Skip to main content
Skip table of contents

Complete Additional DR Installation Tasks

After DR setup is complete, do the following:

  • Required: Reboot all machines that are part of your DR deployment
  • Recommended: Test the DR solution by running a failover scenario and a failback scenario. For more information about how to run a failover and failback see: Administer a LogRhythm Disaster Recovery Deployment

Complete SPN Re-Registration

Following Disaster Recovery Installation the SQL SPNs must be re-registered to the domain. This SPN registration requires a Domain Admin account, if you are using a Domain Admin account for the SQL Server Service Account this will register itself, if not you will need access to a domain account account and to run the Kerberos Configuration Manager for SQL Server following the Disaster Recovery installation. For more information and access to the Microsoft Kerberos Configuration Manager for SQL Server see this page. SPN registration must take place prior to a Disaster Recovery failover test and is required for Kerberos authentication to work into the LogRhythm application.

Change DNS Records Manually

In certain cases, dynamic updates to DNS may not be an available or allowed option due to organizational policies. Should this be the case, following a failover in the LogRhythm DR environment, the shared A Record must be manually updated in Infoblox DNS to reflect the new failover IP. This type of setup may show indications of the Failover Cluster Name Resource not being registered, as Windows is not able to update the DNS record remotely.

For Users with Infoblox DNS

The following checklist can be used for verification of Infoblox DNS update permissions as described in this section.

  • In the Infoblox UI, verify a zone exists for the domain in Data Management > DNS > Zone. If this does not exist, create an authoritative zone for the domain.
  • Verify the zone allows queries from the DR servers.
  • Verify the zone allows updates from the DR servers.
  • Allow unsigned updates from the Domain Controller if GSS-TSIG is not being used.
  • If the LogRhythm DR DNS Record already exists, verify the record is set to “Dynamic” and that it is not protected.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.