Forum Discussion

ShahbazW's avatar
ShahbazW
Level 3
13 years ago

SFWHA on non AD environment

Hi Everyone,

Is SFWHA supported in an environment without Active directory/domain controller? I understand that I can configure the cluster manually but does Symantec officially support it?

  • Hi All,

    I received an update from our Product Management team.  They are hoping to have a support statement completed and published for the SFW-HA/VCS for Windows 6.0 product line with non-AD installations sometime next quarter (Q3) or sooner if possible.

    Thank you,

    Wally

  • As far as I am aware SFW/HA will not install if servers are not in Windows 2003 or 2008 domain.

    Also documented as requirement in installation guide.

  • VCS does not need AD to run - it has it's own heartbeat communication between nodes, but before this heartbeat communication is created, i.e before you configure VCS heartbeats, then you need some other commuication between nodes so that you can run VCS configuration on one node and have privileges to create stuff on the other node, so the natural candidate is that both nodes are in the same AD domain.

    So the normal configure wizard install is only supported with AD, but it really is not that difficult to configure manually, so I don't really agree with the opening paragraph of the technote solution which says:

    This procedure should only done by those with extensive knowledge of Storage Foundation HA for Windows"

    You only need a basic understanding, as the wizard may explain some of the components (like ClusterId, heartbeats, notifier), but when configuring manually you need to know what these are (but not necessarily know how they work).  The technote Joe gave is reasonably comprehensive and basically involves:

    1. Creating heartbeat files - this is only 3 files each containing one or a few lines and there is even a utility (lltutil.exe) which creates a template for the one file which is a little more complex.
      One thing I would add here, is that if you want a low priority link then you need a line the same as lines beginning "link", but use the word "link-lowpri" instead
       
    2. Create/modify a few registry keys (enable LLT and GAB services and set Cluster ID)
       
    3. Set a few services to autostart
       
    4. Set the "VERITAS Cluster Server Helper service" to use the user you have created for this (note, this user is created manually in wizard install)
       
    5. Create an Admin user for VCS
       
    6. Modify main.cf file (in Program Files\VERITAS\Cluster Server\conf\config).  Note if you copy this file from an existing cluster and just make ammendments then you do not need to do step file as the VCS user is created in the main.cf
       

    I have only done this a couple of times in Windows, but have done it loads of times in UNIX, where you HAD to do it this way 10 years ago (UNIX doesn't require steps 2, 3 & 4), but in UNIX you need an extra step to copy types file from conf directory to conf/config - this is because if install placed it where is it suppose to go, then if you are doing an upgrade it would overwrite a possibly tuned file, but I guess in Windows you have to copy file out of the way if doing an upgrade (or this step is missing from technote).

    Mike

     

  • I had configured this previoulsy on version 5.1SP2 without any issues doing the manual configuration. I as trying to do the same thing with version 6 and was unable to do so since LLT wouldnt start for some reason. Uninstalled and installed 5.1 SP2 and it works.

    Only thing was, I had created the disk group on the newer version and the older one wouldnt import the dg :(

    Had to do the entire thing again with 6.0.

    Additionally, my question was more related to Symantec support. Lets say this is clustered manually, would a Symantec TSE support me in case I had any issues?

  • It certainly used to be supported as I have done it (and I checked with Support before doing so), but this was probably 5.0, but Joe is a Symantec Employee and so as he says it is supported, I guess this is still the case, but Joe, perhaps you can clarify this is supported for 6.0 too.

    If you had problems with LLT in 6.0, you can perhaps try starting llt using "lltconfig -c", this is how you start in UNIX and I THINK, this works in Windows and you may get an error message to tell you what is wrong doing it this way (you can also use "net start llt", which definately works)

    Mike

  • Hi All,

    As Marianne pointed out SFW-HA documentation states that AD is a requirement.  As mentioned by Mike, SFW-HA can be run without AD.  In earlier versions of the product a Support Exception was needed to obtain support in configurations where AD was not involved.

    We are currently working with Product Management and Engineering to create a support statement for non-AD enviornments that would not require a support exception.  However, I have not seen this final support statement from them as of yet.  I will check with Product Management to see if I can get an update on this issue.

    Thank you,

    Wally

  • Hi All,

    I received an update from our Product Management team.  They are hoping to have a support statement completed and published for the SFW-HA/VCS for Windows 6.0 product line with non-AD installations sometime next quarter (Q3) or sooner if possible.

    Thank you,

    Wally

  • Only thing was, I had created the disk group on the newer version and the older one wouldnt import the dg :(

    Create the DG on older version(5.1SP2) and import it to the newer version(6.0) I might import on the newer version.