07-13-2011 11:21 AM
Hello all,
I am trying to link two VCS clusters together using the Remote Cluster Configuration Wizard and I keep getting the following error message VCS error V-16-10-39. Following error were encountered while connecting to the cluster: Connection Refused. Please change the data and try again or press cancel to exit the wizard.
Has anyone run across this error before?
07-13-2011 12:02 PM
I have had problems using the Remote Cluster Configuration Wizard. I have had problems when using hostnames and it worked with IPs so you could try this, and you can check firewalls (check you can telnet to remote_cluster_ip 14141
You can always do it manually if wizard doesn't work by running:
haclus -add remote_cluster_name remote_cluster_ip
You would need to run this command from both clusters.
Mike
07-13-2011 01:20 PM
I can telnet to the ports from both sides. I did check that. The remote clusters added but won't come online without a heartbeat. When I set one up it fails to connect
07-13-2011 02:39 PM
Make sure the ClusterAddress cluster attribute is set to the Virtual IP address used in the ClusterService group and make sure this resolves to a hostname - this IP MUST resolve to a hostname for the clusters to connect.
Yes, sorry, you need to add heartbeat using hahb (or GUI) as well as using haclus.
Mike
07-13-2011 03:56 PM
I had the heartbeat configuration wrong. The clusters are linked but I am back to getting VCS Warning V-16-10-73 connection refused. When you type in the user credentials are you supposed to use anthony@anthony.com or anthony@anthony or anthony\anthony?
07-14-2011 12:58 AM
A couple of questions:
For non-secure cluster you don't need "@domain", so it is just "anthony".
For secure cluster I would think the domain is unlikely to be anthony.com, unless this is a test domain you have created or one of your nodes is called anthony.com. If you are using a unixpwd domain type then the domain is the UNIX hostname in which case in your main.cf you should see "anthony@node1" and to use this from the GUI you should just enter "anthony" and select domain=node1 and domaintype=unixpwd
It would be of use for you to copy the first part of main.cf showing, cluster, remotecluster and heartbeat definitions (don't need service groups) for both clusters.
Mike
07-14-2011 01:02 AM
Forgot to say that if you are using secure cluster, then both clusters should be using the same domain, so this won't work very well (if at all) using unixpwd (may work with some trusts setup)
Mike
07-14-2011 10:34 AM
Answers to your questions... 1) nt, 2) trying to create a global group. This is a secure server setup... so I type in the IP address of the cluster and user credentials.
07-14-2011 11:03 AM
Few more questions:
If you have done all this then the user credentials you need to use are:
User: anthony
Domain: Windows AD domain
Domain type: nt
Authentication Broker: IP of Windows AB
If you are not sure what you Windows domain is then type:
"vssat showallbrokerdomains" on the Windows AB.
If wizard does not work, you can do this manually by populating ClusterList ServiceGroup attribute - add 2 values (attribute is an array) on each cluster:
cluster_name1 0
cluster_name2 1
For example to run this from the command line (on both clusters):
hagrp -modify grp_name ClusterList cluster_name1 0 cluster_name2 1
Posting extracts from your main.cf would help.
Mike
07-14-2011 12:08 PM
I'm pretty sure we are in the area of the problem. I've checked all of the servers and "vssat showallbrokerdomains" shows Broker - Domain Entries in Local Registry: 0
I know I installed an auth broker and root broker on HAPPYCLUSQL01. Main.cf is below. I have been playing with the users to see if it works... but the information above may be the problem.
cluster HAPPYWVCLUSTER (
UserNames = { "me@happydomain" = "", "me@happy.local" = "", "HAPPYapp@happydomain" = "",
me = "" }
ClusterAddress = "192.168.45.53"
Administrators = { "me@happydomain", "me@happy.local", "HAPPYapp@happydomain", me }
SecureClus = 1
)
remotecluster HAPPYIRVCLUSTER (
ClusterAddress = "192.168.55.98"
)
heartbeat Icmp (
ClusterList = { HAPPYIRVCLUSTER }
StopTimeout @HAPPYIRVCLUSTER = 60
Arguments @HAPPYIRVCLUSTER = { "192.168.55.98" }
)
system HAPPYCLUSQL01 (
)
system HAPPYCLUSQL02 (
)
cluster HAPPYIRVCLUSTER (
UserNames = { "me@happydomain" = "", "me@happy.local" = "" }
ClusterAddress = "192.168.55.98"
Administrators = { "me@happydomain", "me@happy.local" }
SecureClus = 1
)
remotecluster HAPPYWVCLUSTER (
ClusterAddress = "192.168.45.53"
)
heartbeat Icmp (
ClusterList = { HAPPYWVCLUSTER }
StopTimeout @HAPPYWVCLUSTER = 60
Arguments @HAPPYWVCLUSTER = { "192.168.45.53" }
)
system HAPPYCLUSQL03 (
)
system HAPPYCLUSQL04 (
)
07-14-2011 12:45 PM
Are you able to log into the Windows GUI - if so what user do you use?
Mike
07-14-2011 01:14 PM
yes. me@happy.local
07-14-2011 01:19 PM
If you can login then AB should be set-up. Sometimes there is more than one vssat.exe installed - try searching for this file and if there is more than one, at command prompt "cd" to each directory and try "vssat showallbrokerdomains"
Mike
07-14-2011 01:26 PM
vssat is in two locations 'program files\veritas\security\authentication\bin" and "program files (x86)\veritas\security\authentication\bin"
tried both locations... same message
Broker - Domain Entries in Local Registry: 0
07-14-2011 02:52 PM
I don't understand why you get this - you should get a list of the Windows domains of domain type nt on all the cluster nodes and on the root broker you should also see a root domain of domain type vx.
You could try the following:
logon to local VCS java GUI on one of the cluster nodes - i.e use the GUI on the cluster node, not a GUI you might have installed on a client PC. Then run "vssat showcred" on the cluster node and this should show you the credential that you got when you logged onto the GUI. If this works, please send output.
Mike