Skip to main content
IT Connect

Information technology tools and resources at the UW

20130628: RE: NETID DC promotions and demotions

All previously announced DC refresh work has been completed, and the UWWI firewall document has been updated to reflect this. A temporary DC change is planned for the UWWI NETID domain service.

 

What and When:

A temporary domain controller will be promoted and demoted late next week. This temporary DC will be on a network not previously on the UWWI firewall document.

 

What you need to do:

If you have a firewall or network filters, you may need to adjust them (see link below).

 

More info:

Another network has been added to the UWWI firewall list:

172.2.1.0/24 (172.22.1.0-172.22.1.255).

 

Three networks previously on the UWWI firewall list have been removed to reflect completion of prior DC refresh work. For reference, the networks removed are:

-172.22.15.0/27 (172.22.15.0-172.22.15.31)

-172.22.16.64/27 (172.22.16.64-172.22.16.95)

-172.22.238.128/25 (172.22.238.128-172.22.238.255)

 

You can find the list of networks that correspond to NETID DCs to configure in your firewalls at http://www.netid.washington.edu/documentation/trustWithFirewall.aspx.

 

The temporary DC promotion/demotion is to facilitate an offline recovery test of the NETID domain via the Microsoft Active Directory Recovery Execution Services program that will happen the 2nd week of July. We need to have a temporary domain controller promoted and demoted in preparation for this exercise, and due to the nature of how this opportunity came about, we were unable to provide you more advanced warning of this change. We are still exploring ways to “hide” this temporary DC from customers to minimize the impact of not giving folks the customary 2 week warning about a change to the UWWI firewall list, but those explorations are still in process and need to be tempered by maintaining operational stability.

 

From: Brian Arkills Sent: Monday, November 05, 2012 12:02 PM To: ‘uwwi-announce@uw.edu’ (uwwi-announce@uw.edu) Subject: NETID DC promotions and demotions

 

Several changes are planned for the UWWI NETID domain service. These changes will close the existing temporary service capacity gap, which was noted in the email below sent 2 weeks ago.

 

What and When:

Several new domain controllers on a network not previously in the UWWI firewall documentation will be promoted beginning this Thursday, 11/8. One DC will be promoted on 11/8, with 2 additional DCs following over the following week for a total of 3 new NETID domain controllers.

 

After these 3 new DCs have been added, 2 of the existing domain controllers will be demoted as they have reached end of life.

 

What you need to do:

If you have a firewall or network filters, you may need to adjust them (see link below).

 

If you’ve hard-coded specific domain controller names in applications or code, you will need to adjust that configuration. If you have hard-coded either mace.netid.washington.edu or yoda.netid.washington.edu, please change that configuration.

 

If neither of these situations apply to you, then you don’t need to do anything.

 

More info:

Another network has been added to the UWWI firewall list: 172.16.31.0/24 (172.16.31.0-172.16.31.255).

 

The network that leia.netid.washington.edu was on has been removed from the UWWI firewall list. For reference that network was: 172.22.14.0/27 (172.22.14.0-172.22.14.31).

 

You can find the list of networks that correspond to NETID DCs to configure in your firewalls at http://www.netid.washington.edu/documentation/trustWithFirewall.aspx.

 

When all DC demotions are complete, we will remove two of the networks listed in that document, so if you do manage network filters you may want to check back in 3-4 weeks to remove unnecessary networks in your filters in the future.

 

> —–Original Message—–

> From: Brian Arkills

> Sent: Tuesday, October 23, 2012 12:38 PM

> To: ‘uwwi-announce@uw.edu’ (uwwi-announce@uw.edu)

> Subject: Netid domain controller (leia) forcible demotion planned ~1pm

> today

>

> Due to internal AD database corruption on Leia.netid.washington.edu and

> replication problems it was having, we have determined that we need to

> demote leia.netid.washington.edu, one of 5 existing domain controllers

> providing the NETID domain service in the UWWI service line. Leia has been

> offline since yesterday evening and won’t be coming back online. You may

> have experienced odd problems because of Leia’s AD corruption. If you think

> you’ve got a lingering issue caused by this, please do open a help request via

> help@uw.edu with UWWI somewhere in the subject line, and we’ll try to

> assist you.

>

> We have already replaced leia as the DNS master for clients.uw.edu, the

> DDNS zone provided for delegated OU customers, and there has been no

> impact to customers of that service.

>

> This work represents a minor degradation in service capacity, but this is

> expected to be the case only for a short period, as leia was planned to be

> replaced in the coming months.

>

> If, for some reason, you’ve hard-coded something to

> leia.netid.washington.edu, you will want to change that.

>

> Brian Arkills

> UW-IT, Identity and Access Management

> UW Windows Infrastructure technical lead