[cisco-voip] Unity Connection 10.5.2 Split Brain Recovery

Norton, Mike mikenorton at pwsd76.ab.ca
Wed Oct 28 14:59:21 EDT 2015 

Even though it is true that newer Windows versions have moved to NTP from SNTP, Microsoft still does not intend for you to use it as an “NTP server” per se. It is intended for AD’s own internal time-syncing needs and that’s it.

--
Support boundary to configure the Windows Time service for high-accuracy environments: https://support.microsoft.com/en-us/kb/939322

“We do not guarantee and we do not support the accuracy of the W32Time service between nodes on a network. The W32Time service is not a full-featured NTP solution that meets time-sensitive application needs.”
--

If you’re having problems with ADFS due to time, I’d have to wonder if maybe your AD domain is synced from an unreliable source, or perhaps not synced from anywhere. (VMs with virtual clock set to follow physical host clock can wreak havoc as well.) As long as your AD domain is synced from the same real NTP source as your Cisco stuff, times should be more than close enough. You do sync your AD domain to a real NTP source, right?

-mn

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Jason Aarons (AM)
Sent: October-28-15 12:13 PM
To: Matthew Loraditch; Erick Wellnitz; Charles Goldsmith
Cc: voip puck; Aaron Banks
Subject: Re: [cisco-voip] Unity Connection 10.5.2 Split Brain Recovery

Older versions of Windows Server ie 2003/2008 did SNTP natively not NTP.  You can’t point to a NTP client to SNTP server. SNTP is not precise enough, but good enough for Kerberos/Windows.

Windows Server 2012 can serve up NTP
http://www.sysadminlab.net/windows/configuring-ntp-on-windows-server-2012

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Matthew Loraditch
Sent: Wednesday, October 28, 2015 2:07 PM
To: Erick Wellnitz <ewellnitzvoip at gmail.com<mailto:ewellnitzvoip at gmail.com>>; Charles Goldsmith <wokka at justfamily.org<mailto:wokka at justfamily.org>>
Cc: voip puck <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>; Aaron Banks <amichaelbanks at hotmail.com<mailto:amichaelbanks at hotmail.com>>
Subject: Re: [cisco-voip] Unity Connection 10.5.2 Split Brain Recovery


So here’s a question then if Windows isn’t supported, how do you make sure ADFS works? I had plenty of timing problems with ADFS being out of sync, until I started using my primary DC as the UCM/UCXN NTP as I saw that recommended somewhere to fix..

What are folks doing here?

Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA
Network Engineer
Direct Voice: 443.541.1518
Facebook<https://www.facebook.com/heliontech?ref=hl> | Twitter<https://twitter.com/HelionTech> | LinkedIn<https://www.linkedin.com/company/helion-technologies?trk=top_nav_home> | G+<https://plus.google.com/+Heliontechnologies/posts>

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Erick Wellnitz
Sent: Wednesday, October 28, 2015 1:41 PM
To: Charles Goldsmith <wokka at justfamily.org<mailto:wokka at justfamily.org>>
Cc: voip puck <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>; Aaron Banks <amichaelbanks at hotmail.com<mailto:amichaelbanks at hotmail.com>>
Subject: Re: [cisco-voip] Unity Connection 10.5.2 Split Brain Recovery

I like both IOS and Linux ntpd

I synch those with time.nist.gov<http://time.nist.gov>

Remember that you need a stratum 6 or better to sync UC apps like connection or CUCM.

On Wed, Oct 28, 2015 at 11:35 AM, Charles Goldsmith <wokka at justfamily.org<mailto:wokka at justfamily.org>> wrote:
I personally prefer an IOS based device, a core switch or router.

On Wed, Oct 28, 2015 at 12:33 PM, Thomas LeMay <thomaslemay at comcast.net<mailto:thomaslemay at comcast.net>> wrote:
Hi,

Questions: What is the best business practice for the type of NTP server to use as the source: windows or some other operating system?

Thank you,

Tom

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>] On Behalf Of Aaron Banks
Sent: Wednesday, October 28, 2015 12:39 AM
To: Ryan Huff; cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Unity Connection 10.5.2 Split Brain Recovery

Thank you for all of that.  You know what it was - NTP.  I shut down the HA.  NTP was doing weird things on the primary node and I asked the customer if the NTP server address he gave me was a windows server.  Bingo.  I changed the NTP source, rebooted the primary, called voicemail and then powered on the HA.

Lesson learned.
________________________________
From: ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>
To: amichaelbanks at hotmail.com<mailto:amichaelbanks at hotmail.com>; cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: RE: [cisco-voip] Unity Connection 10.5.2 Split Brain Recovery
Date: Tue, 27 Oct 2015 17:25:47 +0000
1.) Shut down the HA node.

2.) Reboot the primary node

3.) Once the primary node is up, place a call into voicemail

4.) Power the HA node back on

5.) Once HA is up, verify HA status.



Sent from my T-Mobile 4G LTE Device


-------- Original message --------
From: Aaron Banks
Date:10/27/2015 12:35 PM (GMT-05:00)
To: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: [cisco-voip] Unity Connection 10.5.2 Split Brain Recovery


Has anyone seen/resolved a split brain recovery in Unity Connection 10.5.2?  The primary and secondary keep swapping back and forth every few minutes.  I can ping and trace to each server.  I restarted the primary but that did not resolve the issue.  In the RTMT system logs, the secondary sends an NTP query to the primary the response is the primary is inaccessible or down.  I'm stumped.

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip


_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip



itevomcid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20151028/a4b4e072/attachment.html>

More information about the cisco-voip mailing list