HP StorageWorks Storage Mirroring application notes Guidelines for networking and failover Part number: T2558-96063 Third edition: February 2008
Legal and notice information © Copyright 2004–2008 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
Document overview This document is a Storage Mirroring application note. An application note provides guidelines on the use of Storage Mirroring in a specific environment. This document contains: • Document overview—Explains what an application note contains, how it should be used, what you need to know before trying to use the application note, and where you can go for more information.
This document also discusses other networking topics related to failover, including how to view name caches and the Address Resolution Protocol (ARP) cache to troubleshoot. Additionally, common questions such as how failover affects domain controllers and how to fail over Internet Protocol (IP) addresses to remote targets are addressed. Understanding Storage Mirroring failover and failback Storage Mirroring failover When Storage Mirroring failover occurs, the following events take place.
File and print sharing with SMB and NetBT Windows file and print sharing uses the SMB protocol, which has historically relied on NetBIOS. NetBIOS, in turn, required NetBIOS over TCP/IP (NetBT) to function on IP networks. NetBT uses Transmission Control Protocol (TCP) port 139 and has a limitation of binding only to the primary IP address of each Network Interface Card (NIC).
to it as the “NetBIOS-less” transport, even while mentioning that the NET CONFIG SERVER command will report the binding as NetbiosSmb (000000000000). Regardless, this document will refer to it as SMB/IP for the sake of convenience.
• WINS scripting is not required when the target and all clients have the same primary WINS server (regardless of whether clients and target are in a LAN or WAN environment), the target server and all clients are Windows 2000 or later versions and the IP address is failed over, or the “replace” failover option is used.
SAMPLE_TARGET_HOST 10.4.0.4 PRODSVR There are seven WINSCL commands that must be scripted to import an LMHOSTS file into a WINS database. The following example, TARGET.DAT, includes the commands necessary to connect to a WINS server with an IP address of 10.5.0.11 and import the TARGET_HOST file that is located on the WINS server. SAMPLE_TARGET.DAT 1 10.5.0.11 SI 1 D:\SOURCE_HOST 0 EX For this example, the following command would be placed in the post-failover script to run the TARGET.DAT script.
Failover and DNS DNS resolution is also a consideration after failover, especially when the source IP address is not failed over to the target. Use the following decision tree to determine when DNS host entries need to be changed after failover. Do clients use DNS to resolve server names? DNS scripting is not required. No Since no clients use DNS to resolve the source host name, there is no need to make any changes after failover.
• The user must have Full Control on the WMI DNS Namespace on the source’s primary DNS server. For details, see Assigning Full Control on the WMI DNS namespace on page 10. • The user must be a member of the domain's DnsAdmins group where the source's primary DNS server is located. For details, see Assigning the user to the DnsAdmins group on page 11. 4. Run DFO.exe with the /setpassword switch to store the password of the user (created in step 3) in an encrypted file. This allows you to run DFO.
10. Verify that the user is in the ACL list with the following permissions. If the permissions are not assigned, proceed to the next step. • Execute Methods • Full Write • Partial Write • Provider Write • Enable Account • Remote Enable • Read Security 11. Click Add, then enter the login name for the user account that the DFO.exe command line will be using. If a different account is used to run DFO.exe from the target server, that account must have similar permissions. 12.
documentation on how to script changes to DNS records other than the Windows 2000 DDNS solution. However, since DNS zone files are text-based, they can be manipulated with any scripting language that can open, parse, and write to a text file.
Failure: The target account name is incorrect” will be returned if the computer account with which the SPN is associated does not belong to the server that receives the connection request. When Storage Mirroring failover occurs, the source's SPNs must be deleted so that the target server will accept requests when clients attempt to access \\SOURCE\SHARE. If there are no SPNs associated with the name used in the request, the target server will allow the client connection since there is no conflict.
NOTE: The sample scripts provided are only examples. Because no two environments or configurations are exactly the same, you MUST modify the sample scripts in order to make the solution work in your environment. SAMPLE_FAILOVER.BAT NSISPN NSISPN NSISPN NSISPN -D -D -D -D HOST/SOURCE.domain.com SOURCE HOST/SOURCE SOURCE SMTPSVC/SOURCE.domain.com SOURCE SMTPSVC/SOURCE SOURCE NSISPN NSISPN NSISPN NSISPN -A -A -A -A HOST/SOURCE.domain.com TARGET HOST/SOURCE TARGET SMTPSVC/SOURCE.domain.
When Storage Mirroring is installed, the HP ARP Responder device driver is installed and set to a startup type of demand (Windows 2000/2003) or manual (Windows NT 4.0). Storage Mirroring uses the HP ARP Responder to broadcast an unsolicited (gratuitous) ARP when failover occurs. The unsolicited ARP forces the systems on the same physical network to update their ARP caches with an entry associating the source IP address with the target adapter's MAC address.
After Failover D:\>nbtstat -n TS: Node IpAddress: [172.16.137.31] Scope Id: [] NetBIOS Local Name Table Name Type Status ------------------------------------------CALLISTO <00> UNIQUE Registered JUPITER <00> GROUP Registered CALLISTO <20> UNIQUE Registered JUPITER <1E> GROUP Registered INet~Services <1C> GROUP Registered IS~callisto....
See Microsoft Knowledge Base article 197132 for a concise description of these roles. Unavailability of some of the FSMO roles can cause immediate effects, such as Windows NT 4.0 users not being able to change their passwords (PDC emulator), inability to extend the AD schema (schema master), and inability to add a domain to a forest (domain naming master).
infrastructure.
Diagnosing common issues Issue Clients receive “The network path was not found” when attempting to access the failed-over source. Diagnosis This error is returned if the source name is resolved to an IP address or TCP/IP port that is not responding. Possible Causes The client or target is pre-Windows 2000 and the name resolution server (WINS or DNS) used by the client is not being updated to associate the source name with the target's primary IP address.
Possible Causes SPNs are not getting changed at failover. Clients are using a domain controller that has not yet received the changes to the SPNs. Primary Troubleshooting Confirm that the failover monitor is configured to fail over and fail back the Active Directory host name. If NSISPN is being used in failover scripts, confirm that it is version 1.1 or later. Advanced Troubleshooting After failover, run “NSISPN -L [source]” from the target and save the output for review.
Issue NFS clients cannot access mounts after failover. Diagnosis UNIX clients may see NFS mounts become unresponsive after failover. This is a limitation of the NFS client software and cannot be addressed with any Storage Mirroring configuration. Some clients will handle the failover event seamlessly by automatically reconnecting the session.
Options • dnsservername—The name of the source domain/zone's primary DNS server (optional; local machine name used if missing) • sourceFQDN—The source machine's Fully Qualified Domain Name (required for modify) • sourceip—The source machine's IP address (required for modify) • targetip—The target machine's IP address (required for modify) • targetFQDN—The target machine's Fully Qualified Domain Name (required for modify on failback) • recordtype—The type of DNS resource records to modify or list (optional)
General Examples • dfo /dnssrvname mydns.mydomain.com /srcname mysource.mydomain.com /srcip 206.31.4.10 /verbose • Lists all resource records on the specified DNS server that match the source criteria • dfo /dnssrvname mydns.mydomain.com /srcname mysource.mydomain.com /srcip 206.31.4.10 /tarip 210.11.12.
