I am configuring Intralink 9.1 M030 and have connected to our primary Active Directory server without any problems. Now I want to connect to our backup Active Directory server. I've read the Info*Engine guide and JNDI adapter guide, but can't seem to get it to work. The Info*Engine guide mentions failover capability for LDAP, but I must be missing something critical. I'm suppose I need to do something on the JNDI side and the Apache side to get this to work. Any help is appreciated.
Also, when our primary AD server went south this week (which is what started this whole thing), Windchill just hung, it never presented the login dialog - we couldn't even log in using a local Windchill account. Is this the way it's supposed to work or could that be a bug?
The failure you saw with the AD server unavailable is consistent with what I have seen in the past. If it can't at least talk to the AD server it won't even try to authenticate against Aphelion.
You'll first want to change Apache to authenticate against the backup AD server by changing the setting in <apache>/conf/extra/app-Windchill-Auth.conf and restarting it.
Once Apache is fixed to talk to the backup AD server you should then be able to log in as wcadmin again which should allow you to change the hostname setting in the enterprise JNDI adapter.
That should get you up and running again.
In order to avoid this in the future, I know AD can be configured with a load balancer on the front end, then you don't have to deal with the primary server being unavailable.
I haven't configured AD this way myself, but have installed Windchill integrated with AD at a customer that had AD configured in this manner.
Wow! That’s a great idea!
You might as well go all the way and use an alias all the time. That would be to configure Apache to point to an alias name, let’s say “ADserver”, and add “ADserver” to you hosts file, pointing to on of the AD servers. That way, if that AD server fails, you modify the hosts file and you don’t have a funny situation where your config says it’s pointing to a machine while it’s actually another that’s doing the work.
We have a similar setup for our master server. We have tiered environments and the master is always referred to as an alias (plmbkg) on all the other nodes of the Windchill cluster. The idea behind this is that if a hardware failure happens on the master server, all we need to do is configure another server to be master and modify the hosts files on the other machines to point to this new master, without having to reconfigure all the nodes. One less thing to worry about.
I have run into this a few times. Our Primary AD is offsite with a
secondary onsite. When the connection goes down between sites, I just
create a redirect in the hosts file on our application server pointing
any connection to the Primary AD to the onsite secondary. It takes
about 5 seconds to set-up the redirect, and does'nt require any restart
of the servers.