none
ADFS 2.0 failover RRS feed

  • Question

  • While studying this guide on ADFS 2.0 HA/site resilience, I wondered about a particular scenario.

    http://social.technet.microsoft.com/wiki/contents/articles/1841.aspx

    If the primary site goes down and after the SQL instance in the DR site takes over the active role, does the ADFS node in the DR site automatically point itself to this SQL instance? If not, what is the procedure for manually doing this?

    Thursday, October 13, 2011 1:12 AM

Answers

  • see the last steps in the doc/link you specified
     

    5. Configuring Mirroring

    • Setup mirrored SQL Server (sql2)
    • Configuring database mirroring for AdfsConfiguration and AdfsArtifactStore databases

    6. Update the connection string for both databases (I referred to this article http://social.technet.microsoft.com/wiki/contents/articles/ad-fs-2-0-migrate-your-ad-fs-configuration-database-to-sql-server.aspx ) so ADFS 2.0 aware of the mirrored database

    • Perform this on adfs1, for the AD FS 2.0 configuration database:
      • Stop the ADFS service from Command prompt: net stop adfssrv
      • Open the Windows Powershell and run the following command:
        • temp= Get-WMIObject -namespace root/ADFS -class SecurityTokenService
        • $temp.ConfigurationdatabaseConnectionstring=�?�Data Source=<Principal SQLServer>; Failover Partner=<Mirror SQLServer>;Initial Catalog=AdfsConfiguration;Integrated Security=true�?�
        • $temp.put()
        • Go back to Command Prompt and start the ADFS service: net start adfssrv
      • For the AD FS, for the AD FS 2.0 artifact store database. Open the Windows Powershell and run the following command:
        • Add-PSSnapin Microsoft.ADFS.Powershell
        • Set-adfsproperties �??artifactdbconnection �?�Data Source=<Principal SQLServer>; Failover Partner=<Mirror SQLServer>;Initial Catalog=AdfsArtifactStore;Integrated Security=true�?�
        • Confirm the change using command: Get-adfsproperties
        • Check for ArtifactDbConnection Properties
     

    <o:p></o:p>

    Cheers,<o:p></o:p>


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <o:p></o:p>

    "Hylvp" wrote in message news:dd9d465e-ffa4-45ea-a718-1f8918812227@communitybridge.codeplex.com...

    While studying this guide on ADFS 2.0 HA/site resilience, I wondered about a particular scenario.

    http://social.technet.microsoft.com/wiki/contents/articles/1841.aspx

    If the primary site goes down and after the SQL instance in the DR site takes over the active role, does the ADFS node in the DR site automatically point itself to this SQL instance? If not, what is the procedure for manually doing this?


    Jorge de Almeida Pinto [MVP-DS] (http://jorgequestforknowledge.wordpress.com/)
    Thursday, October 13, 2011 6:10 AM
    Moderator

All replies

  • see the last steps in the doc/link you specified
     

    5. Configuring Mirroring

    • Setup mirrored SQL Server (sql2)
    • Configuring database mirroring for AdfsConfiguration and AdfsArtifactStore databases

    6. Update the connection string for both databases (I referred to this article http://social.technet.microsoft.com/wiki/contents/articles/ad-fs-2-0-migrate-your-ad-fs-configuration-database-to-sql-server.aspx ) so ADFS 2.0 aware of the mirrored database

    • Perform this on adfs1, for the AD FS 2.0 configuration database:
      • Stop the ADFS service from Command prompt: net stop adfssrv
      • Open the Windows Powershell and run the following command:
        • temp= Get-WMIObject -namespace root/ADFS -class SecurityTokenService
        • $temp.ConfigurationdatabaseConnectionstring=�?�Data Source=<Principal SQLServer>; Failover Partner=<Mirror SQLServer>;Initial Catalog=AdfsConfiguration;Integrated Security=true�?�
        • $temp.put()
        • Go back to Command Prompt and start the ADFS service: net start adfssrv
      • For the AD FS, for the AD FS 2.0 artifact store database. Open the Windows Powershell and run the following command:
        • Add-PSSnapin Microsoft.ADFS.Powershell
        • Set-adfsproperties �??artifactdbconnection �?�Data Source=<Principal SQLServer>; Failover Partner=<Mirror SQLServer>;Initial Catalog=AdfsArtifactStore;Integrated Security=true�?�
        • Confirm the change using command: Get-adfsproperties
        • Check for ArtifactDbConnection Properties
     

    <o:p></o:p>

    Cheers,<o:p></o:p>


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <o:p></o:p>

    "Hylvp" wrote in message news:dd9d465e-ffa4-45ea-a718-1f8918812227@communitybridge.codeplex.com...

    While studying this guide on ADFS 2.0 HA/site resilience, I wondered about a particular scenario.

    http://social.technet.microsoft.com/wiki/contents/articles/1841.aspx

    If the primary site goes down and after the SQL instance in the DR site takes over the active role, does the ADFS node in the DR site automatically point itself to this SQL instance? If not, what is the procedure for manually doing this?


    Jorge de Almeida Pinto [MVP-DS] (http://jorgequestforknowledge.wordpress.com/)
    Thursday, October 13, 2011 6:10 AM
    Moderator
  • Thanks, but how does the backup node know which sql server to reference in the event of a failure in the main site, is the process manual or automatic?


    I'm also trying to understand not only the failover procedure but also the failback procedure, and the 3 certificates that must be exported/installed on the failover node.


    • Edited by web-it Monday, October 17, 2011 11:21 PM
    Monday, October 17, 2011 10:27 PM
  • I have followed the instructions (http://social.technet.microsoft.com/wiki/contents/articles/ad-fs-2-0-migrate-your-ad-fs-configuration-database-to-sql-server.aspx) for setting up mirrored SQL database for ADFS 2.0. Have a farm of 2 adfs servers (on load balancer) and a farm of 2 (mirrored) SQL servers. Unfortunately when the Principal SQLServer becomes unavailable and the mirror sets the Failover Partner to become a primary, ADFS service on both adfs servers cannot recover from this and it has to be restarted. Any advise on how to "fix" this issue?

    Thanks

    Thursday, November 10, 2011 9:28 PM