Active Roles_7.2_Replication: Best Practices and

 One Identity Active Roles 7.2
Replication: Best Practices and Troubleshooting Guide
Copyright 2017 One Identity LLC.
ALL RIGHTS RESERVED.
This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of One Identity LLC .
The information in this document is provided in connection with One Identity products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of One Identity LLC products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, ONE IDENTITY ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT SHALL ONE IDENTITY BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ONE IDENTITY HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. One Identity make no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. One Identity do not make any commitment to update the information contained in this document.
If you have any questions regarding your potential use of this material, contact:
One Identity LLC.
Attn: LEGAL Dept
4 Polaris Way
Aliso Viejo, CA 92656
Refer to our Web site (http://www.OneIdentity.com) for regional and international office information.
Patents
One Identity is proud of our advanced technology. Patents and pending patents may apply to this product. For the most current information about applicable patents for this product, please visit our website at http://www.OneIdentity.com/legal/patents.aspx.
Trademarks
One Identity and the One Identity logo are trademarks and registered trademarks of One Identity LLC. in the U.S.A. and other countries. For a complete list of One Identity trademarks, please visit our website at www.OneIdentity.com/legal. All other trademarks are the property of their respective owners.
Legend
WARNING: A WARNING icon indicates a potential for property damage,
personal injury, or death.
CAUTION: A CAUTION icon indicates potential damage to hardware or loss
of data if instructions are not followed.
IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.
Active Roles Replication: Best Practices and Troubleshooting Guide
Updated - October 2017
Version - 7.2
Contents
Introduction
5
Understanding the replication model
6
Terminology
6
Replication
6
Publisher
6
Subscribers
6
Distributor
7
Replication group
7
Standalone database server
7
Articles and publications
7
SQL Server Agent
7
Replication Agents
8
Snapshot Agent
8
Merge Agent
8
Replication model overview
9
Replication group management
9
Promote
9
Add
10
Delete
10
Demote
10
Data synchronization and conflict resolution
10
SQL Server-related permissions
12
Best practices
13
Viewing replication settings
13
Replication Agent schedule
14
Monitoring replication
15
Viewing database connection settings
16
Modifying database connection settings
17
Changing the service account
17
Changing the SQL Server Agent logon account
18
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
3
Modifying Replication Agent credentials
19
Windows authentication
19
Replication Agent connection to Publisher
19
Replication Agent connection to Subscriber
20
SQL Server authentication
20
Replication Agent connection to Publisher
21
Replication Agent connection to Subscriber
21
Moving the Publisher role
22
Recovering replication if Publisher is not available
24
Troubleshooting
26
Replication Agent malfunction
26
Symptoms
26
Solution
26
Replication Agent authentication problems
27
Symptoms
27
Solution
27
SQL Server identification problems
28
Symptoms
28
Solution
28
Incorrect server name
29
Administration Service identifies SQL Server by alias
29
About us
31
Contacting us
31
Technical support resources
31
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
4
1
Introduction
This document is designed for those who administer Active Roles and want to learn more about the Active Roles replication function. The document is intended to help Active Roles administrators configure and monitor Active Roles replication using Microsoft SQL Server tools.
This document details the SQL Server agents used during replication, accounts and logins used to access SQL Server, and strategies for monitoring and troubleshooting replication. The following topics are covered:
l Understanding the Active Roles replication model
l SQL Server-related permissions of Administration Services
l Replication maintenance-related tasks and troubleshooting
NOTE: SQL Server Books Online should be the primary resource you use for SQL Server replication questions. All contents relevant to Microsoft SQL Server replication is indexed under the “SQL Server Replication” topic in SQL Server Books Online at http://technet.microsoft.com/library/ms151198.aspx.
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Introduction
5
2
Understanding the replication model
This section briefly discusses SQL Server replication functions used by Active Roles .
Terminology
Replication
To replicate its configuration data, Active Roles employs the replication capabilities of Microsoft SQL Server. In SQL Server, the term replication refers to a process that copies and distributes data and database objects from one database to another and then synchronizes information between databases for consistency.
Publisher
The Publisher is a database server that makes data available for replication to other database servers. The Publisher can have one or more publications, each representing a logically related set of data. In the Active Roles replication model, the Publisher has only one publication.
Subscribers
Subscribers are database servers that receive replicated data. Depending on the type of replication, the Subscriber can propagate data changes back to the Publisher or republish the data to other Subscribers. In the Active Roles replication model, a Subscriber can propagate data changes to the Publisher and receive replicated data from the Publisher.
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Understanding the replication model
6
Distributor
The Distributor is a server that hosts the distribution database and stores history data, transactions, and metadata. In the Active Roles replication model, the same server is used as both the Publisher and Distributor.
Replication group
In the Active Roles replication model, the Publisher and its Subscribers are collectively referred to as replication group, with each server in the replication group being referred to as replication partner.
Replication group is comprised of replication partners that include a single Publisher and may include any number of Subscribers. When data in a replication partner’s database changes, replication ensures that the data changes are propagated to the databases maintained by all the other replication partners.
NOTE: In the SQL Server documentation, replication partners are referred to as synchronization partners.
Standalone database server
When initially set up, the Administration Service’s database server is configured as a standalone server that does not belong to any replication group.
Articles and publications
Articles are tables of data, partitions of data, or database objects that are specified for replication. Each publication is a collection of articles from one database. This grouping of multiple articles makes it easier to specify a logically related set of data that is to be replicated together. In the Active Roles replication model, each article is a table of data.
SQL Server Agent
SQL Server Agent hosts and schedules the agents used in replication, and provides a way to run replication agents. SQL Server Agent also controls and monitors several other Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Understanding the replication model
7
operations outside of replication, including monitoring the SQL Server Agent service, maintaining error logs, running jobs, and starting other processes.
Replication Agents
Replication Agents used with Microsoft SQL Server replication carry out the tasks associated with copying and distributing data. The Active Roles replication model employs the Snapshot Agent and Merge Agents.
Snapshot Agent
The Snapshot Agent prepares schema and initial data files of published tables and stored procedures, stores the snapshot files, and records information about synchronization in the distribution database. In the Active Roles replication model, the Snapshot Agent runs at the Publisher.
Merge Agent
The Merge Agent applies the initial snapshot to the Subscriber, and moves and reconciles incremental data changes that occur. Each Subscriber has its own Merge Agent that connects to both the Publisher and the Subscriber and updates both.
In the Active Roles replication model, the Merge Agents run continuously at the Publisher. Each Merge Agent uploads data changes from its Subscriber to the Publisher, and downloads data changes from the Publisher to the Subscriber.
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Understanding the replication model
8
3
Replication model overview
Active Roles replication propagates the changes to configuration data to all replication partners whenever the data is modified on any one of replication partners. To achieve this goal, Active Roles relies on the merge replication provided by Microsoft SQL Server. For details on merge replication, refer to the content indexed under the Merge Replication topic in SQL Server Books Online.
This section briefly discusses the following elements of the Active Roles replication model:
l Replication group management
l Data synchronization and conflict resolution
Replication group management
The tasks performed when managing a replication group include the Publisherrelated tasks, such as Promote or Demote, and the Subscriber-related tasks, such as Add or Delete.
Promote
This task assigns the Publisher role to the Administration Service database server, thereby creating a replication group. When performing the Promote task, SQL Server creates the AelitaReplica publication, and starts the Snapshot Agent. The Agent creates an initial snapshot of schema and data, and saves it to the snapshot folder.
Active Roles automatically specifies and passes to SQL Server all replication settings, such as filters, type of replication, and retention period for subscriptions. For details, see Viewing replication settings later in this document.
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Replication model overview
9
Add
This task adds the Administration Service database server to the replication group, thus assigning the Subscriber role to the database server. When performing the Add task, SQL Server starts the Merge Agent. The Agent copies data from the Publisher’s snapshot folder to the Subscriber SQL Server. This process is referred to as applying the initial snapshot (see "Create and Apply the Snapshot" in SQL Server Books Online at http://msdn.microsoft.com/en-us/library/ms151785.aspx).
Delete
This task removes the Subscriber from the replication group, causing the database server to revert to the standalone state. When performing the Delete task, SQL Server deletes the subscription at the Publisher. The database of the former Subscriber retains the replicated data.
Demote
This task removes the Publisher from the replication group, causing the database server to revert to the standalone state. The Publisher can only be demoted after all of its Subscribers are deleted. When performing the Demote task, SQL Server deletes the AelitaReplica publication, and erases data in the snapshot folder.
Data synchronization and conflict
resolution
After applying the initial snapshot to Subscribers, SQL Server tracks changes to published data at the Publisher and at the Subscribers:
l When data is modified at a Subscriber, the data changes are sent to the Publisher. Then, the Publisher propagates the data changes to the other Subscribers.
l When data is modified at the Publisher, the data changes are propagated to the Subscribers.
These operations are performed by the Merge Agents running on the Publisher SQL Server. The Merge Agents are configured so that once data changes are made at a given replication partner, it normally takes two minutes or less for SQL Server to start synchronizing the data changes with other replication partners. The time required for the synchronization process to be completed depends on SQL Server load and on the bandwidth of network Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Replication model overview
10
connections. As there is normally a moderate volume of data changes, the replication traffic is manageable.
The synchronization process tracks data changes on both the Subscribers and the Publisher. At the Publisher, the changes are merged to form a single version of the data. During the merge, some conflicts may be found where multiple Subscribers modified the same data.
.Any conflict between the arrived values is automatically resolved based on the Microsoft SQL Server DATETIME (Later Wins) Conflict Resolver: The winner of the conflict is chosen according to a “later wins” solution, with the last to modify the data winning the conflict. For information about conflict resolvers, see Microsoft COM-Based Resolvers in SQL Server Books Online at http://msdn.microsoft.com/en-us/library/ms152573.aspx.
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Replication model overview
11
4
SQL Server-related permissions
The health of Active Roles replication heavily depends on the access permissions that the Administration Service and SQL Server Agent has on SQL Server. The required permissions are listed in the “SQL Server permissions” section in the Active Roles Quick Start Guide.
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
SQL Server-related permissions
12
5
Best practices
This section provides instructions on how to monitor replication and perform administrative tasks to resolve replication-related problems. The following topics are covered:
l Viewing replication settings
l Monitoring replication
l Viewing database connection settings
l Modifying database connection settings
l Changing the service account
l Changing the SQL Server Agent logon account
l Modifying Replication Agent credentials
l Moving the Publisher role
l Recovering replication if Publisher is not available
Viewing replication settings
When configuring replication, Active Roles automatically sets replication parameters to the appropriate values. This ensures that replication is functioning properly. Normally, there is no need to modify the replication settings except for some error situations outlined the Troubleshooting section later in this document.
The following table lists the values that Active Roles assigns to certain replication parameters.
Table 1: Values assigned to Replication parameters
Replication Parameter
Value
Publication name
AelitaReplica
Replication type
Merge
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Best practices
13
Replication Parameter
Value
Subscription type
Push
Subscription expiration
Subscriptions expire and may be dropped if not synchronized in 60 days.
Schedule
The Merge Agents are running continuously at the Publisher. The Snapshot Agent starts daily at 12:00 a.m. at the Publisher.
You can use the following instructions to examine these settings using SQL Server Management Studio.
It is advisable not to change these settings. Replication may not be functioning correctly if you manually modify replication settings with the use of SQL Server tools.
Start Management Studio and connect to the Publisher SQL Server:
1. In Object Explorer, click Connect, and then click Database Engine.
2. Complete the Connect to Server dialog box to connect to the instance of the SQL Server Database Engine that holds the Publisher role.
Open the Publication Properties dialog box:
1. In Object Explorer, under the Publisher SQL Server, expand Replication | Local
Publications.
2. In Object Explorer, under Local Publications, right-click AelitaReplica, and click Properties.
In the Publication Properties dialog box, you can review the Active Roles publication settings.
Open the Subscription Properties dialog box:
1. In Object Explorer, under Local Publications, expand AelitaReplica.
2. In Object Explorer, under AelitaReplica, right-click a Subscription, and click Properties.
In the Subscription Properties dialog box, you can review the Active Roles subscription settings.
Replication Agent schedule
By default, Active Roles schedules the Replication Agents to run as follows:
l The Snapshot Agent starts every day at 12:00 a.m. at the Publisher.
l The Merge Agents start automatically when SQL Server Agent starts, and runs continuously at the Publisher.
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Best practices
14
To verify the Snapshot Agent schedule
1. Open SQL Server Management Studio.
2. In Object Explorer, connect to the instance of the SQL Server Database Engine that holds the Publisher role, and then expand that instance.
3. Right-click the Replication folder, and click Launch Replication Monitor.
4. In the left pane of the Replication Monitor window, expand your Publisher SQL Server, and click AelitaReplica.
5. In the right pane of the Replication Monitor window, on the Warnings and
Agents tab, right-click the Snapshot Agent in the Agents and jobs related to this
publication list, and click Properties.
6. In the left pane of the Job Properties window, click Schedules.
7. Review the replication agent schedule settings in the right pane of the Job
Properties window.
8. Click the Edit button to examine the replication agent schedule settings in detail.
To verify the Merge Agent schedule
1. Open SQL Server Management Studio.
2. In Object Explorer, connect to the instance of the SQL Server Database Engine that holds the Publisher role, and then expand that instance.
3. Right-click the Replication folder, and click Launch Replication Monitor.
4. In the left pane of the Replication Monitor window, expand your Publisher SQL Server, and click AelitaReplica.
5. In the right pane of the Replication Monitor window, on the All Subscriptions tab, right-click the subscription whose Merge Agent you want to examine, and click View Details.
6. In the Subscription window, on the Action menu, click Merge Agent Job
Properties.
7. In the left pane of the Job Properties window, click Schedules.
8. Review the replication agent schedule settings in the right pane of the Job
Properties window.
9. Click the Edit button to examine the replication agent schedule settings in detail.
Monitoring replication
In order to identify replication-related problems, you can use the Active Roles console connected to the Publisher Administration Service. If there are any replication failures, a red triangle is displayed on the Server Configuration and Configuration Databases containers in the console tree. In the details pane, the same icon is used to highlight the database affected by a replication failure.
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Best practices
15
If you have encountered a replication failure, you should ensure that the SQL Server Agent service is started on the computer running the Publisher SQL Server, and then use SQL Server Management Studio to get more information on that failure:
1. In Object Explorer, connect to the instance of the SQL Server Database Engine that holds the Publisher role, and then expand that instance.
2. Right-click the Replication folder, and click Launch Replication Monitor.
3. In the left pane of the Replication Monitor window, expand your Publisher SQL Server, and click AelitaReplica.
4. In the right pane of the Replication Monitor window, on the Warnings and
Agents tab, look for a red icon under Agents and jobs related to this
publication. This icon indicates a Snapshot Agent error: 5. Right-click the agent that has encountered an error and then click View Details.
6. In the Snapshot Agent window, view the error description under Error details or
message of the selected session.
7. In the right pane of the Replication Monitor window, on the All Subscriptions tab, look for a red icon in the list of subscriptions. This icon indicates a Merge Agent error: 8. On the All Subscriptions tab, right-click the subscription that has encountered an error and then click View Details.
9. In the Subscription window, view the error description under Last message of
the selected session.
Some typical errors are discussed later in this document (see the Troubleshooting section). The Troubleshooting section also provides information on how to resolve such errors.
Viewing database connection settings
The most common reasons for replication problems are access failures that Replication Agents encounter when attempting to connect to the Publisher or Subscriber SQL Server. Given that security credentials of Replication Agents depend on authentication mode of the Administration Service, you may need to examine Administration Service database connection settings in order to see which mode is actually used—Windows authentication or SQL Server authentication.
You can view connection settings in the Active Roles console:
1. In the console tree, select Configuration | Server Configuration |
Administration Services.
2. In the details pane, right-click the Administration Service you want to examine, and click Properties.
3. In the Properties dialog box, go to the Configuration Database tab.
The Configuration Database tab displays the following information:
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Best practices
16
l SQL Server Identifies the SQL Server instance used by the Administration Service.
l Database The name of the Administration Service database.
l Use Windows authentication When selected, indicates that the Administration Service uses Windows authentication mode when connecting to SQL Server.
l Use SQL Server authentication When selected, indicates that the Administration Service uses SQL Server authentication mode when connecting to SQL Server.
l Login name The name of the SQL Server login that the Administration Service uses to access SQL Server; only applies to the Use SQL Server authentication option.
Modifying database connection settings
You may need to modify Administration Service database connection settings if the login of the Administration Service for SQL Server authentication is no longer valid, or has the password changed. If you change the login, you also need to change it for Replication Agents, as described in the Modifying Replication Agent credentials section later in this document.
You can modify connection settings by using Active Roles Configuration Center:
1. Start Configuration Center on the computer running the Administration Service, or connect Configuration Center to that computer.
You can start Configuration Center by selecting Active Roles 7.2 Configuration
Center on the Apps page or Start menu, depending upon the version of your Windows operating system. For detailed instructions, see “Running Configuration Center” in the Active Roles Administrator Guide.
2. On the Dashboard page in the Configuration Center main window, click Manage
Settings in the Administration Service area.
3. On the Administration Service page that opens, click Change in the Active Roles
database area.
4. Use the Change Active Roles Database wizard that appears to view or change the login or password of the Administration Service for SQL Server authentication: Type the appropriate login name and password in the fields under the SQL Server
authentication option on the Connection to Database page.
Changing the service account
With the Windows authentication option selected for database connection, the Administration Service uses its service account to authenticate with SQL Server. Additionally, if the Administration Service’s database server holds the Publisher role, and has a Subscriber with Windows authentication, the service account requires the appropriate Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Best practices
17
permissions on the Subscriber SQL Server. For details, see the “SQL Server permissions” section in the Active Roles Quick Start Guide.
Given this role of the service account, you may need to specify a different service account with sufficient SQL Server permissions. Also, you may need to change the service account’s password. You can view or change the service account by using Active Roles Configuration Center as follows.
1. Start Configuration Center on the computer running the Administration Service, or connect Configuration Center to that computer.
You can start Configuration Center by selecting Active Roles 7.2 Configuration
Center on the Apps page or Start menu, depending upon the version of your Windows operating system. For detailed instructions, see “Running Configuration Center” in the Active Roles Administrator Guide.
2. On the Dashboard page in the Configuration Center main window, click Manage
Settings in the Administration Service area.
3. On the Administration Service page that opens, click Change in the Service
account area.
4. On the Change Service Account page that appears, type the logon name and password of the service account, and then click Change.
Changing the SQL Server Agent logon
account
If the Publisher has a Subscriber that uses Windows authentication, it is required that the SQL Server Agent logon account on the Publisher SQL Server have appropriate access permissions on the Subscriber SQL Server. For details, see the “SQL Server permissions” section in the Active Roles Quick Start Guide.
Given these requirements of the SQL Server Agent logon account, you may encounter a situation where you need to specify a different logon account with sufficient access permissions. You may also need to change password for the logon account. This section provides instructions on how to change the SQL Server Agent logon account.
You can specify the name and password of the SQL Server Agent logon account by using SQL Server Configuration Manager:
1. On the computer running the Publisher SQL Server, open SQL Server Configuration Manager.
2. In the console tree, select SQL Server Services.
3. In the details pane, right-click the SQL Server Agent to modify, and then click Properties.
4. On the Log On tab, click This account, and specify the account name and password.
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Best practices
18
5. Click OK.
6. For the changes to take effect, click Yes in the confirmation message box.
Modifying Replication Agent credentials
This section provides information on how to repair Active Roles replication if it fails due to insufficient permissions of Replication Agents. The credentials used by Replication Agents to access a given SQL Server depend on authentication mode of the Administration Service connection to that SQL Server:
l Windows authentication In this mode, Replication Agents use the credentials of the SQL Server Agent service running on the Publisher SQL Server computer
l SQL Server authentication In this mode, Replication Agents use the credentials of the SQL Server login specified for the Administration Service connection to SQL Server
The following sub-sections elaborate on each of these two options.
Windows authentication
If the Administration Service uses Windows authentication, Replication Agents connect to SQL Server in the security context of the SQL Server Agent service. Therefore, the SQL Server Agent logon account must have sufficient permissions for replication to work properly (see the “SQL Server permissions” section in the Active Roles Quick Start Guide.
If the SQL Server Agent logon account does not have the appropriate permissions, is deleted, or has the password changed, Active Roles replication fails. To resolve this problem, give the required permissions to the logon account, or configure the SQL Server Agent service to log on with a different account that has the appropriate permissions. For instructions on how to configure the SQL Server Agent service to log on with a given account, see Changing the SQL Server Agent logon account earlier in this document.
You can use the following instructions to verify that the Replication Agents are configured properly. The instructions vary depending on whether the SQL Server holds the Publisher or Subscriber role. In both cases, you should connect to the Publisher SQL Server using SQL Server Management Studio.
Replication Agent connection to Publisher
If the Administration Service connects to the Publisher SQL Server using Windows authentication, follow these steps to verify that the Replication Agents are configured properly:
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Best practices
19
1. With SQL Server Management Studio, connect to the Publisher SQL Server.
2. In the Object Browser, under the Publisher SQL Server, right-click the Replication folder, and then click Distributor Properties.
3. In the left pane of the Distributor Properties window, click Publishers.
4. In the Publishers list, select the entry representing the Publisher SQL Server, and click the button in that entry to display the Publisher Properties dialog box.
5. In the Publisher Properties dialog box, under Agent Connection to the
Publisher, verify that the Agent Connection Mode property is set to Impersonate
the agent process account.
Replication Agent connection to Subscriber
If the Administration Service connects to the Subscriber SQL Server using Windows authentication, follow these steps to verify that the Replication Agents are configured properly:
1. With SQL Server Management Studio, connect to the Publisher SQL Server.
NOTE: You must have Management Studio connected to the Publisher SQL Server, regardless of whether you are managing Replication Agents for the Publisher or for a Subscriber. 2. In the Object Browser, under the Publisher SQL Server, expand Replication | Local
Publications | AelitaReplica.
3. In the list under AelitaReplica, right-click the entry corresponding to the Subscriber SQL Server and click Properties.
4. In the Subscription Properties window, in the Security section, expand the Subscriber connection entry.
5. Verify that the Subscriber connection property is set to Impersonate agent
process account (Windows Authentication).
SQL Server authentication
If the Administration Service uses SQL Server authentication, the Replication Agents connect to SQL Server in the security context of the SQL Server login specified for the Administration Server connection to SQL Server. If the login does not have sufficient rights, is deleted, or has the password changed, Active Roles replication fails. To resolve this problem, do the following:
1. Choose a SQL Server login with sufficient rights (see the “SQL Server permissions” section in the Active Roles Quick Start Guide).
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Best practices
20
2. Configure the Administration Service to use that login (see Viewing database connection settings earlier in this document).
3. Configure the Replication Agents to use that login.
The following sections elaborate on how to configure the Replication Agents to use a given SQL Server login. The instructions vary depending on whether SQL Server in question is the Publisher or a Subscriber.
Replication Agent connection to Publisher
If you have changed the SQL Server login for the Administration Service connection to the Publisher, use the following steps to configure the Replication Agents with that login:
1. With SQL Server Management Studio, connect to the Publisher SQL Server.
2. In the Object Browser, under the Publisher SQL Server, right-click the Replication folder, and then click Distributor Properties.
3. In the left pane of the Distributor Properties window, click Publishers.
4. In the Publishers list, select the entry representing the Publisher SQL Server, and click the button in that entry to display the Publisher Properties dialog box.
5. In the Agent Connection to the Publisher area, click Login, and type the login name.
6. Click Password, and then click the button in the Password entry.
7. In the Enter Password dialog box, type and confirm by retyping the password of that login.
8. Click OK to close the Enter Password dialog box.
9. Click OK to close the Publisher Properties dialog box.
Replication Agent connection to Subscriber
If you have changed the SQL Server login for the Administration Service connection to a Subscriber, use the following steps to configure the Replication Agents with that login:
1. With SQL Server Management Studio, connect to the Publisher SQL Server.
NOTE: You must have Management Studio connected to the Publisher SQL Server, regardless of whether you are managing Replication Agents for the Publisher or for a Subscriber.
2. In the Object Browser, under the Publisher SQL Server, expand Replication | Local
Publications | AelitaReplica.
3. In the list under AelitaReplica, right-click the entry corresponding to the Subscriber SQL Server and click Properties.
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Best practices
21
4. In the Subscription Properties window, in the Security section, expand the Subscriber connection entry.
5. Click the button in the Subscriber Connection entry.
This displays the Enter Connection Information dialog box.
6. In the Login box, type the login name.
7. In the Password and Confirm password boxes, type and confirm by retyping the password of that login.
8. Click OK to close the Enter Connection Information dialog box.
9. Click OK to close the Subscription Properties dialog box.
Moving the Publisher role
In the Active Roles replication model, a replication group includes the Publisher and may include several Subscribers. The Publisher plays a special role in the replication group: it synchronizes data changes between Subscribers. In some scenarios, you may want to move the Publisher role to another SQL Server. For example, you might need to move the Publisher role to a different SQL Server if the service level becomes insufficient. Given that the Publisher receives and synchronizes data changes from all Subscribers, the volume of requests being serviced by the Publisher increases as the number of Subscribers grows. Respectively increases the workload for SQL Server that holds the Publisher role so its performance can suffer. To resolve this problem, you can transfer the Publisher role to another, more powerful server.
This section provides instructions on how to reconfigure the existing replication group so that the Publisher role is assigned to SQL Server other than the current Publisher. You can perform this task using the Active Roles console connected to the Administration Service whose database server currently holds the Publisher role (Publisher Administration Service).
NOTE: The Publisher Administration Service must be up and running. If the Publisher is unavailable, you can move the Publisher role using the instructions outlined in the next section of this document.
Open the Active Roles console and connect to the Publisher Administration Service:
1. Look for the Active Roles Console application, and then click to start that application.
2. Right-click the console tree root, click Connect, and then select the Administration Service whose database server currently holds the Publisher role.
Use the Active Roles console to remove all Subscribers and to demote the Publisher as follows:
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Best practices
22
1. In the console tree, expand Configuration | Server Configuration, and select Configuration Databases.
2. In the details pane, right-click a Subscriber, and click Delete.
3. In the confirmation message box, click Yes.
4. Repeat Steps 2–3 for each Subscriber.
5. In the details pane, right-click the Publisher, and click Demote.
6. In the confirmation message box, click Yes.
7. Wait while Active Roles demotes the Publisher.
After these steps, you can promote the appropriate SQL Server to Publisher and designate the other SQL Servers as Subscribers to the new Publisher, thus configuring the new replication group.
TIP: After you add a Subscriber, the configuration data stored on the Publisher is replicated to the Subscriber, overriding the data on that Subscriber. Therefore, in order to retain your existing Active Roles configuration, it is advisable to assign the Publisher role to SQL Server that belonged to the old replication group. This ensures that each Administration Service in the new replication group inherits the configuration that was in place when you removed the Subscribers and demoted the Publisher.
To configure the new replication group, perform the following steps using the Active Roles console:
1. Right-click the console tree root, click Connect, and then select the Administration Service whose SQL Server you want to hold the Publisher role.
2. In the console tree, expand Configuration | Server Configuration, and select the Configuration Databases container.
3. In the details pane, right-click the database and click Promote.
4. In the confirmation message box, click Yes.
5. Wait while Active Roles performs the operation.
6. In the details pane, right-click the Publisher, and click Add Replication Partner.
7. On the Welcome page in the New Replication Partner wizard, click Next.
8. On the Database Selection page, click Browse.
9. In the Connect to Administration Service dialog box, select the Administration Service whose SQL Server is to be configured as a Subscriber to this Publisher. Click OK.
10. In the New Replication Partner wizard, click Next, click Next, and then click Finish.
11. Repeat Steps 6–10 for each SQL Server you want to make a Subscriber.
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Best practices
23
Recovering replication if Publisher is
not available
Once the Publisher becomes unavailable, Subscribers cannot synchronize configuration data. The only way that replication can be recovered is by restoring the current Publisher or making another SQL Server the Publisher.
If the current Publisher cannot be restored, you need to transfer the Publisher role to SQL Server that holds the Subscriber role, and reconfigure the other Subscribers to use the new Publisher. This requires that you first remove all Subscribers from the replication group.
Given that the Publisher is unavailable, you can remove a Subscriber from the replication group by using the Active Roles console as follows:
1. Right-click the console tree root, click Connect, and then select the Administration Service that uses the Subscriber SQL Server.
2. In the console tree, expand Configuration | Server Configuration, and select Configuration Databases.
3. In the details pane, right-click the Subscriber and select All Tasks | Advanced
Properties.
4. In the Advanced Properties window, select both the Show all possible
attributes and Include attributes with empty values check boxes.
5. In the list of attributes, double-click the attribute edsvaReplicationForceStandalone.
6. In the Edit Attribute window, type TRUE in the Value box. Click OK.
7. In the Advanced Properties window, click OK.
Once you have removed all Subscribers from the replication group, you can promote one of the former Subscribers to Publisher and add Subscribers to the new Publisher by using the Active Roles console as follows:
1. Right-click the console tree root, click Connect, and then select the Administration Service whose SQL Server you want to hold the Publisher role.
TIP: After you add a Subscriber, the configuration data stored on the Publisher will be replicated to the Subscriber, overriding the data on that Subscriber. Therefore, in order to retain your existing Active Roles configuration, assign the Publisher role to one of the former Subscribers. This ensures that each Administration Service in the new replication group inherits the configuration that was in place when you removed the Subscribers from the replication group.
2. In the console tree, expand Configuration | Server Configuration, and select Configuration Databases.
3. In the details pane, right-click the database and click Promote.
4. In the confirmation message box, click Yes.
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Best practices
24
5. Wait while Active Roles performs the operation.
6. In the details pane, right-click the Publisher, and click Add Replication Partner.
7. On the Welcome page in the New Replication Partner wizard, click Next.
8. On the Database Selection page, click Browse.
9. Use the Connect to Administration Service dialog box to specify the Administration Service whose SQL Server is to be configured as a Subscriber to this Publisher. Click OK.
10. In the New Replication Partner wizard, click Next, click Next, and then click Finish.
11. Repeat Steps 6–10 for each SQL Server you want to make a Subscriber.
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Best practices
25
6
Troubleshooting
If there are any replication failures in Active Roles , the Active Roles console provides a visual indication of this issue by placing a red triangle on the Server Configuration and Configuration Databases containers in the console tree. To get more information on a replication failure, you can use SQL Server Management Studio (see Monitoring replication earlier in this document).
The following sections discuss specific actions to take if you encounter a replication problem in Active Roles .
Replication Agent malfunction
Symptoms
Replication stops synchronizing changes to configuration data, that is, changes made on a replication partner are not propagated to other replication partners. Replication Monitor in SQL Server Enterprise Manager or SQL Server Management Studio does not indicate any error.
Solution
Verify that the SQL Server Agent service is started on the Publisher SQL Server:
1. With SQL Server Management Studio, connect to the Publisher SQL Server.
2. In the console tree, right-click SQL Server Agent, and then click Start.
If the Start command is unavailable, the SQL Server Agent service is already started.
Ensure that the Merge Agents are started on the Publisher SQL Server:
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Troubleshooting
26
1. With SQL Server Management Studio, connect to the Publisher SQL Server.
2. In the console tree, right-click Replication, and click Launch Replication
Monitor.
3. In Replication Monitor, in the left pane, browse the My Publishers branch to select the AelitaReplica publication.
4. In Replication Monitor, in the right pane, right-click a subscription and click Start
Synchronizing. Perform this step for each subscription of the AelitaReplica publication.
If the Start Synchronizing command is unavailable, the agent is already started.
Verify that the replication agent schedule is correct. The Merge Agents must be configured to run continuously at the Publisher. The Snapshot Agent must be configured to start daily at 12:00 a.m. at the Publisher. For details, see Replication Agent schedule earlier in this document.
Replication Agent authentication
problems
Symptoms
Replication fails with one of the following errors on the Snapshot Agent or Merge Agent (see Monitoring replication earlier in this document):
l The process could not connect to Publisher ‘<Server_name>’. Login failed for user ‘<User_name>’.
l The process could not connect to Subscriber ‘<Server_name>’. Login failed for user ‘<User_name>’.
Solution
By using SQL Server Enterprise Manager or SQL Server Management Studio, verify that the Replication Agent credentials are set properly. The following conditions must be met:
Table 2: Conditions for Replication Agent credentials
Server role
Authentication mode
Replication Agent
credentials
Publisher
Windows Authentication
Impersonate the SQL Server Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Troubleshooting
27
Server role
Authentication mode
Replication Agent
credentials
Agent account on the computer running the Publisher SQL Server (trusted connection)
Subscriber
SQL Server Authentication
SQL Server login and password that the Publisher Administration Service uses to connect to its SQL Server
Windows Authentication
Impersonate the SQL Server Agent account on the computer running the Publisher SQL Server (trusted connection)
SQL Server Authentication
SQL Server login and password that the Subscriber Administration Service uses to connect to its SQL Server
For information on how to view or modify the credentials that the Snapshot Agent and Merge Agents use to connect to the Publisher and Subscribers, see Modifying Replication Agent credentials earlier in this document.
SQL Server identification problems
Symptoms
When promoting SQL Server to Publisher, or adding it as a Subscriber to the existing Publisher, the operation fails with the following error: “An alias cannot be used for replication. Use the name of the SQL Server instance.”
Solution
This error may be due to one of the following reasons:
l Incorrect server name. The computer running SQL Server is renamed, or SQL Server has lost its name.
l Administration Service identifies SQL Server by alias. An alias was used to specify SQL Server when installing the Administration Service.
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Troubleshooting
28
Incorrect server name
To isolate and resolve this problem, run the following two queries on the SQL Server instance affected by this issue. Copy these queries “as is,” without making any substitutions for the servername parameter:
select @@servername
select serverproperty('servername')
If select @@servername returns a non-null value that is different from the value returned by the second query, execute the following SQL script:
exec sp_dropserver 'oldname', 'droplogins'
exec sp_addserver 'newname', 'local'
In this script, replace:
l oldname with the value returned by select @@servername
l newname with the value returned by select serverproperty('servername')
If select @@servername returns NULL, execute the following SQL script:
exec sp_addserver 'newname', 'local'
In this script, replace newname with the value returned by select serverproperty
('servername').
For these changes to take effect, you must restart SQL Server. You can restart SQL Server by using SQL Server Configuration Manager:
1. In the console tree, select SQL Server Services.
2. In the details pane, right-click the SQL Server instance to restart, and then click Restart.
Administration Service identifies SQL Server by
alias
The Administration Service must be configured to identify SQL Server by computer name, rather than using a client alias. Otherwise, when attempting to make SQL Server the Publisher or a Subscriber, you encounter the error “An alias cannot be used for replication. Use the name of the SQL Server instance.”
To avoid this problem, you may need to reinstall the Administration Service. When installing the Administration Service, use the following syntax to identify SQL Server:
l computername — for the default instance
l computername\instancename — for a named instance
In this syntax:
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Troubleshooting
29
l computername is the (short) NetBIOS name of the computer running SQL Server;
l instancename is the name of a SQL Server named instance.
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
Troubleshooting
30
About us
About us
Contacting us
For sales or other inquiries, visit https://www.oneidentity.com/company/contact-us.aspx or call +1-800-306-9329.
Technical support resources
Technical support is available to One Identity customers with a valid maintenance contract and customers who have trial versions. You can access the Support Portal at https://support.oneidentity.com/.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. The Support Portal enables you to:
l Submit and manage a Service Request
l View Knowledge Base articles
l Sign up for product notifications
l Download software and technical documentation
l View how-to-videos
l Engage in community discussions
l Chat with support engineers online
l View services to assist you with your product
Active Roles 7.2 Replication: Best Practices and Troubleshooting
Guide
About us
31