-
Title
Remove unwanted extra realms -
Description
There might be occasions when extra realms have been configured using the command: vastool configure extra-realm {realm} {server1}
By definition, the manpage states the following:
vastool configure realm will modify /etc/opt/quest/vas/vas.conf to use the given realm_name as your default realm. If a list of server names is passed in, these servers will be used as the Active Directory servers for the given realm. In Active Directory terms, the realm will be the domain name of the domain this computer will be a member of. vastool configure extra-realm can also be used to configure other domains if you need to support multiple servers in your Active Directory tree. This will add information for these realms, but it will not make the new realm the default realm.
-
Resolution
The command vastool configure extra-realm {realm} {server1} adds a section in vas.conf called "realms" where all extra realms are listed.
example:
This how the command vastool info servers will output when no extra realms are configured; it will list only the default server
[root@cs-redhat1 /]# /opt/quest/bin/vastool info servers Servers type = DC, domain = yourdomain.com, site = Default-First-Site-Name: dc1.yourdomain.comTo add extra realms, you need to run vastool configure extra-realm {realm} {server1} as in the example below:
[root@cs-redhat1 /]# vastool configure extra-realm yourdomain.com xtradc3.yourdomain.com xtradc4.yourdomain.comRunning the command vastool info servers will now list the extra 2 servers added
[root@cs-redhat1 /]# /opt/quest/bin/vastool info servers Servers type = DC, domain = yourdomain.com, site = Default-First-Site-Name: dc1.yourdomain.com xtradc3.yourdomain.com xtradc4.yourdomain.comIn vas.conf the extra realms will be added in the section "realms"
[realms] yourdomain.com = { kdc = xtradc3.yourdomain.com:88 kdc = xtradc4.yourdomain.com:88 }Situation 1:
There are multiple extra realms configured in vas.conf, but 1 of them has been decommissioned and needs to be removed, but keep the other extra realms.
In this case, you need to run the command vastool configure extra-realm {realm} {server1} including only the servers you want to keep:
Example:
[root@cs-redhat1 /]# vastool configure extra-realm yourdomain.com xtradc3.yourdomain.comThis will keep in the realms section only xtradc3.yourdomain.com, removing any other servers previously listed
[realms] yourdomain.com = { kdc = xtradc3.yourdomain.com:88 }vastool info servers will keep the default server and only the server listed in the realms section
[root@cs-redhat1 /]# /opt/quest/bin/vastool info servers Servers type = DC, domain = yourdomain.com, site = Default-First-Site-Name: dc1.yourdomain.com xtradc3.yourdomain.comRun the following command to clear out the srvinfo and to remove the DCs from the cache
/opt/quest/bin/vastool daemon stop vasd; printf ".timeout 5000\ndelete from srvinfo;\ndelete from usn_cache;\n" | /opt/quest/libexec/vas/sqlite3 -header /var/opt/quest/vas/vasd/vas_misc.vdb; /opt/quest/bin/vastool daemon start vasd ; sleep 1; /opt/quest/bin/vastool flushThis will prevent the decommissioned DCs from appearing again.
Situation 2
These extra realms were added only for a planned downtime, or are no longer available, and you need to use only the default realmThe following command can be used to remove the extra realms: vastool configure vas remove realms
When running this command, the "realms" section is cleared from vas.conf and when running vastool info servers it will keep only the default server[root@cs-redhat1 /]# /opt/quest/bin/vastool info servers Servers type = DC, domain = yourdomain.com, site = Default-First-Site-Name: dc1.yourdomain.comRun the following command to clear out the srvinfo and to remove the DCs from the cache
/opt/quest/bin/vastool daemon stop vasd; printf ".timeout 5000\ndelete from srvinfo;\ndelete from usn_cache;\n" | /opt/quest/libexec/vas/sqlite3 -header /var/opt/quest/vas/vasd/vas_misc.vdb; /opt/quest/bin/vastool daemon start vasd ; sleep 1; /opt/quest/bin/vastool flushThis will prevent the decommissioned DCs from appearing again.