If my domain is ds.usepowershell.com, can I set up a conditional forwarder for usepowershell.com and not redirect my internal queries (since technically, ds.usepowershell.com is a subdomain of usepowershell.com)?
I'm building some configuration management scripts that need to be idempotent. I need to check if the IIS keys for the web farm have been imported on a server and if not import them.
I've got the commands to do the import, but I can't seem to find a consistent way to check that a particular set of keys has been imported.
Scenario:
Three node (shared nothing) cluster on Windows Server 2012. Two nodes in the primary data center, both with votes (node weight = 1), and a file share witness. The third node is in a remote data center and has no votes (node weight of 0).
Problem: One cluster node (which owned the cluster name), went down for automatic updates. The cluster name failed to the remote data center node and the remote node was able to get a lock on the file share witness file. At that point, our VPN tunnel dropped. The one node that was up in the primary data center (and had services running) noticed that the remote cluster node was down and attempted to bring the cluster name online. The file share witness file was still locked by the remote node, and the one visible running cluster node in the primary data center was unable to bring the cluster name online and it shut down the cluster service on itself.
Caveats: Firewalling the file share from the remote node is not an option due to other processes that use it.
I've considered attempting to remove the remote cluster node from possible owners of the cluster name, but I've not done or tested that before and I don't want to blow up my production cluster. Is it possible to remove a cluster node from possible owners for the cluster name? If we have to fail our services to the remote data center, there are a number of moving pieces that need be coordinated, so I don't want "automated" failover of service to the remote data center. The reason the remote node is in a cluster at all is for the SQL Server Availability Groups, to manage the replication to the remote node.
I've also considered removing the file share witness and giving the remote node a vote. The new dynamic quorum "should" keep the cluster online if one node goes down for a reboot and network connectivity is lost to the remote data center.
Given my scenario, which option (or other alternatives) will give me the highest availability.
In my environment, I have SolarWinds Orion monitoring Windows Server 2008 R2 and Server 2012 boxes. Occasionally, monitors will flap or fail, even though the monitored item has not failed or met the failure criteria.
In the event log, I find a service restart and a failure to read the HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration key.
The error in the event log is EventID 1500 in the System Log with an Event Source of SNMP and an error message of "The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration."
I currently have an application in a load balanced IIS cluster (NLB) on Server 2008 R2. This application leverages some legacy database access code which occasionally fails enough to disable the app pool.
I would like put a WMI event watcher in place to monitor the change in the status of the app pool (other suggestions welcome), that would restart the app pool if it goes into a stopped state.
This is for a temporary workaround until new code can be pushed, but that has to go through a Dev/QA/UAT cycle.
There is a WMI class for the ApplicationPool in the root\webadministration namespace, however to get the status, you have to call the GetState method on that object, so I'm not sure how to watch that with a WMI event.
Occasionally, a computer account can lose its secure channel to a domain controller.
How can secure channel be reset without rebooting the computer?
The computer in question is a clustered SQL Server running Server 2008 R2 in a 2008 R2 Functional Level Active Directory domain and forest.
I would like to create a GPO or use some other mechanism to force all Office documents created in our enterprise to have a default AD RMS policy, unless the user manually assigns one to the document.
I can't seem to find any documentation to that end, so any pointers would be appreciated.