on 09-10-2015 11:02 AM
Hi.
I established warm standby replication for master database:
Replicating the master database in a warm standby environment for ASE
For most actions like: adding login (or db user), role grants it works fine.
There is one problem which I cannot resolve.
On my Active site I have configured a password policy (each login MUST change password after first logon) - it is expired by default.
On my Standby site I have identical master..syslogins table (so all logins are also expired by default).
When someone changes his password on ACTIVE site, DSI thread goes down:
E. 2015/09/10 11:29:21. ERROR #13045 DSI EXEC(125(1) clininet_standby.master) - seful\cm.c(3784)
Failed to connect to server 'clininet_standby' as user 'test'. See CT-Lib and/or server error messages for more information.
I. 2015/09/10 11:29:21. Message from server: Message: 4022, State 1, Severity 10 -- 'The password has expired, but you are still allowed to log in. You must change your password before you can continue. If a login trigger is set, it will not be executed.
'.
I. 2015/09/10 11:29:21. Message from server: Message: 5701, State 2, Severity 10 -- 'Changed database context to 'master'.
'.
E. 2015/09/10 11:29:21. ERROR #1028 DSI EXEC(125(1) clininet_standby.master) - seful\cm.c(3784)
Message from server: Message: 7742, State 3, Severity 16 -- 'You must change your password using the sp_password system stored procedure before you can continue.
DSI is shutdown becouse of Message: 4022.
I tried to resolve this by:
1. Adding custom error class and binding it to my STANDBY connection
2. Assigning action WARN for errors.
Replication Server/15.6/EBF 20155 ESD#3/X64/Windows
Error still occurs.
Maybe someone knows how to solve this. Without proper password replication there is no point to replicate master database at all.
I would be grateful for any information.
Best regards.
--
Marcin
Hi Marcin
There are two CR's related to this issue one is in RepServer and the other in ASE RAT to address this issue.
The RS CR is 626316
The ASE CR is 657779
Both of these CR's are fixed in ASE 15.7 and RS 15.7.1. I recomend the latest sp release of each product to ensure that you get all the current fixes for both ASE and RS.
To workaround the issue you will have to manually fix the expired password on the target master database. You can then resume the connection and skip the transactions once you have fixed the password on the target.
Terry
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Terry,
Can you write some more details about CR's ?
I've tested this case using:
* ASE (active / standby): Adaptive Server Enterprise/16.0 GA PL01/EBF 22544 SMP/P/x86_64/Enterprise Linux/ase160sp00pl01/3523/64-bit/FBO/Tue Apr 15 13:24:31 2014
* RS: Replication Server/15.7.1/EBF 22526 SP201 rs1571sp201/Linux AMD64/Linux 2.6.18-128.el5 x86_64/1/OPT64/Fri Apr 25 12:50:41 2014
DSI is still going down.
Best regards,
--
Marcin
Hi Terry.
Errors from RS 15.7.1 sp201 are similar to those from comment #1.
I. 2015/09/11 16:33:09. Message from server: Message: 4022, State 1, Severity 10 -- 'The password has expired, but you are still allowed to log in. You must change your password before you can continue. If a login trigger is set, it will not be executed.
'.
I. 2015/09/11 16:33:09. Message from server: Message: 5701, State 2, Severity 10 -- 'Changed database context to 'master'.
'.
E. 2015/09/11 16:33:09. ERROR #1028 DSI EXEC(144(4) penny.master) - seful/cm.c(5046)
Message from server: Message: 7742, State 3, Severity 16 -- 'You must change your password using the sp_password system stored procedure before you can continue.
'.
E. 2015/09/11 16:33:09. ERROR #13045 DSI EXEC(144(4) penny.master) - seful/cm.c(5050)
Failed to connect to server 'penny' as user 'testowy'. See CT-Lib and/or server error messages for more information.
I. 2015/09/11 16:33:09. The DSI thread for database 'penny.master' is shutdown.
Transaction from exception log:
exec sp_password_rep @caller_password=NULL , @new_password=0xc007189d0b1edebb2c89e2bedf984e24ed035bcbc7811c2bdcef36680c14ebcb3b344159337596f48ab4, @loginame=NULL , @immediate=0
I will try to download sp208....
Best Regards.
--
Marcin
After conferring with Terry on this issue, we found that the ASE portion of the fix for this was implemented, but the Rep portion was not. The recommended workaround is documented in the New Features Guide:
"Password Expiration Intervals for Master Replication
If you set up Adaptive Server master database replication in a warm standby environment, Sybase recommends setting longer password expiration intervals on the standby master database compared to the expiration intervals on the active master database. This allows the active master database to control any change of password and allows replication of password changes to proceed."
I hope this Helps,
Dale
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Dale,
Thank you for advice. I can set longer password expiration intervals on standby ASE but "expired" bit in master..syslogins is replicated when I create login on Active site. It cannot be unset on Standby site just by changing global pasword policy. It would require updating Standby syslogins every time I create a login on active site or changing default policy on Active site which I cannot do. I will try to check it on sp208.
Regards.
--
Marcin
User | Count |
---|---|
86 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.