($managementServer in $failoverServers) {
"--Failover MS :: " + ($managementServer.ComputerName);
Write-Host "";
http://www.systemcentercentral.com/how-does-the-failover-process-work-in-opsmgr-2012-scom-sysctr/

Primary db get error ORA-03113 in maximum protection mode

primary db pfile :
cds.__db_cache_size=230686720
cds.__java_pool_size=4194304
cds.__large_pool_size=4194304
cds.__shared_pool_size=71303168
cds.__streams_pool_size=0
*.archive_lag_target=0
*.background_dump_dest='/opt/oracle/database/cds/bdump'
*.control_files='+data/control01.ctl','+data/control02.ctl'
*.db_name='cds'
*.db_recovery_file_dest_size=2147483648
*.db_recovery_file_dest='+data1'
*.db_unique_name='cds'
*.dg_broker_start=FALSE
*.fal_client='cds'
*.fal_server='cdssty'
*.log_archive_config='DG_CONFIG=(cds,cdssty)'
*.log_archive_dest_1='LOCATION=+data2 VALID_FOR=(ALL_LOGFILES,ALL_ROLES) DB_UNIQUE_NAME=cds'
*.log_archive_dest_2='SERVICE=cdssty LGWR SYNC VALID_FOR=(ONLINE_LOGFILES,PRIMARY_ROLE) DB_UNIQUE_NAME=cdssty'
*.log_archive_dest_state_2='ENABLE'
cds.log_archive_format='%t_%s_%r.dbf'
*.log_archive_max_processes=1
*.log_archive_min_succeed_dest=1
*.sga_target=300m
*.standby_archive_dest='+data2'
*.standby_file_management='AUTO'
*.undo_management='auto'
*.undo_tablespace='undocds01'
*.user_dump_dest='/opt/oracle/database/cds/udump'
standby db pfile :-
cdssty.__db_cache_size=213909504
cdssty.__java_pool_size=4194304
cdssty.__large_pool_size=4194304
cdssty.__shared_pool_size=88080384
cdssty.__streams_pool_size=0
*.archive_lag_target=0
*.background_dump_dest='/opt/oracle/database/cdssty/bdump'
*.control_files='+DATA01/control01.ctl','+DATA01/control02.ctl'#Restore Controlfile
*.db_file_name_convert='+data','+data01'
*.db_name='cds'
*.db_recovery_file_dest_size=2147483648
*.db_recovery_file_dest='+data02'
*.db_unique_name='cdssty'
*.dg_broker_start=FALSE
*.fal_client='CDSSTY'
*.fal_server='CDS'
*.log_archive_config='DG_CONFIG=(cdssty,cds)'
*.log_archive_dest_1='LOCATION=+data03 VALID_FOR=(ALL_LOGFILES,ALL_ROLES) DB_UNIQUE_NAME=cdssty'
*.log_archive_dest_2='SERVICE=cds LGWR SYNC VALID_FOR=(ONLINE_LOGFILES,PRIMARY_ROLE) DB_UNIQUE_NAME=cds'
cdssty.log_archive_dest_state_1='ENABLE'
cdssty.log_archive_format='%t_%s_%r.dbf'
*.log_archive_max_processes=1
*.log_archive_min_succeed_dest=1
cdssty.log_archive_trace=0
*.log_file_name_convert='+data','+data01'
*.sga_target=300m
*.standby_archive_dest='+data03'
cdssty.standby_archive_dest='+DATA03'
*.standby_file_management='AUTO'
*.undo_management='auto'
*.undo_tablespace='undocds01'
*.user_dump_dest='/opt/oracle/database/cdssty/udump'
primary database is in maximum protection mode
stanbdy db has two standby redolog file groups
llistener at both the end is up
when i try to open primary databsae i get the error blow:
ERROR at line 1:
ORA-03113: end-of-file on communication channel
i read the alert log and its log are as blow:
Database mounted in Exclusive Mode
Completed: ALTER DATABASE MOUNT
Wed Nov 7 04:28:00 2012
alter database open
Wed Nov 7 04:28:01 2012
LGWR: STARTING ARCH PROCESSES
ARC0: Archival started
LGWR: STARTING ARCH PROCESSES COMPLETE
ARC0 started with pid=16, OS id=13841
Wed Nov 7 04:28:01 2012
LGWR: Primary database is in MAXIMUM PROTECTION mode
LGWR: Destination LOG_ARCHIVE_DEST_1 is not serviced by LGWR
LGWR: Minimum of 1 synchronous standby database required
Wed Nov 7 04:28:01 2012
Errors in file /opt/oracle/database/cds/bdump/cds_lgwr_13720.trc:
ORA-16072: a minimum of one standby database destination is required
Wed Nov 7 04:28:01 2012
Errors in file /opt/oracle/database/cds/bdump/cds_lgwr_13720.trc:
ORA-16072: a minimum of one standby database destination is required
LGWR: terminating instance due to error 16072
Instance terminated by LGWR, pid = 13720
and the contents of /opt/oracle/database/cds/bdump/cds_lgwr_13720.trc are:
/opt/oracle/database/cds/bdump/cds_lgwr_13720.trc
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
ORACLE_HOME = /opt/oracle/product
System name: Linux
Node name: Host1
Release: 2.6.18-128.el5
Version: #1 SMP Wed Dec 17 11:42:39 EST 2008
Machine: i686
Instance name: cds
Redo thread mounted by this instance: 1
Oracle process number: 6
Unix process pid: 13720, image: oracle@Host1 (LGWR)
*** 2012-11-07 04:28:01.123
*** SERVICE NAME:() 2012-11-07 04:28:01.122
*** SESSION ID:(45.1) 2012-11-07 04:28:01.122
Destination LOG_ARCHIVE_DEST_1 is not serviced by LGWR
Standby database verification failed:16072
ORA-16072: a minimum of one standby database destination is required
error 16072 detected in background process
ORA-16072: a minimum of one standby database destination is required
if i open primary db in maximum availability mode its working fine ..
the problme is only with maximum protection mode
plz tell me what is wrong with my configuration

hi thanx again,
i read both the oracle links u suggest me in your previous post ,but i have not found any thing like,min 2 standby database require for maximum protection mode,
in first link :-
5.6.1.1 Maximum Protection Mode
This protection mode ensures that no data loss will occur if the primary database fails. To provide this level of protection, the redo data needed to recover each transaction must be written to both the local online redo log and to the standby redo log on at least one standby database before the transaction commits_. To ensure data loss cannot occur, the primary database shuts down if a fault prevents it from writing its redo stream to at least one remote standby redo log. For multiple-instance RAC databases, Data Guard shuts down the primary database if it is unable to write the redo records to at least one properly configured database instance. The maximum protection mode requires that at least one standby instance has a standby redo log and the LGWR, SYNC, andAFFIRM attributes be used on the LOG_ARCHIVE_DEST_n parameter for this destination.
and second link:-
Maximum protection This protection mode ensures that no data loss will occur if the primary database fails. To provide this level of protection, the redo data needed to recover each transaction must be written to both the local online redo log and to the standby redo log on at least one standby database before the transaction commits_. To ensure data loss cannot occur, the primary database shuts down if a fault prevents it from writing its redo stream to the standby redo log of at least one transactionally consistent standby database.
Plz correct me if i m wrong
thanx in advance

Copy .vhd from secondary storage account to another storage account in primary location (RA-GRS) enabled using power shell scripts

All,
Hope you are doing great. I have a storage account which is RA-GRS enabled. Which has couple of (IaaS based vms) .vhd. I have taken few snapshots on the VMs too.
Queries:
1. How do I copy the .vhds from secondary storage account to different account in primary location?
2. If I copy the .vhds. Does it copy all the snapshots which was taken?
Please advice. Many thanks!
Regards,
Swamy

Hi Jambor,
Hope you are doing great. I am facing a problem.
1. Imagine I have a storage account with RA-GRS enabled. US East (Primary) and US West (Secondary)
2. I have created a VM in US East and taken couple of snapshots. Which means the .vhd and its snapshot will be replicated in the Secondary location.
3. Assume that Primary site is down. Not I want to read the .vhd and its snapshot from secondary and create VM in Primary location.
4. I tried the below code but it is throwing exception 404 Not found.
Please advice.
Regards,
Swamy
$client.LocationMode
=0
$createdBlob=$client.GetBlobReferenceFromServer($theDestBlobUrl)
Write-Output$createdBlob.SnapshotQualifiedStorageUri.PrimaryUri.AbsoluteUri
try
$createdBlob.BreakLease()
catch{}
$blobUri125=New-ObjectSystem.Uri($theUrl)
$client.LocationMode
=0
$createdBlob.StartCopyFromBlob($blobUri125.AbsoluteUri)
$blobReference=$client.GetBlobReferenceFromServer($theUrl)

ISE Primary/Secondary max latency

Hi There,
My understanding is that you can run ISE with one node set as primary and zero or more nodes set as secondary, with the secondaries located closer to the end points.
1. Does this mean the local users closest to a secondary node will authenticate against it rather than hitting the primary?
2. What if the delay between primary and secondary is larger, say 700ms-1000ms. Is this going to flap and desync?
Thanks,
Brendan

Yes you can have Primary and secondary ISE in your Distributed env.
A Cisco ISE node can provide various services based on the persona that it assumes. Each node in a deployment, with the exception of the Inline Posture node, can assume the Administration, Policy Service, and Monitoring personas. In a distributed deployment, you can have the following combination of nodes on your network:
•Primary and secondary Administration nodes for high availability
•A pair of Monitoring nodes for automatic failover
•One or more Policy Service nodes for session failover
•A pair of Inline Posture nodes for high availability
1. No, As per my understanding All your clients authenticate with primary ISE.
2. When Primary ISE is down then:
When the primary Administration ISE node becomes unavailable, we must log into the secondary Administration ISE node and promote it to become the primary Administration ISE node. There is no automatic failover for the AdministrationISE node.- Means High Avilability )
In case the primary Monitoring ISE node goes down, the secondary Monitoring ISE node automatically
becomes the primary Monitoring ISE node.
Regards

Primary and secondary Email accounts

Hello,
Is there a way to specify primary and secondary email account ? In case if the primary server is down, the secondary server would be used for sending the notification.
Thanks.

I am implementing something similar to what you have suggested. I was wondering if there is a way to achieve this by just changing configuration. Looks like it is not possible to configure it and coding it is the only way out.
Thanks for your inputs :)

My Primary DC is down

Similar Messages

Maybe you are looking for