Solved

Can one iSCSI target be used between two servers in a server migration preserving the NTFS file system and file rights?

Posted on 2008-10-22
4
1,071 Views
Last Modified: 2013-11-14
Hi,

Currently we are using a Windows 2003 R2 server / DC that hosts our file shares on an iSCSI drive mounted to that server.
All users access these file shares by using a DFS namespace, so the backend of these mappings to the real shares can be changed easily.
In the next weeks we are planning to use a new DC that also will host the DFS namespaces and must also take over the iSCSI target at the end of our server migration.

My question is really if NTFS will still function right and if it will not be damaged when i change the iSCSI to the newer server?
the SID's of the folder and files will still be the same..

I guess attaching the iSCSI target to both servers at the same time is dangerous and may damage the flle system or am i wrong?
Because these migration steps are taking outside of working hours, read and/or write errors, file locks should not happen i think.

Thanks in advance.

Best regards,
Rick

0
Comment
Question by:Rick
4 Comments
 
LVL 5

Expert Comment

by:mren08
ID: 22782265
You shouldn't attached more than one server to the same iSCSI target. Someone else can probably qualify this further but from my understanding Windows is unable to control which server has dedicated control at any one time.. it's certainly possible but will likely cause data corruption.

I have seen iSCSI targets moved to different servers within the same security domain without compromising NTFS security.

0
 
LVL 3

Accepted Solution

by:
VXDguy earned 500 total points
ID: 22837353
NTFS is not a clustered files system designed to be used by multiple servers at the same time.  Each server will cache a copy of the MFT independently and, on shutdown, will flush to disk corrupting the MFT and destroying the integrity of the NTFS filesystem.  Even though NTFS is a journaled filesystem, it will be damaged beyond repair if you "share" it between two non-clustered servers.

Doesn't matter if it's a shared SCSI bus, FC SAN, ATAoE, or iSCSI, the result is the same.

If you accidently expose a LUN to two different server, do NOT shut down the server.  Power them off, pull the disks out, or otherwise *DROP* the disk and you *MIGHT* be able to get your data back.  Doing a clean shutdown is guaranteed to destroy the filesystem.

Even when clustered, NTFS filesystems are accessible to only on the *active* node.  Other clustered nodes can see the LUN but no reads or writes (and this is enforced by SCSI reserves).


As for changing the owner of the iSCSI targets, as long as you remove the current owner before adding the new owner, you should be fine.  At no point do two servers see the same target LUN which is where the risk of corruption comes in.

As for filesystem permissions, I'd use an activeperl script to recursively dump the ACL list for each file before the migration.  You can do a search/replace through the ACL dump to adjust owners if necessary and run another script to set the ACL permissions.  There's a book called Win32 Perl Scripting that actually comes with an example Perl script to do this--I'm sure there's free scripts online to do this as well.
0
 

Author Closing Comment

by:Rick
ID: 31509013
Sorry for the late reply, i'm gonna try to switch servers this weekend.
But first gonna make sure our backup works 100%! :-)
0
 

Expert Comment

by:cturcott
ID: 23170471
Lots of details here about NTFS and clustering that I didn't know, but in my practical experience, you can open disk management, right click on the iscsi array and choose Offline.  From then, you can disconnect from your iscsi share safely using the Initiator.  After that, connect to your iscsi device from any computer you wish.  My array is as the polite term goes, promiscuous.  It's been connected to several domains, various workgroups, and just bounces around while the files remain happily intact.  This is in a home lab sort of environment so I am not sure about the security info but the files are fine.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now