1 / 79

PATHWORKS and Advanced Server Technical Update

PATHWORKS and Advanced Server Technical Update. Brad McCusker Compaq Computer Corporation. Agenda. Current and future product overview Tech overview of new features Future directions Wrap-up. Agenda. Current and future product overview Tech overview of new features Future directions

avaj
Télécharger la présentation

PATHWORKS and Advanced Server Technical Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PATHWORKS and Advanced ServerTechnical Update Brad McCusker Compaq Computer Corporation

  2. Agenda • Current and future product overview • Tech overview of new features • Future directions • Wrap-up Compaq Enterprise Technical Symposium 2001

  3. Agenda • Current and future product overview • Tech overview of new features • Future directions • Wrap-up Compaq Enterprise Technical Symposium 2001

  4. Current OpenVMS File & Print Servers • Advanced Server for OpenVMS V7 • Current Release - V7.3 (Apr 01) • PATHWORKS V6 for OpenVMS (Advanced Server) • Current Release - V6.0D (Apr 01) • V6.0D is exactly the same as V6.0C-ECO2 • PATHWORKS V5 for OpenVMS (LAN Manager) • Current Release - V5.0F-ECO2 (Feb99) Compaq Enterprise Technical Symposium 2001

  5. V7.2A-ECO4 – Important! • V7.2A-ECO4 breaks Com for OpenVMS • Com for OpenVMS applications will not work with ECO4 • NTA$LOGON doesn’t work • Possible server crash when running Com • Patch available from Customer Support Center • PWRK$LMSRV ident: V7.2-140A-00001 or -00002 • Patch is only necessary if you run Com for OpenVMS • Or, upgrade to Advanced Server V7.3 Compaq Enterprise Technical Symposium 2001

  6. Advanced Server for OpenVMSV7.3 – Our newest release • Advanced Server V7.3 (Alpha Only) • Release: April 2001 • Also ships with OpenVMS V7.3 • Q2-2001 Software Product Library • OpenVMS V7.3 support (V7.2-1, V7.2-2 also) • Member server role • Extended character set • Alias file names • NT print management (SpoolSS) support • DNS load balancing capabilities • PCSI support Compaq Enterprise Technical Symposium 2001

  7. Advanced Server for OpenVMSFuture Releases • Advanced Server V7.3-ECO1 • Estimated availability: Late Sep 01 • In final qualification now. • Numerous bug fixes (20+) • Customers should install this ECO when they can Compaq Enterprise Technical Symposium 2001

  8. Advanced Server for OpenVMSFuture Releases • Advanced Server V7.3A • Internal code name: “Shelby” • Estimated release: H12002 • More Windows 2000 Interoperability • Performance improvements • Opportunistic locking support • More on these later Compaq Enterprise Technical Symposium 2001

  9. Advanced Server for OpenVMSFuture Releases (2) • Internal code name: “Cobra” • Follow on release to V7.3A • Active Directory Support (EAK) • Kerberos • Support for OpenVMS V6.2/V7.* VAX and Alpha • Scalability • Multiple PWRK$LMSRV processes • Robustness • Support OpenVMS Security Enhancements Compaq Enterprise Technical Symposium 2001

  10. Advanced Server for OpenVMSFuture Releases (2) • Advanced Server V7.4 • Active Directory • Unicode Compaq Enterprise Technical Symposium 2001

  11. PATHWORKS for OpenVMS Future Releases • PATHWORKS V6.1 for OpenVMS • Q3-2001 • Member Server • Alias file names • PATHWORKS V5 for OpenVMS • Maintenance updates only Compaq Enterprise Technical Symposium 2001

  12. What about Itanium™ Processor Family? • Advanced Server will be ported as soon as required OpenVMS infrastructure is in place • When OpenVMS is ready, we’ll be ready! • Current estimate for AS port: H2CY03 • Advanced Server porting effort is minimal – Less than 5% of code modules affected • Cluster configuration support in line with OpenVMS cluster support Compaq Enterprise Technical Symposium 2001

  13. What about PATHWORKS and Itanium™ Processor Family? • No plans to port PATHWORKS to Itanium ™ Processor Family • Will need to upgrade to Advanced Server to get Itanium™ Processor Family support • Plan to modify Advanced Server to support platforms that PATHWORKS supports • OpenVMS VAX and Alpha V6.2, V7.2, V7.3…. • PATHWORKS to Advanced Server migration is a simple Install/Config/Run… Compaq Enterprise Technical Symposium 2001

  14. PATHWORKS 32 Client SW Update • PATHWORKS 32 V7.2 • Available June, 2000 • Supports Windows 2000, Windows NT 4.0, Windows 95, Windows 98 • http://www.OpenVMS.Compaq.com/pathworks32/ • Contact Information – Product Manager: • Barbara.Karten@Compaq.com Compaq Enterprise Technical Symposium 2001

  15. Agenda • Current and future product overview • Technical details of new features • Future directions • Wrap-up Compaq Enterprise Technical Symposium 2001

  16. New Features Technical Discussion • DNS name resolution • NT print management (SpoolSS) • Member server • Licensing • Potpourri Compaq Enterprise Technical Symposium 2001

  17. DNS Support • DNS name resolution by clients supported as of PW V6.0C and AS V7.3 • Client DNS name resolution required for dynamic cluster load balancing • See Advanced Server Administrators Guide for more information on dynamic balancing Compaq Enterprise Technical Symposium 2001

  18. Tech Tips: NETBIOS Name Resolution • If Enabling Dynamic Alias Resolution… • Remove static entries for cluster alias! • NETBIOS names are resolved with LMHOSTS or WINS before DNS • Added ability for Advanced Server to use DNS for name resolution • Enabled via PWRK$CONFIG/Transports • V6.1, V7.3 • DNS used as last resort • After LMHOSTS, broadcast, WINS Compaq Enterprise Technical Symposium 2001

  19. NT Print Management Support (V7.3) • New optional functionality in V7.3 • NT style management of printer resources • Specifically, added the SPOOLSS pipe • Use NT Print Manager to manage OpenVMS printer resources • ADMIN CLI will have minimal print management support • Allows print drivers to be stored on Advanced Server for downloading to the client Compaq Enterprise Technical Symposium 2001

  20. Upgrading Existing Printers • Existing Printers = Printer Shares defined on AS at time NT Style Printing is enabled • Automatically upgraded when choosing “Enable NT Style Printing” • Upgraded printers will have restricted manageability & functionality • Print Manager won’t work • No drivers • Upgraded printers will need to be deleted and re-added via NT Print Manager to gain full management functionality Compaq Enterprise Technical Symposium 2001

  21. Adding New Printers • “Add Printer” in Printers Folder on AS system • Select Port will show available Execution Queues on OpenVMS • Specify Printer Name • Provide Printer Driver • From CD-ROM, or other location • Stored on Advanced Server for downloading to clients Compaq Enterprise Technical Symposium 2001

  22. What about generic queues? • OpenVMS generic queues point to multiple execution queues (one to many relationship) • Prior to NT Style Printing, it was possible to share generic queues to the network • NT Print Manager will display Execution Queues as Printer Ports • Generic Queues will not show up as a ‘port’ • In other words, they can’t be shared with NT Style management as they were previously Compaq Enterprise Technical Symposium 2001

  23. Printer Pooling • Problem: How do I retain the one-to-many functionality of generic queues? • Solution: Printer Pooling • Enable “Printer Pooling” in the Add Printer applet • Select the Printers to be shared • Let Advanced Server handle the one-to-many relationship!!! Compaq Enterprise Technical Symposium 2001

  24. Printer Pooling (2) • Select Printer Pooling • Select all the execution queues that will be used by this Printer • Continue with the Wizard Compaq Enterprise Technical Symposium 2001

  25. Upgraded Printers don’t have full capabilities Once you choose NT Style Printing, it is difficult to go back Will require restore from backup Limited support from the ADMIN CLI Restrictions Compaq Enterprise Technical Symposium 2001

  26. CAUTION! • Performance Issue with NT Print Management • More than 100 printers – not recommended at this time • Larger systems can support more • No firm benchmarks available • Improvements, to be delivered in a future release: • TBD Compaq Enterprise Technical Symposium 2001

  27. Member Server Role (V7.3, V6.1) • Adding support for the member server role • Previously, PW/AS servers only supported PDC & BDC roles • Behavior when using member server role: • Server does not participate in SAM replication • Domain NETLogon requests not processed • User authentication for connecting clients passed through to a domain controller • Allows PW/AS to participate in a pure Windows 2000 domain Compaq Enterprise Technical Symposium 2001

  28. Member Server Local vs Global SAM Databases • Member Servers have a SAM!!! • But, its not the domain SAM, it is a local SAM • Known only to that member server • Local SAM: • Represented by user or group name • Administrator, Administrators • Local groups only, global groups have no meaning • Global SAM: • Represented by user or group name, but, qualified with domain name • \\DOMAIN1\Domain Admins • Reference KB article: Q126436 Compaq Enterprise Technical Symposium 2001

  29. More local vs global SAM • Access to resources: Local SAM checked first • Be careful of same names in Local and Global SAMs • Recommend not using Local SAM database • Or, be sure you know why you are using Local SAM and why. Compaq Enterprise Technical Symposium 2001

  30. ADMIN and Local/Global SAMs • ADMIN defaults to managing the Global SAM • To manage a local SAM: • Use \\ServerName instead of a domain name. • For Example: LOGIN/DOMAIN=\\memberserver SET ADMINISTRATION/DOMAIN=\\memberserver COMMAND/DOMAIN=\\memberserver • ADMIN prompt becomes \\memserv\\memserv> • When logged in or Set ADMIN to local database Compaq Enterprise Technical Symposium 2001

  31. Member Server and ADMIN • Not Allowed on Member Servers: SET COMPUTER/ACCOUNT_SYNCHRONIZE SET COMPUTER/ROLE=xxx SHOW COMPUTER (except to specific comp) ADD COMPUTER REMOVE COMPUTER ADD|SHOW GROUP/GLOBAL SHOW GROUPS/GLOBAL ADD|COPY|MODIFY USER/PRIMARY_GROUP=xxx ADD|REMOVE|SHOW TRUST Compaq Enterprise Technical Symposium 2001

  32. Member Server and ADMIN (2) • ADMIN behavior on LOCAL SAM • ADD/COPY/MODIFY/REMOVE/SHOW GROUP commands will only manage local groups. • Global Groups may exist but, they are ignored on Member Servers • ADD USER adds to the "Users" local group. • Also added to Domain Users global group but not seen by users • SHOW USER will only show memberships in local groups. • Won't show primary group • ADD/COPY/MODIFY USER will only manage memberships in local groups. • Primary group is not supported. Compaq Enterprise Technical Symposium 2001

  33. Member Server and ADMIN (3) • DEBUG SET /FLAGS=BYPASS_MEMSRVCHKS • Bypasses Member Server specific checks on USER and GROUP commands • Allows you to really see what’s in the Local database • Not familiar with ADMIN DEBUG? • $ ADMIN DEBUG HELP Compaq Enterprise Technical Symposium 2001

  34. Member Server Tech Tip #1 (V7.3 only) • Recommend joining a domain by specifying username/password of administrator account • Alternative is to add server to domain prior to running config • Some sites may not have access to administrator account • If you don’t join domain via specifing username/password, only local accounts can manage the local server • Not a problem in V6.1 Compaq Enterprise Technical Symposium 2001

  35. Member Server Tech Tip #2 • Problem: • Same username in global domain and local member server user database • Attempt to connect to member server resources from global account • Member Server attempts to validate access against local account – Access fails • Solution: • If local accounts match global accounts, user “Connect As” and specify domain with user name: • \\domain\user Compaq Enterprise Technical Symposium 2001

  36. Member Server Tech Tip #3 • Explicit Hostmaps are lost on role change to/from member server • When changing roles, the hostmap database (LSA) is recreated. • Previously existing hostmaps lost • Recommend using ADMIN SHO HOSTMAP before role change and ADMIN ADD HOSTMAP after role change to restore. • Do not attempt to use old LSA database • Old LSA has old ServerObject – Not good for new config Compaq Enterprise Technical Symposium 2001

  37. Member Server Role: Upgrading from PATHWORKS V5 • Issue: • How do I upgrade from V5 to V6 Member Server? • V5 to V6 Upgrade Utility only allows upgrade to Backup Domain controller • Solution: • Upgrade to Backup Domain Controller, and then use PWRK$CONFIG to change role to Member Server Compaq Enterprise Technical Symposium 2001

  38. License policy • All client access to PW V6 & AS V7 must be licensed • All client access requires a “Client-Access” license • PWLMXXXCA06.00 - PW-V6.0 • PWLMXXXCA07.02 - AS-V7.2 • PWLMXXXCA07.03 - AS-V7.3, PW-V6.1 • May be used as a client-based or server-based license • Per seat (replaces FPA) • Per server (replaces FPS) Compaq Enterprise Technical Symposium 2001

  39. V73/V6.1 Potpourri: • Registry Incompatibilities • MOD USER /PWDEXP • SAM corruption • Dir Cache • Pulse Message/Inactive Daemon • SHO USERS has new fields • Disable License Ping • RestrictAnonymous • Manual Synchronization Compaq Enterprise Technical Symposium 2001

  40. Tech Tip: OpenVMS Registry Incompatibilities • OpenVMS V7.3 & OpenVMS V7.2-1 registries incompatible • Must upgrade OpenVMS on all cluster nodes which will run the registry • Registry must be running on all Advanced Server nodes • All cluster nodes which will run Advanced Server must upgrade OpenVMS simultaneously • Registries on OpenVMS V7.2-1/OpenVMS V7.3 will not work together in a cluster • OpenVMS V7.2-2 is compatible with OpenVMS V7.3 • Problem doesn’t exist with OpenVMS V7.2-2/V7.3 Compaq Enterprise Technical Symposium 2001

  41. MOD USER /PWDEXP (V7.2A – ECO3/4) $ ADMIN MODIFY USER user-name/PASSWO="passwd" $ ADMIN MODIFY USER user-name/PASSWO="passwd"/FLAGS=PWDEXP • These commands do not expire the password • Workaround: Issue separate expire command $ ADMIN MODIFY USER user-name /PASSWO="passwd" $ ADMIN MODIFY USER user-name /FLAGS=PWDEXP • Fixed in V7.3 • Was never a problem in V6 Compaq Enterprise Technical Symposium 2001

  42. SAM Corruption • V7.3, V7.2A-ECO4, V6.0C-ECO2 fix SAM corruption • No need for modified PWRK$SHUTDOWN • The “interlock shutdown with NetLogon” fix • Only use PWRK$SHUTDOWN provided with kit • Uncontrolled shutdowns can cause corruption • Report reproducible SAM corruption to Customer Support Center Compaq Enterprise Technical Symposium 2001

  43. Directory Cache • Clients sees empty or partial directories • Fixed in V7.3, V7.2A-ECO4, V6.0C-ECO2 • Make sure XQP patches are current • Should always do this • If you still see this – update to latest ECO, notify Customer Support Compaq Enterprise Technical Symposium 2001

  44. SAM Replication Pulse Message - Inactive Daemon • Problem: PW/AS cluster is BDC, PDC needed to resolve alias to “active” daemon node of cluster • If alias resolved to “inactive” daemon node, replication pulse messages would go to wrong node. • Partial synchs of SAM didn’t occur • WAN only (LAN uses broadcasts) • Resolution: If “inactive” daemon gets a pulse, it passes it on to the “active daemon” • Active Daemon will respond to Pulse Message • In V6.0C-ECO2, V6.1, V7.3 Compaq Enterprise Technical Symposium 2001

  45. SHOW USER – new fields • ADMIN SHOW USER /FULL, /ACCOUNTS or /PROFILE now includes: • Last Log On: 08/23/00 05:07 PM • Password Last Set: 06/30/00 11:03 AM • Password Changeable: 06/30/00 11:03 AM • Password Expires: 09/11/00 11:03 AM • In V7.3, V6.1 Compaq Enterprise Technical Symposium 2001

  46. Disable Client License Ping • If using only server based licensing, define PWRK$LR_DISABLE_CLIENT_PING, to bypass client license check on client request • When clients connect, PW/AS first attempts to validate a license on the client • If not using any client based licenses, you might as well skip that step. • See Advanced Server for OpenVMS Guide to Configuring Licenses for more information • V7.3 & V6.1 Compaq Enterprise Technical Symposium 2001

  47. 1 Client Map Share Request 2 5 4 Client Response? 3 Client Ping Licensing Block Diagram • DEFINE/SYSTEM PWRK$LR_DISABLE_CLIENT_PING 1 to eliminate steps 3 & 4 • In PWRK$LICENSE_R_START.COM File Server LicenseRegistrar Compaq Enterprise Technical Symposium 2001

  48. Domains with RestrictAnonymous set • PW/AS cannot join a domain if the PDC has RestrictAnonymous set • Check this registry location: Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA Value Name: RestrictAnonymous Data Type: REG_DWORD Value: 1 • Workaround: Set value to 0 while joining domain • Can be reset to non-zero value immediately after joining the domain. Compaq Enterprise Technical Symposium 2001

  49. More RestrictAnonymous Issues • Secure Channels can not be created to Win2K servers with RestrictAnonymous=2 • Trusts, External authentication, are affected • ADMIN LOGON, ADMIN SET PASSWORD do work. • Per MS KB articles value of 2 is for pure Win2K configs only – no down level clients or servers • KB articles: • http://support.microsoft.com/support/kb/articles/q246/2/61.asp • http://support.microsoft.com/support/kb/articles/Q178/6/40.asp Compaq Enterprise Technical Symposium 2001

  50. Manual Synchronization Failures • From Server Manager/Synchronize with PDC, always choose the cluster Alias, not individual nodes. • Since SP5, choosing a node results in machine account secret passwords out of synch • Can no longer establish secure channel • Recovery: Select the cluster alias and then “Synch With Primary Domain Controller” Compaq Enterprise Technical Symposium 2001

More Related