Network Binding Order Rule Warning in SQL Server 2008 Cluster Setup Explained


Network Binding Order Rule Warning in SQL Server 2008 Cluster Setup Explained


This blog present some more information about the “network binding order” setup rule that is present in SQL Server 2008. We have another blog that talks about the issues you can run into with incorrect binding order. In this one, I will talk about what this rule is, how it evaluates the result and some instances where this rule will report a warning, and what corrective actions to take in such scenarios.

What is the Network Binding rule for?
This rule is there to verify that the domain needs to be accessible as the top network in the binding order or else performance problems might occur as the network stack tries to access the domain and times out because it has to fail on private networks until it gets to the domain network in the binding list.

How does this rule work?
It’s pretty simple, actually. We look for the Domain Bound adapter by doing a registry query to look at the TCP/IP bind registry here.
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage :Bind

The associated domain name is determined by doing a registry query on,
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{ADAPTER_GUID}\PrimaryDomainName

If the above value matches the value of the current user’s HKCU\Volatile Environment\USERDNSDOMAIN, the rule is considered successful.


So if domain name for the topmost adapter is ‘null’, then the rule gives a warning. Whatever value the registry returns, SQL Server Setup decides to pass/fail/warning for the rule, it’s as simple as that!

 There are 2 issues we have seen on this:

1. Ghosted adapters described here
http://support.microsoft.com/kb/955963

2. Incorrect binding order which is blogged about here
http://blogs.msdn.com/sqlserverfaq/archive/2009/10/08/receive-a-warning-about-the-network-binding-order-on-the-setup-support-rules-page-when-install-sql-server-2008-in-a-failover-cluster.aspx



Another situation when this rule will report a warning:


In case none of your network adapters has a Domain name binding, then you will see a warning for this


Rule when you run setup.


 Here is a snippet of detail.txt with this issue,

2010-04-08 16:09:22 Slp:   NetworkBindingFacet: Looking up network binding order.
2010-04-08 16:09:22 Slp:   NetworkBindingFacet:   Network: ‘Local Area Connection* 21’ Device: ‘\Device\{1A76D264-BC34-4E11-8048-4927BD5EDF6C}’ Domain: ” Adapter Id: ‘{1A76D264-BC34-4E11-8048-4927BD5EDF6C}’
2010-04-08 16:09:22 Slp:   NetworkBindingFacet:   Network: ‘Public Network’ Device: ‘\Device\{8371ED56-DEEF-4347-AA26-1F2C69225714}’ Domain: ” Adapter Id: ‘{8371ED56-DEEF-4347-AA26-1F2C69225714}’
2010-04-08 16:09:22 Slp:   NetworkBindingFacet:   Network: ‘Local Area Connection 7’ Device: ‘\Device\{60A4B811-1E0B-441C-B3FF-AA791CC6B792}’ Domain: ” Adapter Id: ‘{60A4B811-1E0B-441C-B3FF-AA791CC6B792}’
2010-04-08 16:09:22 Slp: IsDomainInCorrectBindOrder: The top network interface ‘Local Area Connection* 21’ is bound to domain ” and the current domain is ‘NA.HOME.RA-INT.COM’.

 Here is another snippet of detail.txt setup log which shows me at least one adapter bound to a domain, but not at the top of the bind order.

2010-04-22 04:08:48 Slp:   NetworkBindingFacet:   Network: ‘Local Area Connection* 11’ Device: ‘\Device\{193C49B1-84FF-4FCA-91CA-2A2505159E1D}’ Domain: ” Adapter Id: ‘{193C49B1-84FF-4FCA-91CA-2A2505159E1D}’
2010-04-22 04:08:48 Slp:   NetworkBindingFacet:   Network: ‘Local Area Connection’ Device: ‘\Device\{185B568E-67A7-4046-8B3B-40E1C14F9658}’ Domain: ‘DOM191456.COM’ Adapter Id: ‘{185B568E-67A7-4046-8B3B-40E1C14F9658}’
2010-04-22 04:08:48 Slp:   NetworkBindingFacet:   Network: ‘Private’ Device: ‘\Device\{09F98F1E-68A7-4679-AD57-369B3CBADCBC}’ Domain: ” Adapter Id: ‘{09F98F1E-68A7-4679-AD57-369B3CBADCBC}’
2010-04-22 04:08:48 Slp: IsDomainInCorrectBindOrder: The top network interface ‘Local Area Connection *11’ is bound to domain ” and the current domain is ‘DOM191456.COM’.

Here is a handy script that you can use to get a quick look into all the network adapters along with their domain name bindings, plus the current user’s domain (credit to Ajith for this script). This is a simulation of the network binding order rule in SQL 2008 setup.

<Start of Script>


Const HKCU = &H80000001


Const HKLM = &H80000002


 


strComputer = “.”


strUDN = “User Domain Name”


strFNDN = “First NIC Domain Name”


Set oReg=GetObject(“winmgmts:\\” & strComputer & “\root\default:StdRegProv”)


 


Wscript.Echo “The User DNS Domain name should (case insensitive) match the Domain Name against the first NIC in the binding list.”


Wscript.Echo


 


Return = oReg.GetStringValue(HKCU,”Volatile Environment”,”USERDNSDOMAIN”,strUDN)


If (Return = 0) And (Err.Number = 0) Then


 Wscript.Echo “User DNS Domain : ” & strUDN


 Wscript.Echo “===========================================”


Else


 Wscript.Echo “Error retrieving User DNS Domain!! “


 Wscript.Echo “===========================================”


End If


 


Return = oReg.GetMultiStringValue(HKLM,”SYSTEM\CurrentControlSet\services\Tcpip\Linkage”,”Bind”,mstrValues)


 


Wscript.Echo “NIC binding list    : Primary Domain Name “


Wscript.Echo “—————–     ——————–“


If (Return = 0) And (Err.Number = 0) Then


 For Each strValue In mstrValues


  oNICGuid = split(strValue,”\”,-1)(2)


  Return = oReg.GetStringValue(_


   HKLM,_


   “SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\” & oNICGuid,_


   “PrimaryDomainName”,_


   strPDN)


  If (Return = 0) And (Err.Number = 0) Then


   Wscript.Echo oNICGuid & “  : ” & strPDN


   If (strValue = mstrValues(0)) Then


    strFNDN = strPDN


   End If


  


  Else


   Wscript.Echo oNICGuid & “  : -NA or None Found- “


  End If


 Next


Else


    Wscript.Echo “GetMultiStringValue failed. Error = ” & Err.Number & ” returned ” & Return


End If


 


Wscript.Echo


 


If StrComp(strUDN, strFNDN, vbTextCompare) Then


 Wscript.Echo “PROBLEM!!!! : ” & strUDN & ” <> ” & strFNDN


Else


 Wscript.Echo “All is OK!! : ” & strUDN & ” = ” & strFNDN


End If


 


Wscript.Echo


Wscript.Echo “All done..”


 


<End of Script>


 


What do you do to avoid getting the warning for this rule?


1.       In case you are running into a situation where none of your network adapters have a domain name binding, then identify your domain NIC adapter from Network Connections and under Properties -> Internet Protocol (TCP/IP) -> Properties -> Advanced -> DNS, add a DNS suffix for the domain adapter.



Once you do this, your domain NIC will have a domain name binding, so we next we need to move this NIC adapter to the TOP of the network binding order.


 


2.       To do this then identify the adapter ID for this domain adapter (using below command) and then move it to the top of the list in this registry key.
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage :Bind


 


 


You can use the following query to get a list of ALL adapter GUID’s and their names
wmic nicconfig get description, SettingID > C:\nicconfig.txt



Once you do this, exit the registry editor and then re-run the rule in the setup program. A successful detail.txt setup log will look like this,


2010-04-22 04:08:48 Slp: Init rule target object: Microsoft.SqlServer.Configuration.SetupExtension.NetworkBindingFacet
2010-04-22 04:08:48 Slp:   NetworkBindingFacet: Looking up network binding order.
2010-04-22 04:08:48 Slp:   NetworkBindingFacet:   Network: ‘Local Area Connection’ Device: ‘\Device\{185B568E-67A7-4046-8B3B-40E1C14F9658}’ Domain: ‘DOM191456.COM’ Adapter Id: ‘{185B568E-67A7-4046-8B3B-40E1C14F9658}’
2010-04-22 04:08:48 Slp:   NetworkBindingFacet:   Network: ‘Local Area Connection* 11’ Device: ‘\Device\{193C49B1-84FF-4FCA-91CA-2A2505159E1D}’ Domain: ” Adapter Id: ‘{193C49B1-84FF-4FCA-91CA-2A2505159E1D}’
2010-04-22 04:08:48 Slp:   NetworkBindingFacet:   Network: ‘Private’ Device: ‘\Device\{09F98F1E-68A7-4679-AD57-369B3CBADCBC}’ Domain: ” Adapter Id: ‘{09F98F1E-68A7-4679-AD57-369B3CBADCBC}’
2010-04-22 04:08:48 Slp: IsDomainInCorrectBindOrder: The top network interface ‘Local Area Connection’ is bound to domain ‘DOM191456.COM’ and the current domain is ‘DOM191456.COM’.
2010-04-22 04:08:48 Slp: Evaluating rule        : IsDomainNetworkTopOfBindings
2010-04-22 04:08:48 Slp: Rule running on machine: STARTREK
2010-04-22 04:08:48 Slp: Rule evaluation done   : Succeeded
2010-04-22 04:08:48 Slp: Rule evaluation message: The domain network is bound correctly.


I hope cleared up any confusion you might have had regarding this rule, the warning status and the simple logic behind the rule. As always stay tuned for more SQL tips…


 


Regards,
Sudarshan Narasimhan
Technical Lead, Microsoft SQL Server CSS


 

Comments (0)