Wednesday, July 31, 2013

NLB cluster for IIS: Site not accessible when one node is down

Scenario: 

We had set up an NLB cluster with two Windows 2008 servers. The purpose was to load balance the IIS sites hosted in these servers web01 and web02.A DNS entry was created pointing to the cluster IP, and the site was accessible using this DNS name. However, the site was not accessible from web01 was down, even with the clustering in place.

Resolution:

The problem was with the port rule setting.The filtering mode was set to "Multiple host" and affinity was set to "Single" . So all requests from our web browser will be handled only by a single host until the session is completed. This was causing all our queries to be redirected to web01, but it was down. In order to solve the issue, we set the affinity to "None". This enables the client requests to be sent to all servers in the cluster during a session.


Monday, July 29, 2013

DSRM Mode password reset in windows server 2008

The article explains the steps to be done to reset the Directory service restore mode password for AD servers in a domain. This is done using ntdsutil tool.

-On the command prompt, type ntdsutil
- On the ntdsutil> prompt, type "set dsrm password"
-You will get the following prompt - Reset DSRM Administrator Password:
-Type the command to reset the dsrm password on the server of your choice at this point
  •  If you want to set password on the server that you are logged in currently, type "reset password on server null"
  • If you want to reset password on another Ad server in the same domain type "reset password on server <DNS name of the target AD server> "
-Next you will be getting prompts for typing and confirming the new password
-Enter and confirm the new passwords
-Once done, type 'q' to quit the DSRM as well as the ntdsutil command prompt

PS: Good news is that , as you can see, you need not know the old DSRM password. So this will work in cases where you forget the DSRM password that you set initially

Note: You cannot change the DSRM password on a server that is currently in DSRM mode, neither locally nor remotely from another AD in the sam domain