You are on page 1of 20

Limited Internal

INSTRUCTION 1 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A

AGM319 APG43/2 Cloning Instruction

Abstract

This document describes the configuration steps to be performed on an


already installed APG43/2 system. Good APG43 knowledge is required for
this activity.

Application

This Instruction covers APG43/2 hardware.

Contents
1 Revision information 2
2 GENERAL 2
3 KNOWN BUGS AND LIMITATIONS 2
4 PREREQUISITES 2
5 DEPLOY THE CLONE IMAGE INTO AN APG43/2 3
5.1 Changing Parameters on an already installed machine 3
5.2 Post cloning steps 5
5.3 AP2 Reconfiguration 6
6 SPOE IP BACKUP Definition (both AP1 and AP2) 7
7 Setup AP1 and AP2 for APZ connection 8
7.1 AP1/AP2 configuration: Common Part 8
7.2 CS parameters 13
7.3 Data Disk Quota Configuration 14
8 Final Configuration Steps 15
9 Health Check 16
10 REFERENCES 18
11 ABBREVIATIONS AND TERMINOLOGY 18
12 APPENDIX: Post Cloning steps 18
13 APPENDIX1: Workaround for burbackup 19
Limited Internal
INSTRUCTION 2 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A

1 Revision information

Rev. Date Prepared Description

AGM319 R1A APG43/2


A 2011-12-07 TEIMCEC
APUB2 clone release.

B 2012-01-09 TEIMCEC Updated References

2 GENERAL
Cloning Instruction includes all the post installation steps to be performed on
an APG43/2 system in order to have it working and ready to be connected to
an APZ.
After reconfiguration of the system each APG43/2 is identical to the other.

3 KNOWN BUGS AND LIMITATIONS


-

4 PREREQUISITES
Hardware and Firmware requirements

• The APG hardware supported for this release is APG43/2 (APUB2


boards)

• The APZ configuration supported is APZ 18.1.


The software level is AGM319 R1A

Multicast Server prerequisites

• Telnet access to the APG43/2 is required to perform cloning.

• Symantec Ghost Solution Suite 1.1 (Which includes Symantec


Ghost 8.3) must be installed prior to the installation of the cloning
software.

• The cloning software will only run on Windows 2000 Professional/Server


SP4, XP Professional SP1a or Windows Server 2003
Standard/Enterprise.

Info
Limited Internal
INSTRUCTION 3 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A


NOTE: In case of Dual AP configuration, during cloning procedures, AP1-AP2
ethernet cables must be unplugged (on the AP side) in order to avoid IP
address conflict inside the internal network. That is due to the fact that
192.168.x.1 and 192.168.x.2 are the default IPN addresses and post cloning
procedures will change them to 192.168.x.3 and 192.168.x.4 in case of AP2
(x is 169 or 170).

NOTE 2: It is required to physically remove CP connections (e.g. unplug SCB-


RP connection cables towards magazines hosting CP blades and unplug CP-
A, CP-B and MAU from the SPX magazine). The same applies to EGEM2
environment (unplug cables connected to NWI as well).

NOTE 3: It is required to have only one public Ethernet connected to ETH1


(no ETH2 cable shall be present since “no teaming” is the default
configuration)

5 DEPLOY THE CLONE IMAGE INTO AN APG43/2


About how to deploy the clone image into and APG43/2, refer to [ ‎1].

For the Clone Image to be deployed, refer to [ ‎4]

NOTE: The steps reported in this chapter, if not expressly specified, need to
be performed both on AP1 and AP2 systems

5.1 Changing Parameters on an already installed machine


This chapter describes how to perform changes, on an already installed
machine, to: Node Names, IP Addresses, Cluster Name, Cluster IP Address,
Domain Name, Domain Suffix, Subnet Mask and Default Gateway.
If parameters already changed or the ConfigMenu.vbs /preconfig has already
been performed before CloInstall.vbs (see Clone Deployment doc), continue
with chapter ‎5.2.

NOTE: The defined Forwarders (if any) will be removed from the system
by the CloConfig procedure and needs to be reset manually after the
reconfiguration is over.

Both nodes

Delete on both nodes the directory Clone under c:\temp running the following
script:
”c:\Program Files\AP\APOS\clone\CloCleanup.vbs” –deletetemp

Node A

Backup ACLs for K: drive


ACLdatadiskBackup.bat
Limited Internal
INSTRUCTION 4 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A


Start the reconfiguration procedure by running (via GUI) CloConfig.vbs:
”c:\Program Files\AP\APOS\clone\CloConfig.vbs”

When asked for the “Administrator’s password”, insert it and press enter.
A prompt to allow changing the parameters will appear.
Fill the fields with the new parameters and save the changes choosing
“Set parameters and configure the system”.
The reconfiguration will continue automatically.

Restore the previously saved ACLs for K: drive


ACLdatadiskRestore.bat

Since the machine has changed Network Parameters, any previously stored
backup is no longer valid. Remove any reference to the already existing
backup using the procedure reported below:
One node:
- Delete Backup Images on K drive
echo y| del \\<clustername>\k$\images\nodea\*

echo y| del \\<clustername>\k$\images\nodeb\*

- Delete .ddi and DataDiskLayout file


echo y| del \\192.168.169.1\c$\acs\data\bur\*

echo y| del \\192.168.169.2\c$\acs\data\bur\*

- Remove ClusDB directory


rmdir \\192.168.169.1\c$\acs\data\bur\clusdb /s /q

rmdir \\192.168.169.2\c$\acs\data\bur\clusdb /s /q

Both-nodes

- Format D drive in order to remove the existing backup:


format d: /q

The type of the file system is NTFS.


Enter current volume label for drive D: NTBACKUP
NTBACKUP

WARNING, ALL DATA ON NON-REMOVABLE DISK


DRIVE D: WILL BE LOST!
Proceed with Format (Y/N)? y
y
QuickFormatting 20928M

Format cannot run because the volume is in use by another


process. Format may run if this volume is dismounted first.
ALL OPENED HANDLES TO THIS VOLUME WOULD THEN BE INVALID.
Would you like to force a dismount on this volume? (Y/N) y
y
Volume dismounted. All opened handles to this volume are now
invalid.
Volume label (32 characters, ENTER for none)? NTBACKUP
Limited Internal
INSTRUCTION 5 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A


NTBACKUP
Creating file system structures.
Format complete.
21430708 KB total disk space.
21364308 KB are available.

Both-nodes

Restore the right ACLs on BUR directory (see TR HJ36595):


echo y| cacls c:\ACS\data\BUR /T /G Administrators:F
ACSADMG:F ACSUSRG:R

NOTE: After the reconfiguration is finished Post Cloning steps need to


be applied. To do that, refer to the next chapter.

5.2 Post cloning steps

Active Node (Node A):

Launch the following scripts in this section, using GUI or SSH connections
(DO NOT USE telnet connection, see TR HL46741), in order to apply the
correct configuration for the node:

1 Verify the Cluster Group is up and running


cluster group

If not, start the needed resources manually

2 Refresh the explorer process in order to make visible drives I and K


c:\temp\PostCloning\script\RefreshExplorer.bat

3 Due to TR HP12150 it is required to manually create the BOOT folder


under K:\APZ\data
mkdir K:\APZ\data\BOOT

4 Run the following post configuration batch file (in case of default time
zone):
c:\temp\PostCloning\PostCloning.bat

Check the result of the Post Cloning procedure looking at the log files
stored under c:\temp\PostCloning\logs on the Active node.
NOTE: The command given without parameters will set the default time
zone: “(GMT+01:00) Amsterdam, Berlin, Bern, Rome,
Stockholm, Vienna” bound at position “0”. In case a different time
zone needs to be bound, the correct syntax is reported below:
c:\temp\PostCloning\PostCloning.bat “TZ_name” TMZ_value

Where the “TZ_name” can be obtained using tzls command

Skip the following printout which may eventually occur at the end of
PostCloning script execution:
Limited Internal
INSTRUCTION 6 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A


--- Configuration of the Passive Node finished ---

The process cannot access the file because it is being used by


another process.

For more details regarding the PostCloning.bat procedure refer to [ ‎13].

5.2.1 SSH Tectia settings

SSH regenerate keys on active node and copying of keys to passive node
plus ssh-server-config-tool.exe included in PostCloning.bat (see Appendix A:
Post Cloning steps in chapter ‎13).

5.3 AP2 Reconfiguration

The steps reported in this chapter have to be performed only when


configuring a system with two APGs.
It requires that all the steps in chapter ‎5.2 have been executed.

NOTE: all the steps in this section, if not differently mentioned, need to be
performed on the AP2 node.

Launch the following scripts in this section, using GUI or SSH connections
(DO NOT USE telnet connection, see TR HL46741), in order to apply the
correct configuration for the node:

Active-node (Node A)

1. Execute the fewer clones AP2 configuration script on the active node
(node A) of AP2. Two input parameters are foreseen for this script:

• AP configuration (AP2 in our case)

• Node (Node A in our case)

c:\TEMP\PostCloning\FewerCloneConfig_PA17.bat AP2

2. Update the Reverse Lookup Zone pointers for AP2:


c:\TEMP\PostCloning\Utils\DNS\DNS_AP2_nodeA.bat

3. Reboot the node


prcboot -f

Wait until the restarted node is up again.


Limited Internal
INSTRUCTION 7 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A


Active Node (Node B)

NOTE: It is OK if the “prcstate –l” printout shows that not all the resources are
up and running as the two nodes are not aligned (one is configured as AP2,
while the other not yet)

4. Execute the fewer clones configuration script on the new active node
(node B) for AP2:
c:\TEMP\PostCloning\FewerCloneConfig_PA17.bat AP2

5. Update the Reverse Lookup Zone pointers for AP2 node B:


c:\TEMP\PostCloning\Utils\DNS\DNS_AP2_nodeB.bat

6. Reboot the node


prcboot -f

Wait until the restarted node is up again.

Both Nodes

7. Update the swrsid for AP2


c:\TEMP\PostCloning\swrprod_AGM319_R1A_AP2.bat

6 SPOE IP BACKUP Definition (both AP1 and AP2)


Active-node

8. Run the following script in order to configure SPOE_IP_BACKUP:


c:\temp\PostCloning\SPOE_IP_BACKUP_PA2.bat
Limited Internal
INSTRUCTION 8 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A

7 Setup AP1 and AP2 for APZ connection


The steps reported below explain some basic tasks to be done in order to
allow CP-AP communication from an APG perspective.

Active-node

7.1 AP1/AP2 configuration: Common Part

In case of dual AP configuration, if not differently specified, the steps reported


below need to be performed on both the APGs.

Active-node

1. Assign the Administrator user the right permission to connect to the CP:
c:\temp\PostCloning\Utils\Administrator_permission.bat

The expected printout is:


Assign the the Administrator user the right permission to connect to
the CP

net localgroup ACSADMG Administrator /add


The command completed successfully

net localgroup MCSADMG Administrator /add


The command completed successfully

net localgroup CPADMG Administrator /add


The command completed successfully

Done!

2. Perform a soft function change session in order to set the correct value
for ACS_APCONFBIN_CpAndProtocolType (see ref. [ ‎2]).
The possible values are:
1 AP Z2123x
2 AP Z21240
3 AP Z21250
4 AP Z21255 / IO BC System s / APZ21260

In case of parameter value equal to 1, continue with chapter 7.1.1.

In case of parameter value equal to 2, continue with chapter 7.1.2.

In case of parameter value equal to 3, continue with chapter 7.1.3.

In case of parameter value equal to 4 (for Blade Cluster system only),


continue with next chapter 7.1.4. For parameter value equal to 4 in non Blade
Cluster system, go to chapter 7.2.

After executing the steps described in each chapter (according to the required
configuration) jump to chapter ‎7.2.
Limited Internal
INSTRUCTION 9 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A


7.1.1 APG43/2 in APZ2123X source systems

This configuration refers to APG43 based IO systems in a Single CP


configuration for the following source systems:

• APZ21230

• APZ21233

• APZ21233/C

In order to allow the connection from an APG43 towards an APZ2123x check


the following parameters:

Active node

1. Verify that following parameter’s value is 1:


phaprint ACS_APCONFBIN_CpAndProtocolType

2. Verify that following parameter’s value is 0:


phaprint ACS_CSBIN_isMultipleCPSystem

The aforementioned values are the default ones.

3. Define the TFTP root:


C:\temp\PostCloning\APZ21233x\TFTP_root_set.bat

4. Define the entries for IPNA:


C:\temp\PostCloning\APZ21233x\host_entries_PA3.bat

5. Restart CS services:
C:\temp\PostCloning\APZ21233x\restartCS_delay.bat
Limited Internal
INSTRUCTION 10 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A

7.1.2 APG43/2 connected to APZ 212 40

This configuration refers to APG43 based IO systems in a Single CP


configuration for the following source systems:

• APZ 212 40

In order to allow the connection from an APG43 towards an APZ 212 40


check the following parameters:

Active node

1. Verify that following parameters’ value is 2:


phaprint ACS_APCONFBIN_CpAndProtocolType
phaprint MAS_CPTASP_Protocol

If not, change them to 2 via Soft Function Change.

2. Restart CS services:
C:\temp\PostCloning\APZ21233x\restartCS_delay.bat

Go to chapter 7.2 to configure CS parameters (if required).


Limited Internal
INSTRUCTION 11 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A

7.1.3 APG43/2 connected to APZ 212 50

This configuration refers to APG43 based IO systems in a Single CP


configuration for the following source systems:

• APZ 212 50

In order to allow the connection from an APG43 towards an APZ 212 40


check the following parameters:

Active node

1. Verify that following parameter’s value is 3:


phaprint ACS_APCONFBIN_CpAndProtocolType
phaprint MAS_CPTASP_Protocol

If not, change them to 3 via Soft Function Change.

2. Restart CS services:
C:\temp\PostCloning\APZ21233x\restartCS_delay.bat

Go to chapter 7.2 to configure CS parameters (if required).


Limited Internal
INSTRUCTION 12 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A

7.1.4 APG43/2 in blade configuration or APZ21255/APZ21260

Both nodes

NOTE: Do not launch the following script in parallel on both nodes (wait until
execution is over on one node before launching this script again on the other
node).

1. Run the following script:


C:\temp\PostCloning\CSparameters.bat X

Where X can be any of the values described in chapter 7.2 (e.g. X=5 for Evo
configuration BSC/SCP in CBA environment).

In case of dual AP configuration, continue with next step, otherwise go to chapter


7.3

2. Connect AP1/AP2 ethernet connection cables

CONNECT CABLES FROM AP1 TO AP2.

In case of dual AP configuration, connect AP1 and AP2. Verify that the
communication link is up by pinging from the AP1 the “IP Address for SPOE” of
the AP2 (192.168.169.34).

AP1 Active-node

3. Verify the AP2 respond to ping


ping -n 2 192.168.169.34

4. Add SPOE address of AP2


swmanage –ah ap_2 192.168.169.34

Go to chapter 7.3.
Limited Internal
INSTRUCTION 13 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A

7.2 CS parameters

Both nodes

NOTE: Do not launch the following script in parallel on both nodes (wait until
execution is over on one node before launching this script again on the other
node).

In order to change CS parameters, launch the following script:


C:\temp\PostCloning\CSparameters.bat X

Where X can be any of the following values:

X
ACS _CS BIN_aptType ACS _CS BIN_nodeArchitecture ACS _CS BIN_i sMultipleCPSystem
value
1 MSC Component Based A rchitecture SCP

2 MSC Component Based A rchitecture MCP


NOT Component Based
3 MSC SCP
Architecture
NOT Component Based
4 MSC MCP
Architecture
5 BSC Component Based A rchitecture SCP
NOT Component Based
6 BSC SCP
Architecture
7 HLR Component Based A rchitecture SCP

8 HLR Component Based A rchitecture MCP


NOT Component Based
9 HLR SCP
Architecture
NOT Component Based
10 HLR MCP
Architecture
11 WLN Component Based A rchitecture SCP

12 WLN Component Based A rchitecture MCP


NOT Component Based
13 WLN SCP
Architecture
NOT Component Based
14 WLN MCP
Architecture

Option number 3 should not be used in case ACS_CSBIN_aptType value is


MSC, ACS_CSBIN_nodeArchitecture value is “NOT Component Based
Architecture” and ACS_CSBIN_isMultipleCPSystem value is SCP since these
three CS parameters are the default ones and no change is required.

Option number 3 can be used as “restore option” to default values.

In case of change from one configuration to another, first restore to default


configuration (using option number 3) and then apply the new configuration.
Limited Internal
INSTRUCTION 14 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A

7.3 Data Disk Quota Configuration

This chapter describes how to set the Data Disk Quota Configuration for CP
Systems (default BSC). The procedure needs to be applied on both AP1 and
AP2 systems.

Active-node

Set the right quota configuration


ssucfg -c <config> –f

where <config> parameter depends on the configuration used and the size of
the Data Disks.
See some examples below:
AP1 systems:
MSCBC-A P1-8M450 MSC-S BC HD 450 GB
MSCBC-A P1-8M600 MSC-S BC HD 600 GB
MSC MSC in Single CP HD 147 GB
HLR MSC in Single CP HD 147 GB
BSC BSC in Single CP HD 147 GB
AP2 systems:
MSCBC-A P2-8M450 MSC-S BC HD 450 GB
MSCBC-A P2-8M600 MSC-S BC HD 600 GB

Check new configuration:


ssuls

NOTE: For details about other configurations, see MAN ssucfg page 1/190
80-CNZ 222 166 or Application Information 2/155 18-ANZ 222 43/5.
Limited Internal
INSTRUCTION 15 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A

8 Final Configuration Steps


AP1 Active-node

1. Update nodes
swmanage -s

AP1 Active-node

Once CP-AP communication is completed, in order to allow a User to


access CP via MML sessions, follow OPI AP, Authority, Administer to
properly define User authority.

AP1/AP2 Active-node

2. Reboot the node via prcboot command


prcboot -f

3. Once the rebooted node is up again, repeat the previous step on the
other node now active.
Limited Internal
INSTRUCTION 16 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A

9 Health Check
Required Alan tool revision for AGM319 clone is:

• R8D or higher during post Health Check

The following bugs and limitations apply:

• TR HP17755 : AGM319: ACLs on K:\APZ\data wrongly set @


OCS_IPNAADM service restart.

• TR HP17766 : AGM319: ACLs on K:\CPS\logs wrongly set @


CPS_Tesrv service restart

• TR HP18799 : ACS:FCH: FCH dll permission change when the node


restarts.

• TR HP18811 : ACS:LCT: acls change after restart of node

Due to these bugs, the following ACL errors could be reported by ALAN:
The following folders/files on the active node (B-node) have corrupt ACL's:
Folder/File Unexpected/Missing ACE
------------------------------ ------------------------------
C:\winnt\system32\apaclset.exe AUTHORITY\Authenticated Users:R
C:\winnt\system32\apaclset.exe BUILTIN\Server Operators:C
C:\winnt\system32\apaclset.exe NT AUTHORITY\SYSTEM:F
C:\winnt\system32\integrityap.exe AUTHORITY\Authenticated Users:R
C:\winnt\system32\integrityap.exe BUILTIN\Server Operators:C
C:\winnt\system32\integrityap.exe NT AUTHORITY\SYSTEM:F
C:\Program Files\AP\ACS\bin\ACS_FCH_Server.exe Missing ACE - Everyone:R
C:\Program Files\AP\ACS\bin\ACS_FCH_Server.exe Missing ACE - ACSADMG:F
C:\Program Files\AP\ACS\bin\fchcommit.exe Missing ACE - ACSADMG:F
C:\Program Files\AP\ACS\bin\fchconf.exe Missing ACE - ACSADMG:F
C:\Program Files\AP\ACS\bin\fchdump.exe Missing ACE - ACSADMG:F
C:\Program Files\AP\ACS\bin\fchend.exe Missing ACE - ACSADMG:F
C:\Program Files\AP\ACS\bin\fchevent.exe Missing ACE - ACSADMG:F
C:\Program Files\AP\ACS\bin\fchfb.exe Missing ACE - ACSADMG:F
C:\Program Files\AP\ACS\bin\fchgen.exe Missing ACE - ACSADMG:F
C:\Program Files\AP\ACS\bin\fchrst.exe Missing ACE - ACSADMG:F
C:\Program Files\AP\ACS\bin\fchstart.exe Missing ACE - ACSADMG:F
C:\Program Files\AP\ACS\bin\fchstate.exe Missing ACE - ACSADMG:F
C:\Program Files\AP\ACS\lib\libACS_FCH_R1A_DMDN7.dll Missing ACE - Everyone:R
C:\Program Files\AP\ACS\lib\libACS_FCH_R1A_DMDN7.dll Missing ACE - ACSADMG:R
C:\Program Files\AP\ACS\lib\libACS_FCH_R1A_DMDN7.dll Missing ACE - ACSUSRG:R
C:\acs\data\FCH Missing ACE - ACSADMG:F
C:\acs\data\FCH Missing ACE - ACSUSRG:R
Limited Internal
INSTRUCTION 17 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A


C:\acs\logs\ALOG NT AUTHORITY\SYSTEM:(OI)(CI)F
C:\acs\logs\ALOG Missing ACE - ACSADMG:F
C:\acs\logs\ALOG Missing ACE - ACSUSRG:R
C:\acs\logs\EMF Missing ACE - ACSADMG:F
F:\acs\data\EMF NT AUTHORITY\SYSTEM:(OI)(CI)F
K:\APZ\data Missing ACE - SYSTEM:F
K:\APZ\data Missing ACE - Everyone:R
K:\CPS\logs Missing ACE - SYSTEM:F
K:\CPS\logs Missing ACE - Everyone:R
Limited Internal
INSTRUCTION 18 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A

10 REFERENCES
1. AGM319 User Guide for Clone Deployment, 2/198 17-CXP9040180/43-319

2. APG40, Soft Function Change, Parameter, Change 3/154 31-CNZ 222 81


3. AP, ADJUNCT PROCESSOR, ADD, 2/154 31-ANZ 222 43/3 Rev. A.
4. Clone Image for AGM319 R1A, 10/190 99-2/CXP9040180/43 Rev A

11 ABBREVIATIONS AND TERMINOLOGY


See Terminology and Abbreviation, Ref. #1, for most abbreviations and
terminology.
BDC = Backup Domain Controller
CMD = Command window
HW = Hardware
PDC = Primary Domain Controller

12 APPENDIX: Post Cloning steps


The appendix reports the steps performed during the execution of the
PostCloning.bat configuration file.

Active-node

1 Run of the configap command in order to create file and directory


structure.
configAP –i –s

Ignore the error messages regarding:


Adding user rights...
ERROR: Failed to deny network logon rights to SUPPORT_388945a0
. . .
ERROR: Failed to copy c:\acs\logs\lct\SetupService.def to
C:\WINNT\system32\SepService.def: The file exists.

2 Replication of the Active Directory towards the other node.


“C:\Program Files\AP\APOS\clone\repadmin.exe” /syncall

3 Link to a Time Zone value (TMZ) and a platform specific Time Zone (TZ).

Both nodes

4 Setting of the ACLs using the released ACL.dat file.


configAP –a

5 Setting of security.
C:\temp\PostCloning\PostInstall.bat
Limited Internal
INSTRUCTION 19 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A


6 Removal of CloPrep.vbs, SETUPCL.exe and SYSPREP.exe in order to
avoid recloning of an installed machine.
7 In order to avoid the same couple of SSH TECTIA keys on all the
machines installed with the same clone image, the following script have to
be launched:
C:\temp\PostCloning\TECTIA\regenerateKeys.bat

8 Restart the TECTIA configuration tool executing the command:


C:\Program Files\SSH Communications Security\SSH Tectia\SSH
Tectia Server\ssh-server-config-tool.exe

Passive Node:

5 In order to have the same hostkey files on both nodes, copy the tectia
server hostkey files (hostkey and hostkey.pub) from the active to the
passive node running:
C:\temp\PostCloning\TECTIA\copy_hostkey.vbs

6 Restart the TECTIA configuration tool executing the command:


“C:\Program Files\SSH Communications Security\SSH Tectia\SSH
Tectia Server\ssh-server-config-tool.exe”

13 APPENDIX1: Workaround for burbackup


In case of “burbackup –o” failure like the following:
SetTombstoneLifetime Failed : Access is denied.

-- Extended Error --- LDAP Provider : 00002098: SecErr: DSID-


03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Failed to purge the Deleted Objects container in Active Directory


Domain Services

Apply the workaround listed in TR HL66748.

This type of fault usually occurs when launching the backup from node B.
sc \\%COMPUTERNAME:~0,-1%B qc burserver

The printout should look like the following


SERVICE_NAME: burserver

TYPE : 10 WIN32_OWN_PROCESS

START_TYPE : 2 AUTO_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : C:\Program Files\AP\ACS\bin\burServer.exe


Limited Internal
INSTRUCTION 20 (20)
Prepared (also subject res ponsible if other) No.

TEI/X Team 10/1531-2/CXP9040180/43-319


Approved Chec ked Date Rev Referenc e

TEI/XSB EGIORAE EALOFAL 2012-01-09 B AGM319 R1A


LOAD_ORDER_GROUP :

TAG : 0

DISPLAY_NAME : burServer

DEPENDENCIES : RpcSs

SERVICE_START_NAME : ITSAAP013D\S9CV1aCqYA1JSN3VcKva

Check that the service user belongs to the global group "Domain Admins":
net group "Domain Admins"

Add the user (e.g. S9CV1aCqYA1JSN3VcKva) to the "Domain Admins" group


if it does not belong to it.
net group "Domain Admins" <username> /add

Stop and start burServer on both nodes:


sc \\%COMPUTERNAME:~0,-1%B stop burserver

sc \\%COMPUTERNAME:~0,-1%B start burserver

sc \\%COMPUTERNAME:~0,-1%A stop burserver

sc \\%COMPUTERNAME:~0,-1%A start burserver