HP StorageWorks Storage Mirroring DNS Failover Utility (DFO) release notes
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
HP StorageWorks Storage Mirroring DNS Failover Utility (DFO) release notes Part number: T2558-96089 First edition: February, 2008
Legal and notice information © Copyright 2005, 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Version: 5.0
Description
The DNS Failover utility (DFO.exe) is a command-line utility designed to list and/or modify DNS resource
records associated with specific host names and/or host IP Addresses. This utility is installed as part of
the Storage Mirroring Application Manager setup.
This release also includes the following modification:
• Added new command for /addomain .
Installation Notes
After installing the DNS Failover utility, refer to the following documents for information on using the DNS
Failover utility with the Storage Mirroring Application Manager. To view the .PDF manuals, you must
have Adobe Acrobat Reader. If you do not have Acrobat, you can download it free from Adobe at:
www.adobe.com/prodindex/acrobat/readstep.html.
Application_Manager_Users_Guide.pdf—The User’s Guide is located in the directory where you installed
Storage Mirroring and also in the \docs directory on the CD. This manual contains a product overview
and step-by-step instructions for each Storage Mirroring Application Manager feature
Fixes
If you are uncertain about the issues or workarounds addressed in the release notes, contact
Hewlett-Packard Technical Support.
• To use password encryption/decryption functionality, you must first register CAPICOM.DLL. To
register CAPICOM.DLL, open a command prompt and switch to the directory where DFO.exe was
installed. Type the following at the command prompt:RegSvr32 CAPICOM.DLL
NOTE:
If the DFO was installed as part of the Storage Mirroring Application Manager, this step should
not be necessary.
• /dnssrvname [dnsservername] — The DNS Server name may be a Fully-Qualified Domain Name
or an IP address.
• If there are any DNS resource record types listed which the administrator does NOT want to
modify upon failover/failback, then custom command line or script entries should be made
using specific /recordtype settings.
The DNS server specified at the command line must have access to the source-related resource
records. If the DNS server specified does not have access to the resource records associated
with the source Exchange server, DFO will not be able to modify the source-related resource
records upon failover/failback.
• DFO.exe generates a log file that tracks all changes made when modifying or all records returned
when searching. DFO.exe also writes a single Windows Event Log entry every time it is run. The
event entry will either be an informational, warning, or error-related message, and the "Source" of
the Event Log entry will always be "VBRuntime" (this is by design, as per Microsoft’s requirements).
• The encryption file generated by the /setpassword command is machine specific. The
credentials file will not work if copied to another machine.
• By default, the DFO.exe will impersonate the account used to call it, unless valid credentials are
supplied in the command line. When the DFO is called within failover or failback scripts initiated
by Storage Mirroring, the calling account will be the LocalSystem account of the local machine by
default. Unless the LocalSystem account (e.g., TARGET$) has the correct permissions to update
resource records on the DNS server, you will have to provide credentials in the command line,
HP StorageWorks Storage Mirroring DNS Failover Utility (DFO) release notes 3except in cases where the host OS is Windows 2003 Service Pack 1. Check the Hewlett-Packard
Support website for the latest information.
• When NAT or certain VPNs exist between the DNS server and the target, the Application
Manager will be unable to configure protection due to limitations of WMI. Please contact
Hewlett-Packard Technical Support to obtain instructions for configuring protection manually.
Best Practices
The following guidelines present best practices for using the DNS Failover utility.
1. DFO.exe will list all resource records for a given host name and/or IP address, but will only
modify the following resource record types:
• A (host) type
• CNAME (alias) type
• MX (mail exchange) type
• PTR (reverse lookout) type
2. It is recommended that the administrator initially run DFO.exe to list all DNS resource records
associated with specific host names and/or host IP address(es) to determine if there are any
unsupported resource record types returned for the search criteria. If any unsupported resource
record types are identified and those resource records are required for proper failover, alternative
actions must be taken to guarantee those records are changed upon failover.
3. Once the resource records have been listed and verified, it is then all right to configure DFO.exe
to failover/failback those resource records.
DNS Failover Utility (DFO) Usage
dfo [/dnssrvname ] [/srcname ]
[/srcip ] [/tarip ]
[/tarname ] [/recordtype ]
[/username ] [/password ]
[/dnszone ] [/dnsdomain ]
[/logfile ] [/failback [fbswitch]]
[/setpassword [machine] [file]] [/getpassword]
[/lock] [/unlock] [/trustee [trusteename]] [/verbose]
[[/flushdns] [/machine ] [/ttl ]
[/addomain ] [/test] [/debug] [/?] [/help]
where
dnsserver- The name of the source domain/zone’s primary DNS server
name: (optional; local machine name used if missing)
sourceFQDN: The source machine’s Fully Qualified Domain Name (required for
modify)
sourceip: The source machine’s IP address (required for modify)
targetip: The target machine’s IP address (required for modify)
targetFQDN: The target machine’s Fully Qualified Domain Name (required for
modify)
recordtype: The type of DNS resource records to modify or list. Values can be:
ALL (default)
MSEXCHANGE
A
CNAME
MX
PTR
STD
STANDARD (optional)
NOTE: STD and STANDARD are used to specify non-Exchange resource records.
4username: The user account’s domain name (optional; account running
program is used if missing)
password: The user account’s password (optional)
machine: The machine that the DFO utility will run on when it runs with
/getpassword. In effect, this parameter locks the credentials
for use by a particular machine.
file: New location for the credentials file. By default, the
credentials file is stored as dfo_credentials.dat in the
current working directory
dnszonename: The name of the DNS zone or DNS container, used to refine
queries (optional)
dnsdomain- The name of the DNS domain, used to refine queries (optional)
name:
logfilename: The name of the log file (optional)
fbswitch: (optional)
fbswitch =
The DFO will only failback records in the dfo_failback_config.dat file.
fbswitch = forcemodify. The DFO will failback all records that match
the search criteria, even if they are not in the config file.
Also used if dfo_failback_config.dat file is missing
trusteename: The domain account for the source server
machine (domain\machine$). DFO attempts to deny write
permissions to the DNS A record on failover for the
account identified as the trustee. “Deny write
permissions” is then removed from the DNS A record
on failback. This keeps the source server from
reclaiming its DNS A record if it comes back online
prior to failback. You can enter multiple
/trustee switches
(for example, /trustee administrator /trustee user)
(optional)
Seconds: The number update interval for the TTL (in seconds)
Options
/failback Denotes a failback procedure, performed after a
failed source is recovered or restored
(required for modify on failback)
/lock Allows Active Directory locking for the A type record of the
source specified without modifying the record
/unlock Allows Active Directory unlocking for the A type record of the
source specified without modifying the record
/verbose Logging and display level set to maximum detail (optional)
/FLUSHDNS /machine [machine_FQDN]) Run the ipconfig /flushdns command to flush the DNS
cache on the specified machine (remote or local (.))
/addomain (optional) The name of the Active Directory domain where the
source A type record’s object is stored. This is used if the
Active Directory Domain location of the DNS record object is different
than the DNS domain name location for that object. The DFO utility will
attempt to locate the Active Directory record object for
locking (see the “trusteename” for more information),
but if the DFO utility is unable to determine the location of the
Active Directory object, it will use the
ADFQDN location if specified.
/TTL Update the TTL value of all modified records.
/test Test mode. Modifications are NOT actually made, just listed
(optional)
HP StorageWorks Storage Mirroring DNS Failover Utility (DFO) release notes 5/debug Forces DFO to write the DNS resource record as-is to the
dfolog.log file prior to any DFO modify or list activity.
/? Display the DFO syntax
/help Display the DFO syntax
Password Encryption
!!! NOTE: To use encryption/decryption functionality, you must first register the CAPICom.dll.
See the Notes section at the beginning of this readme file!!!
/setpassword !!! Warning: This function must be run separate from a modify or list
activity. /setpassword is designed to allow the user to store a username/password
pairing in an encrypted file for later use. (optional, but REQUIRED IF
/getpassword will be used)
/getpassword Once a username/password pair has been encrypted and stored using /setpassword,
this command can be used at the command line to retrieve the password associated
with a specific username. It is designed to avoid storing passwords in clear text.
See the examples below for correct usage.(optional)
Password Encryption Examples
> dfo /setpassword mydomain.com\admin mypassword
This stores the username (mydomain.com\admin) and password (mypassword) in the default
credentials file (dfo_credentials.dat)
> dfo /dnssrvname mydnsserver.mydomain.com /srcname mysource.mydomain.com
/srcip 206.31.4.10 /tarname mytarget.mydomain.com /tarip 210.11.12.13 /username mydomain.com\admin
/getpassword /verbose This modifies all resource records on the specified DNS server that
match the source criteria, using the username and /getpassword to retrieve the correct
password for connecting to the DNS server
General Examples
> dfo /dnssrvname mydns.mydomain.com /srcname mysource.mydomain.com /srcip 206.31.4.10 /verbose
This lists all resource records on the specified DNS server that match the source criter
> dfo /dnssrvname mydns.mydomain.com /srcname mysource.mydomain.com /srcip 206.31.4.10 /tarname
mytarget.mydomain.com /tarip 210.11.12.13 /verbose This modifies all resource records on the speci
server that match the source criteria, using the credentials of the account running the program to
connect to the DNS server
> dfo /dnssrvname mydns.mydomain.com /srcname mysource.mydomain.com /srcip
210.11.12.13 /tarname mytarget.mydomain.com /tarip 206.31.4.10 /failback/verbose
This modifies (fails back) all resource records on the specified DNS server
that were changed on failover
> dfo /dnssrvname mydnsserver.mydomain.com /srcname mysource.mydomain.com /srcip 206.31.4.10
/tarname mytarget.mydomain.com /tarip 210.11.12.13 /username mydomain.com\admin /password pword /v
This modifies all resource records on the specified DNS server that match the source criteria,
using the username and password to connect to the DNS server
Documentation Notes
For a list of current Application Notes containing configuration procedures, visit the support web site at
http://www.hp.com/support..
6Contact Information
Sales— If you need maintenance renewal, an upgrade activation code, or other sales assistance, contact
your authorized local HP sales representative.
nl
Technical Support—Contact the technical support center identified on your service agreement. This is
generally the reseller or distributor who you purchased your product from. If you do not have access to
this agreement, contact HP Technical Support and we can direct you to the correct service provider.
nl
To contact HP Technical Support, you will need your serial number and activation code. Online support is
available at http://www.hp.com/support . Please call (800) 633-3600.
HP StorageWorks Storage Mirroring DNS Failover Utility (DFO) release notes 7You can also read
