Backup and Restore Applications

Introduction

This script package (Backup_ Applications_xxxx.zip) is used to install the failover scripts on a pair of Anywhere365 servers to allow failover of Trusted Applications and Endpoints to a secondary server.

The install script will install and configure the following:

  1. A script set and a scheduled task on a Primary server (server1) that collects all Anywhere365 configured Trusted Applications and its associated Endpoint names and policies in an xml file and places these in a backup folder on a backup location. This can be a local or a remote location, but we strongly suggest the Secondary server (server2). The Scheduled task is installed as a daily task and runs BackupApplications.ps1 daily.

  2. A script set and scheduled task on the Secondary server (server 2) which synchronizes Trusted Application that are active and configured on the Primary server and creates them with identical name (and same port number or first available if that port is already in use). The Scheduled task is installed as a daily task and runs SyncApplications.ps1 daily.

  3. The script “sync_apps_and_failover_endpoints.ps1” is used to invoke a failover of endpoints to the secondary server in case a failover is needed. The method by which depends on the topology layout and type of outage. This script needs to be triggered manually from the secondary server.

 

Figure 1: Dual Site/FE Pool

 

Prerequisites

PowerShell

This script requires PowerShell 3.0 which is not default available on 2008 R2.

Accounts

The Installation account for the scripts should be at least:

  • Local administrator on both primary and secondary server.

The Service account to run the scheduled tasks must be member of:

  • CsAdministrator,

  • RTC Universal Server Admins in the domain,

  • Local Administrator on both primary and secondary server.

  • (typically) password never expires policy.

The Administrative account to Invoke the Failover scripts during a failover should be member of:

  • CsAdministrator,

  • RTC Universal Server Admins in the domain,

  • Local Administrator on both primary and secondary server.

 

Server Security Policy

The Scheduled tasks need to run with highest privilege and under the Service Account whether the account is logged on or not. Please check whether storage of credentials is allowed.

  • Open Local Security Policy, by going to Start | Settings | Control Panel | Administrative Tools | Local Security Policy.

  • Navigate to Local Policy's | Security Options | Network Access: Do not allow storage of credentials or .NET Passports for network authentication

  • Disable this option.

 

Administrative share access to Secondary server

A <driveletter>$:\Program Files\Anywhere365\ file share on the Secondary server should be fully accessible by the Installation and the Service account from the Primary server in a multi-server scenario.

 

Installation Primary Server

  1. Copy and extract the Backup_ Applications_xxxx.zip package to an install folder (for example C:\Install. The files can be requested from your Anywhere365 representative or partner).

  2. Open Windows PowerShell as administrator with the Installation account

  3. Run InstallBackupScript.ps1 (run on primary server). This script has prompts for input.

    • This script creates a folder <driveletter>:\Program Files\Anywhere365\Scripts\ and creates the necessary files and subfolders to enable the failover mechanism.

    • This script also creates a scheduled task “Anywhere365FailoverBackup” which runs script BackupApplications.ps1 from above folder, every day.

  4. Fill in the prompts for:

  5. Check results of Installation script.

    • Verify whether Folder <driveletter>:\Program Files\Anywhere365\Scripts\... has been created on Primary and Secondary server, and content has been placed inside.

    • Verify if Scheduled task “Anywhere365FailoverBackup” has been created to run every day. (Change the scheduled start-time to suit your needs).

  6. In Properties.ps1 the following lines can be configured depending on your intended behavior of scheduled tasks or cause of failover (ReplicaCheck or MoveEndpoints may not work for example if there is a severe outage on other Skype for BusinessSkype for Business (formerly Microsoft Office Communicator and Microsoft Lync) is an instant-messaging client used by Anywhere365. In order to use SFB, a Microsoft Skype for Business Server is required. Skype for Business is enterprise software; compared to Skype, it has different features that target businesses. servers):

Note For Enterprise+ license running multiple UCC services configure the proper ServiceName and ConfigPath variables and verify whether scheduled tasks have unique names. The Installer must be run per UCC service.

 

Installation Secondary Server

  1. Copy and extract the Backup_ Applications_xxxx.zip package to an install folder (for example C:\Install. The files can be requested from your Anywhere365 representative or partner).

  2. Open Windows PowerShell as administrator

  3. Run InstallSyncScript.ps1 (run on Secondary server). This script has prompts for input.

    • This script creates a scheduled task “Anywhere365FailoverSync” which runs script: SyncApplications.ps1, every day.

  4. Fill in the prompts for:

    • domain, the domain for the user account which runs the scheduled tasks

    • user, the username of the service account to run the scheduled task

    • password, password belonging to the above user

    • Trigger (y/n), will create a scheduled task called “Anywhere365FailoverSync”

  5. Check results of Installation script.

    • Verify whether Folder <driveletter>:\Program Files\Anywhere365\Scripts has been created, and content has been published.

    • Verify if Scheduled task “Anywhere365FailoverSync” which runs script: SyncApplications.ps1, every day has been created. (Optionally change the scheduled time. Should run after the BackupApplications.ps1 script has finished running).

  6. In Properties.ps1 the following lines can be configured depending on your intended behavior of scheduled tasks or cause of failover (ReplicaCheck may not work for example if there is a severe outage on other Skype for Business servers):

    • $configPath = "C:\ProgramData\Anywhere365\Core\Service\UnifiedContactCenterService" #Defines the location of the UCC service config.xml. Leave empty for version before Core 6.3

    • $MoveEndpoints = $true #Move endpoints between pools. Set to false to remove and create endpoints

    • $overwriteReplicaCheck = $False #Skips checking for replica. Used in environments where replication status is almost never True.

    • $alternateConferencingPolicy = "UCC Policy" #UCC Conferencing Policy to verify. Change if not using default."

    • $serviceName = "UnifiedContactCenterService" #Internal service name to start. Check properties on service in services.msc. Default = UnifiedContactCenterService

    • $services = @("Anywhere365 Notification Service", "RemotePresenceUpdateService","Anywhere365 EmailDialogue Provider", "Anywhere365 EmailDialogue WorkManager") #List with additional services to START.

Note For Enterprise+ license running multiple UCC services configure the proper ServiceName and ConfigPath variables and verify whether scheduled tasks have unique names. The Installer must be run per UCC service.

 

On Fail Over

  1. Stop the service if not already stopped by calamity. If stopping Primary server service for maintenance or DR testing, set UCC service Start Type to Manual to prevent automatic startup after maintenance or reboot.

  2. On Secondary server navigate to <driveletter>:\Program Files\Anywhere365\Scripts.

  3. Check properties in Properties.ps1

    • Verify whether the Move-CsApplicationEndpoint can be used or if Remove- and New-CsTrustedApplicationsEndpoints need to be executed. (This may be the case but not exclusively if the primary FrontEndPool is still healthy and can read/write to the AD).

      • If Remove- and NewTrustedApplicationEndpoint must be used, the variable $MoveEndpoints must be set to $false.

  4. Open Windows PowerShell as administrator with an Administrative account.

  5. Manually run sync_apps_and_failover_endpoints.ps1. This has prompts for input.

    • Besides migrating the endpoints to the Secondary server this script also creates a new folder (failback) with all necessary settings and scripts to restore the endpoints to the Primary server once it has been restored/rebuilt. And will still create Trusted Applications not synchronized by the SyncApplications scheduled task.

  6. Fill in the prompts for:

    • Confirm (Enter) correct location of backup source files and script locations

    • Optional change Registrar Pool Y/N, (If a new previously unknown Registrar Pool was created then optionally that name can be entered) If not the regular pool of the Secondary server will be used. Default is No.

    • Confirm (Enter) correct location of backup source files and config.xml location.

    • Clear the config file? Confirm whether the existing config.xml file needs to be cleared (existing ucc’s may need to be maintained on the secondary server).

  7. Wait for all endpoint migration to be completed (can take 30 seconds to 30 minutes or longer depending on amount of ucc’s and health of Skype for Business Topology)

  8. Manually Move the TrustedApplicationEndpoint for the Presence Provider (Sipaddress can be found in the UCC service config.xml, command is:

    Move-CsApplicationEndpoint -Identity sipThe Session Initiation Protocol (SIP) is a protocol to make multimedia communication (audio, video and other data communication) possible and it is also used for Voice over IP (VoIP). SIP has similarities with other Internet protocols such as HTTP and SMTP.:<presence-endpointname>@sipdomain.com -TargetApplicationPool <TrustedApplicationPoolName>)

  9. Confirm the startup of the UCC service. (can take 30 seconds to 30 minutes or longer depending on amount of ucc’s and health of Skype for Business Topology)

  10. Confirm (Y/N) the startup of additional webservices if configured in the Properties.ps1

  11. Verify correct operation of ALL UCC’s

  12. Verify the existence of a “failback” folder (location is <driveletter>:\Program Files\Anywhere365\Scripts\<servicename>\failback). This folder contains a copy of the configuration backup and scripts to invoke a failback, once the Primary server is restored.

 

On Fail Back

Note During Failover a failback folder is created on the passive server with the original backup files. This acts as a snapshot from the server that went down.

 

  1. Stop the UCC service on the Secondary server. Set UCC service Start Type to Manual to prevent automatic startup after maintenance or reboot.

  2. Copy the “Failback” folder from the Secondary server back to the Primary server when it has been restored or rebuilt.

  3. Open Windows PowerShell as administrator, with an Administrative account, from above “failback” folder.

  4. Run failback_apps_and_endpoints.ps1, this script has prompts for input

  5. Fill in the Prompts for:

    • Confirm (Enter) correct location of failback source files and script locations

    • Optional change of Registrar Pool Y/N, (Default is No, but if a new previously unknown single server Registrar Pool was created then optionally that name can be entered). By default the regular FE pool of the Secondary Application server will be used.

    • Confirm (Enter) correct location of failback source files and config.xml location.

    • Clear the config file? Confirm whether the existing config.xml file needs to be cleared (existing ucc’s may need to be maintained on the primary server).

  6. Wait for all endpoint migration to be completed (can take 30 seconds to 30 minutes or longer depending on amount of ucc’s and health of Skype for Business Topology)

  7. Manually Move the TrustedApplicationEndpoint for the Presence Provider (Sipaddress can be found in the UCC service config.xml, command is:

    Move-CsApplicationEndpoint -Identity sip:<presence-endpointname>@sipdomain.com -TargetApplicationPool <TrustedApplicationPoolName>)

  8. Confirm the startup of the UCC service. (can take 30 seconds to 30 minutes or longer depending on amount of ucc’s and health of Skype for Business Topology)

  9. Confirm (Y/N) the startup of additional webservices if configured in the Properties.ps1

  10. Verify correct operation of ALL UCC’s. (For example check UCC_Log for any anomalies).

 

Troubleshooting

Failure to install task:

Check the following settings.

  • Open Local Security Policy, by going to Start | Settings | Control Panel | Administrative Tools | Local Security Policy.

  • Navigate to Local Policy's | Security Options | Network Access: Do not allow storage of credentials or .NET Passports for network authentication

  • Disable this option.

 

Logging

Both scheduled tasks create a log in the installation folder "<driveletter>:\program files\anywhere365\scripts\backupapplications\logs"

Task logs are stamped with a start and end time