problem with Mirroring

Hello,  Thanks in advance for all replies.  I have been practicing setting up mirroring between two development servers in preparation for mirroring our production server in a few weeks.  I started by setting the servers up with minimum security which worked easily, then I set it up in lock down mode again without any issues.  Now I am setting it up in lockdown mode with encryption and this one is testing me.  I have everything setup but my async dr member cannot connect to the primary.

 

from cconsole.log

3/23/17-10:09:39:851 (3124) 0 [SYSTEM MONITOR] Mirror status changed. Member type = Not Member, Status =
03/23/17-10:11:17:095 (3496) 0    Loaded mirror set member: CORPARTAPP2/CACHE
03/23/17-10:11:17:095 (3496) 0    Loaded mirror set member: CORRARTAPP1/CACHE
03/23/17-10:11:17:130 (3612) 0 Mirror manager for BILLSMIRROR starting
03/23/17-10:11:19:046 (3612) 2 Async member for BILLSMIRROR started but failed to connect to primary
03/23/17-10:11:42:133 (3124) 0 [SYSTEM MONITOR] Mirror status changed. Member type = Disaster Recovery, Status = Waiting
03/23/17-10:13:01:571 (3496) 2 Could not open mirror journal log to read checksum, errno = 2
03/23/17-10:13:01:571 (3496) 0 Building mirror journal log file d:\intersystems\cache\mgr\mirrorjrn-BILLSMIRROR.log
03/23/17-10:13:01:587 (3496) 0 Built mirror journal log file d:\intersystems\cache\mgr\mirrorjrn-BILLSMIRROR.log successfully.

 

status for mirror on async member is WAITING.
 

  • 0
  • 0
  • 639
  • 10
  • 4

Answers

William, is it possible that the DR async and failover members do not have all of the needed encryption keys loaded? See Activating Journal Encryption in a Mirror in the High Availability Guide. This text applies to releases supporting multiple encryption keys; what release are you running?

Thanks for the help.  I am reading both articles to see if I missed anything.  I did compare the encryption key on the databases from the primary and async and they match.  I went thru the SSL procedure and everything seem to work correctly and I have the same certs on both machines.  I did notice that on the async server that the cacheaudit database is Unmounted and will not let me mount it.  Is this because it's the DR Async machine or is this an indicator of a problem?

It could be related but maybe not. I definitely suggest contacting the WRC about this.

never mind on the audit db.  I activated auditing and the database mounted.  I have reviewed the encryption info and do not see anything I missed on setting that up.  Reading the SSL article now.

If you are doing database encryption only, this is very unlikely to be the problem. Journal encryption is a bit tricky as indicated by the text I cited, but as that text also says, "there are no specific mirroring-related requirements for database encryption". 

Good Morning,

    I have gone thru both articles and numerous others but I have3 still been unable to get the async DR member out of the waiting  status.  In the portal I went to SYSTEM>JOURNALS>MIRROR JOURNAL FILES and no mirror journal files show up.  Are there cache or windows utilities that I can use to trace the activity between these two machines (primary & async member).  What troubleshooting steps should I take now?

 

I have verified that the ports are open and in process explorer it appears that the async member goes to the primary successfully but I'm still getting an unable to connect in my console log.

There are no errors in my windows event logs.  I turned on all system events in the audit  log for both servers and there are no errors that show up.

I am on CACHE 2014.1.1.702

Again, I suggest opening a WRC issue to address this. The first step will likely be to enable REDEBUG (do ^REDEBUG in %SYS and set the new value to FFFFFFFF). Then you will disconnect from the mirror (^MIRROR -> Mirror Management -> Disconnect), then connect again. Then set REDEBUG back to FF and collect the cconsole.log for the WRC as well as the cconsole.log on the primary. I must ask again if you added the async as an authorized async on the primary, as that is required to connect if using SSL. 

Thanks for the info and I opened a ticket with our support this morning.  I'm just trying to dig thru as much as I can myself before letting someone else come in and fix it.  I didn't answer your question but yes I did add the async as an authorized async on the primary.

I've had this a few times, and each time differs, but the one where this has happened a couple times is when configuring the Primary/Async relationship in the system Management portal, rather than a Unix prompt, it does not force you to configure you to set your password in your Edit SSL/TLS Menu of the Mirror Configuration. 

If you haven't done so, try that out. Sometimes, it's the little things

thanks for the suggestion.   I did put the password in for the SSL setup.  I'm sure it's something little that I'm not familiar with.

Comments

If Bob's suggestion doesn't fix your problem, I recommend opening up a WRC issue about this. In addition to the encryption keys, you could have an issue with the SSL setup (SSL is required for mirrors if you're using journal encryption).  For what it's worth, you could take a look at my article about creating an SSL-enabled mirror with keys/certificates generated using the Public Key Infrastructure to see if that helps.

Good Morning,

   In reading your article is sounds like I need to create separate SSL certificates for each machine.  Is that correct?  The training book that I was given instructed me to create the certificates for the primary and then copy to the async member.  Will that work or should I create the separate certs?

That would work, but I'd suggest creating different ones so you can distinguish between the members.

Also, even if  SSL is set up correctly, you still need to accept the async's connection from the primary server. Did you do that?