Network Binding Order Rule Warning in SQL Server 2008 Cluster Setup Explained
**Network Binding Order Rule Warning in SQL Server 2008 Cluster Setup Explained
**
This blog present some more information about the “network binding order” setup rule that is present in SQL Server 2008. We have another blog that talks about the issues you can run into with incorrect binding order. In this one, I will talk about what this rule is, how it evaluates the result and some instances where this rule will report a warning, and what corrective actions to take in such scenarios.
What is the Network Binding rule for?
This rule is there to verify that the domain needs to be accessible as the top network in the binding order or else performance problems might occur as the network stack tries to access the domain and times out because it has to fail on private networks until it gets to the domain network in the binding list.
How does this rule work?
It’s pretty simple, actually. We look for the Domain Bound adapter by doing a registry query to look at the TCP/IP bind registry here.
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage :Bind
The associated domain name is determined by doing a registry query on,
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{ADAPTER_GUID}\PrimaryDomainName
If the above value matches the value of the current user’s HKCU\Volatile Environment\USERDNSDOMAIN, the rule is considered successful.
So if domain name for the topmost adapter is 'null', then the rule gives a warning. Whatever value the registry returns, SQL Server Setup decides to pass/fail/warning for the rule, it’s as simple as that!
There are 2 issues we have seen on this:
1. Ghosted adapters described here https://support.microsoft.com/kb/955963
2. Incorrect binding order which is blogged about here https://blogs.msdn.com/sqlserverfaq/archive/2009/10/08/receive-a-warning-about-the-network-binding-order-on-the-setup-support-rules-page-when-install-sql-server-2008-in-a-failover-cluster.aspx
Another situation when this rule will report a warning:
In case none of your network adapters has a Domain name binding, then you will see a warning for this
Rule when you run setup.
Here is a snippet of detail.txt with this issue,
2010-04-08 16:09:22 Slp: NetworkBindingFacet: Looking up network binding order.
2010-04-08 16:09:22 Slp: NetworkBindingFacet: Network: 'Local Area Connection* 21' Device: '\Device\{1A76D264-BC34-4E11-8048-4927BD5EDF6C}' Domain: '' Adapter Id: '{1A76D264-BC34-4E11-8048-4927BD5EDF6C}'
2010-04-08 16:09:22 Slp: NetworkBindingFacet: Network: 'Public Network' Device: '\Device\{8371ED56-DEEF-4347-AA26-1F2C69225714}' Domain: '' Adapter Id: '{8371ED56-DEEF-4347-AA26-1F2C69225714}'
2010-04-08 16:09:22 Slp: NetworkBindingFacet: Network: 'Local Area Connection 7' Device: '\Device\{60A4B811-1E0B-441C-B3FF-AA791CC6B792}' Domain: '' Adapter Id: '{60A4B811-1E0B-441C-B3FF-AA791CC6B792}'
2010-04-08 16:09:22 Slp: IsDomainInCorrectBindOrder: The top network interface 'Local Area Connection* 21' is bound to domain '' and the current domain is 'NA.HOME.RA-INT.COM'.
Here is another snippet of detail.txt setup log which shows me at least one adapter bound to a domain, but not at the top of the bind order.
2010-04-22 04:08:48 Slp: NetworkBindingFacet: Network: 'Local Area Connection* 11' Device: '\Device\{193C49B1-84FF-4FCA-91CA-2A2505159E1D}' Domain: '' Adapter Id: '{193C49B1-84FF-4FCA-91CA-2A2505159E1D}'
2010-04-22 04:08:48 Slp: NetworkBindingFacet: Network: 'Local Area Connection' Device: '\Device\{185B568E-67A7-4046-8B3B-40E1C14F9658}' Domain: 'DOM191456.COM' Adapter Id: '{185B568E-67A7-4046-8B3B-40E1C14F9658}'
2010-04-22 04:08:48 Slp: NetworkBindingFacet: Network: 'Private' Device: '\Device\{09F98F1E-68A7-4679-AD57-369B3CBADCBC}' Domain: '' Adapter Id: '{09F98F1E-68A7-4679-AD57-369B3CBADCBC}'
2010-04-22 04:08:48 Slp: IsDomainInCorrectBindOrder: The top network interface 'Local Area Connection *11' is bound to domain '' and the current domain is 'DOM191456.COM'.
Here is a handy script that you can use to get a quick look into all the network adapters along with their domain name bindings, plus the current user’s domain (credit to Ajith for this script). This is a simulation of the network binding order rule in SQL 2008 setup.
<Start of Script>
Const HKCU = &H80000001
Const HKLM = &H80000002
strComputer = "."
strUDN = "User Domain Name"
strFNDN = "First NIC Domain Name"
Set oReg=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
Wscript.Echo "The User DNS Domain name should (case insensitive) match the Domain Name against the first NIC in the binding list."
Wscript.Echo
Return = oReg.GetStringValue(HKCU,"Volatile Environment","USERDNSDOMAIN",strUDN)
If (Return = 0) And (Err.Number = 0) Then
Wscript.Echo "User DNS Domain : " & strUDN
Wscript.Echo "==========================================="
Else
Wscript.Echo "Error retrieving User DNS Domain!! "
Wscript.Echo "==========================================="
End If
Return = oReg.GetMultiStringValue(HKLM,"SYSTEM\CurrentControlSet\services\Tcpip\Linkage","Bind",mstrValues)
Wscript.Echo "NIC binding list : Primary Domain Name "
Wscript.Echo "----------------- --------------------"
If (Return = 0) And (Err.Number = 0) Then
For Each strValue In mstrValues
oNICGuid = split(strValue,"\",-1)(2)
Return = oReg.GetStringValue(_
HKLM,_
"SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\" & oNICGuid,_
"PrimaryDomainName",_
strPDN)
If (Return = 0) And (Err.Number = 0) Then
Wscript.Echo oNICGuid & " : " & strPDN
If (strValue = mstrValues(0)) Then
strFNDN = strPDN
End If
Else
Wscript.Echo oNICGuid & " : -NA or None Found- "
End If
Next
Else
Wscript.Echo "GetMultiStringValue failed. Error = " & Err.Number & " returned " & Return
End If
Wscript.Echo
If StrComp(strUDN, strFNDN, vbTextCompare) Then
Wscript.Echo "PROBLEM!!!! : " & strUDN & " <> " & strFNDN
Else
Wscript.Echo "All is OK!! : " & strUDN & " = " & strFNDN
End If
Wscript.Echo
Wscript.Echo "All done.."
<End of Script>
What do you do to avoid getting the warning for this rule?
1. In case you are running into a situation where none of your network adapters have a domain name binding, then identify your domain NIC adapter from Network Connections and under Properties -> Internet Protocol (TCP/IP) -> Properties -> Advanced -> DNS, add a DNS suffix for the domain adapter.
Once you do this, your domain NIC will have a domain name binding, so we next we need to move this NIC adapter to the TOP of the network binding order.
2. To do this then identify the adapter ID for this domain adapter (using below command) and then move it to the top of the list in this registry key.
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage :Bind
You can use the following query to get a list of ALL adapter GUID’s and their names
wmic nicconfig get description, SettingID > C:\nicconfig.txt
Once you do this, exit the registry editor and then re-run the rule in the setup program. A successful detail.txt setup log will look like this,
2010-04-22 04:08:48 Slp: Init rule target object: Microsoft.SqlServer.Configuration.SetupExtension.NetworkBindingFacet
2010-04-22 04:08:48 Slp: NetworkBindingFacet: Looking up network binding order.
2010-04-22 04:08:48 Slp: NetworkBindingFacet: Network: 'Local Area Connection' Device: '\Device\{185B568E-67A7-4046-8B3B-40E1C14F9658}' Domain: 'DOM191456.COM' Adapter Id: '{185B568E-67A7-4046-8B3B-40E1C14F9658}'
2010-04-22 04:08:48 Slp: NetworkBindingFacet: Network: 'Local Area Connection* 11' Device: '\Device\{193C49B1-84FF-4FCA-91CA-2A2505159E1D}' Domain: '' Adapter Id: '{193C49B1-84FF-4FCA-91CA-2A2505159E1D}'
2010-04-22 04:08:48 Slp: NetworkBindingFacet: Network: 'Private' Device: '\Device\{09F98F1E-68A7-4679-AD57-369B3CBADCBC}' Domain: '' Adapter Id: '{09F98F1E-68A7-4679-AD57-369B3CBADCBC}'
2010-04-22 04:08:48 Slp: IsDomainInCorrectBindOrder: The top network interface 'Local Area Connection' is bound to domain 'DOM191456.COM' and the current domain is 'DOM191456.COM'.
2010-04-22 04:08:48 Slp: Evaluating rule : IsDomainNetworkTopOfBindings
2010-04-22 04:08:48 Slp: Rule running on machine: STARTREK
2010-04-22 04:08:48 Slp: Rule evaluation done : Succeeded
2010-04-22 04:08:48 Slp: Rule evaluation message: The domain network is bound correctly.
I hope cleared up any confusion you might have had regarding this rule, the warning status and the simple logic behind the rule. As always stay tuned for more SQL tips…
Regards,
Sudarshan Narasimhan
Technical Lead, Microsoft SQL Server CSS