Domain Name Change
Administrators can modify the network-level DNS default domain that is associated with an IM and Presence Service node or group of nodes.
The enterprise-wide IM and Presence Service domain does not need to align with the DNS default domain of any IM and Presence Service node. To modify the enterprise-wide domain for your deployment, see the Deployment Guide for IM and Presence Service on Cisco Unified Communications Manager Configuration and Administration Guide for the IM and Presence Service.
Caution |
Changing the default domain on any node in an IM and Presence Service cluster will result in node restarts and interruptions to presence services and other system functions. Because of this impact to the system, you must perform this domain change procedure during a scheduled maintenance window. |
When you change the default domain name for a node, all third-party signed security certificates are automatically overwritten with new self-signed certificates. If you want to have those certificates re-signed by your third-party Certificate Authority, you must manually request and upload the new certificates. Service restarts may be required to pick up these new certificates. Depending on the time that is required to request new certificates, a separate maintenance window may be required to schedule the service restarts.
Note |
New certificates cannot be requested in advance of changing the default domain name for the node. Certificate Signing Requests (CSRs) can only be generated after the domain has been changed on the node and the node has been rebooted. |
IM and Presence Service Default Domain Name Change Tasks
The following table contains the step-by-step instructions for modifying the network-level DNS default domain name associated with an IM and Presence Service node or group of nodes. The detailed instructions for this procedure specify the exact order of steps for performing the change on multiple nodes within the cluster.
If you are performing this procedure across multiple clusters, you must complete the changes sequentially on one cluster at a time.
Note |
You must complete each task in this procedure in the exact order presented in this workflow. |
Procedure
Step 1 |
Complete the pre-change tasks on all applicable nodes within the cluster. Some of the pre-change tasks may apply only to the IM and Presence database publisher node and can be skipped if you are modifying a subscriber node. |
||
Step 2 |
Update the DNS records for the IM and Presence Service node on all applicable nodes within the cluster. Also update SRV, Forward (A), and Reverse (PTR) records as appropriate to incorporate the new node domain. |
||
Step 3 |
Update the IM and Presence Service node name on all applicable nodes within the cluster using Cisco Unified Communications Manager Administration.
|
||
Step 4 |
Update the DNS domain on all applicable nodes using the Command Line Interface (CLI). The CLI command makes the required domain change on the node operating system and triggers an automatic reboot of each node. |
||
Step 5 |
Restart the 'A Cisco DB' service of all the nodes in the cluster after the domain name update to ensure that operating system configuration files on all nodes pick up the DNS domain name change that is associated with the modified nodes.
|
||
Step 6 |
Verify database replication using the CLI. See topics related to performing system health checks and troubleshooting database replication for details. After all system files are synchronized within the cluster, you must verify database replication. |
||
Step 7 |
Regenerate security certificates on the node.
|
||
Step 8 |
Complete the post-change tasks for all applicable nodes within the cluster to ensure that the cluster is fully operational. |
Update DNS Records
-
A records
-
PTR records
-
SRV records
If multiple nodes within a cluster are being modified, you must complete the following procedure for each of these nodes.
If you are modifying the IM and Presence database publisher node, you must complete this procedure on the IM and Presence database publisher node first before repeating on any applicable IM and Presence Service subscriber nodes.
Note |
|
Before you begin
Perform all pre-change tasks and the applicable system health checks on your deployment.
Procedure
Step 1 |
Remove the old DNS forward (A) record for the node from the old domain. |
Step 2 |
Create a new DNS forward (A) record for the node within the new domain. |
Step 3 |
Update the DNS reverse (PTR) record for the node to point to the updated Fully Qualified Domain Name (FQDN) of the node. |
Step 4 |
Update any DNS SRV records that point to the node. |
Step 5 |
Update any other DNS records that point to the node. |
Step 6 |
Verify that all the above DNS changes have propagated to all other nodes within the cluster by running the following Command Line Interface (CLI) command on each node: |
What to do next
Update the IM and Presence Service node name.
Update Node Name in FQDN Value
If the node name defined for the node in the Presence Topology window on the Cisco Unified CM IM and Presence Administration GUI is set to the Fully Qualified Domain Name (FQDN) of the node, then it references the old domain name. Therefore you must update the node name to reference the new domain name.
Note |
This procedure is only required if the node name value for this node is set to FQDN. If the node name matches the IP address or the hostname of the node, then this procedure is not required. |
If multiple nodes within a cluster are being modified, you must complete the following procedure sequentially for each of these nodes.
If the IM and Presence database publisher node is being modified, you must complete this procedure for the IM and Presence Service subscriber nodes first, before completing the procedure on the publisher node.
Before you begin
Update the DNS records for the node.
Procedure
Step 1 |
Modify the node name for the IM and Presence Service node.
|
Step 2 |
Verify that the Application Server entry for this node has been updated to reflect the new node name on the Presence Topology window of the Cisco Unified CM IM and Presence Administration GUI. |
What to do next
Update the DNS domain on all applicable nodes.
Update DNS Domain
You can change the DNS domain of the IM and Presence Service node using the Command Line Interface (CLI).
The enterprise-wide IM and Presence Service domain does not need to align with the network-level DNS default domain of any IM and Presence Service node. To modify the enterprise-wide domain for your deployment, see the Deployment Guide for IM and Presence Service on Cisco Unified Communications Manager.
If you are modifying multiple nodes within a cluster, then you must complete the following procedure sequentially for each node.
If you are modifying the IM and Presence database publisher node, then you must first complete this procedure on the database publisher node before you modify any subscriber nodes.
Before you begin
Update the IM and Presence Service node name.
Procedure
Step 1 |
Sign in to the
CLI on the node and enter
Example:admin: set network domain new-domain.com *** W A R N I N G *** Adding/deleting or changing domain name on this server will break database replication. Once you have completed domain modification on all systems that you intend to modify, please reboot all the servers in the cluster. This will ensure that replication keeps working correctly. After the service is rebooted, please confirm that there are no issues reported on the Cisco Unified Reporting report for Database Replication. The server will now be rebooted. Do you wish to continue. Security Warning : This operation will regenerate all CUP Certificates including any third party signed Certificates that have been uploaded. Continue (y/n)? |
||
Step 2 |
Enter
|
||
Step 3 |
After the node
restarts, enter
Example:The new domain in the following example is new-domain.com. admin: show network eth0 Ethernet 0 DHCP : disabled Status : up IP Address : 10.53.50.219 IP Mask : 255.255.255.000 Link Detected: yes Mode : Auto disabled, Full, 1000 Mbits/s Duplicate IP : no DNS Primary : 10.53.51.234 Secondary : Not Configured Options : timeout:5 attempts:2 Domain : new-domain.com Gateway : 10.53.50.1 on Ethernet 0 |
||
Step 4 |
Repeat the previous steps on all applicable nodes in the cluster. |
What to do next
Reboot all nodes in the cluster.
Cluster Nodes Considerations
You can use the Command Line Interface (CLI) to restart the "A Cisco DB" service in the nodes in your cluster.
After you change the domain name and the node reboots, you need to restart the 'A Cisco DB' service of all the nodes in the cluster, including those nodes that have automatically rebooted, starting with the Unified CM publisher and then for all the subscribers as the published database comes up. This ensures that the Operating System configuration files on all nodes are aligned with the new domain values.
Verify that the system is working properly. If you observe any replication issues, ensure that you restart all the nodes in the cluster.
Initiate the reboot process on the IM and Presence database publisher node first. When the database publisher node has restarted, proceed to reboot the remaining IM and Presence Service subscriber nodes in any order.
Before you begin
Ensure that the DNS domain name of the node was changed.
Procedure
Step 1 |
Reboot the IM
and Presence database publisher node using the CLI. Enter
Example:admin: utils system restart Do you really want to restart ? Enter (yes/no)? |
||
Step 2 |
Enter
|
||
Step 3 |
Wait until you see the following message that indicates the IM and Presence database publisher node has restarted. Example:Broadcast message from root (Wed Oct 24 16:14:55 2012): The system is going down for reboot NOW! Waiting . Operation succeeded restart now. |
||
Step 4 |
Sign in to the CLI on each IM and Presence Service subscriber node and enter
|
What to do next
Verify database replication. See topics related to system health checks for more information.
Regenerate Security Certificates
The Fully Qualified Domain Name (FQDN) of the node is used as Subject Common Name in all IM and Presence Service security certificates. Therefore, when the DNS domain is updated on a node, all security certificates are automatically regenerated.
If any certificates were signed by a third-party Certificate Authority, then you must manually generate new Certificate Authority signed certificates.
If you are modifying multiple nodes within a cluster, you must complete the following procedure for each node.
Note |
New certificates cannot be requested in advance of changing the default domain name for the node. Certificate Signing Requests (CSRs) can only be generated after the domain has been changed on the node and the node has been rebooted. |
Before you begin
Verify database replication to ensure that database replication is successfully established on all nodes.
Procedure
Step 1 |
If a certificate must be signed by a third-party Certificate Authority, sign in to the Cisco Unified Operating System Administration GUI and perform the required steps for each relevant certificate. |
||
Step 2 |
After you upload the signed certificate, you may need to restart services on the IM and Presence Service node.
|
What to do next
Perform the post-change task list on all applicable nodes within the cluster.