cancel
Showing results for 
Search instead for 
Did you mean: 

VCS 5.1 Remote cluster configuration

Ashon1
Level 4
Partner

Hello all,

 

I am trying to link two VCS clusters together using the Remote Cluster Configuration Wizard and I keep getting the following error message VCS error V-16-10-39.  Following error were encountered while connecting to the cluster: Connection Refused.  Please change the data and try again or press cancel to exit the wizard.

Has anyone run across this error before?

14 REPLIES 14

mikebounds
Level 6
Partner Accredited

I have had problems using the Remote Cluster Configuration Wizard.  I have had problems when using hostnames and it worked with IPs so you could try this, and you can check firewalls (check you can telnet to remote_cluster_ip 14141

You can always do it manually if wizard doesn't work by running:

 haclus -add remote_cluster_name remote_cluster_ip

You would need to run this command from both clusters.

Mike

Ashon1
Level 4
Partner

I can telnet to the ports from both sides.  I did check that.  The remote clusters added but won't come online without a heartbeat.  When I set one up it fails to connect

mikebounds
Level 6
Partner Accredited

Make sure the ClusterAddress cluster attribute is set to the Virtual IP address used in the ClusterService group and make sure this resolves to a hostname - this IP MUST resolve to a hostname for the clusters to connect.

Yes, sorry, you need to add heartbeat using hahb (or GUI) as well as using haclus.

Mike

Ashon1
Level 4
Partner

I had the heartbeat configuration wrong.  The clusters are linked but I am back to getting VCS Warning V-16-10-73 connection refused.  When you type in the user credentials are you supposed to use anthony@anthony.com or anthony@anthony or anthony\anthony?

mikebounds
Level 6
Partner Accredited

A couple of questions:

  1. Are you using secure cluster and if so what is your domaintype (unixpwd, nis ldap, nt)?
  2. What are you doing to get message "Warning V-16-10-73 connection refused" and is this message being display in a dialogue box or the engine log?

For non-secure cluster you don't need "@domain", so it is just "anthony".

For secure cluster I would think the domain is unlikely to be anthony.com, unless this is a test domain you have created or one of your nodes is called anthony.com.  If you are using a unixpwd domain type then the domain is the UNIX hostname in which case in your main.cf you should see "anthony@node1" and to use this from the GUI you should just enter "anthony" and select domain=node1 and domaintype=unixpwd

It would be of use for you to copy the first part of main.cf showing, cluster, remotecluster and heartbeat definitions (don't need service groups) for both clusters.

Mike

mikebounds
Level 6
Partner Accredited

Forgot to say that if you are using secure cluster, then both clusters should be using the same domain, so this won't work very well (if at all) using unixpwd (may work with some trusts setup)

Mike

Ashon1
Level 4
Partner

Answers to your questions... 1) nt, 2) trying to create a global group.  This is a secure server setup... so I type in the IP address of the cluster and user credentials.

mikebounds
Level 6
Partner Accredited

Few more questions:

  1. Did you use the same root broker for both clusters and is this root broker on UNIX or Windows
  2. Have you installed an Authentication Broker (AB) on a Windows box

If you have done all this then the user credentials you need to use are:

User: anthony

Domain: Windows AD domain

Domain type: nt

Authentication Broker: IP of Windows AB

If you are not sure what you Windows domain is then type:

"vssat showallbrokerdomains" on the Windows AB.

If wizard does not work, you can do this manually by populating ClusterList ServiceGroup attribute - add 2 values (attribute is an array) on each cluster:

cluster_name1   0

cluster_name2   1

For example to run this from the command line (on both clusters):

 hagrp -modify grp_name ClusterList cluster_name1 0 cluster_name2 1 

 

Posting extracts from your main.cf would help.

Mike

Ashon1
Level 4
Partner

I'm pretty sure we are in the area of the problem.  I've checked all of the servers and "vssat showallbrokerdomains" shows Broker - Domain Entries in Local Registry: 0

I know I installed an auth broker and root broker on HAPPYCLUSQL01. Main.cf is below.  I have been playing with the users to see if it works... but the information above may be the problem.

 

 

 

cluster HAPPYWVCLUSTER  (
 UserNames = { "me@happydomain" = "", "me@happy.local" = "", "HAPPYapp@happydomain" = "",
   me = "" }
 ClusterAddress = "192.168.45.53"
 Administrators = { "me@happydomain", "me@happy.local", "HAPPYapp@happydomain", me }
 SecureClus = 1
 )

remotecluster HAPPYIRVCLUSTER (
 ClusterAddress = "192.168.55.98"
 )

heartbeat Icmp (
 ClusterList = { HAPPYIRVCLUSTER }
 StopTimeout @HAPPYIRVCLUSTER = 60
 Arguments @HAPPYIRVCLUSTER = { "192.168.55.98" }
 )

system HAPPYCLUSQL01 (
 )

system HAPPYCLUSQL02 (
 )

 

 


cluster HAPPYIRVCLUSTER (
 UserNames = { "me@happydomain" = "", "me@happy.local" = "" }
 ClusterAddress = "192.168.55.98"
 Administrators = { "me@happydomain", "me@happy.local" }
 SecureClus = 1
 )

remotecluster HAPPYWVCLUSTER  (
 ClusterAddress = "192.168.45.53"
 )

heartbeat Icmp (
 ClusterList = { HAPPYWVCLUSTER  }
 StopTimeout @HAPPYWVCLUSTER  = 60
 Arguments @HAPPYWVCLUSTER  = { "192.168.45.53" }
 )

system HAPPYCLUSQL03 (
 )

system HAPPYCLUSQL04 (
 )

mikebounds
Level 6
Partner Accredited

Are you able to log into the Windows GUI - if so what user do you use?

Mike

Ashon1
Level 4
Partner

mikebounds
Level 6
Partner Accredited

If you can login then AB should be set-up.  Sometimes there is more than one vssat.exe installed - try searching for this file and if there is more than one, at command prompt "cd" to each directory and try "vssat showallbrokerdomains"

Mike

Ashon1
Level 4
Partner

vssat is in two locations 'program files\veritas\security\authentication\bin" and "program files (x86)\veritas\security\authentication\bin"

tried both locations... same message

Broker - Domain Entries in Local Registry: 0

mikebounds
Level 6
Partner Accredited

I don't understand why you get this - you should get a list of the Windows domains of domain type nt on all the cluster nodes and on the root broker you should also see a root domain of domain type vx.

You could try the following:

logon to local VCS java GUI on one of the cluster nodes - i.e use the GUI on the cluster node, not a GUI you might have installed on a client PC.  Then run "vssat showcred" on the cluster node and this should show you the credential that you got when you logged onto the GUI.  If this works, please send output.

Mike