01-22-2009 02:37 AM
We have a clustered environment og two SA6000 boxes, in active/passive.
Our own company uses it, as well as a number of customers, on overall 16 IVSes so far.
We finally took the plunge and upgraded from 5.5R7 til 6.2R3.1. Release notes indicated this was an okay upgrade path to take, and I also called JTAC and had them confirm that this was the recommended release to upgrade to from ours.
After the upgrade though, we are seeing quite a few bugs!
The most serious one is regarding authentication server. If we try and make a new authentication server, of any kind, og any of teh IVSes, the system will automatically delete one of the older ones! On one of the IVSes it even deleted the authentication server called "Administrators", which normally can't be deleted. Realms and roles and so forth just map to the newly created one, if they mapped to the deleted one.
Anyone else seen anything like this? The odd thing, it's only a problem on IVSes made before the upgrade. If we make an IVS and create new authentcation servers, it works as intended. Problem is, we have a lot of local authentication databases, and have no way of exporting and importing all the users in these.
Have a JTAC case open on this, but so far they haven't come up with anything at all. So thought I'd post here too, in case anyone has seen anything similar.
Thanks in advance for any feedback you can provide on this.
01-22-2009 10:31 AM
MAG 4610 (7.4) Lab
01-22-2009 01:26 PM
If you have a lab box or can break your cluster and persuade Juniper to give you licenses to run the passive device as a primary, I'd recommend using the function to duplicate an IVS to create a "new" IVS with the same authorization settings as an "old" IVS. This might give you a way to recreate your IVSs without having to reconfigure like crazy.
01-27-2009 06:18 AM
I'm afraid the only lab box we have is a SA 700, and not much I can do with that on this particular issue.
Breaking the cluster is also not an option, as this cluster is in production and out customers paid good money to get redundancy, so we can't just take that away and hope nothing goes wrong while we've done this.
I actually tried making a new IVS on the production system, and choose to make it a copy of an existing one. The copy had the same error, so that doesn't solve anything, apparently.
Seems the case has just been escalated, so I'm hoping Juniper will take a more serious look at the problem now...
Thanks for your answers though guys.