{"id":782,"date":"2018-08-06T01:00:00","date_gmt":"2018-08-06T01:00:00","guid":{"rendered":"http:\/\/inswwdev.azurewebsites.net\/au\/insights\/uncategorized\/mdt-cluster-blues-tcpip-vs-named-pipes\/"},"modified":"2018-08-06T01:00:00","modified_gmt":"2018-08-06T01:00:00","slug":"mdt-cluster-blues-tcpip-vs-named-pipes","status":"publish","type":"post","link":"https:\/\/www.insentragroup.com\/au\/insights\/geek-speak\/modern-workplace\/mdt-cluster-blues-tcpip-vs-named-pipes\/","title":{"rendered":"MDT Cluster Blues (TCPIP vs Named Pipes)"},"content":{"rendered":"<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\"><span>1.1 INTRODUCTION<\/span><\/h3>\n<p style=\"text-align: justify;\">I\u2019ve been building Standard Operating Environments (SOE) in one form or another for years starting with Windows NT 4 Workstation (around the year that Charles and Diana Spencer divorced), right up to Windows 10 and Windows Server 2016 (the year that Jonathan Francetic and Molly Duff from MAFS divorced [I swear had to Google that, I\u2019ve never actually seen an episode!]).<\/p>\n<p style=\"text-align: justify;\">I\u2019ve built them using Visual Basic Scripting (VBS), Business Desktop Deployment (BDD), Microsoft Deployment Toolkit (MDT), System Center Configuration Manager (SCCM) and even KixTart!<\/p>\n<p style=\"text-align: justify;\">But for the first time ever, I was asked whether I could make MDT Highly Available (HA) including the MDT database.<\/p>\n<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\"><span>1.2 WHY?<\/span><\/h3>\n<p style=\"text-align: justify;\">Having the ability to build a new Virtual Machine (VM) is not usually considered a HA activity. If a datacentre goes down and you desperately needed a new VM built, you can:<\/p>\n<ul>\n<li style=\"text-align: justify;\">Restore the MDT server<\/li>\n<li style=\"text-align: justify;\">Failover a replicated MDT VM using either Site Recovery Manager (SRM) or Azure Site Recovery (ASR)<\/li>\n<li style=\"text-align: justify;\">Build a VM manually and install mandatory applications<\/li>\n<li style=\"text-align: justify;\">Wait for a couple of days until the primary datacentre comes back online<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">But what happens when:<\/p>\n<ul>\n<li style=\"text-align: justify;\">You are providing a 24\/7 operation to your clients<\/li>\n<li style=\"text-align: justify;\">When you guarantee uptime even if a datacentre goes offline<\/li>\n<li style=\"text-align: justify;\">You host VM\u2019s on a mixture of Hyper-V and VMWare<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">You have so many systems to bring up in the second datacentre if the primary one fails, that frankly you want as many automatic failovers as possible<\/p>\n<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\"><span>1.3 WHERE DO WE START?<\/span><\/h3>\n<p style=\"text-align: justify;\">There are four moving parts to consider:<\/p>\n<ul>\n<li style=\"text-align: justify;\">The MDT deployment share<\/li>\n<li style=\"text-align: justify;\">The linked deployment share on a server in the second datacentre<\/li>\n<li style=\"text-align: justify;\">The MDT database<\/li>\n<li style=\"text-align: justify;\">SQL Server<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">Should be a piece of cake, right? SQL Always-on availability cluster, linked deployment shares and use Active Directory (AD) Domain accounts for everything?<\/p>\n<p style=\"text-align: justify;\">Yeah\u2026Nah\u2026<\/p>\n<p style=\"text-align: justify;\">MDT tries to make life easy. It makes certain assumptions, forms certain concatenated strings to access the database and prefers Named Pipes access for SQL.<\/p>\n<p style=\"text-align: justify;\">The last part is the tricky one. Almost every guide to successfully configuring MDT to talk to the database reliably stipulates the use of Named Pipes. To do this you would need to:<\/p>\n<ul>\n<li style=\"text-align: justify;\">Enable Remote Named Pipes on your SQL server<\/li>\n<li style=\"text-align: justify;\">Configure a share on your SQL server that MDT can use to establish an authenticated connection<\/li>\n<li style=\"text-align: justify;\">Configure the CustomSettings.ini file in MDT with a \u2018SQLShare=\u2019 parameter and to use the DBNMPNTW Network Library<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">So, what\u2019s so hard about that?<\/p>\n<ul>\n<li style=\"text-align: justify;\">A SQL Listener for a SQL cluster only uses TCP\/IP. Named Pipes are not available for a listener\u2026<\/li>\n<li style=\"text-align: justify;\">MDT still wants to help by constructing a full path to the SQL share for you in the format<span>\u00a0<\/span><strong>\\servernameSQLShareName<\/strong>, but as you can imagine,<span>\u00a0<\/span><strong>\\MDTListenerSQLShareName<\/strong><span>\u00a0<\/span>isn\u2019t a valid path!<\/li>\n<\/ul>\n<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\"><span>1.4 THE SOLUTION<\/span><\/h3>\n<p style=\"text-align: justify;\">After a day of banging my head at each failed attempt to resolve this, error messages about Windows PE not being able to use AD authentication, the answer came courtesy of one of my Directors.<\/p>\n<p style=\"text-align: justify;\"><strong>Mr. Albert Altit, please take a bow!<\/strong><\/p>\n<p style=\"text-align: justify;\"><strong><img decoding=\"async\" style=\"width: 745px; height: 70px;\" src=\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/22\/2021\/02\/mdtclusterblues_1.jpg\" alt=\"\" data-udi=\"umb:\/\/media\/e291ed1da01c484b8106800b0e8945fa\" title=\"\"><\/strong><\/p>\n<p style=\"text-align: justify;\">To fix this, Named Pipes and the SQL Share needed to be removed as dependencies. The steps to achieve this are:<\/p>\n<ul>\n<li style=\"text-align: justify;\">Create a login with SQL authentication on the first SQL server<\/li>\n<li style=\"text-align: justify;\">Create the same SQL login on the second server. Note that it is very important that the same SID is used for the account on both SQL servers<\/li>\n<li style=\"text-align: justify;\">Alter the customsettings.ini file in the MDT Workbench (or directly from the Control directory of the MDT share)<\/li>\n<\/ul>\n<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\"><span>1.4.1 Creating the SQL account<\/span><\/h3>\n<p style=\"text-align: justify;\">No surprises here. Create a new SQL account (I\u2019ve called mine \u2018MDTConnect\u2019).<\/p>\n<p style=\"text-align: justify;\"><img decoding=\"async\" style=\"width: 359px; height: 263px;\" src=\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/22\/2021\/02\/mdtclusterblues_2.jpg\" alt=\"\" data-udi=\"umb:\/\/media\/a9d0ce2a5abe4660b0a34754f5ab79a0\" title=\"\"><\/p>\n<p style=\"text-align: justify;\">Endure that the \u2018User must change password at next login\u2019 is cleared.<\/p>\n<p style=\"text-align: justify;\"><img decoding=\"async\" style=\"width: 581px; height: 516px;\" src=\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/22\/2021\/02\/mdtclusterblues_3.jpg\" alt=\"\" data-udi=\"umb:\/\/media\/46d3a9b4c7464754bfb934645c019e76\" title=\"\"><\/p>\n<p style=\"text-align: justify;\">Grant the new account read rights to the MDT database.<\/p>\n<p style=\"text-align: justify;\"><img decoding=\"async\" style=\"width: 559px; height: 600px;\" src=\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/22\/2021\/02\/mdtclusterblues_4.jpg\" alt=\"\" data-udi=\"umb:\/\/media\/f9af84c04d894c53a350d867489e91d6\" title=\"\"><\/p>\n<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\"><span>1.4.2 Creating the SQL login on the second SQL cluster member<\/span><\/h3>\n<p style=\"text-align: justify;\">It\u2019s really important to have the SID of the login account on the second server match the SID on the first server.<\/p>\n<p style=\"text-align: justify;\">To obtain the SID, logon to the first SQL server and start a new query.<\/p>\n<p style=\"text-align: justify;\"><span>use<\/span><span>\u00a0<\/span>MDTDB<\/p>\n<p style=\"text-align: justify;\"><span>go<\/span><\/p>\n<p style=\"text-align: justify;\"><span>select name,sid from<\/span><span>\u00a0<\/span><span>sys.sysusers<\/span><span>\u00a0<\/span><span>WHERE Name<\/span><span>\u00a0<\/span>=<span>\u00a0<\/span><span>\u2018MDTConnect\u2019<\/span><\/p>\n<p style=\"text-align: justify;\">Copy the SID from the results of this query and use it to create the account on the second server.<\/p>\n<p style=\"text-align: justify;\"><img decoding=\"async\" style=\"width: 797px; height: 59px;\" src=\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/22\/2021\/02\/mdtclusterblues_5.jpg\" alt=\"\" data-udi=\"umb:\/\/media\/1fb92e177d0f414499e2c440af920638\" title=\"\"><\/p>\n<p style=\"text-align: justify;\">Run the following code in a new query window on the second SQL Server. Obviously substitute the name of your MDT database, your SID and your password for the MDTConnect account.<\/p>\n<p style=\"text-align: justify;\"><span>USE<\/span><span>\u00a0<\/span>[master]<\/p>\n<p style=\"text-align: justify;\"><span>GO<\/span><\/p>\n<p style=\"text-align: justify;\"><span>CREATE LOGIN<\/span><span>\u00a0<\/span>[MDTConnect]<span>\u00a0<\/span><span>WITH PASSWORD<\/span>=<span>\u2018MyCleverPassword\u2019<\/span>,<span>\u00a0<\/span><span>SID<\/span>=0x00E123D4ADD5A67891AB9876FE567810,<span>\u00a0<\/span><span>DEFAULT_DATABASE<\/span>=MDTDB,<span>\u00a0<\/span><span>DEFAULT_LANGUAGE<\/span>=[us_english],<span>\u00a0<\/span><span>CHECK_EXPIRATION=OFF<\/span>, C<span>HECK_POLICY<\/span>=<span>OFF<\/span><\/p>\n<p style=\"text-align: justify;\"><span>GO<\/span><\/p>\n<p style=\"text-align: justify;\">Finally, we can put the finishing touches together and remove any requirement on the SQL Share or on Named Pipes!<\/p>\n<p style=\"text-align: justify;\"><img decoding=\"async\" style=\"width: 796px; height: 78px;\" src=\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/22\/2021\/02\/mdtclusterblues_6.jpg\" alt=\"\" data-udi=\"umb:\/\/media\/4c492dd2598e4a8bbf81af51b4eb21b5\" title=\"\"><\/p>\n<p style=\"text-align: justify;\">In Customsettings.ini, there are a number of database related sections. They are all very similar in purpose, structure and wording. For each database related section, change the following:<\/p>\n<ul>\n<li style=\"text-align: justify;\">Change DBNMPNTW to DBMSSOCN<\/li>\n<li style=\"text-align: justify;\">Remove the \u2018SQLShare=\u2019 line<\/li>\n<li style=\"text-align: justify;\">Create a new entry \u2018DBID=MDTConnect\u2019<\/li>\n<li style=\"text-align: justify;\">Create a new entry \u2018DCPWD=YourPassword\u2019<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">Each section should now look something like the following:<\/p>\n<p style=\"text-align: justify;\">[CSettings]<\/p>\n<p style=\"text-align: justify;\">SQLServer=MDTListener<\/p>\n<p style=\"text-align: justify;\">Database=MDTDB<\/p>\n<p style=\"text-align: justify;\">Netlib=DBMSSOCN<\/p>\n<p style=\"text-align: justify;\">DBID=MDTConnect<\/p>\n<p style=\"text-align: justify;\">DBPWD=&lt;DB Password for MDTConnect&gt;<\/p>\n<p style=\"text-align: justify;\">Table=ComputerSettings<\/p>\n<p style=\"text-align: justify;\">Parameters=UUID, AssetTag, SerialNumber, MacAddress<\/p>\n<p style=\"text-align: justify;\">ParameterCondition=OR<\/p>\n<p style=\"text-align: justify;\">And that\u2019s that! Both MDT instances can access the same database via the listener.<\/p>\n<p style=\"text-align: justify;\">Now I wonder what\u2019s on TV?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>1.1 INTRODUCTION I\u2019ve been building Standard Operating Environments (SOE) in one form or another for years starting with Windows NT 4 Workstation (around the year that Charles and Diana Spencer divorced), right up to Windows 10 and Windows Server 2016 (the year that Jonathan Francetic and Molly Duff from MAFS divorced [I swear had to&hellip; <a class=\"more-link\" href=\"https:\/\/www.insentragroup.com\/au\/insights\/geek-speak\/modern-workplace\/mdt-cluster-blues-tcpip-vs-named-pipes\/\">Continue reading <span class=\"screen-reader-text\">MDT Cluster Blues (TCPIP vs Named Pipes)<\/span><\/a><\/p>\n","protected":false},"author":88,"featured_media":783,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[19],"tags":[],"class_list":["post-782","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-modern-workplace","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/posts\/782","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/users\/88"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/comments?post=782"}],"version-history":[{"count":0,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/posts\/782\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/media\/783"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/media?parent=782"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/categories?post=782"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/tags?post=782"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}