New with version 6.0 of Acronis Files Connect (formerly ExtremeZ-IP) is our usage of Microsoft’s Service Connection Point (SCP) technology. We use this technology to locate and contact other Acronis Files Connect servers in your Active Directory (AD) domain for DFS (Distributed File System) support, as well as new features in the future. Microsoft’s web site has an executive overview of what SCPs are and how they can be used at this location on the internet:
http://msdn.microsoft.com/en-us/library/ms677950(VS.85).aspx
Operation
The first time version 6.0 or later of Acronis Files Connect is executed after installation, the Acronis Files Connect service will attempt to install its own SCP in the AD domain, if there is a domain. Successful installation of the SCP requires that the service runs under the ‘local system account’, which Acronis Files Connect does by default.
If the SCP cannot be installed for any reason, a message is logged in the Windows Application Event log, as well as the Acronis Files Connect log. Acronis Files Connect will attempt to install the SCP each and every time Acronis Files Connect is started, until the Acronis Files Connect administrator executes the Acronis Files Connect Administrator User Interface application (“the UI”) and unchecks the check box labeled “Register Service Connection Point” on the “Service Discovery” tab of the “Settings” dialog in the UI.
If your configuration doesn’t require the SCP, the Acronis Files Connect administrator can disable this feature permanently by unchecking this check box in the UI. If this box is unchecked, the Acronis Files Connect service will uninstall and completely remove our SCP from AD, and it will not attempt to reinstall it until the Acronis Files Connect administrator checks this check box again in the UI.
If you uninstall Acronis Files Connect, the uninstall process will try to remove the SCP from AD. This requires that the user running the uninstall utility has Domain Administrator privileges in the AD domain. The uninstall program will display a dialog box to the user if there was an error trying to remove the SCP. In this case, your AD Administrator can manually remove the SCP by running the “Active Directory Users and Computers” MMC snap-in. The AD administrator should navigate to the computer name that has the SCP associated with it and double click that name. The SCP will be displayed with the name of the service, which is usually “Acronis Files Connect”. Right click that and select “Delete” to remove it.
Alternatively, before running the uninstall program to remove Acronis Files Connect, the person performing the uninstall can execute the UI one last time, find the “Service Discovery” tab under the “Settings” dialog, and uncheck the “Register Service Connection Point” check box. This will cause the Acronis Files Connect service to uninstall the SCP. Next, close the UI and proceed with the rest of the uninstall process.
Notes about our SCP:
- Our SCP does not require or cause an AD ‘schema’ change.
- Our SCP does get replicated to other AD servers in the forest.
- Acronis Files Connect must run under the Local System Account (or a domain administrator account – which is NOT recommended), to be able to install/uninstall its own SCP in Active Directory.
- To ensure that the information in the SCP is current with what is in the system registry for the Acronis Files Connect service, we customize the following four containers in the SCP object each time the Acronis Files Connect service is executed:
1. Binding Information a. We add 5 strings to this container: i. AFP_PORT=548 ii. HTTP_PORT=8081 iii. SERVICE_NAME=Acronis Files Connect (unless it’s on a cluster OS) iv. SUPPORTS_DFS=NO (unless we do, then it is YES) v. HOST_NAME=Fully qualified domain name of this host computer 2. Version Information a. We insert our version numbers for versionHi and versionLo. For example, in the 6.0 release, versionHi will be “6” and versionLo will be “0” (zero) 3. Keywords a. We add the following keywords to this container: i. Keyword 1: Vendor GUID – this value is always "44F3E20C-3D32-4656-9398-9468740F606D". ii. Keyword 2: Product GUID – this value is always "6D27D383-E811-4cfa-8440-C8886C800B43". iii. Keyword 3: Vendor Name – this value is always “Group Logic Inc.” iv. Keyword 4: Product Name – this value is always “Acronis Files Connect”. 4. ServiceDNSName – this is the fully qualified domain name of the host machine.
We specify the fully qualified domain name in the binding information and the ServiceDNSName field because the binding information container in the SCP gets replicated along with host (the type “A”) DNS record to other AD servers in the forest, but ServiceDNSName doesn’t.
This information is essential because it enables easier searching of the AD for “all SCPs that have ‘Acronis Files Connect’ as a service name” – when those are known, the DNS name of each Acronis Files Connect server is discoverable from a single search.