|
|
This chapter explains how to administer and control your servers' operations through Network Registrar's graphical user interface (GUI), ntwkreg, and the command line interface (CLI), nrcmd.
Table 3-1 lists the major Network Registrar server administration tasks and the sections where you can find procedural information about how to accomplish those tasks.
Table 3-1 Server Administration Tasks
For more basic information about the Network Registrar's user interfaces, see the "Network Registrar User Interfaces" chapter in this guide.
A cluster is a group of DNS or DHCP servers that share the same Network Registrar database. Adding a cluster tells Network Registrar about the existence of a cluster. To configure or administer the cluster, you must also connect to it.
Note The Network Registrar DNS and DHCP servers typically run on the same physical machine. In this case, the term cluster refers to the physical machine.
Each cluster requires a username-password combination, which Network Registrar uses to control access to each cluster.
Step 2 In the Clusters dialog box, click Add Cluster. The Add Cluster dialog box appears (Figure 3-1).
Step 3 In the Add Cluster dialog box, enter the cluster name.
The cluster name is either "localhost" or the host DNS name on the machine on which Network Registrar is installed.
If you want to connect the cluster at this time, select the Connect to this cluster check box.
Step 4 Click OK.
When you remove a cluster, the user interface no longer knows about the cluster and its name does not appear in the Server Manager.
Step 2 In the Clusters dialog box, select the cluster you want to remove.
Step 3 Click Remove.
Step 4 Click Yes in the Network Registrar dialog box.
Step 5 Click Close to exit the Clusters dialog box.
After you have added a cluster to Network Registrar, you must connect before you can configure or administer the cluster.
If you try to connect to a cluster that is being used by someone else, Network Registrar warns you that the cluster is locked and tells you who is holding the lock. The format of the warning message is:
username@machine-name.process-id-number
If someone else is using the cluster, then disconnect. If you want to connect to a locked cluster, then contact the person who is currently connected and request that he or she disconnect.
You can override the lock, but you should do so only if you know that no one else is editing the cluster, for example, if the other system had crashed while the cluster was connected.
Step 2 In the Clusters dialog box, select the cluster you want to connect.
Step 3 Click Connect.
Step 4 Click Close.
Use the nrcmd -C switch to connect to a cluster. For example, to connect to the mycluster cluster, type the following from a command line prompt:
When you disconnect from a cluster it can no longer be configured or administered from that workstation. Another user can then administer the connection.
Step 2 In the Clusters dialog box, select the cluster you want to disconnect.
Step 3 Click Disconnect.
Step 4 Click Close to exit the Clusters dialog box.
Use the exit command at the nrcmd prompt to disconnect from a cluster.
To see whether a cluster is connected or not, you can view its state.
Network Registrar displays the cluster's state.
Step 2 Click Close.
The CLI is always connected to one cluster if it is successfully invoked. Use the getHealth command to return a number that indicates the condition of the server. For example, 10 represents normal operation and 1 indicates that the server has stopped.
From the Admin command level (GUI) or using the CLI admin command, you can add administrators, change passwords, and configure administrators for the cluster.
Step 2 Enter the administrator's username.
You can choose any string for the administrator's name.
Step 3 Enter the administrator's password.
Note Network Registrar uses the password to authenticate the names. If you create an administrator without a password, Network Registrar cannot authenticate the name and thus will deny that user access to the cluster.
Step 4 Enter the password a second time.
Step 5 Select the clusters the administrator can access.
Note You can only select clusters that have been added to the cluster list through the Add Cluster command. However, you do not have to be connected.
Step 6 Click Add.
Use the admin create command to create an administrator and associated password. For example, to create the administrator bob with the password of xyz, type:
If you want to enter a password and not have Network Registrar display the password on your screen, create an administrator and do not supply a password. Then use the enterPassword command to enter a password and prevent Network Registrar from echoing it on the screen. Network Registrar prompts you to verify the password before it accepts it.
Use the admin enterPassword command to associate a password with an administrator. For example, to cause nrcmd to prompt you for a password for administrator bob, type:
Step 2 Enter the administrator's username.
Step 3 Enter the administrator's current password.
Step 4 Enter the administrator's new password.
Step 5 Enter the new password a second time.
Step 6 Select the cluster the administrator can access.
Step 7 Click OK.
Use the admin set command to change an existing password. For example, to change bob's password to abc, type:
 | Caution It is possible to lock an administrator out of Network Registrar by logging in as that administrator and setting the password for another administrator without confirming the previous password. This procedure effectively prevents the first administrator from logging in. |
Use the admin list command to list all administrator in Network Regisrar.
Exiting the Network Registrar user interface does not affect your network servers' or your hosts' ability to request leases or access the Internet.
If you have not saved configuration changes, Network Registrar prompts you to save changes.
To exit Network Registrar's CLI, use the exit command. Network Registrar writes all your unsaved changes to the database. If Network Registrar is unable to save your changes, it displays the same error code as if you had used the save command.
Use the exit command to quit Network Registrar's command line interface when you are in interactive mode.
Network Registrar administration for controlling includes:
Step 2 From the Servers menu, select Start.
You will see a red star on the server in the tree control if you make a change to the server.
Step 3 Click OK.
Use the server start command to start the specified server. For example, to start Network Registrar's DNS server, type:
Step 2 From the Servers menu, select Stop.
Step 3 Click OK.
Use the server stop command to stop the specified server. For example, to stop Network Registrar's DHCP server, type:
When you reload the server, Network Registrar performs several steps: it stop the server you have selected, updates the database with the new configuration information, and restarts the server. Only after you issue the reload command does the server use your changes to the configuration.
Step 2 From the Servers menu, select Reload.
Step 3 Click OK.
Use the server reload command to reload the specified server. For example, to reload Network Registrar's DHCP server, type:
Network Registrar stops the server you have selected, updates the database with the new configuration information, and restarts the server.
When you start Network Registrar, it automatically starts logging system activity. Network Registrar maintains all the logs in the Program Files\Network Registrar\logs (Windows NT) or /var/nwreg2/logs (UNIX) directory. If you would like to view the contents of these logs while the Network Registrar servers are running, issue the command tail -f (Solaris), or view the files through the Web browser (Windows NT).
 | Caution o avoid filling up the Windows NT event log, change the Log Settings to Overwrite Events as Needed. If you do not make this change, you might fill up your disk with log messages and thus prevent Network Registrar from running. |
This section describes the types of logs that Network Registrar keeps and explains how to set and view the debug logging options.
The format for the log entries are the following categories:
Note Warnings and errors are also sent to the Windows NT event log on Windows systems or to the Syslog on Solaris systems.
Table 3-2 shows all the Network Registrar log files.
Each component has a number of log files, each with a maximum size of 1 MB. The first log file is created without a suffix extension. When that file reaches 1 MB in size, Network Registrar renames it to xx_log_01 and begins filling up the current log. When the current log file reaches 1 MB, it renames the current to _01 and _01 to _02, etc.
The DNS server can have a maximum of three log files. By default, the DHCP server can have a maximum of four log files of one MB each.
You can set the debug settings for the Network Registrar DNS and the DHCP servers.
You can set the debug level from 1 to 4 for the Network Registrar DNS server and from 1 to 9 for the Network Registrar DHCP servers, with the higher levels giving you more extensive logging.
Note Each of these servers has different categories for which you can request tracing information. Because setting the tracing level can have a serious impact on the performance of your system, you should contact Technical Support for more information about using debugging.
You can use Mlog to add the debug messages to the existing logs.
Note If you reload the DNS server after enabling the debug settings through the GUI, Network Registrar disables debug. You must enable the debug setting again if you want to use the debug settings.
The Debug settings button lets you collect debug information about the DNS server. You should only need to set debug settings if you have been instructed by Technical Support.
Step 2 Click the Show Properties toolbar button.
Step 3 Click the Advanced tab on the Show Properties dialog box (Figure 2-7).
Step 4 Click Debug settings.
Step 5 From the Debug Settings dialog box, click Enable Debug.
Step 6 Type in the category as supplied by Technical Support.
Step 7 Check MLOG, which sends the output to the Network Registrar's files.
Step 8 Click OK.
You can use the server setDebug and server unsetDebug commands to set or unset the debugging level.
Use the server setdebug command to specify the debugging level. For example, to set the DNS debugging level to 5, type:
To disable debugging, use the server unsetDebug command.
You can monitor the state of your Network Registrar servers by displaying or reporting aspects of a specified server's health. The following items can decrement the health of the servers so you should monitor their status periodically:
Note When Network Registrar cannot contact the server, you will see the warning triangle and exclamation point and the green or red color is muted. The warning can mean one of the following conditions: the network is down; the server machine has crashed; the server has been stopped from the control panel; the client has lost communication with the server (that is, the client lost its IP address).
Perform these steps to view server status.
The Server Status Monitor window (Figure 3-2) is a window in which you can place server icons to monitor their state. The icons change to reflect the server's current state. The traffic lights indicate the state of the server: started is green and stopped is red.
The bar to the right of the traffic light shows the health of the server, that is, it indicates how well the server is running. The health is a combination of servers' resources and network balance
Step 2 From the Servers menu, select Add to Status Monitor, or, from Windows 95 or Windows NT, drag the server icon to the Server Status Monitor window (Figure 3-2).
Note You can add as many servers as you want to the Server Status Monitor (Figure 3-2). They can be from any of the clusters to which you have connected.
Perform these steps to remove servers from the Server Status Monitor.
Step 2 Use the right mouse button (right-click) to select Remove.
You can display the health of a server, that is, whether it is running or stopped.
Use the server getHealth command to display the specified server's health. For example, to display Network Registrar's DHCP server's health, type:
Perform these steps to display server statistics.
Step 2 From the Servers menu, select Show Statistics.
Network Registrar displays the Statistics window.
Note You can sort the statistics by Name or by Value by clicking the corresponding column. To see updated statistics, click Refresh.
Use the server getStats command to display the specified server's statistics. For example, to display Network Registrar's DHCP server's statistics, type:
The Network Registrar Web GUI lets you login to your Network Registrar servers and run the Server status report. The Server satus report displays the status of the specified server. It indicates whether the server is running or stopped.
For information about how to run the Server status report, see "Running the Server Status Report" section.
Perform these steps to display IP address usage.
Use the report file outputfile command to display the IP address usage for specified servers. For example, to display Network Registrar's DHCP server's address usage, type:
You can use the Web GUI to display the server's address usage. The Web GUI lets you login to your Network Registrar servers and run a Address usage report. The Address usage report displays the IP address usage for all of the servers or just some of the servers in your network.
For information about how to run the Address usage report, see "Running the Address Usage Report" section.
Network Registrar displays a report that contains the following information:
Step 2 From the Servers menu, select Show related servers.
Note This command is only available if you have configured DHCP failover.
Network Registrar refreshes this document window every 10 seconds. If you want more current information, click Refresh.
Use the server getRelatedServers command to display the connection status between the main and backup DHCP server. For example, to display Network Registrar's DHCP servers, type:
Note For more information about this command, see the nrcmd server getRelatedServers command in the Network Registrar CLI Reference Manual.
You can use the Web GUI to display the server's related servers. The Web GUI lets you login to your Network Registrar servers and run a Related servers report. The Related servers report displays the IP address usage for all of the servers or just some of the servers in your network.
For information about how to run the Related servers report, see "Running the Related Servers Report" section.
After you have established a scope, you can monitor lease activity and view lease attributes using either the Leases tab in the GUI or the CLI lease list command.
Step 2 From the DHCP Scope properties dialog box, click the Leases tab.
Step 3 Select the lease that you want to view.
Step 4 Click Lease Properties. The properties of the lease you selected displays.
Use the lease list command from the DOS prompt to view the properties of a particular lease. For example:
C:\Program Files\Network Register> nrcmd -C <cluster> -N <user> -P <password> lease list > <filename.txt>
You can use the Web GUI to display the server's lease status. In addition, the Web GUI lets you login to your Network Registrar servers and run a Lease status report. The Lease status report displays the status of leases, whether they are available, reserved, and if reserved, the associated MAC addresss.
For information about how to run the Lease status report, see "Running the Lease Status Report" section.
To ensure a consistent snapshot of the Network Registrar database, Network Registrar provides a shadow backup facility. Because the Network Registrar database (called MCD) does a variety of memory caching and may be active at any time, you cannot rely on doing system backups to protect the data in the database. At the time you run a system backup, there may be Network Registrar operations in progress that cause the data copied to the system backup tape to be inconsistent, and unusable as a replacement database.
You can also use Network Registrar's shadow backup facility. Once a day, at a configurable time, Network Registrar suspends all activity to the database, and takes a snapshot of the critical files. This snapshot is guaranteed to be a consistent view of the database, and it will be preserved correctly on a system backup tape. This backup is only a single generation backup. To maintain multiple backup versions, implement an archiving strategy.
| Caution If you are using Windows NT, make sure you backup the files only in the db.bak directory. Otherwise, you might cause your server to crash. |
Note Network Registrar backs up the DNS data even when the shadow backup is run on a secondary server.
The only configuration for this facility is through a single entry in the system Registry.
HKEY_LOCAL_MACHINE/SOFTWARE/American Internet/NetworkRegistrar/2.0/DBShadowTime
This entry is a string that represents the time-of-day at which the shadow backup is scheduled to occur (in 24 hour HH:MM format). The default is 23:45.
If you remove this Registry entry or set it to an illegal value (for example, anything that does not begin with a digit), you will suppress the backups. The server is otherwise unaffected.
In addition to being available at a scheduled time of day, you can also force a shadow backup manually by using the mcdshadow utility located in the \Program Files\Network Registrar\bin directory for Windows NT or the /opt/nwreg2/usrbin directory for UNIX. There are no command-line arguments. Type mcdshadow to cause Network Registrar to perform the shadow backup.
Because a full copy of the database is created, this may take a few minutes to complete. Files are saved in /var/nwreg2/data/db.bak.
Step 2 Change the directory to \Program Files\Network Registrar\data\db (Windows NT) or /var/nwreg2/data/db (UNIX).
Step 3 As a safety check, type the command ..\..\bin\dbcheck mcddb (Windows NT) or /opt/nwreg2/dbcheck -a mcddb (UNIX) to verify the integrity of the database.
Use the shadow backup to recover data, either because a system crash corrupted the regular working database or because the disk on which it resides is corrupted.
| Caution If you do not stop the AIC Server Agent, you will get errors. |
Step 2 Make sure that the following three files are in \Program Files\Network Registrar\data\db.bak (Windows NT) or /var/nwreg2/data/db (UNIX).
The files are mcddb.d01, mcddb.d02, and mcddb.d03.
Step 3 Copy them into \Program Files\Network Registrar\data\db (Windows NT) or /var/nwreg2/data/db (UNIX). Do not move them because you may need them again.
Step 4 Change the directory to \Program Files\Network Registrar\data\db (Windows NT) or /var/nwreg2/data/db (UNIX).
Step 5 Type the following command to rebuild the key files by typing the command ..\..\bin\keybuild mcddb (Windows NT) or /opt/nwreg2/keybuild mcddb (UNIX).
This can take several minutes.
Step 6 As a safety check, type the command ..\..\bin\dbcheck mcddb (Windows NT) or /opt/nwreg2/dbcheck mcddb (UNIX) to verify the integrity of the database.
Note You need to have root privileges to run dbcheck.
You should have no errors. However, if you do get errors, make sure that
The mcdshadow command uses the files listed in Table 3-3.
Posted: Wed Feb 19 12:14:59 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.
