Setting up Content Replication on a Preferred Server running Windows Server 2012 R2
Content replication can be used to move large amounts of data from the core server to a preferred server, and also to allow endpoints to contact their preferred server on the local network for content rather than the core.
HOW TO
Preferred Server Setup
Roles
Once your server OS is installed, you must add two roles:
- File Server
- IIS
Creating the file share
To replicate the “patch” folder from your core to the Preferred Server, you must have the same directory structure on your target as you do on your core from the ldlogon folder down. Create those directories on the Preferred Server.
Core
Image may be NSFW.
Clik here to view.
Preferred Server
Image may be NSFW.
Clik here to view.
Adding the Virtual Directory
Open IIS Manager on your Preferred Server. Right click on the Default Website and select “Add Virtual Directory”.
Image may be NSFW.
Clik here to view.
Give the directory an alias (I used “Patch”, as this is where my patches from the core will be replicated to) and select the physical path to that directory.
Image may be NSFW.
Clik here to view.
Click “Connect as…” and it should be set by default as “Application user (pass-through authentication)” – leave it that way.
Image may be NSFW.
Clik here to view.
Click “Test Settings…”. It should look like below (don’t worry about the warning at this time):
Image may be NSFW.
Clik here to view.
Editing Permissions on the Virtual Directory/Share
Now we will set the permissions for the shares. Right-click on the virtual directory and select “Edit Permissions…”
Image may be NSFW.
Clik here to view.
If the folder is not already shared it should show as shared here:
Image may be NSFW.
Clik here to view.
Click the “Security” tab. The following accounts should be listed especially:
- Everyone: Read & Execute, List folder contents, Read
- IUSR: Read & Execute, List folder contents, Read
- Network Service: Full Control, no “Special Permissions”
- Administrators: Full Control, no “Special Permissions”
To create the UNC share, click back to the “Sharing” tab and select “Advanced Sharing”. Check the “Share this folder” box, and click on the “Permissions” button at the bottom. Give one of the accounts from the last step full permissions to the share; This will be necessary for the Ivanti EPM Content replication tool to have rights to copy Antivirus pattern file content to the share. In this instance, I have used “Administrators”:
Image may be NSFW.
Clik here to view.
Once you have done that, click okay and exit out to your IIS Manager.
Allowing Directory Browsing of the Virtual Directory
Select your Virtual Directory and then open “Directory Browsing” in the right pane and enable it:
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Core
Configure the Preferred Server in your Core Console
On your core, go into “Configure->Preferred Server”.
Image may be NSFW.
Clik here to view.
In the right pane, right click and select “New preferred server”
Image may be NSFW.
Clik here to view.
Fill in the “Server Name”, and “Username” and “Password” fields to start (The “Description” field is optional)
Image may be NSFW.
Clik here to view.
Click the “Test credentials…” button at the bottom, but we’re only going to test UNC credentials at this time (we have not set up the source in this pane yet):
Image may be NSFW.
Clik here to view.
Make sure you save this configuration now and re-open it.
The next item in the left column is “IP address ranges”. You can set these if you only want a specific IP range to use this share.
Select the Replicator
Please Note: The replicator will need to store a copy of all files to be replicated, and setting the preferred server itself as replicator may result in two copies of all files being stored on this replicator during the replication process. If the SMDCACHE directory and the destination are on different volumes, two copies of the files will be made and SDMCACHE on the root will need to be manually cleared. If SDMCACHE and the destination are on the same disk, this will not happen. To change the location of SDMCACHE, you can create a custom Client Connectivity setting and apply it to the replicator. The change to the setting is shown below:Image may be NSFW.
Clik here to view.
The next step is to select the replicator. In this example, I will use the Preferred Server itself to replicate the share.
Highlight the system you wish to use and press the “Select” button in the bottom right corner. Its inventory information should populate in the fields:
Image may be NSFW.
Clik here to view.
Schedule the Replication Process
You can set the “Run options and “Schedule” for when you want the replication process to run in the left column as well:
Image may be NSFW.
Clik here to view.
To set the replication schedule, select “Schedule” from the left column and then click the green plus icon on the toolbar in the resultant window:
Image may be NSFW.
Clik here to view.
For this example, I have selected the replication process to begin automatically on 10/4 at 1 AM, repeating every day at the same time, running until finished, and updating all preferred servers. You can change this to fit your needs. Hit save once you have the desired schedule set:
Image may be NSFW.
Clik here to view.
Set up Replication Sources
Now we will set up the sources for replication. Click the “New” button to add a new source for replication:
Image may be NSFW.
Clik here to view.
Enter the name of the source, a description of the source, the UNC path for the source, and the username and password you wish to use:
Image may be NSFW.
Clik here to view.
I always use UNC to test at this point, so just use UNC at this time (the warning is expected as I am using the same account I'm logged on to my core with):
Image may be NSFW.
Clik here to view.
Next, select “Preferred Servers (Targets)” in the left column. You should see the preferred server you set up earlier listed. Make sure it is in the “Included” pane at the bottom (if it’s not there, highlight and click “Include”):
Image may be NSFW.
Clik here to view.
The next column item is “Mirroring”. This option allows you to control what is in your shares on your Preferred Server.
If you select “Mirroring”, when the data is replicated from the source (core) to the Preferred Server, it will over-write ANYTHING in the target directory, making the share on the Preferred Server a “mirror” of the share on the core.
Image may be NSFW.
Clik here to view.
The next item is “Source representative”. This option allows you to choose a Windows-based, managed node to build file lists from the source (core) to the replicator. It must be low-latency, and have UNC access to the source even if it is HTTP-based. To designate, select a node from the list and press “Select”. It will fill in the inventory information of the system in the fields. Save after this is done:
Image may be NSFW.
Clik here to view.
You should now see your source paths added to the preferred server:
Image may be NSFW.
Clik here to view.
At this time, you should be able to test your HTTP connection:
Image may be NSFW.
Clik here to view.
If you see the same error as above don't worry. To ensure you have HTTP access, open a web browser and attempt to connect to the patch share on your preferred server:
You will now need to set up the “Write credentials”. Fill in the information and press “Test credentials”:
Image may be NSFW.
Clik here to view.
Press “Test” in the lower right hand corner to test:
Image may be NSFW.
Clik here to view.
At this point, you are ready to replicate. In your console window, check to make sure all of the items are listed:
Preferred Server:
Image may be NSFW.
Clik here to view.
Sources:
Image may be NSFW.
Clik here to view.
Replicators:
Image may be NSFW.
Clik here to view.
All Tasks (replication tasks):
Image may be NSFW.
Clik here to view.
If you want to check immediately to see if your replication is working, go to the “Pending Tasks” item. Right click on your item in the right pane, and select “Start content replication now…”.
Image may be NSFW.
Clik here to view.
The resulting window will allow you to watch the process and make sure it completes as intended:
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
At this point, you can physically check to make sure that the files copied from your core to the Preferred Server.
If for any reason the replication fails on the first run, manually copy all of the files you want replicated from the source on the core to the share on the Preferred Server, then run the content replication again. This will usually clear up any errors you will see. If it does not, open a case with Ivanti Support to investigate