Configuring the IPs Addresses for Protected Web Sites in a WAN Environment Based Upon the Currently Active Server

Follow

Summary

This Knowledgebase article provides details about configuring the IPs addresses for protected web sites in a WAN environment based upon the currently active server.


More Information

Symptom

Following a switchover or failover for IIS environments located in a WAN configuration, protected web sites may not be available on the newly active server.

Cause

The web sites are configured to respond to the old IPs, which correspond to the previously active server IP range.

Resolution

Note: When using Windows 2008 with IIS 7.0 in native mode or Windows 2008 R2 with IIS 7.5 in native mode, the script C:\inetpub\AdminScripts\adsutil.vbs does not exist. For the adsutil.vbs script to be present in the inetpub folder, IIS 6.0 Management Compatibility must be installed. When using IIS version 7.0 or IIS 7.5, the IIS 6 Management Compatibility must be enabled for adsutil.vbs to run.

During the startup phase of the newly active server, the web sites IP mappings should be reconfigured based upon the new active server. After the web sites IP addresses, ports, names, and identifiers for both sites are known, use the procedure below to add new IP mappings for each web site:

cscript c:\inetpub\AdminScripts\adsutil.vbs set w3SVC/<WebsiteID>/serverbindings <ServerIP>:<Port>:

Note: To find the web site identifier for all websites, open a command prompt and run the “iisweb /query” command. Alternatively, use the Administrator Tools -> IIS Manager Snap-in to display the web site identifiers.

Create two batch files that  contain the commands for setting the correct IP to all the web sites. Using the Neverfail Heartbeat Management Client, create a new Network Task for the Primary and Secondary web sites IPs. Use the Up and Down buttons to make sure that the Primary and Secondary DNSUpdate tasks are first in the list.

For example: With a configuration as shown below,

Web Site ID Primary Site IP Secondary Site IP
12221121 192.168.1.1:80 192.168.2.1:80
3232323 192.168.1.2:80 192.168.2.2:80
55674 192.168.1.3:80 192.168.2.3:80
8744566 192.168.1.1:79 192.168.2.1:79

Note: If attempting to update the bindings of a secure site (an https site) substitute the term "securebindings" for the term "serverbindings" and substitute port "443" for port "80" in each of the lines in the .bat file. See example below.

Example: cscript c:\inetpub\AdminScripts\adsutil.vbs set w3SVC/12221121/securebindings 192.168.1.1:443:

  1. Create a .bat file named PriWebSites.bat with the following commands to set the appropriate IP addressing for the Primary server after a switchover/failover resulting in the Primary server being active:

    cscript c:\inetpub\AdminScripts\adsutil.vbs set w3SVC/12221121/serverbindings 192.168.1.1:80:
    cscript c:\inetpub\AdminScripts\adsutil.vbs set w3SVC/3232323/serverbindings 192.168.1.2:80:
    cscript c:\inetpub\AdminScripts\adsutil.vbs set w3SVC/55674/serverbindings 192.168.1.3:80:
    cscript c:\inetpub\AdminScripts\adsutil.vbs set w3SVC/8744566/serverbindings 192.168.1.1:79:
  2. Create a .bat file named SecWebSites.bat with the following commands to set the appropriate IP addressing for the Secondary server after a switchover/failover resulting in the Secondary server being active:

    cscript c:\inetpub\AdminScripts\adsutil.vbs set w3SVC/12221121/serverbindings 192.168.2.1:80:
    cscript c:\inetpub\AdminScripts\adsutil.vbs set w3SVC/3232323/serverbindings 192.168.2.2:80:
    cscript c:\inetpub\AdminScripts\adsutil.vbs set w3SVC/55674/serverbindings 192.168.2.3:80:
    cscript c:\inetpub\AdminScripts\adsutil.vbs set w3SVC/8744566/serverbindings 192.168.2.1:79:
  3. Using the Neverfail Heartbeat Management Client, create a Network Task for the Primary server browsing to the PriWebSites.bat. Additionally, create a Network Task for the Secondary server pointing to the SecWebSites.bat. Using the Up and Down buttons, make sure that these tasks are below the existing DNSUpdate Network tasks.

Known Issue

If  attempting to change the IP address on a website in IIS that does not have an http header associated with it, the following syntax must be used:

cscript c:\inetpub\AdminScripts\adsutil.vbs set w3SVC/<Web Site ID Number>/serverbindings <IP Address>:80:
cscript c:\inetpub\AdminScripts\adsutil.vbs set w3SVC/<Web Site ID Number>/securebindings <IP Address>:443:


Example:

cscript c:\inetpub\AdminScripts\adsutil.vbs set w3SVC/12221121/serverbindings 172.16.1.9:80:
cscript c:\inetpub\AdminScripts\adsutil.vbs set w3SVC/12221121/securebindings 172.16.1.9:443:

Note :The use of the trailing colon at the end of the command is intentional. If trailing colon is missing, then the IP will be changed, but the TCP Port and SSL field will be left blank which will cause the Website to not start up and get an error.


Applies To

Neverfail Heartbeat V5.3.0 and Later


Related Information

None

KBID-1616

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.