Oct 292013
 
5.00 avg. rating (100% score) - 5 votes

NeverFail’s Heartbeat allows installation of servers (nodes) in 2 ways:

  • High Availability (HA), commonly called LAN implementation, in which nodes have the same IP address and Packet Filter is responsible for isolating respective node from the network by blocking (filtering) traffic on Principal (public) interface
  • Disaster Recovery (DR), commonly called WAN implementation, in which nodes have different IP addresses and isolation from network is “logical” by updating DNS record for the hostname of the Principal (public) interface

Most common approach of WAN implementation is to have servers joined to the same domain (AD domain) which has its DNS server (or multiple) associated. In such case when switchover / failover occurs DNSupdate triggers and by default it is setup as follows:

DNSupdate.exe -auto

In this case:

    -auto                 : Extract the IP addresses from Heartbeat
                          : (ony valid with Heartbeat versions V6 and later)

Unfortunately some installations do not follow such scenario and nodes (servers) are not in AD, or in different AD(s) and for the DNS resolution purpose have some Windows based (but not necessary) standalone DNS server(s). In such case above command will fail with error 11 and to work around it you will need to change syntax of DNSupdate providing additional parameters, for example:

DNSUpdate.exe -ns NAMSERVER -r IP-REMOVE -a IP-ADD -name HOST -domain DOMAIN

In this case:

NAMESERVER - IP of the DNS server to update
IP-REMOVE - IP address to remove
IP-ADD - IP address to add
HOST - name of host (A record) to be modified
DOMAIN - domain name

For example:

DNSUpdate.exe -ns 10.0.0.1 -r 172.16.0.1 -a 172.17.0.1 -name thehost -domain bla

I came across some installations where, due to non-AD membership of servers, account used to update DNS was throwing access denied error. You can see the error when running DNSUpdate with -d (debug) option from command line:

Command failed:  ERROR_ACCESS_DENIED     5  (00000005)

To work on that you will have to use following command on the FoE server

dnscmd.exe /Config /RpcAuthLevel 0

 

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)