Configuring MSCS Server Failover - Terminal Server in Active-Passive mode

How to configure Terminal Server failover using MS Cluster Services (MSCS)

Expected behavior:
In case of node failure, other node take over the YSoft SafeQ Terminal Server service so embedded terminals continues working.

Implementation:
YSoftSafeQTerminalServer service is part of MSCS as a resource. In case of node failure, MSCS fail-over the resource to other node.

Description of the environment (Terminal Server failover in active-passive using MSCS):

images/download/attachments/21955714/MSCS_DSfailover.png

Environment requirements

  • MS Windows 2008 R2 servers (Enterprise) and newer.

  • Functional, properly configured and validated cluster.

  • Pre-installed YSoft SafeQ 5 on each node of the MS Cluster - YSoft SafeQ has to be installed as a cluster.

  • One dedicated IP address must be available for YSoft SafeQ services clustering. This IP address must be reachable from the customer's LAN (MFPs and hardware terminals). This IP address cannot be the same as MS Cluster virtual IP address. 

  • High-availability storage with low network latency for sharing data among terminal servers is required for the failover of embedded terminal on SHARP and Konica Minolta. The storage has

    • Service account with access to shared storage is required, account will be used for running YSoft SafeQ server services. It is recommended to use domain account with administrative rights for the YSoft SafeQ servers. This account will be used for accessing shared network storage.

Environment recommendations

  • High-availability storage for the job spooler to avoid single point of failure.

  • Service account for running YSoft SafeQ server services. It is recommended to use domain account with administrative rights for the YSoft SafeQ servers.This account will be used for accessing network folders used for scans (e.g. when using "Scan to home" workflow) and shared spool folder.

Step 1 - Configure YSoft SafeQ Terminal Server in Microsoft Cluster Services

1

Stop YSoft SafeQ Terminal Server service on all nodes connected to MSCS cluster

2

Open Failover Cluster Manager (cluadmin.msc) 

3

Create a new resource

    1. Right-click the cluster name -> select Configure a service or application (2008) or Configure Role (2012) -> select Generic Service

    2. Select YSoft SafeQ Terminal Server and click next

    3. Specify virtual name (in our case terminal_server ) and fill in the virtual IP address that will be used by YSoft SafeQ Terminal Server -> click next  

      1. images/s/-3eliqb/8502/404359a7d2ab19c9c7c58d12013124a386b28257/_/images/icons/emoticons/lightbulb_on.svg The same IP address will be used later in the guide for configuration of  networkAddress in  <SafeQ_dir>\terminalserver\TerminalServer.exe.config

    4. Finish the wizard with no additional changes

4

Example of running clustered YSoft SafeQ Terminal Server

images/download/attachments/21955714/MSCS_TS_Status.PNG

Step 2 - Change YSoft SafeQ configuration

YSoft SafeQ Terminal Server

1

Stop YSoft SafeQ Terminal Server service using "cluadmin.exe"

  • MS Windows 2008 - go to Services and application -> select terminal_server -> right-click YSoft SafeQ Terminal Server in Other resources -> choose Take this resource off-line -> confirm

  • MS Windows 2012 - go to Roles -> right-click terminal_server -> Stop Role

2

Edit <SafeQ_dir>\terminalserver\TerminalServer.exe.config   on all members of MCSC cluster as follows: 

  1. replace IP address at parameter  networkAddress  by the virtual IP that was used for clustered YSoft SafeQ Terminal Server service

  2. if you are using embedded terminal for SHARP or Konica Minolta:

    1. add key SharedLocation to <appSettings> section as follows:

      • <add key="SharedLocation" value="path" />  

        • path has to be replaced by high-available storage available from all MSCS members, e.g. <add key="SharedLocation" value="\\haserver\DeviceConfigurationData" />

    2. set YSoft SafeQ Terminal Server service to run under the account that has administrative rights on the local server and also full read/write rights to high-available shared storage

3

Start YSoft SafeQ Terminal Server service using "cluadmin.exe" to apply settings:

    • MS Windows 2008 - Go to Services and application -> select terminal_server -> right-click YSoft SafeQ Terminal Server in Other resources -> choose Bring this resource on-line -> confirm

    • MS Windows 2012 - go to Roles -> right-click terminal_server -> Start Role

YSoft SafeQ Web interface

1

Edit <SafeQ_dir>\tomcat\conf\server.xml on all members of MCSC cluster as follows: 

  1. delete all lines containing parameter address with the physical IP address of particular CML server. Do not remove the lines where address is set to localhost.

    • example of line that should be removed (usually three occurrences):

      • address="10.0.20.220"

    • example of line that should not be removed:

      • address="localhost"

2

Restart YSoft SafeQ Web Interface service on all members of MSCS cluster

YSoft SafeQ generic

1

If you are using Network Card Reader:

  1. make sure the enableNetworkLoadBalancer is enabled in the YSoft SafeQ Web interface -> System -> System settings. (workaround - see limitations) 

  2. restart restart all YSoft SafeQ services on all members of MSCS cluster

2

If you wish to use shared spool directory:

  1. make sure the cluster-readSharedFolderJob is enabled in the YSoft SafeQ Web interface -> System -> System settings

  2. make sure the spoolDir in <SafeQ>\conf\startup.conf on all the nodes points to the high-avaliable network storage available from all the MSCS members

  3. set YSoft SafeQ CML service to run under the account that has administrative rights on the local server and also full read/write rights to high-available shared storage

  4. restart restart all YSoft SafeQ services on all members of MSCS cluster

Step 3 - Test the basic failover functionality

1

ACCESSING WEB INTERFACE VIA CLUSTERED IP ADDRESS
Verification steps

  1. Stop the first node of MSCS cluster

  2. Open YSoft SafeQ web interface via virtual IP address that was used for clustered resource terminal_server , log in to web interface.

  3. Start the first node of MSCS cluster and stop the second node of MSCS cluster

  4. Open YSoft SafeQ web interface via virtual IP address that was used for clustered resource terminal_server , log in to web interface.

Expected result

  • Authentication on YSoft SafeQ web interface always succeeds

  • Second node is shown offline in CML cluster status widget during failover event

2

MOVING RESOURCE TERMINAL_SERVER AMONG THE MSCS members:
Verification steps

  • Try to move terminal_server resource from one node to another using Failover Cluster Manager (cluadmin.msc).

    • MS Windows 2008 - Go to services and applications -> right-click terminal_server -> select Move this service or application to another node -> select second node -> confirm the dialogue

    • MS Windows 2012 - Go to Roles -> -right-click terminal_server -> Move -> Select node.. -> select one of nodes and confirm the selection and click OK

Expected result

  • Resource is properly moved and is shown as Online or Running

  • YSoft SafeQ Terminal Server service was initially running and after the switch it is running on a different node

3

TERMINAL SERVER FUNCTIONALITY WITH FAILOVER
Verification steps

  1. Move resource terminal_server to the first YSoft SafeQ server and wait for it to become Online or Running

  2. Log in to the YSoft SafeQ web interface via virtual IP address of the terminal_server resource and reinstall the embedded terminal

  3. Verify that you can authenticate on the embedded terminal

  4. Move resource terminal_server to the second (or any other) YSoft SafeQ server and wait for it to become Online or Running

  5. Verify that you can authenticate via the embedded terminal

Expected result

  • Installation of the embedded terminal succeeds

  • Authentication on the terminal always succeeds

4

TEST PRINTING WITH FAILOVER

Note: This step is optional, it will work only when shared spool directory as specified above in the guide is used

Verification steps

  1. Send a print job to first node of MSCS cluster

  2. Stop the first node of MSCS cluster

  3. Authenticate on the MFD and release the print job

Expected result

  • Print job is released

Limitations and remarks

  • Pull accounting (Xerox) is not retrieved during failover event. Please make sure TS always runs on master node.

  • Network Card Reader is in default configuration not functional in case of failover event. Please make sure "enableNetworkLoadBalancer" configuration is enabled as a workaround to resolve this issue.

  • To administrate SafeQ using web interface, use always virtual IP address of the cluster to reach node with on-line and connected YSoft SafeQ Terminal server service (YSoft SafeQ Terminal Server is always connected with local node only).