Unable to unjoin ScaleArc RODC from Windows AD domain

Overview

In ScaleArc 3.10, the joining of ScaleArc to a Windows Active Directory Domain as a Read-Only Domain Controller (RODC) is completed without requiring the ScaleArc hostname to be lowercase.

If a ScaleArc 3.10 appliance has been joined to a Windows Active Directory (AD) Domain as a Read-Only Domain Controller while the ScaleArc hostname contains uppercase letters and is then upgraded to 3.11 or later, attempting to unjoin ScaleArc RODC from the AD domain will fail with an error stating that 'ScaleArc hostname should be in lowercase to unjoin the domain'. The AD unjoin operation will fail due to the ScaleArc hostname character case restriction.

Unjoin_error.png

Note: In ScaleArc 3.11, a restriction was added to the AD join operation requiring the ScaleArc hostname to be lowercase hence this issue should not occur from v3.11 and later.

This article provides a workaround to unjoin the ScaleArc RODC from the Active Directory domain when this scenario is encountered resulting in unsuccessful unjoin operations.

 

Environment

Release: 3.10 and older

DB platform: MSSQL

 

Solution

Follow the steps below to unjoin ScaleArc RODC from a Windows AD domain.

Note that SSH access to the ScaleArc appliance is required. Refer to How to Enable SSH access to ScaleArc for instructions on enabling SSH if not already enabled.

  1. SSH to the ScaleArc appliance using the 'idb' user
  2. Execute the following commands (the text following the # character) in the ScaleArc shell terminal
    • # sudo su – 
      # cp /bin/hostname /bin/hostname.orig
      # echo "/bin/hostname.orig $1 | /usr/bin/tr '[:upper:]' '[:lower:]'" > /bin/host-name
      # chmod +x /bin/host-name
      # cp /bin/host-name /bin/hostname
  1. Execute the Windows AD unjoin operation in the ScaleArc browser UI (located in [SETTINGS] > [System Settings] > [Windows AD Setup]) by clicking on the Unjoin button.
  2. Once the AD unjoin operation completes successfully, execute the following commands in the ScaleArc shell terminal.
    • # cp /bin/hostname.orig /bin/hostname 
      # rm /bin/host-name
  3. Log out of the ScaleArc SSH session

If the above steps are unsuccessful, it will be necessary to perform the Unjoin in force_unjoin mode using an API call by following these steps:

  1. Navigate to the API page in ScaleArc by clicking on Settings -> API.
  2. Click on Get API to retrieve the API Key after entering in username and password.
  3. Execute the following curl call to forcefully unjoin from the domain:

cURL call example:

    curl -k -X POST https://10.26.0.190/api/scalearc_ad_join_status -d '{
    "apikey": "8f5ce01123573e20d47a0cf8f7e5d8a8cf55edc0",
    "netbios_domain":"2012QATEST",
    "domain": "2012qatest.com",
    "adServer":"10.26.0.55",
    "username":"administrator",
    "password":"admin",
    "joinFlag":"0",
    "force_unjoin":"on"
    }'
  • Refer to Using ScaleArc RESTful APIs on how to execute the API call as well as a detailed explanation of the various parameters in the above API call that should be accordingly updated for your environment.

Back to top

Comments

0 comments

Please sign in to leave a comment.