HP StorageWorks Storage Mirroring DNS Failover Utility (DFO) release notes
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
HP StorageWorks Storage Mirroring DNS Failover Utility (DFO) release notes Part number: T2558-96089 First edition: February, 2008
Legal and notice information © Copyright 2005, 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Version: 5.0 Description The DNS Failover utility (DFO.exe) is a command-line utility designed to list and/or modify DNS resource records associated with specific host names and/or host IP Addresses. This utility is installed as part of the Storage Mirroring Application Manager setup. This release also includes the following modification: • Added new command for /addomain . Installation Notes After installing the DNS Failover utility, refer to the following documents for information on using the DNS Failover utility with the Storage Mirroring Application Manager. To view the .PDF manuals, you must have Adobe Acrobat Reader. If you do not have Acrobat, you can download it free from Adobe at: www.adobe.com/prodindex/acrobat/readstep.html. Application_Manager_Users_Guide.pdf—The User’s Guide is located in the directory where you installed Storage Mirroring and also in the \docs directory on the CD. This manual contains a product overview and step-by-step instructions for each Storage Mirroring Application Manager feature Fixes If you are uncertain about the issues or workarounds addressed in the release notes, contact Hewlett-Packard Technical Support. • To use password encryption/decryption functionality, you must first register CAPICOM.DLL. To register CAPICOM.DLL, open a command prompt and switch to the directory where DFO.exe was installed. Type the following at the command prompt:RegSvr32 CAPICOM.DLL NOTE: If the DFO was installed as part of the Storage Mirroring Application Manager, this step should not be necessary. • /dnssrvname [dnsservername] — The DNS Server name may be a Fully-Qualified Domain Name or an IP address. • If there are any DNS resource record types listed which the administrator does NOT want to modify upon failover/failback, then custom command line or script entries should be made using specific /recordtype settings. The DNS server specified at the command line must have access to the source-related resource records. If the DNS server specified does not have access to the resource records associated with the source Exchange server, DFO will not be able to modify the source-related resource records upon failover/failback. • DFO.exe generates a log file that tracks all changes made when modifying or all records returned when searching. DFO.exe also writes a single Windows Event Log entry every time it is run. The event entry will either be an informational, warning, or error-related message, and the "Source" of the Event Log entry will always be "VBRuntime" (this is by design, as per Microsoft’s requirements). • The encryption file generated by the /setpassword command is machine specific. The credentials file will not work if copied to another machine. • By default, the DFO.exe will impersonate the account used to call it, unless valid credentials are supplied in the command line. When the DFO is called within failover or failback scripts initiated by Storage Mirroring, the calling account will be the LocalSystem account of the local machine by default. Unless the LocalSystem account (e.g., TARGET$) has the correct permissions to update resource records on the DNS server, you will have to provide credentials in the command line, HP StorageWorks Storage Mirroring DNS Failover Utility (DFO) release notes 3
except in cases where the host OS is Windows 2003 Service Pack 1. Check the Hewlett-Packard Support website for the latest information. • When NAT or certain VPNs exist between the DNS server and the target, the Application Manager will be unable to configure protection due to limitations of WMI. Please contact Hewlett-Packard Technical Support to obtain instructions for configuring protection manually. Best Practices The following guidelines present best practices for using the DNS Failover utility. 1. DFO.exe will list all resource records for a given host name and/or IP address, but will only modify the following resource record types: • A (host) type • CNAME (alias) type • MX (mail exchange) type • PTR (reverse lookout) type 2. It is recommended that the administrator initially run DFO.exe to list all DNS resource records associated with specific host names and/or host IP address(es) to determine if there are any unsupported resource record types returned for the search criteria. If any unsupported resource record types are identified and those resource records are required for proper failover, alternative actions must be taken to guarantee those records are changed upon failover. 3. Once the resource records have been listed and verified, it is then all right to configure DFO.exe to failover/failback those resource records. DNS Failover Utility (DFO) Usage dfo [/dnssrvname ] [/srcname ] [/srcip ] [/tarip ] [/tarname ] [/recordtype ] [/username ] [/password ] [/dnszone ] [/dnsdomain ] [/logfile ] [/failback [fbswitch]] [/setpassword [machine] [file]] [/getpassword] [/lock] [/unlock] [/trustee [trusteename]] [/verbose] [[/flushdns] [/machine ] [/ttl ] [/addomain ] [/test] [/debug] [/?] [/help] where dnsserver- The name of the source domain/zone’s primary DNS server name: (optional; local machine name used if missing) sourceFQDN: The source machine’s Fully Qualified Domain Name (required for modify) sourceip: The source machine’s IP address (required for modify) targetip: The target machine’s IP address (required for modify) targetFQDN: The target machine’s Fully Qualified Domain Name (required for modify) recordtype: The type of DNS resource records to modify or list. Values can be: ALL (default) MSEXCHANGE A CNAME MX PTR STD STANDARD (optional) NOTE: STD and STANDARD are used to specify non-Exchange resource records. 4
username: The user account’s domain name (optional; account running program is used if missing) password: The user account’s password (optional) machine: The machine that the DFO utility will run on when it runs with /getpassword. In effect, this parameter locks the credentials for use by a particular machine. file: New location for the credentials file. By default, the credentials file is stored as dfo_credentials.dat in the current working directory dnszonename: The name of the DNS zone or DNS container, used to refine queries (optional) dnsdomain- The name of the DNS domain, used to refine queries (optional) name: logfilename: The name of the log file (optional) fbswitch: (optional) fbswitch = The DFO will only failback records in the dfo_failback_config.dat file. fbswitch = forcemodify. The DFO will failback all records that match the search criteria, even if they are not in the config file. Also used if dfo_failback_config.dat file is missing trusteename: The domain account for the source server machine (domain\machine$). DFO attempts to deny write permissions to the DNS A record on failover for the account identified as the trustee. “Deny write permissions” is then removed from the DNS A record on failback. This keeps the source server from reclaiming its DNS A record if it comes back online prior to failback. You can enter multiple /trustee switches (for example, /trustee administrator /trustee user) (optional) Seconds: The number update interval for the TTL (in seconds) Options /failback Denotes a failback procedure, performed after a failed source is recovered or restored (required for modify on failback) /lock Allows Active Directory locking for the A type record of the source specified without modifying the record /unlock Allows Active Directory unlocking for the A type record of the source specified without modifying the record /verbose Logging and display level set to maximum detail (optional) /FLUSHDNS /machine [machine_FQDN]) Run the ipconfig /flushdns command to flush the DNS cache on the specified machine (remote or local (.)) /addomain (optional) The name of the Active Directory domain where the source A type record’s object is stored. This is used if the Active Directory Domain location of the DNS record object is different than the DNS domain name location for that object. The DFO utility will attempt to locate the Active Directory record object for locking (see the “trusteename” for more information), but if the DFO utility is unable to determine the location of the Active Directory object, it will use the ADFQDN location if specified. /TTL Update the TTL value of all modified records. /test Test mode. Modifications are NOT actually made, just listed (optional) HP StorageWorks Storage Mirroring DNS Failover Utility (DFO) release notes 5
/debug Forces DFO to write the DNS resource record as-is to the dfolog.log file prior to any DFO modify or list activity. /? Display the DFO syntax /help Display the DFO syntax Password Encryption !!! NOTE: To use encryption/decryption functionality, you must first register the CAPICom.dll. See the Notes section at the beginning of this readme file!!! /setpassword !!! Warning: This function must be run separate from a modify or list activity. /setpassword is designed to allow the user to store a username/password pairing in an encrypted file for later use. (optional, but REQUIRED IF /getpassword will be used) /getpassword Once a username/password pair has been encrypted and stored using /setpassword, this command can be used at the command line to retrieve the password associated with a specific username. It is designed to avoid storing passwords in clear text. See the examples below for correct usage.(optional) Password Encryption Examples > dfo /setpassword mydomain.com\admin mypassword This stores the username (mydomain.com\admin) and password (mypassword) in the default credentials file (dfo_credentials.dat) > dfo /dnssrvname mydnsserver.mydomain.com /srcname mysource.mydomain.com /srcip 206.31.4.10 /tarname mytarget.mydomain.com /tarip 210.11.12.13 /username mydomain.com\admin /getpassword /verbose This modifies all resource records on the specified DNS server that match the source criteria, using the username and /getpassword to retrieve the correct password for connecting to the DNS server General Examples > dfo /dnssrvname mydns.mydomain.com /srcname mysource.mydomain.com /srcip 206.31.4.10 /verbose This lists all resource records on the specified DNS server that match the source criter > dfo /dnssrvname mydns.mydomain.com /srcname mysource.mydomain.com /srcip 206.31.4.10 /tarname mytarget.mydomain.com /tarip 210.11.12.13 /verbose This modifies all resource records on the speci server that match the source criteria, using the credentials of the account running the program to connect to the DNS server > dfo /dnssrvname mydns.mydomain.com /srcname mysource.mydomain.com /srcip 210.11.12.13 /tarname mytarget.mydomain.com /tarip 206.31.4.10 /failback/verbose This modifies (fails back) all resource records on the specified DNS server that were changed on failover > dfo /dnssrvname mydnsserver.mydomain.com /srcname mysource.mydomain.com /srcip 206.31.4.10 /tarname mytarget.mydomain.com /tarip 210.11.12.13 /username mydomain.com\admin /password pword /v This modifies all resource records on the specified DNS server that match the source criteria, using the username and password to connect to the DNS server Documentation Notes For a list of current Application Notes containing configuration procedures, visit the support web site at http://www.hp.com/support.. 6
Contact Information Sales— If you need maintenance renewal, an upgrade activation code, or other sales assistance, contact your authorized local HP sales representative. nl Technical Support—Contact the technical support center identified on your service agreement. This is generally the reseller or distributor who you purchased your product from. If you do not have access to this agreement, contact HP Technical Support and we can direct you to the correct service provider. nl To contact HP Technical Support, you will need your serial number and activation code. Online support is available at http://www.hp.com/support . Please call (800) 633-3600. HP StorageWorks Storage Mirroring DNS Failover Utility (DFO) release notes 7
You can also read