FTP Migration Failure

I started this blog to write about the activities in the life of an IT admin.   Other than posting about an odd event or two, I’ve mostly posted about our migration to Cisco UCS and vSphere.  So without further ado, let’s take a look at another “Day in the Life” of an IT admin.

.

This past weekend was supposed to be fairly easy.  All I had to do was migrate our FTP server from a rackmount running W2K3 to a virtual server running W2K8.  The virtual server was built ahead of time, data was copied over to it, FTP sites were setup, etc.  It looked like everything was good to go.  I should have known better.

The first problem I ran into was name resolution. I wanted to keep the old server name as an alias so all my app folks wouldn’t have to change their scripts and applications.  The W2K8 server would not respond to the alias.  Turns that W2K8 handles aliases differently.   In W2K3, if you want to have the server respond to multiple names, you create a registry key called DisableStrictNameChecking and set it to a DWORD value of 1.  I added the key, but the server wouldn’t respond as I expected.  It seems that W2K8 sort of ignores that key.  Instead, you must use the setspn command to register the additional name(s).  Ok, name resolution taken care of so I thought.  Turns out that the spn is for TCP/IP type queries, meaning DNS is used for name resolution.  What happens if your app uses WINS for lookups because it is making standard SMB/NetBIOS type calls?  For that there is another registry key called OptionalNames.  This key is of type Multi-String and it contains the aliases that you want the server to register in WINS.

With all name resolution issues taken care of so I must be good to go, right?  Not so fast.   My apps folks are complaining that all their scripts are failing on transferring data to the FTP server.  I looked at a few of the scripts and saw that they were transferring files using the “put” command and wildcards.  In W2K3, this worked fine.  W2K8 doesn’t like it.  It wants to be more standards-based: “put” is for single files, “mput” is for multiple files.  Great…how much recoding are my apps folks going to have to do?

I had one person change his script to see if it would solve all his problems.  It got him past most items, but then we ran into the dreaded “505-Access Denied” error.  The permissions between the two servers match up so W2K8 must need something slightly different.

My window for this conversion was from 10pm to 1am.  As I approached 12:40am, I made the call to roll back.  I had a simple plan: power off the virtual server, power on the rackmount.  I thought it was pretty good, but I was wrong.   I came back in after getting some sleep and went to power up the virtual server in the morning to work on it. That pesky spn and OptionalNames reg key still played into things.  It was like I had two servers with the same name on the network, but no errors/alarms being thrown.  The new server took over the WINS entries for the old server.  Once I figured out to remove the spn and OptionalNames reg key, all went back to normal.

Now I can work on those permissions and try again some other Sunday night.

DISCLAIMER: All technical info was gathered in the heat of the moment Sunday night.  I may be wrong on the affects of the spn on name resolution methods (ie..DNS vs WINS), but it seems to make sense to me.  So unless someone has a better reason, I’m sticking with mine.