- You use ddns resource.
- Cluster nodes does not have a permission to delete A Record for a target zone on DNS Server.
- Failover fails for ddns resource activation failure.
- On ddns resource Properties, "Delete the Registered IP Address" is not checked.
When ddns resource is activated Node-A, Node-A registers A Recod with ddns virtual hostname and Node-A IP address to DNS Server target zone.
At that time, Node-A who registered the A Record can have a permission for the A Record.
When ddns resource is failed over and activated on Node-B, Node-B tries to remove the existing A Record then register a new A Record with ddns virtual hostname and Node-A IP address.
However, Node-A has a permission to remove the existing A Record but Node-B does not have and removing fails.
(If Node-B has a permisson for the target zone, it can remove.)
By checking "Delete the Registered IP Address" on ddns resource Properties, when ddns resource is de-activated on Node-A for failover, Node-A who has a permission for the A Record delete the existing A Record. Therefore, Node-B do not have to remove the A Record and ddns resource can be activated on Node-B successfully.
However, if failover occurs for Node-A down, ddns resource will be activated on Node-B without de-activation on Node-A. This means that Node-B should remove the existing A Record and it will fail. Therefore, adding to ddns resource "Delete the Registered IP Address" setting, please add an application resource which removes the existing A Record with a specified account.
-
Enable Powershell DNSServer command
On both servers- Start Windows Server Manager
- Add following Server feature:
- Remoe Administration Tools
- Role Administration Tools
- DNS Server Tools
- Role Administration Tools
- Remoe Administration Tools
-
Prepare Account
An account which fufilling the following conditions (hereinafter, this is called "DNS Account") is required.- The account has a permission to the target zone level to delete record
- The account is enabled on all cluster nodes
e.g.) Domain account which has a permmision for zone
-
Store scripts On both servers
- Copy the following 3 scripts to "C:\Program Files\EXPRESSCLUSTER\bin".
- Set RemoveRecord.ps1 parameters:
- $dnsServerIp
- $ddnsVirtualHostname
- $dnsZoneName
e.g.)
# Set the following parameters # $dnsServerIp = "192.168.10.10" $ddnsVirtualHostname = "ddns-test" $dnsZoneName = "test.local" ################################
- Add application resource and set as follow:
- Info
- Type: Application resource
- Dependency
Change the group resources Dependency from Before to After:- Before
- resources 1
- ddns resource
- resources 2
- After
- resources 1
- application resource
- ddns resource
- resources 2
- Before
- Recovery Operation
- Recovery Operation at Activity Failure Detection
- Retry Count: 2 time
- Failover Threshold: 0 time
- Final Action: No operation (active next resource)
- Recovery Operation at Deactivity Failure Detection
- Final Action: No operation (deactive next resource)
- Recovery Operation at Activity Failure Detection
- Details
- Resident Type: Non-Resident
- Start Path: RemoveRecord1.bat
- Tuning
- Start
- Domain: Set the target domain name (e.g. test.local)
- Accout: Set DNS Account
- Password: Set DNS Account password (It will be encrypted)
- Start
- Info
- Edit ddns resource Properties
- Dependency
Change the group resources Dependency from Before to After:- Before
- resources 1
- ddns resource
- resources 2
- After
- resources 1
- application resource
- ddns resource
- resources 2
- Before
- Details
- Delete the Registered IP Address: Check
- Dependency
- Apply the configuration
Application resource takes some time to get activated for DNS Server operation command (Powershell Get-DnsServer/Remove-DnsServer command).
https://docs.microsoft.com/en-us/powershell/module/dnsserver/?view=win10-ps