HP StorageWorks Storage Mirroring application notes Guidelines for networking and failover (T2558-96063, February 2008)
Storage Mirroring Guidelines for networking and failover application notes 11
10. Verify that the user is in the ACL list with the following permissions. If the permissions are not assigned,
proceed to the next step.
• Execute Methods
• Full Write
• Partial Write
• Provider Write
• Enable Account
• Remote Enable
• Read Security
11. Click
Add, then enter the login name for the user account that the DFO.exe command line will be
using. If a different account is used to run
DFO.exe from the target server, that account must have
similar permissions.
12. Click
OK to close all open dialog boxes.
13. Restart the
Windows Management Instrumentation service.
Assigning the user to the DnsAdmins group
Follow these steps to add a user to the domain DnsAdmins group.
1. Select
Start, Programs, Administrative Tools (Common), Active Directory Users and Computers.
2. Right-click the
DnsAdmins group and select Properties.
3. Select the
Members tab.
4. To add a user to the group, click
Add.
5. In
Location, click the domain containing the users you want to add, then click OK.
6. In
Name, type the name of the user you want to add to the group. If you want to validate the user or
group names that you are adding, click
Check Names.
7. Click
OK to close all open dialog boxes.
DNS failover using DNSCMD
The DNS Server Troubleshooting Tool utility (DNSCMD) from the Windows 2000 Support Tools can be
used in the failover and failback scripts to delete and add host and reverse lookup entries so that the
source host name will resolve to the target IP address. The following example commands delete the host
and reverse lookup entries associating the host name “europa” with 192.168.15.14 in the
nsisw.com zone
on the DNS server (
dnssvr.nsisw.com), and add the entries to associate europa with 192.168.15.18.
dnscmd dnssvr.nsisw.com /RecordDelete nsisw.com europa A 192.168.15.14 /f
dnscmd dnssvr.nsisw.com /RecordDelete 168.192.in-addr.arpa 14.15 PTR
europa.nsisw.com /f
dnscmd dnssvr.nsisw.com /RecordAdd nsisw.com europa A 192.168.15.18
dnscmd dnssvr.nsisw.com /RecordAdd 168.192.in-addr.arpa 18.15 PTR
europa.nsisw.com
DNSCMD commands will only work if dynamic updates are enabled on the DNS zone. This is configured
on the DNS zone’s Properties dialog box in the Windows 2000 Microsoft Management Console DNS
snap-in. If only secure updates is enabled (this option is available only on Active Directory
®
-integrated
zones), the DNSCMD utility must be used in the context of a user who is in the domain DnsAdmins group
(i.e., the Storage Mirroring service logon account must be in the DnsAdmins group if the commands are in
failover/failback scripts). In Windows 2003 Active Directory environments, the Storage Mirroring service
logon account must be of a domain admin class in order to script DNSCMD. Failover/failback scripts do
not run in the security context of the user specified in the failover monitor Account option despite the dialog
box's implication (in Storage Mirroring 4.1) to the contrary.
The Windows 2000 Dynamic DNS (DDNS) client does not initiate a registration reflecting the failed-over
name and IP address when failover occurs, and the
ipconfig /registerdns command will not cause the
failed-over name and IP address to be registered. Accordingly, host records for the source will remain
intact after failover, and any required changes must be made on all DNS servers used by relevant clients.
Changes to non-Windows 2000 DNS servers and Windows 2000 DNS servers with dynamic updates
disabled must be implemented by some other means. At this time, HP does not have any specific