Port-channel Problem between Fabric Interconnect and N7K vPC
Dear all,
I have a problem with Port-channel Uplink between Fabric Interconnect with N7K using vPC
This is my network topology for UCS Deployment
In N7K I has configured vPC for red link and green link, at Fabric Interconnect A I has configured Port-Channel with member is Port 1 and Port 2, uplink is red link. At Fabric Interconnect B, I has configured Port-Channel with member is Port 1 and Port 2, uplink is green link.
The show interface port-channel on N7K is good, every port-channel is up and have all member. But At Fabric Interconnnect, when I see on UCS Manager, the status of Port-Channel on Fabic A and Fabric B is fault with Additional Info: No operational member. Although all link is link up and I has status of Port-Channel is enable on UCS Manager. When I see the Properties of Port 1, Port 2 on Port-channel, I see the membership status is : individual. This mean port-channel is not up and no membership in this configuration. I want to using port-channel for load balance and plus more bandwidth for uplink to 20Gig. I don't understand why ?
Please help me resolve this problem, I has send the capture screen of UCS Manager when I show status of Port-channel and Port-member in port-channel in attach items.
Anyone can help me to resolve this, thanks you very much. Please reference attach items for more detail about fault.
Thanks,
Trung.
Thanks Matthew very much,
I has resolved this problem. The reason of problem is miss match protocol of port-channel between N7K and Fabric Interconnect. The Fabric Interconnect always use LACP protocol, but N7K using Port-channel mode on, that why the port-channel failed. I has configured LACP for port-channel in N7K, it has resolved the problems.
Thanks,
Trung.
Similar Messages
-
Port-channel L2 problem with Fabric Interconnect and Nexus 7010
Hi,
i using port-channel from both fabric interconnect to N7k with 3 cables per Fabric Interconnect.
but, my problem is when i creating port-channel, Fabric Interconnect don't support mode ON dan rate-mode share in Interface 10G Nexus 7010.
I was trying :
1. I using non dedicated port in Nexus 7010.
- rate-mode share
- channel-group 1 mode active
- switchport mode trunk
when i using this option, the port-channel in Nexus 7010 was suspended
2. I using non dedicated port in Nexus 7010
- rate-mode share
- channel group 1 mode on
- switchport mode trunk
when i using this option, the port-channel in Nexus 7010 was came up, but in Fabric interconnect was failed.
3. I using dedicated port in Nexus 7010
- rate-mode share
- channel group 1 mode active
- switchport mode trunk
when i using this option, the port-channel in Nexus 7010 was suspended
4. I using dedicated port in Nexus 7010
- rate-mode dedicated
- channel group 1 mode active
- switchport mode trunk
when i using this option, the port-channel in Nexus 7010 was came up and running well.
but, the problem is my costumer do not want using a dedicated rate-mode. if i using dedicated mode the only available port is 8 interfaces instead of 32 ports. i want to using rate-mode share in nexus 7010.
is there any way to configuring port-channel using mode on in fabric interconnect ? i was trying using CLI to create port-channel in Fabric interconect but i cannot configure the channel group protocol.
i attach the topology of N7K with Fabric interconnect.
regards,
Berwin HHi Manish,
the issue was solved, i was fix it last week.
the solution is:
i enable the license grace-priode (since my license is Enterprise so cannot create VDC) then i create a VDC (ex: VDC 2) so i allocate the interface on all module
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
N7K-M132XP-12 to VDC 2. after that i delete VDC 2 then all interface back to VDC 1 (default vdc). then i enable the rate-mode share in dedicated port and bundle into port-channel and its working.
i dont know why it must move to VDC first then it will working, maybe cisco can explain the reasons.
So here the result of my port-channel :
SVRN7KFARM-HO-01# show port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
Group Port- Type Protocol Member Ports
Channel
1 Po1(SU) Eth LACP Eth1/1(P) Eth1/2(P) Eth1/3(P)
Eth1/4(P) Eth1/25(P)
2 Po2(SU) Eth LACP Eth1/9(P) Eth1/10(P) Eth1/11(P)
Eth1/12(P) Eth1/26(P)
3 Po3(SU) Eth LACP Eth1/17(P) Eth1/18(P)
4 Po4(SU) Eth NONE Eth10/32(P) Eth10/34(P) Eth10/35(P)
Eth10/36(P)
Thanks.
Berwin H -
Port-Channel issue between UCS FI and MDS 9222i switch
Hi
I have a problem between UCS FI and MDS switch port-channel. When MDS-A is powered down the port-channel fails but UCS blade vHBA does not detect the failure of the port-chanel on UCS-FI and leaves the vHBA online. However, if there is no port-channel between FI-->MDS it works fine.
UCS version
System version: 2.0(2q)
FI - Cisco UCS 6248 Series Fabric Interconnect ("O2 32X10GE/Modular Universal Platform Supervisor")
Software
BIOS: version 3.5.0
loader: version N/A
kickstart: version 5.0(3)N2(2.02q)
system: version 5.0(3)N2(2.02q)
power-seq: Module 1: version v1.0
Module 3: version v2.0
uC: version v1.2.0.1
SFP uC: Module 1: v1.0.0.0
MDS 9222i
Software
BIOS: version 1.0.19
loader: version N/A
kickstart: version 5.0(8)
system: version 5.0(8)
Here is the config from MDS switch
Interface Vsan Admin Admin Status SFP Oper Oper Port
Mode Trunk Mode Speed Channel
Mode (Gbps)
fc1/1 103 auto on trunking swl TF 4 10
fc1/2 103 auto on trunking swl TF 4 10
fc1/9 103 auto on trunking swl TF 4 10
fc1/10 103 auto on trunking swl TF 4 10
This is from FI.
Interface Vsan Admin Admin Status SFP Oper Oper Port
Mode Trunk Mode Speed Channel
Mode (Gbps)
fc1/29 103 NP on trunking swl TNP 4 103
fc1/30 103 NP on trunking swl TNP 4 103
fc1/31 103 NP on trunking swl TNP 4 103
fc1/32 103 NP on trunking swl TNP 4 103
Any thoughts on this?Sultan,
This is a recently found issue and is fixed in UCSM 2.0.3a version .
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCua88227
which got duped to CSCtz21585
It happens only when following conditions are met
FI in End host mode
FC uplinks are configured for portchannel + trunking
Certain link event failures ( such abrupt power loss by upstream MDS switch )
Padma -
Externalizable problems between v1.3 and v1.4
Hej you.
I have strange problems with the Externalizable objects.
I Use many Object to Save my file, but wien i try to Externalizable on J1.3 and Denalizable again in J1.4 I got this message:
E:\Programmer\Java\ProrgamName>Java ProrgamName
javax.swing.JInternalFrame; Local class not compatible: stream classdesc serialV
ersionUID=8792953236056021037 local class serialVersionUID=-6387351733537024688
Can i trap J1.4 ID to use 1.3 ID, so it can use on ALL platforms, not just locally?
When I Save and load on the same machine it works fine, but not when i moving to another machine with 1.4. Is a another method, or i Need to save all object to AscII instead in this smart method (that are poorly work)? I have surfed around javasoft.com with finding a answear.
See my early quenstien on (closed):
http://forum.java.sun.com/thread.jsp?forum=31&thread=273990
With very regaards By:
Super Bomba, Denmark
PS. No Duke Dollars this time. Sorry.Hey.
I found how to work around combatible problems between 1.3 and 1.4. For user, that want to save thier DynamicTree.java (http://java.sun.com/docs/books/tutorial/uiswing/components/example-swing/index.html)
Use follow code (I using Externalizable):
protected DefaultMutableTreeNode rootNode=null;
protected DefaultTreeModel treeModel=null;
public void writeExternal(ObjectOutput stream) throws IOException
{ stream.writeUTF(rootNode.toString());
Vector values = new Vector();
Object root = treeModel.getRoot();
// Save the root, if its Serializable.
if(root != null && root instanceof Serializable)
{ values.addElement("root");
values.addElement(root);
stream.writeObject(values);
public void readExternal(ObjectInput stream) throws IOException
{ thisModel.removeAll();
thisModel.setVisible(false);
try
{ String title=stream.readUTF();
rootNode = new DefaultMutableTreeNode(title);
Vector values = (Vector)stream.readObject();
int indexCounter = 0;
int maxCounter = values.size();
treeModel = new DefaultTreeModel(rootNode);
if(indexCounter < maxCounter && values.elementAt(indexCounter).equals("root"))
{ TreeNode root = (TreeNode)values.elementAt(++indexCounter);
treeModel = new DefaultTreeModel(root);
indexCounter++;
// kode for setting the tree start here
catch (ClassNotFoundException e) {}
}Hope, this is to use :-)
Hi from
Super Bomba -
Connection Problems Between iChat 3 and iChat 4 Workaround
Maybe this info will help others:
iChat 4/Leopard users must initiate video chat to iChat 3/Tiger users:
I have discovered that if an iChat 4/Leopard user initiates the video chat to an iChat3/Tiger user, it works, but if the iChat3/Tiger user initiates the video chat with an iChat 4/Leopard user it fails with a message saying that the receiver declined the invitation (even if the receiver tried to accept). This happens on a LAN as well as across the Internet.
Likewise, to make conference video chats, make sure the iChat 4/Leopard user initiates, then adds the other parties.
This post is NOT about iChat Server, although the problem occurs there too. If you are using iChat Server (part of OSX Server) see http://discussions.apple.com/thread.jspa?messageID=5995966 ).
Hope this helps.
ppjHey.
I found how to work around combatible problems between 1.3 and 1.4. For user, that want to save thier DynamicTree.java (http://java.sun.com/docs/books/tutorial/uiswing/components/example-swing/index.html)
Use follow code (I using Externalizable):
protected DefaultMutableTreeNode rootNode=null;
protected DefaultTreeModel treeModel=null;
public void writeExternal(ObjectOutput stream) throws IOException
{ stream.writeUTF(rootNode.toString());
Vector values = new Vector();
Object root = treeModel.getRoot();
// Save the root, if its Serializable.
if(root != null && root instanceof Serializable)
{ values.addElement("root");
values.addElement(root);
stream.writeObject(values);
public void readExternal(ObjectInput stream) throws IOException
{ thisModel.removeAll();
thisModel.setVisible(false);
try
{ String title=stream.readUTF();
rootNode = new DefaultMutableTreeNode(title);
Vector values = (Vector)stream.readObject();
int indexCounter = 0;
int maxCounter = values.size();
treeModel = new DefaultTreeModel(rootNode);
if(indexCounter < maxCounter && values.elementAt(indexCounter).equals("root"))
{ TreeNode root = (TreeNode)values.elementAt(++indexCounter);
treeModel = new DefaultTreeModel(root);
indexCounter++;
// kode for setting the tree start here
catch (ClassNotFoundException e) {}
}Hope, this is to use :-)
Hi from
Super Bomba -
IChat - compatibility problems between v2.1 and v3.1
Hi,
I now have the new iMac Intel with iChat 3.1. I am trying to use it with a friend who has OS 10.3.9 with iChat 2.1.
I can see and hear him, but he can only hear me.
Is there a compatiliby problems between v2.1 and v.3.1 or it is just a configu problems?
Thanks a lot for any information
BrunoMost likely cause is that you haven't updated the ProApplication Support file. Check here:
http://www.apple.com/support/downloads/proapplicationsupport31macosx104.html -
MDS9513 Add ISL to Port Channel problem.
Hi Experts,
I have a problem when add a new ISL to an existing Port Channel config.
The ISL port is up state and correctly configured like another ports in port channel.
Looks bellow the error:
MDS1300M6A# show port-channel summary
Interface Total Ports Oper Ports First Oper Port
port-channel 1 4 4 fc12/48
port-channel 2 2 2 fc6/47
MDS1300M6A# show port-channel database
port-channel 1
Administrative channel mode is active
Operational channel mode is active
Last membership update failed: port not compatible [Resources Unavailable]
First operational port is fc12/48
4 ports in total, 4 ports up
Ports: fc12/48 [up] *
fc10/48 [up]
fc11/48 [up]
fc9/48 [up]
Anyone seen this?
Tks
WellingtonThat did the trick - specifically setting the port channel to rate-mode shared. Certainly solved the problem as far as getting all the deisred ports up in the channel, but where I still have a knowledge gap is the operational difference between dedicated and shared. Are there any Cisco docs (beyond the command reference guide to toggle the feature) that explains why you'd choose one versus the other, and what it means from a design perspective?
On a different note, while I'm no expert, here's some background to consider for others who may encounter the same issue (whether on UCS or a Nexus 5K). I (and our network team) come from an IOS background, so while the IOS "parts" of NX-OS are pretty familiar, the SAN "parts" of NX-OS are a little new. We're also more CLI oriented, and while not impossible to configure via CLI, in our environment, the GUI for UCS seems to be more popular across the board - and we're still learning that piece as well.
Our storage team is very familiar with SAN-OS, so they're very comfortable with the SAN "parts" of NX-OS. But, they're very used to configuring the MDS switches via the GUI, which is what got us off track a bit. In our scenario, creating a SAN port channel on the MDS via the GUI didn't give us the option for setting "switchport rate-mode shared" Not saying it's not there in the GUI, but we certainly couldn't find it.
Long story short, if the configuration of the SAN port channel on the MDS is in question, check it via the CLI and make any necessary changes there as a quick workaroud. -
Fabric interconnect and Native Vlan
Hi
I just want to ask a simple question
is there any precautions with native vlan between the Switched infrastructure and the Fabric interconnect ?!
I mean can I use any vlan as a native vlan ex.999 "anything but not 1" ?!As a security best practice on trunks carrying multiple VLANs you should not allow the native vlan on the line. When you have a single VLAN going to a device, an end node for example, the port should be configured as an access port with a single data VLAN, and potentially a voice vlan if that will be used.
For example, our N5Ks have a trunk to each of our UCS interconnects. We set the native VLAN on the n5k side to 999. 999 is not in the allowed list for the trunk then, so the native VLAN never makes it to the ucs. On the ucs then, any server that can handle VLANs (esxi for example) we send only tagged VLANs -- no VLAN is marked native, thus accomplishing the same thing as we did for the n5k to FI link.
It is recommended to not leave your native VLAN as 1 as best practice. It's less of a concern if the native VLAN isn't in the allowed list, but to avoid mis configuration issues you should set it to another VLAN. -
FI 6248 Nexus 5548 Port-channel problem
Hi all
I have a strange behavior between 2 FI and 2 nexus 5k configured as VPC , From a remote location and from my desktop I can ping odd ip and not even , from an other desktop in the same LAN the reverse, for both the tracert are good.
The only solution is to shutdown ports 1/1-2 on nexus A or FI A and in that case both desktops can ping both IP.
All seems OK, no log error , no error on interface , I give below some commands
What thing to know is that the nexus b has a L3 card , not the Nexus A , In fact I am waiting for a spare L3 daughter card.
On both NexusI have such configuration and status
interface port-channel201
description ucs-Fab-a
switchport mode trunk
switchport trunk native vlan 999
spanning-tree port type edge trunk
vpc 201
UCSM-PARIS-A(SSI153000ST)
Eth1/1 129 S I s UCS-FI-6248UP Eth1/11
UCSM-PARIS-A(SSI153000ST)
Eth1/2 174 S I s UCS-FI-6248UP Eth1/12
sh port-channel summary
201 Po201(SU) Eth LACP Eth1/1(P) Eth1/2(P)
sh mac address-table dynamic | i 1010
* 1010 0025.b5c9.481e dynamic 0 F F Po201
* 1010 0025.b5c9.481f dynamic 10 F F Po201
sh ip arp
10.203.136.21 00:01:05 0025.b5c9.481f Vlan1010
10.203.136.22 00:12:43 0025.b5c9.481e Vlan1010
On both FI A have such configuration and status
terface port-channel201
description U: Uplink
switchport mode trunk
pinning border
switchport trunk native vlan 999
switchport trunk allowed vlan 1,104,999,1010-1013,1020-1021,1500-1502,1510-151
2,1550-1552,1560-1561,1600-1602,1610-1619
speed 10000
sh port-channel summary
201 Po201(SU) Eth LACP Eth1/9(P) Eth1/10(P) Eth1/11(P)
Eth1/12(P)
sh mac address-table dynamic
* 1010 0025.b5c9.481e dynamic 0 F F Po201
* 1010 0025.b5c9.481f dynamic 0 F F Po201
sh cdp nei
E2RTR001(SSI1608085E) Eth1/9 120 S I s N5K-C5548UP Eth1/1
E2RTR001(SSI1608085E) Eth1/10 120 S I s N5K-C5548UP Eth1/2
E2RTR002(SSI16080F17) Eth1/11 151 R S I s N5K-C5548UP Eth1/1
E2RTR002(SSI16080F17) Eth1/12 136 R S I s N5K-C5548UP Eth1/2
Any ideas, A configuration I forgot on FI ?
Regards .In fact in the probem I described the path is Esx -> FAB A - > N5K-A (for layer 2) -> N5K-B (for L3) -> routing to the LAN
And what you told me is that such configuration is not supported with VPC configuration , so I need to wait to receive the L3 card for the N5k-A. and check later if I have the same problem.
thanks -
NFS problem between RedHat Client and Solaris Server
Hi all, we are experiencing a problem between a RedHat client and a Solaris 10 server. For the purposes of this post, I'll call the Redhat client server A and the Solaris 10 server B.
Server B is exporting a filesystem that server A is trying to mount. Server A can successfully mount the exported file system, however, strange things are happening. If I change to the exported mount point on server A and create a file, the file is owned by nobody:nobody, not the user that created the file.
A look at the file on server B shows the file has the correct UID and GID (ie the UID & GID of server A).
The fstab file on server A looks like this:
serverB:/data /data nfs4 rsize=32768,wsize=32768,hard,nointr,rw,bg,actimeo=0,timeo=300,suid 0 0
Does anyone have a explanation for this?
NB: There is a firewall between server A and server B. A firewall rule is in place to allow traffic between the two servers on port 2049
StewartHi
If I change to the exported mount point on server A and create a file, the file is owned by nobody:nobody, not the user that created the file.On a NFS share, for security reasons, you normally dont have root provileges.
A file createt as root user will be mapped to nobody:nobody.
The behaviour you see is correct.
If you want the file to be createt as root, you have to export the filesystem with -o ro,anon=0
NFSv3 will be blocked by your firewall.
Franco -
Port-channel problem with WiSM
Has anybody met following similar problem:
I put WiSM into slot 3(also tried slot 6) of 6506(sup720-3B, s72033-adventerprisek9_wan-mz.122-33.SXH.bin), using following command to setup the port-channel:
interface Port-channel1
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 5
switchport trunk allowed vlan 1-1000
switchport mode trunk
int range g3/1-4
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 5
switchport trunk allowed vlan 1-1000
switchport mode trunk
channel-group 1 mode on
I can use "session slot 3 pro 1" to login to the WiSM, but can't ping WiSM's management IP address from 6506, then I find the port-channel has problem, only G3/1 is up and included in the channel, G3/2-4 are up but line protocol is down, then I found from the log that: "AESUT: %EC-SP-5-CANNOT_BUNDLE2: Gi3/2 is not compatible with Gi3/1 and will be suspended (qos-card type unavailable for Gi3/2 or Gi3/1)". It says those GE port are not compatible for qos-card type, but I checked the configuration, all GE using the same configuration. Don't know why, maybe a bug? Appreciate for any feedbackI have the same problem, but it has something to do with QoS. When you disable "mls qos" on the switch, the port-channel will function normal again.
It doesn't help when you configure "mls qos trust dscp" on the port-channel!!!!! -
Hi,
I am having a sync problem between my iPhone/iPad and Outlook calendar events (Outlook 2010).
Here is the description of the problem:
1. In Outlook - please create a new event/appointment (e.g. "Test").
2. Reminder is set by default to 15 minutes. You can change it by using a dropdown menu - please select: "0,5 days".
3. Click on "0,5 days" and change it manually to "14,5 days".
4. Click on "Save & Close".
5. (Do not snooze or dismiss the reminder.)
6. Sync with your iPhone/iPad.
7. Open this new event on iPhone/iPad - you can see that alert is set to "15 minutes before" instead to a correct value that was set in Outlook.
The same problem can be seen if you set the reminder to e.g. "3 weeks" (standard value is "2 weeks").
However, it is interesting that non-standard values like "1,5 days" (and all other until "13,5 days") are synced without any problem.
Does anyone have a solution how to solve this problem (different than the trivial solution of not using those strange values)?
Thanks!Thanks to another post (https://discussions.apple.com/message/17501071#17501071) I reset the sync history, here is what to do:
Launch iTunes.
Before you hook up your iPhone to the PC and iTunes do this: Go to iTunes Edit menu > Preferences… > select the iPhone > click the Reset Synch History button > click OK.
Connect the iPhone to the PC and let iTunes recognize it.
In the top right corner is the iPhone icon, click on the left side of the iPhone icon > the iPhone menu launches.
In the menu along the top click on Info > make your selections > click Sync button > it gives you a dialog at the top with the steps it’s going through during the sync.
In the top left of the iTunes app > click Exit. -
Problem between SOAP Sender and JDBC Receiver
Hi,
I have a asynchronous scenary between SOAP Sender and JDBC Receiver.
The idea is sending an ID for updating one register.
Table structure is:
TABLE AS_PERSONA
(P_RUT VARCHAR2(10) NOT NULL,
P_NOMBRE VARCHAR2(50),
P_APELLIDO VARCHAR2(50))
The ID is the P_RUT field.
The structure of message that I send by SOAP, is the following:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<m:MT_CONS_SOAP xmlns:m="urn:prueba:voliva">
<CONSULTA>
<P_RUT>15445</P_RUT>
</CONSULTA>
</m:MT_CONS_SOAP>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
The JDBC receiver structure is:
<?xml version="1.0" encoding="UTF-8"?>
<ns0:MT_CONS_PERSONA xmlns:ns0="urn:prueba:voliva">
<Statement>
<AS_PERSONA action="UPDATE">
<table>AS_PERSONA</table>
<access>
<P_NOMBRE>DELETE_BY_XI</P_NOMBRE>
<P_APELLIDO>DELETE_BY_XI</P_APELLIDO>
</access>
<key>
<P_RUT>15445</P_RUT>
</key>
</AS_PERSONA>
</Statement>
</ns0:MT_CONS_PERSONA>
When I do a call to SOAP by XMLspy, it returns a message without data, that means succesfull reply.
I see message monitor and see the succesfull flag. But in the database it doesn't update the register.
This scenario was proved using the File Sender and same JDBC Receiver, then result was succesfull.
I proved SOAP Sender with a File Receiver, storing information from SOAP sender in an archive, and works well.
Then I imagine that exist some problem between SOAP and JDBC. what could be happening ?
Thanks.Hi,
Looks like the problem is with the JDBC receiver...try updating the value in the table by using a File-JDBC scenario..does it work..check the adapter monitor in RWB..
Regards,
Sushumna -
Password synchronization problem between sun DS and ADS
Hi
I installed the sun one indentity synchronization 1.0. I synchronize password between one DS and one AD.It is working fine. My problem is i want to synchronize between two sun one DS and one AD , but it is ignoring the one DS in Sync , anothe DS and AD is Synchronizing. It is not synchrnonizing the two DS and one AD server.
My SUL Configuration is
SUL Name : DS1ToADS
Windows
Base DN : ou=newsync,dc=esecurity,dc=com
Filter : destinationindicator=ameer.com
Creation Expression : cn=%cn%, ou=newsync,dc=esecurity,dc=com
Sun One Directory Server
Base DN : cn=authorization2,dc=ameer,dc=com
destinationindicator=ameer.com
SUL Name : DS2ToADS
Windows
Base DN : ou=newsync,dc=esecurity,dc=com
Filter : destinationindicator=basha.com
Creation Expression : cn=%cn%, ou=newsync,dc=esecurity,dc=com
Sun One Directory Server
Base DN : cn=authorization2,dc=basha,dc=com
destinationindicator=basha.com
I am synchronizing the existing users using the following file.
<?xml version="1.0" encoding="UTF-8"?>
<UserLinkingOperationList allowLinkingOutOfScope="true">
<UserLinkingOperation parent.attr="UserLinkingOperation"
sulid="DS1ToADS">
<UserMatchingCriteria parent.attr="UserMatchingCriteria">
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="sn"/>
<AttributeDescription parent.attr="WindowsAttribute" name="sn"/>
</AttributeMap>
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="employeenumber"/>
<AttributeDescription parent.attr="WindowsAttribute" name="employeeid"/>
</AttributeMap>
</UserMatchingCriteria>
</UserLinkingOperation>
<UserLinkingOperation parent.attr="UserLinkingOperation"
sulid="DS2ToADS">
<UserMatchingCriteria parent.attr="UserMatchingCriteria">
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="givenName"/>
<AttributeDescription parent.attr="WindowsAttribute" name="givenName"/>
</AttributeMap>
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="employeenumber"/>
<AttributeDescription parent.attr="WindowsAttribute" name="employeeid"/>
</AttributeMap>
</UserMatchingCriteria>
</UserLinkingOperation>
</UserLinkingOperationList>
Should not showing the any error after synchronization.
I am giving my log files
resync log
[05/Jan/2005:17:29:12.505 +0530] INFO 66 CNN101 csi2a01 "Sent remote source entry 'dn: 'CN=actusr2,OU=newsync,DC=esecurity,DC=com' [activedirectorydomainname=esecurity.com, employeeid=11112]'." (Action ID=CNN101-10142707E24-10, SN=4)
[05/Jan/2005:17:29:12.958 +0530] INFO 66 CNN101 csi2a01 "Sent remote source entry 'dn: 'CN=actusr1,OU=newsync,DC=esecurity,DC=com' [activedirectorydomainname=esecurity.com, employeeid=11111]'." (Action ID=CNN101-10142707E24-11, SN=4)
[05/Jan/2005:17:29:13.051 +0530] INFO 66 CNN101 csi2a01 "Sent all entries for the 'DS2TOADS' Synchronization User List." (Action ID=CNN101-10142707E24-13, SN=0)
[05/Jan/2005:17:29:14.098 +0530] INFO 66 CNN101 csi2a01 "Sent all entries for the 'DS1TOADS' Synchronization User List." (Action ID=CNN101-10142707E24-14, SN=0)
[05/Jan/2005:17:29:17.442 +0530] INFO 71 CNN100 csi2a01 "Received all remote entries for the 'DS1TOADS' Synchronization User List." (Action ID=CNN101-10142707E24-14, SN=5)
[05/Jan/2005:17:29:18.567 +0530] INFO 62 CNN101 csi2a01 "Received all remote entries for the 'DS1TOADS' Synchronization User List." (Action ID=CNN101-10142707E24-14, SN=10)
[05/Jan/2005:17:29:22.098 +0530] INFO 72 CNN102 csi2a01 "The Windows entry 'dn: 'CN=actusr1,OU=newsync,DC=esecurity,DC=com' [employeenumber=11111, givenname=ameer1] [destinationindicator=[basha.com, ameer.com]]' is already linked to the Directory Server entry 'dn: 'uid=ds1ameer1,cn=Authorization1,dc=basha,dc=com' [employeenumber=11111, destinationindicator=esecurity.com]'." (Action ID=CNN101-10142707E24-11, SN=5)
[05/Jan/2005:17:29:22.098 +0530] INFO 71 CNN102 csi2a01 "The Windows entry 'dn: 'CN=actusr2,OU=newsync,DC=esecurity,DC=com' [employeenumber=11112, givenname=ameer2] [destinationindicator=[basha.com, ameer.com]]' is already linked to the Directory Server entry 'dn: 'uid=ds1ameer2,cn=Authorization1,dc=basha,dc=com' [employeenumber=11112, destinationindicator=esecurity.com]'." (Action ID=CNN101-10142707E24-10, SN=5)
[05/Jan/2005:17:29:22.520 +0530] INFO 73 CNN102 csi2a01 "Received all remote entries for the 'DS2TOADS' Synchronization User List." (Action ID=CNN101-10142707E24-13, SN=5)
[05/Jan/2005:17:29:22.629 +0530] INFO 63 CNN101 csi2a01 "Received all remote entries for the 'DS2TOADS' Synchronization User List." (Action ID=CNN101-10142707E24-13, SN=10)
audit log
[05/Jan/2005:17:29:15.629 +0530] FINE 16 CNN102 csi2a01 "The agent has received an outbound action from MQ: Type: REFRESH SUL: DS2TOADS {Data Attrs: [UNSPEC employeenumber: 11112] [UNSPEC activedirectorydomainname: esecurity.com]} {Other Attrs: cn: actusr2 destinationindicator: basha.com, ameer.com dn: CN=actusr2,OU=newsync,DC=esecurity,DC=com employeenumber: 11112 givenname: ameer2 objectclass: top, person, organizationalPerson, user dspswuserlink: tZeGDb7WM0SW72YcOMzfew== pwdlastset: 127493062677968750 samaccountname: 1234 sn: nagore2 usnchanged: 115104 whenchanged: 20050104100213.0Z}." (Action ID=CNN101-10142707E24-10, SN=3)
[05/Jan/2005:17:29:15.895 +0530] FINE 16 CNN102 csi2a01 "The controller has received the following outbound action from the agent: Type: REFRESH SUL: DS2TOADS {Data Attrs: [UNSPEC employeenumber: 11112] [UNSPEC activedirectorydomainname: esecurity.com]} {Other Attrs: cn: actusr2 destinationindicator: basha.com, ameer.com dn: CN=actusr2,OU=newsync,DC=esecurity,DC=com employeenumber: 11112 givenname: ameer2 objectclass: top, person, organizationalPerson, user dspswuserlink: tZeGDb7WM0SW72YcOMzfew== pwdlastset: 127493062677968750 samaccountname: 1234 sn: nagore2 usnchanged: 115104 whenchanged: 20050104100213.0Z}." (Action ID=CNN101-10142707E24-10, SN=4)
[05/Jan/2005:17:29:16.208 +0530] FINE 16 CNN102 csi2a01 "The agent has received an outbound action from MQ: Type: REFRESH SUL: DS2TOADS {Data Attrs: [UNSPEC employeenumber: 11111] [UNSPEC activedirectorydomainname: esecurity.com]} {Other Attrs: cn: actusr1 destinationindicator: basha.com, ameer.com dn: CN=actusr1,OU=newsync,DC=esecurity,DC=com employeenumber: 11111 givenname: ameer1 objectclass: top, person, organizationalPerson, user dspswuserlink: tfNQqDQ8VEigzgJjrfcVSg== pwdlastset: 127493178093125000 samaccountname: 123 sn: nagore1 usnchanged: 115147 whenchanged: 20050104131009.0Z}." (Action ID=CNN101-10142707E24-11, SN=3)
[05/Jan/2005:17:29:16.926 +0530] FINE 16 CNN100 csi2a01 "The agent has received an outbound action from MQ: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=3)
[05/Jan/2005:17:29:16.926 +0530] FINE 16 CNN100 csi2a01 "The controller has received the following outbound action from the agent: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=4)
[05/Jan/2005:17:29:16.973 +0530] FINE 16 CNN102 csi2a01 "The controller has received the following outbound action from the agent: Type: REFRESH SUL: DS2TOADS {Data Attrs: [UNSPEC employeenumber: 11111] [UNSPEC activedirectorydomainname: esecurity.com]} {Other Attrs: cn: actusr1 destinationindicator: basha.com, ameer.com dn: CN=actusr1,OU=newsync,DC=esecurity,DC=com employeenumber: 11111 givenname: ameer1 objectclass: top, person, organizationalPerson, user dspswuserlink: tfNQqDQ8VEigzgJjrfcVSg== pwdlastset: 127493178093125000 samaccountname: 123 sn: nagore1 usnchanged: 115147 whenchanged: 20050104131009.0Z}." (Action ID=CNN101-10142707E24-11, SN=4)
[05/Jan/2005:17:29:16.973 +0530] FINE 16 CNN102 csi2a01 "The agent has received an outbound action from MQ: Type: SENTINEL SUL: DS2TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-13, SN=3)
[05/Jan/2005:17:29:16.989 +0530] FINE 16 CNN102 csi2a01 "The controller has received the following outbound action from the agent: Type: SENTINEL SUL: DS2TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-13, SN=4)
[05/Jan/2005:17:29:17.442 +0530] FINER 13 SysMgr_100 csi2a01 "Sending an acknowledgement to the console for request (ID=1104926235041)."
[05/Jan/2005:17:29:17.473 +0530] FINE 13 SysMgr_100 csi2a01 "Sent an acknowledgement to the console for request (ID=1104926235041)."
[05/Jan/2005:17:29:17.457 +0530] FINE 71 CNN100 csi2a01 "The agent has received the following inbound action from the controller: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=6)
[05/Jan/2005:17:29:17.489 +0530] INFO 71 CNN100 csi2a01 "The agent is sending the following inbound action to MQ: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=7)
[05/Jan/2005:17:29:17.504 +0530] FINER 71 CNN100 csi2a01 "The controller has acknowledged the following outbound action to the agent: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=8)
[05/Jan/2005:17:29:18.192 +0530] FINE 16 CNN101 csi2a01 "The agent has received an outbound action from MQ: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=8)
[05/Jan/2005:17:29:18.364 +0530] FINE 16 CNN101 csi2a01 "The controller has received the following outbound action from the agent: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=9)
[05/Jan/2005:17:29:18.676 +0530] FINER 62 CNN101 csi2a01 "The controller has acknowledged the following outbound action to the agent: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=11)
Please do the needful
BashaHi Joshua,
Does this mean that I need to install the core and sub component but no need to install the DS and AD connectors. No!!! Core must only be installed on one machine! Here is a short summary of the steps during an installation having sun ONE LDAPs in multi-master replication (taking ldap2 as the machine, whrere core is installed):
1. Install core on ldap2
2. start console and configure your directory sources. For the sun directory source enter ldap2 as the preferred and ldap1 as the secondary ldap. Configure the rest: attribute-mapping, modification flow, AD-source, SULs, etc. save the configuration.
3. on ldap2 run idsync prepds untill you get the SUCCESS message in the following way (be sure to specify the secondary ldap with -j and -r options):
idsync prepds -h <ldap2> -p <ldap2port> -j <ldap1> -r <ldap1port> -D "cn=directory manager" -w <passwort> -s <configuration_registry_suffix>4. Run the install binaries again on ldap2. Install DS Connector on ldap2, install DS-Subcomponent (preferred) on ldap2. Install AD-Connector.
5. Copy over install binaries to ldap1. Run the install binaries on ldap1. Give ldap2 as configuration directory URL When you are asked, what components to install, select subcomponent. Select the suffix. When you are asked, what type of ldap, select secondary.
6. Copy over install binaries to any ldap slave in your replication topology and install the subcomponent there, choosing "other" as the ldap type.
Good luck again...
Jakob. -
RS 232 port to communicate between cFP 2100 and Multiple cFP 1808
Hello All,
I am using one cFP-2100 (controller) and two cFP-1808 (network contoller) for a project.
All the three devices have Ethernet port, so i can connect to a network switch for communicating with the Host PC.
My question is:
All the three devices have Serial Ports (RS 232) too, Can i use those ports to communicate between the three devices (1 controller and 2 Net. controllers) and use the ethernet port in the controller (2100) only for communicating with a Host PC?
If this is possible, how to do the RS 232 cabling ?
Regards
JohnHi bjsprem,
You can connect network modules to the controller with serial. This KB shows how to do this. Hope this helps!
--Starla T.
Maybe you are looking for
-
How do I get iCloud Backup Options to display the list of apps on my iPad? It just spins forever.
I'm trying to set up iCloud backups for my iPad. I go into Manage Storage, selet my iPad from my list of iCloud enabled devices and then I get the Backup Info screen. Its supposed to list all of my applications so I can turn on/off backups on an ap
-
Display Photos on TV - Unsuccessful with
I purchased the "Apple Composite AV Cable" and have not been able to display my photos to TV. I am able to display YouTube videos. I checked the settings and can't find anything to modify to allow for this. Anyone successful in displaying photos from
-
Service Activity Number changed
While creating service Purchase Order with reference to service purchase requisition, user change the service activity number adopted from the purchase requisition. How to restrict this.
-
Need a simple network accessibility for RMI class files.
I am trying to get an RMI server working and need a way to make the class files network accessible. The link: http://java.sun.com/javase/technologies/core/basic/rmi/class-server.zip does seem to have the server anymore. Anyone know where to get a cop
-
What r the steps that involve while v r using DBCONNECT AND UDCONNEC
Hi All, What r the steps that involve while v r using DBCONNECT AND UDCONNECT AND IN WHICH DIFFERENT SCENARIOS V USE THEM. REGARDS KK