4.10.3 Connecting to a remote host
To configure a cluster, enable the localhost and remote host to connect via DCOM. Enable DCOM on both the localhost and remote host. After this, prepare for connection via DCOM by running the setup-local-dcom subcommand of the asadmin utility command on the remote host, running the create-password-alias subcommand of the asadmin utility command on the localhost, and performing other required operations. You can verify the connection from the localhost to the remote host via DCOM by running the validate-dcom subcommand.
Prerequisites
-
The domain administration server (DAS) is running.
-
Application Server has been set up on the localhost.
-
The remote host is running.
-
Application Server has been installed on the remote host.
-
The remote host and localhost can be connected by using DCOM.
Intended users
-
System engineers
Procedure
Enable DCOM on the localhost and remote host.
For Run of the start menu, enter dcomcnfg.exe and then click the OK button.
In the Component Services window, click Component Services > Computers to expand the tree.
Right-click My Computer and then select Properties.
In the My Computer properties window, select Enable Distributed COM on this computer on the Default Properties tab.
For the remote host, on the COM Security tab, click the Edit Limits button of Access Permissions. Select Allow of Remote Access for the users who connect to the remote host or the group these users belong to.
For the remote host, on the COM Security tab, click the Edit Limits button of Launch and Activation Permissions. Select Allow of Remote Launch and Remote Activation for the users who connect to the remote host or the group these users belong to.
Click the OK button to reboot the machine. If DCOM has already been enabled, a reboot is not needed.
On the remote host, specify settings such that the Windows services Windows Management Instrumentation and Remote Registry start automatically. If these services are not running, start them.
On the remote host, run the net share command to confirm that the administrative share is enabled.
net share
When this command is run, the result is displayed as follows. If the lines for drive_name$ are displayed as follows, the administrative shares are enabled.
Share name Resource Remark ------------------------------------------------------------------------------- : C$ C:\ Default share D$ D:\ Default share :
If the administrative share of the remote host is disabled, change the value of the following registry key: After changing the value of the registry key, reboot the machine.
In Windows 7, Windows 8, and Windows 8.1 Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\parameters Value: AutoShareWks=0 (disabled) Value: AutoShareWks=1 (enabled)In Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\parameters Value: AutoShareServer=0 (disabled) Value: AutoShareServer=1 (enabled)Ensure that the following ports are open and that a firewall is set up on the remote host:
-
DCOM port (135 or 139)
-
Windows Shares port (445)
-
Dynamic port
From Control Panel, start Windows Firewall and then select Advanced settings.
In the Windows Firewall with Advanced Security window, select New Rule... of Inbound Rules.
In the New Inbound Rule Wizard window, select Port for Rule Type. In addition, select TCP for Protocol and Ports and enter the port number of the port you want to open in Specific local ports.
If you want to specify a range of ports to be opened, specify the range by using a hyphen, as in 5000-5010.
For Action, select Allow the connection.
For Profile, select an applicable profile, depending on the environment, from Domain, Private, and Public.
Enter a name in Name, and then click the Finish button.
If you want to confirm the dynamic port, execute the following command:
For IPv4: netsh int ipv4 show dynamicport tcp
For IPv6: netsh int ipv6 show dynamicport tcp
-
On the remote host, run the setup-local-dcom subcommand of the asadmin utility command to enable DCOM.
asadmin setup-local-dcom
- Important note
-
When updating the Windows registry information, we recommend that you first back up the registry information before executing the setup-local-dcom subcommand.
When this command is run, the result is displayed as follows:
Command setup-local-dcom executed successfully.
For Windows 8, Windows 8.1, Windows Server 2012, or Windows Server 2012 R2, restart the Windows service Remote Registry on the remote host.
Edit the hosts file so that the host name of the DAS (localhost) can be resolved on the remote host.
To set up an alias to the password for configuring a DCOM connection on the localhost, run the create-password-alias subcommand of the asadmin utility command.
asadmin create-password-alias password_alias_name
When required, enter the password of the remote host.
When this command is run, the result is displayed as follows:
Command create-password-alias executed successfully.
Restart the domain administration server.
asadmin restart-domain
When this command is run, the result is displayed as follows:
Command restart-domain executed successfully.
On the localhost, create a password file that includes the Windows password of the host on the node.
AS_ADMIN_WINDOWSPASSWORD=${ALIAS=password_alias_name}To verify whether the localhost can be connected with a remote host by using DCOM, run the validate-dcom subcommand of the asadmin utility command.
asadmin --user domain_administration_server_user_name --passwordfile password_file_path validate-dcom --windowsuser remote_host_user_name remote_host_name
The default value of domain_administration_server_user_name is admin.
When this command is run, the result is displayed as follows:
Command validate-dcom executed successfully.
For each remote host to be configured as a distribution location of a request, repeat the procedure from steps 1 through 11.
Postrequisites
-
Setting up Application Server on the remote host