UID
|
GVSN
|
Name
|
Parent
|
Globally Unique ID
|
Globally Unique Version
|
File or Folder Name
|
Globally Unique ID for parent
|
Clearly a file of critical importance
Name
|
UID
|
GVSN
|
Parent
|
RF1
|
ContentSet-v1
|
ServerA-v10
|
|
Canary.xlsx
|
ServerA-v11
|
ServerA-v11
|
ContentSet-v1
|
Cat.docx
|
ServerA-v12
|
ServerA-v12
|
ContentSet-v1
|
Note: When DFSR creates the first replicated folder, the UID of the replicated folder is marked with the GUID of the content set from Active Directory and “v1”, and the GVSN of the first server in the Replicated Folder and “v10”.
Name
|
UID
|
GVSN
|
Parent
|
RF1
|
ContentSet-v1
|
ServerA-v10
|
|
Name
|
UID
|
GVSN
|
Parent
|
RF1
|
ContentSet-v1
|
ServerA-v10
|
|
Canary.xlsx
|
ServerA-v11
|
ServerA-v11
|
ContentSet-v1
|
Cat.docx
|
ServerA-v12
|
ServerA-v12
|
ContentSet-v1
|
Name
|
UID
|
GVSN
|
Parent
|
RF1
|
ContentSet-v1
|
ServerA-v10
|
|
Canary.xlsx
|
ServerA-v11
|
ServerA-v11
|
ContentSet-v1
|
Cat.docx
|
ServerA-v12
|
ServerB-v65
|
ContentSet-v1
|
Dog.txt
|
ServerB-v66
|
ServerB-v66
|
ContentSet-v1
|
Fried
|
ServerA-V13
|
ServerA-V13
|
ContentSet-v1
|
Chicken.rtf
|
ServerA-V14
|
ServerA-V14
|
ServerA-V13
|
Mmmm… fried chicken…
1. If you restore all DCs in a domain, SYSVOL still stops replicating. There is no authoritative DC and all will be attempting non-auth sync simultaneously.
2. Any custom DFSR replicas on other volumes than the one containing SYSVOL stop replicating and require repair . Moreover, even though custom RFs on the same volume as SYSVOL “accidentally” recover non-authoritatively (they share the same database), they are likely to see perceived data loss from any changes not replicated out before the snapshot restored and eliminated them.
3. Even though SYSVOL replicating inbound non-authoritatively is generally ok - it does not usually have many changes and the changes mostly originate from one server, the PDC Emulator - group policies will certainly be disrupted on that node until sync completes. In addition, if it was the PDCE, recent GP changes that never replicated out will be lost forever just like in #2.
4. This requires homogenous virtualization of Windows Server 2012 or later. Windows Server 2008 R2 and older domain controllers do not support the VM Generation ID, so they just end up in USN rollback for AD with ruined SYSVOL databases.
Note: I can only speak to Microsoft Hyper-V in this article; please contact your third party hypervisor vendor details, capabilities, and limitations.
1. Microsoft recommends Hyper-V as the preferred hypervisor for virtualized DFSR. As stated previously, Windows Server 2012 Hyper-V/Microsoft Hyper-V Server 2012 both include a critical feature, VM Generation ID, designed to help alleviate issues with workloads such as Active Directory, File Replication Services and DFSR that don’t like to be time shifted. Furthermore, Microsoft develops, tests, optimizes and validates its products with Hyper-V as part of its Common Engineering Criteria.
Finally, Microsoft does not recommend using hypervisors that aren’t supported via the Microsoft Server Virtualization Validation Program (SVVP).
2. Avoid Snapshots and host side virtual machine backups – enough said on the matter. Restoring an entire VM from a saved state or a snapshot breaks custom DFSR. Use VSS backups inside the VM.
3. Reliable and high-performing hypervisor host disk subsystem that write through to disk – The host physical disk system must satisfy at least one of the following criteria to ensure the virtualized workload data integrity through power faults:
The system uses server-class disks (SCSI, Fiber Channel, etc.)
The system uses disks connected to a battery-backed caching host bus adapter (HBA)
The system uses a storage controller (for example, a RAID system) as the storage device
The system uses is protected by an uninterruptible power supply (UPS)
The system’s disk write-caching feature is disabled
Without these safeguards in place, database corruption during unexpected power loss becomes much more likely. When DFSR detects database corruption in Windows Server 2012 and older operating systems, it deletes the database and forces inbound non-authoritative sync.
When virtualizing DFSR with Hyper-V, use virtual disks attached to virtual SCSI controllers for the DFSR data (via a VM’s Settings page). Doing so means significantly improved I/O speeds, as virtual SCSI outperforms the virtual IDE stack (even without write caching). Keep in mind that Windows Server 2012 Hyper-V and earlier versions can only boot from the virtual disks attached to the virtual IDE controller. Thus, your virtual machines should be configured to:
A. Boot the OS from a virtual disk attached to the virtual IDE controller.
B. Attach one or more “data” disks to the virtual SCSI controller and only replicate data on those disks.
Why yes, that is my host name. I don’t have a big hardware budget, I am a PM…
When using Hyper-V, place your DFSR data on virtual disks attached via virtual SCSI!
4. Do not clone, export, or copy VMs – As you have seen in the first section, DFSR relies heavily on the certain unique aspects of a computer such as the volume and the database signatures. If you create multiple instances of DFSR servers then all of them will believe themselves to be the same server from a DFSR perspective – even if you were to rename the servers and rejoin them to the domain. Clones create black holes in the replication topology if you were to reuse these machines with the same local DFSR metadata (especially if you accidentally left them with the same name and IP – this is a possibility even with VDC ). Always create new servers from Sysprepped images or fresh media and never create copies of existing servers.
5. P2V with care - While physical to virtual conversion of DFSR servers is supported using SCVMM or Disk2Vhd , you must not allow both computers to run simultaneously. With SCVMM, this means choosing “ offline mode conversion ” and with Disk2VHD it simply means being careful. In both cases, once you have a working VM, you must never allow the physical machine back on your network again (See #3).
6. Do not pause or save state VMs – while not intrinsically bad, a paused or saved VM is like one that is turned off: the longer you wait, the more divergent its replication gets. Wait too long and it will never replicate again , especially since Windows Server 2012 enables content freshness by default. Getting into the habit of pausing and saving VMs is like the habit of turning off physical machines – eventually, you are going to forget you did it on one of them.
7. Use multiple virtualization hosts – This is the first “all eggs in one basket” scenario. If you only use one host, there may come a day when that host croaks. Use Failover Clustering , Hyper-V Live Migration , or Hyper-V Replica to ensure that even if a hypervisor host is down, its workloads are not. If not deploying true high availability, make sure that you at least run VMs on more than one host machine. This is a ( very ) basic assurance that a single hardware failure will not stop all your file replication.
8. Secure your guests and hosts – Unlike the other best practices, this is not about reliability but true data safety:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.