0% found this document useful (0 votes)

4 views

MilestoneXProtectManagementServerFailover AdministratorManual en-US

The XProtect Management Server Failover 2024 R1 Administrator Manual provides comprehensive guidelines for setting up and maintaining a failover cluster to ensure high availability of the XProtect VMS components. It covers installation, configuration, licensing, troubleshooting, and requirements for both network and SQL Server. Key features include seamless operation during server failures, minimal downtime for updates, and secure real-time database replication.

Uploaded by

Ahmet Güven

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

4 views

MilestoneXProtectManagementServerFailover AdministratorManual en-US

Uploaded by

Ahmet Güven

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 56

Milestone Systems

XProtect® Management Server Failover 2024 R1

Administrator manual
Administrator manual | XProtect® Management Server Failover 2024 R1

Contents
Copyright, trademarks, and disclaimer 5

Overview 6

XProtect Management Server Failover 6

What's new? 6

In XProtect Management Server Failover 2023 R3 6

Compatibility 7

XProtect Management Server Failover elements 7

Failover steps 8

Required and optional XProtect VMS components 9

Licensing 12

XProtect Management Server Failover licenses 12

Requirements and considerations 13

Network and computer prerequisites 13

SQL Server prerequisites 14

XProtect VMS prerequisites 17

Encryption considerations 17

Prerequisites for installing a recording server or failover recording server 18

Server certificate for the failover web console 18

Browser requirements for the failover web console 19

Additional configuration 19

Encrypting the connection to the failover cluster 19

Update the data protection settings for Identity Provider 20

Disable Windows Defender Advanced Thread Protection Service 21

DNS lookups 22

View the SQL Server instance name 23

Changing the service account that runs a VMS service 24

Start or stop a VMS service 25

Start or stop an Internet Information Services (IIS) application pool 25

2 | Contents
Administrator manual | XProtect® Management Server Failover 2024 R1

Map the host names of the nodes 26

Change the identity of an IIS application pool for XProtect 26

Change the service account for a Windows service 27

Installation 28

Install XProtect Management Server Failover 28

Configuration 29

Configure XProtect Management Server Failover (wizard) 29

Configure the failover cluster 29

Register remote servers 33

Install the server certificate on a computer 35

Maintenance 36

Add a license for XProtect Management Server Failover 36

Download the server certificate to access the failover web console 36

Remove the existing failover cluster configuration 37

Removing the failover cluster configuration when connected to an external SQL Server instance 38

Change the password for authentication 38

Uninstall XProtect Management Server Failover 38

The failover web console 39

User interface details 39

Cluster options 40

Open the failover web console 43

View the status of the nodes 44

Start or stop a node 45

Swap the state of the nodes 45

Identify the host name of a node 46

Change the behavior of a node after restart 46

Create snapshots of a module for support 47

Ports used by XProtect Management Server Failover services and modules 48

Upgrade 50

XProtect Management Server Failover upgrade 50

3 | Contents
Administrator manual | XProtect® Management Server Failover 2024 R1

FAQ 51

XProtect Management Server Failover FAQ 51

Troubleshooting 53

Troubleshooting XProtect Management Server Failover 53

4 | Contents
Administrator manual | XProtect® Management Server Failover 2024 R1

Copyright, trademarks, and disclaimer

Trademarks

XProtect is a registered trademark of Milestone Systems A/S.

Microsoft and Windows are registered trademarks of Microsoft Corporation. App Store is a service mark of
Apple Inc. Android is a trademark of Google Inc.

All other trademarks mentioned in this document are trademarks of their respective owners.

Disclaimer

This text is intended for general information purposes only, and due care has been taken in its preparation.

Any risk arising from the use of this information rests with the recipient, and nothing herein should be construed
as constituting any kind of warranty.

Milestone Systems A/S reserves the right to make adjustments without prior notification.

All names of people and organizations used in the examples in this text are fictitious. Any resemblance to any
actual organization or person, living or dead, is purely coincidental and unintended.

This product may make use of third-party software for which specific terms and conditions may apply. When that
is the case, you can find more information in the file 3rd_party_software_terms_and_conditions.txt
located in your Milestone system installation folder.

5 | Copyright, trademarks, and disclaimer

Administrator manual | XProtect® Management Server Failover 2024 R1

Overview

XProtect Management Server Failover

If a standalone computer running the management server or SQL Server has a hardware failure, it does not
affect recordings or the recording server. However, these hardware failures can result in downtime for
operators and administrators who have not logged in to the clients.

XProtect Management Server Failover is an XProtect VMS extension that can help you when:

l A server fails – you can run the system components from another computer while you resolve the
problems.

l You need to apply system updates and security patches – applying security patches on a standalone
management server can be time-consuming, resulting in extended periods of downtime. When you have
a failover cluster, you can apply system updates and security patches with minimal downtime.

l You need seamless connection – users get continuous access to live and playback video, and to the
system’s configuration at all times.

To configure XProtect Management Server Failover, you install he management server, log server, and event
server run on two computers. If the first computer stop working, the VMS components start running on the
second computer. Additionally, you can benefit from a secure real-time replication of the VMS databases when
SQL Server runs in the failover cluster.

What's new?

In XProtect Management Server Failover 2023 R3

Failover recording server:

l You can now configure XProtect Management Server Failover and a failover recording server in a
workgroup environment. See Prerequisites for installing a recording server or failover recording server
on page 18.

Troubleshooting:

l To see a list of the most common issues with XProtect Management Server Failover, go to
Troubleshooting XProtect Management Server Failover on page 53.

In XProtect Management Server Failover 2023 R2

Recording server:

l You can now install a recording server on the failover cluster nodes. See Prerequisites for installing a
recording server or failover recording server on page 18.

External SQL Server:

6 | Overview
Administrator manual | XProtect® Management Server Failover 2024 R1

l You can now connect the XProtect Management Server Failover to your external SQL Server. See SQL
Server prerequisites on page 14.

Workgroups:

l You can now configure the failover cluster in a workgroup environment. See Network and computer
prerequisites on page 13.

User certificates:

l User certificates are no longer required to log in to the failover web console. To log in to the failover web
console, you must now install a server certificate and authenticate with a user name and password. See
Open the failover web console on page 43.

In XProtect Management Server Failover 2023 R1

Authentication for the failover web console:

l You must authenticate with a password to log in to the failover web console. To set a password during the
configuration of the failover cluster, see Configure the failover cluster on page 29.

Behavior of a node after restart:

l You can set a node to always stop or start after restart, see Change the behavior of a node after restart
on page 46.

Compatibility
XProtect Management Server Failover is compatible with:

l XProtect Corporate 2022 R1 and later

l XProtect Expert 2022 R1 and later

XProtect Management Server Failover elements

XProtect Management Server Failover consists of the following elements:

7 | Overview
Administrator manual | XProtect® Management Server Failover 2024 R1

Failover cluster - It consists of two independent computers that work together to maintain high availability of
the management server, log server, event server, and SQL Server. If one of the computers fails, the other
computer in the cluster takes over the workload of running the VMS server components.

Primary and secondary computers - Typically, the primary computer is the computer you have a running VMS
installation on. To configure the failover cluster, you install a VMS product on the secondary computer that
mirrors the one on the primary computer.

Nodes - The failover cluster consists of two computers called nodes. The primary computer is referred to as
Node 1, and the secondary computer is referred to as Node 2. The names of the nodes do not change but they
can have different states. During normal operation, the node the VMS servers run on is in PRIM state and the
standby node is in SECOND state.

l Failover steps on page 8

l The failover web console on page 39

l Node states on page 41

Failover steps
In a typical scenario, you install these components on both nodes:

l XProtect Management Server

l XProtect Log Server

l XProtect Event Server

l SQL Server

The failover steps in a typical scenario are:

I. The management server, event server, log server, and SQL Server run on Node 1 (in PRIM state). If you
have installed SQL Server on the nodes, XProtect Management Server Failover replicates the data from
these system components on Node 2 (in SECOND state).

Every second, the nodes exchange heartbeats.

8 | Overview
Administrator manual | XProtect® Management Server Failover 2024 R1

II. If the management server on Node 1 becomes unavailable for 30 seconds, Node 2 takes over.

The failover time depends on the startup time of the Management Server service.

1. Node 2 comes into ALONE state, and the data replication stops.

2. The management server, event server, log server, and SQL Server start running on Node 2.

3. The management server, event server, and log server store data on the SQL Server on Node 2.

III. You identify and fix the issue that caused the failover and start Node 1 from the failover web console. The
data that was modified on Node 2 replicates to Node 1.

The VMS system components still run on Node 2 (in PRIM state), and the data replicates on Node 1 (in
SECOND state). If needed, you can swap the states of the nodes from the failover web console.

Required and optional XProtect VMS components

Depending on the size of your VMS installation and resources, you can configure XProtect Management Server
Failover in different ways. You can install the following system components on Node 1 and Node 2 in a domain or
workgroup environment:

9 | Overview
Administrator manual | XProtect® Management Server Failover 2024 R1

On the failover cluster nodes, you must install:

l XProtect Management Server

l XProtect Event Server

l XProtect Log Server

Additionally, you can install the following system components:

SQL Server

You can use internal or external SQL Server instances.

To use an internal SQL Server instance, you must install SQL Server on both nodes. When using an internal SQL
Server instance, XProtect Management Server Failover replicates the contents of the SQL Server databases and
triggers failover if the SQL Server instance fails.

If you have a large VMS installation, you can use an external SQL Server instance and exclude SQL Server from
the failover cluster. In this scenario, the XProtect Management Server Failover solution does not monitor and
replicate the SQL Server databases. Milestone recommends regular backups of the SQL Server databases as a
disaster recovery measure.

See SQL Server prerequisites on page 14.

Recording Server

You can install a recording server on one or both nodes.

XProtect Management Server Failover does not provide failover for the recording server. You must configure the
failover recording server yourself.

See Prerequisites for installing a recording server or failover recording server on page 18.

10 | Overview
Administrator manual | XProtect® Management Server Failover 2024 R1

Failover Recording Server

You can install a failover recording server on one or both nodes.

If you have limited resources, you can use the failover cluster nodes to host a recording server and a failover
recording server. You configure the failover recording server from XProtect Management Client.

For system resiliency, Milestone recommends installing the recording server on Node 2 and the failover
recording server on the Node 1.

When part of the failover cluster, the failover recording server can work only in a Hot
standby setup.

11 | Overview
Administrator manual | XProtect® Management Server Failover 2024 R1

Licensing

XProtect Management Server Failover licenses

XProtect Management Server Failover comes with a three-day demo license.

To use the failover cluster for an unlimited period, register the host names of the nodes and add your XProtect
Management Server Failover license.

If you do not add your XProtect Management Server Failover license, the Management
Server service will stop after three days.

To obtain a license for XProtect Management Server Failover, contact your reseller.

You can add the license during the failover cluster configuration or afterward. See Add a license for XProtect
Management Server Failover on page 36.

12 | Licensing
Administrator manual | XProtect® Management Server Failover 2024 R1

Requirements and considerations

Network and computer prerequisites

Before you can start using XProtect Management Server Failover, you must make sure that you go through the
following network and computer prerequisites:

l Operating system - Install two identical operating systems on Node 1 and Node 2. To see a list of
supported operating systems, go to https://www.milestonesys.com/systemrequirements/.

l Addresses - In the same subnet, assign static IPv4 addresses to the nodes and reserve an IPv4 address
for the virtual IP. The virtual IP allows the remote servers to connect seamlessly to the running
management server.

If the host name and address of a node does not resolve as expected by the
system, the configuration might fail. See DNS lookups on page 22.

Do not assign IPv6 addresses to the computers that run the management server
and external SQL Server. XProtect Management Server Failover does not support
the IPv6 protocol.

13 | Requirements and considerations

Administrator manual | XProtect® Management Server Failover 2024 R1

l Domain or workgroup environment - Configure the failover cluster in an Active Directory (AD) domain
or workgroup environment.

Domain

Use the same AD domain on both nodes.

Workgroup

Prerequisite Description

Workgroup
Add Node 1 and Node 2 to the same workgroup.
membership

(When without DNS

Map the host names of the nodes to their IP addresses. See Map the host
server) Host name
names of the nodes on page 26.
mapping

You must add a new Windows group in XProtect Management Client on

both nodes.
Windows group
Go to Roles and add the BUILTIN/Administrators Windows group to the
Administrators role.

To make sure you can always log in, add a basic user to the Administrators
Basic user role in XProtect Management Client for the VMS installations on both nodes.

Go to Roles and add an existing basic user or create a new one.

l Time - Synchronize the time and time zones between the nodes.

l ICMP traffic - Allow inbound ICMP traffic through Windows Defender Firewall.

l PowerShell execution policy - Set your PowerShell execution policy to Unrestricted. This allows the
configuration wizard to run PowerShell scripts on both nodes. See about_Execution_Policies.

l Windows Defender Advanced Thread Protection Service - You must disable Windows Defender
Advanced Thread Protection Service. See Disable Windows Defender Advanced Thread Protection
Service on page 21.

SQL Server prerequisites

When using an internal SQL Server instance, XProtect Management Server Failover replicates the contents of
the SQL Server databases and triggers failover if the SQL Server instance fails.

For large VMS installations, you can connect the management server to an external SQL Server instance.

14 | Requirements and considerations

Administrator manual | XProtect® Management Server Failover 2024 R1

Internal SQL Server instance

The SQL Server installations must be identical on both nodes. To see a list of supported SQL Server editions for
your VMS product, go to https://www.milestonesys.com/systemrequirements/.

Also, consider the following:

Prerequisite Description

Back up any existing databases to avoid loss of data.

Database backup During the failover cluster configuration, the wizard replicates the SQL Server
databases on Node 1 to the SQL Server databases on Node 2. All data on the SQL
Server databases on Node 2 is overwritten.

The SQL Server service must run under the same user account as the XProtect
SQL Server service services.
account To change a service account for the XProtect VMS, see Changing the service
account that runs a VMS service on page 24

For the data replication to work:

l Store your VMS databases data and log files in DATA and Log folders. By
default, the VMS databases data and log files are stored in the DATA folder.

l Store your SQL Server error logs, trace log files, and log events in the Log
folder.

l Keep the DATA and Log folders in the same parent folder.

l Do not change the names of the DATA and Log folders.

Database location
The default locations are:

l C:\Program Files\Microsoft SQL Server\MSSQL

{nn}.MSSQLSERVER\MSSQL\DATA

l C:\Program Files\Microsoft SQL Server\MSSQL

{nn}.MSSQLSERVER\MSSQL\Log

{nn} is the version number.

See View or Change the Default Locations for Data and Log Files.

Virus scanning In your antivirus program, exclude the locations of the DATA and Log folders from
exclusions virus scanning.

Verify that the instance name of your SQL Server is MSSQLSERVER. See View the
Instance name
SQL Server instance name on page 23.

15 | Requirements and considerations

Administrator manual | XProtect® Management Server Failover 2024 R1

External SQL Server instance

You can use a SQL Server instance that is hosted elsewhere in your network. XProtect Management Server
Failover does not monitor the SQL Server databases when the SQL Server instance is hosted on a separate
server.

The failover server configuration with external SQL Server does not work in a workgroup
environment.

Prerequisite Description

In Microsoft SQL Server Management Studio, add a Windows user to the public
role and map the user to the db_owner database role for the following
databases:

Permissions for the l Surveillance: Management and event server

SQL Server user
l Surveillance_IDP: IDP

l Surveillance_IM: Incident Manager

l LogserverV2: LogServer

Verify that the VMS installations on both nodes are connected to the external SQL
Connection
Server instance.

Make sure that the Management Server service on both nodes runs under the
Windows user you added on the SQL Server computer.
Service account If your SQL Server runs under a different user, you can change the account that
runs the Management Server service. See Changing the service account that
runs a VMS service on page 24.

If you have two or more running management servers that are connected to the
same SQL Server databases, your data might be corrupted.

To avoid potential database conflicts, go to Node 1 and:

Database conflicts l Stop all VMS services. See Start or stop a VMS service on page 25.

l Stop all Internet Information Services (IIS) application pools for the VMS.
See Start or stop an Internet Information Services (IIS) application pool on
page 25.

16 | Requirements and considerations

Administrator manual | XProtect® Management Server Failover 2024 R1

XProtect VMS prerequisites

Install two identical VMS products under a common user account with administrator permissions. To learn more
about the general prerequisites for installing XProtect VMS, see the XProtect VMS administrator manual.

When working in a domain environment, select AD users for the service accounts and only give them the
permissions required to run the relevant services.

On both nodes, install the following system components:

l XProtect Management Server

l XProtect Event Server

l XProtect Log Server

l XProtect Management Server Failover

l XProtect API Gateway

l XProtect Recording Server (optional), see Prerequisites for installing a recording server or failover
recording server on page 18.

Milestone recommends that you install all other server components not mentioned above
on different computers.

Depending on your system configuration, consider the following:

l System configuration password - To assign a system configuration password, use the same password
for the VMS installations on both nodes.

Encryption considerations
If you want to encrypt the connection between the failover cluster nodes and other VMS components, you must
consider the following:

l VMS certificates - To encrypt the connection to and from the running management server, you must
install the CA certificate and an SSL certificate on both nodes. See Encrypting the connection to the
failover cluster on page 19.

l Failover certificates - The failover cluster communicates with the failover web console through HTTP or
HTTPS. During the failover cluster configuration, you select the connection protocol. If you select HTTPS,
the wizard generates a server certificate that encrypts the connection to the failover web console. See
Server certificate for the failover web console on page 18.

l Identity Provider - To ensure that users can log in to the running management server, you must set up
data protection and update the data protection keys. See Update the data protection settings for Identity
Provider on page 20.

17 | Requirements and considerations

Administrator manual | XProtect® Management Server Failover 2024 R1

Prerequisites for installing a recording server or failover recording

server
The installation of the recording server or failover recording server on the cluster nodes requires additional
steps.

You can install a recording server or failover recording server on one or both nodes. For example, you can
install:

l A recording server on Node 1.

l A recording server on Node 1 and a failover recording server on Node 2.

l A recording server on Node 1 and Node 2.

Before you configure the management server failover, consider the following:

l Environment - The nodes can run either in a domain or in a workgroup environment.

l Failover recording server setup - If you configure a failover recording server on any of the nodes, you
must use it in a hot standby setup.

l Encryption (optional)- To encrypt the connection between the VMS components, you must install the SSL
certificate for the recording server on the recording server computer. Then, you must enable encryption
for the recording server from the recording server's Server Configurator.

l Services - If you want to encrypt the connection for the management server failover, stop the
MilestoneXProtect Recording Server service during the configuration of the management server failover.
See Start or stop a VMS service on page 25.

To learn more about the configuration of the failover recording server, see the XProtect VMS administrator
manual.

Server certificate for the failover web console

You can connect to the failover web console over an HTTP or HTTPS connection. This
section is only relevant if you want to use an HTTPS connection.

To secure the communication with the failover web console, you need a server certificate, see The failover web
console on page 39.

The wizard downloads a server certificate from a local web service while configuring the failover cluster on Node 1.

The server certificate is a .crt file that you install on your computer. You must add the certificate to the
computer’s “Trusted Root Certification Authorities” store so that your computer trusts that certificate. If you do
not install the certificate, your connection will remain secure, but:

18 | Requirements and considerations

Administrator manual | XProtect® Management Server Failover 2024 R1

l You will get a security warning the first time you open the failover web console.

l The system will not trigger an event in case of failover.

Install the server certificate on all computers from which you want to access the failover
web console, see Install the server certificate on a computer on page 35.

The wizard downloads a new server certificate whenever you configure the failover cluster. You can remove the
previous certificates from the “Trusted Root Certification Authorities” store.

The wizard stores the certificate on Node 1. If you lose the server certificate, you can download it again from the
Manage your configuration page on Node 1. See Download the server certificate to access the failover web
console on page 36.

The server certificate is valid for five years. You will not receive a warning when a certificate is about to expire. If
a certificate expires, your browser will no longer trust that certificate. To renew the server certificate, you must
configure a new failover cluster.

Browser requirements for the failover web console

Use the failover web console to manage the failover cluster. To learn more, see The failover web console on
page 39.

To make sure that the contents of the failover web console are correctly displayed:

l Network, firewall, and proxy configuration must allow access to the administration network of all the
servers that are administered with the web console.

l JavaScript must be available and enabled in the web browser.

l To avoid security popups in Internet Explorer, you may add the addresses of the primary and the
secondary computer into the Intranet or Trusted zone.

l The messages in the failover web console are displayed in French, English, Japanese languages,
according to the preferred language configured into the web browser (for not supported languages,
English is displayed).

l To see the list of supported browsers, go to the Milestone website

(https://www.milestonesys.com/systemrequirements/).

l After every VMS upgrade, clear the browser’s cache. To clear the cache only for the failover web console
page, press Ctrl+F5.

Additional configuration

Encrypting the connection to the failover cluster

To connect securely to the running management server, the remote servers must trust both Node 1 and Node 2.

19 | Requirements and considerations

Administrator manual | XProtect® Management Server Failover 2024 R1

To learn how to generate and install certificates, see the XProtect VMS certificates guide.

To enable encryption between the management servers and the remote servers, you must install on both nodes:

l The public CA certificate

l The SSL certificate for the failover cluster

Do not enable encryption on the management server if you have already configured the
failover cluster.

If you want to enable encryption for a new VMS installation, you must:

1. Create a private and a public CA certificate.

2. Install the public certificate on all client computers.

3. Create an SSL certificate for the failover cluster.

4. Install the SSL certificate for the failover cluster on Node 1 and Node 2.

5. Enable encryption for the Management Server service on both nodes.

6. Create and install certificates on the remote servers.

7. Enable encryption on the remote servers.

Update the data protection settings for Identity Provider

When you install XProtect in a single-server environment, the Identity Provider configuration data is protected
using Data Protection API (DPAPI). If you set up the management server in a cluster, you must update the
Identity Provider configuration data to make it identical on both nodes.

To ensure fluent node failover, you must set up data protection and update the data protection keys for the user
running the VideoOS IDP AppPool application pool.

You must have imported your certificate to the Personal store for the user running
VideoOS IDP AppPool and given it Read permissions. Also, if you use a self-signed
certificate, you must add it to the Trusted Root Certificates Authorities store on your local
computer.

On Node 1:

20 | Requirements and considerations

Administrator manual | XProtect® Management Server Failover 2024 R1

1. Locate the appsettings.json file in the installation path of the Identity Provider ([Install
path]\Milestone\XProtectManagement Server\IIS\IDP).

2. In the DataProtectionSettings section, make the following changes:

l To set up data protection, set the thumbprint of the certificate that's used by the IDP application
pools and the Management Server service. See How to: Retrieve the Thumbprint of a Certificate.

l To remove the old certificate key, set CleanUpNonCertificateKeys to true.

"DataProtectionSettings": {
"ProtectKeysWithCertificate": {
"Thumbprint": ""
"CleanUpNonCertificateKeys": true
}
},

3. Repeat steps 1-2 on Node 2.

Disable Windows Defender Advanced Thread Protection Service

The configuration of the XProtect Management Server Failover will fail if the Windows Defender Advanced
Thread Protection Service is enabled.

1. On Node 1, open the Start menu, and enter services.msc to open Services.

2. Scroll down to Windows Defender Advanced Threat Protection Service.

3. Check the status of the service. If the status field is blank, this means that the service is not running.

21 | Requirements and considerations

Administrator manual | XProtect® Management Server Failover 2024 R1

4. To prevent the service from starting at system startup, right-click the service and select Properties. On
the General tab, change the Startup type to:

l Disabled if the service is running.

l Manual is the service is stopped.

Then, select OK to save your changes.

You must have the necessary user permissions in Windows to perform this
operation.

5. Repeat steps 1-4 on Node 2.

DNS lookups
For successful failover cluster configuration, Milestone recommends that you run DNS queries in
Windows PowerShell:

22 | Requirements and considerations

Administrator manual | XProtect® Management Server Failover 2024 R1

l Use forward DNS lookup to obtain an IP address by searching the domain

l Use reverse DNS lookup to obtain the host name that is related to an IP address

To make sure that the IP addresses and the host names of the nodes are resolved as expected, you must
perform the queries on Node 1 and Node 2:

Query name Command Perform on Expected result

The host name of Node 2

Forward DNS Resolve-DnsName
Node 1 corresponds to the first IP
lookup [Node 2 host name]
address on the list.

The host name of Node 1

Forward DNS Resolve-DnsName
Node 2 corresponds to the first IP
lookup [Node 1 host name]
address on the list.

The IP address of Node 2

Reverse DNS Resolve-DnsName
Node 1 corresponds to the first host
lookup [Node 2 IP address]
name on the list.

The IP address of Node 1

Reverse DNS Resolve-DnsName
Node 2 corresponds to the first host
lookup [Node 1 IP address]
name on the list.

View the SQL Server instance name

This section is only relevant if you want to use an internal SQL Server instance.

XProtect Management Server Failover uses a hardcoded name for the SQL Server instance name
MSSQLSERVER and, If the instance name differs, the configuration will fail.

You must check the SQL Server instance name on both nodes.

23 | Requirements and considerations

Administrator manual | XProtect® Management Server Failover 2024 R1

1. Open the Start menu, and enter services.msc to open Services.

2. Scroll down to SQL Server [Display name].

3. Right-click the service and select Properties. On the General tab, the value in the Service name field is
the instance name.

Changing the service account that runs a VMS service

A Microsoft service account is an account used to run one or more services or applications in a Windows
environment. The VMS services use the service accounts to register and communicate with the other VMS
components. You select the service account for the VMS during the installation of the XProtect VMS, such as
Network Service, but you can change the service account afterward.

To make sure that the different VMS components can communicate with each other after you have changed the
service account, you must do the following:

24 | Requirements and considerations

Administrator manual | XProtect® Management Server Failover 2024 R1

1. Add the selected Windows user to the Administrator role in XProtect Management Client.

2. In Microsoft SQL Server Management Studio, add a Windows user to the public role and map the user to
the db_owner database role for the following databases:

l Surveillance: Management and event server

l Surveillance_IDP: IDP

l Surveillance_IM: Incident Manager

l LogserverV2: LogServer

3. Stop the VMS services, see Start or stop a VMS service on page 25.

4. Stop the IIS application pools for the VMS, see Start or stop an Internet Information Services (IIS)
application pool on page 25.

5. Change the identity of an IIS application pool, see Change the identity of an IIS application pool for
XProtect on page 26.

6. Change the service accounts for the VMS, see Change the service accountfor a Windows service onpage 27.

7. Register the management server from the Server Configurator.

The registration triggers a restart of the server services. Once the services start, a confirmation appears,
stating that registration on the management server has succeeded. If the services did not start
automatically, you can start them from the Windows Services Manager, see Start or stop a VMS service
on page 25.

Start or stop a VMS service

The VMS services use the service accounts to register and communicate with the other VMS components. To
start or stop a VMS service:

1. Open the Start menu, and enter services.msc to open Services.

2. Right-click a Milestone XProtect service and select Start or Stop.

The VMS services for XProtect Management Server Failover are:

l The Milestone XProtect Management Server service

l The Milestone XProtect Log Server service

l The Milestone XProtect Event Server service

l The Milestone XProtect Data Collector service

l (Optional) The Milestone XProtect Recording Server service

Start or stop an Internet Information Services (IIS) application pool

The management server communicates with the remote servers through IIS.

To start or stop an IIS application pool:

25 | Requirements and considerations

Administrator manual | XProtect® Management Server Failover 2024 R1

1. Open the Start menu, and enter inetmgrc to open Internet Information Services (IIS) Manager.

2. On the Connections pane, double-click on your server to expand the list menu, then select Application
Pools.

3. Right-click an application pool that starts with VideoOS and select Start or Stop.

4. Repeat step 3 for all VideoOS application pools.

Map the host names of the nodes

If you do not have a DNS server to resolve the host names of Node 1 and Node 2, you must map their IP address
to host names manually.

1. On Node 1, go to C:\Windows\System32\drivers\etc and open the hosts file as administrator with a

text editor such as Notepad.

2. Under the section localhost name resolution is handled within DNS itself, specify the IP
address of Node 1 and its host name. On a new line, add the IP address of Node 2 and its host name.

Repeat the same steps on Node 2.

Change the identity of an IIS application pool for XProtect

To change the identity of an IIS application pool:

1. Open the Start menu, and enter inetmgrc to open Internet Information Services (IIS) Manager.

2. On the Connections pane, double-click your server to expand the list menu, then select Application
Pools.

3. Right-click an application pool that starts with VideoOS and select Advanced settings...

26 | Requirements and considerations

Administrator manual | XProtect® Management Server Failover 2024 R1

4. Under Process Model, change the Identity with the selected Windows account.

5. Repeat steps 3-4 for all VideoOS application pools.

6. Start all VideoOS application pools.

Change the service account for a Windows service

To change the service account for a Windows service:

1. Open the Start menu, and enter services.msc to open Services.

2. Right-click on the service you want to change the service account for and select Properties. The Windows
services used by XProtect are:

l The Milestone XProtect Management Server service

l The Milestone XProtect Log Server service

l The Milestone XProtect Event Server service

l The Milestone XProtect Data Collector service

3. On the Log On tab, select This account and specify or browse for your account.

4. Enter the password and select OK to save your changes.

27 | Requirements and considerations

Administrator manual | XProtect® Management Server Failover 2024 R1

Installation

Install XProtect Management Server Failover

The XProtect Management Server Failover component is part of the XProtect installer. You can install it with a
new VMS installation or add it later.

To set up a failover cluster, you must install the XProtect Management Server Failover
component on two separate computers, referred to as nodes.

Install XProtect Management Server Failover with a new VMS installation

Follow the steps for Custom installation and select XProtect Management Server Failover as a component you
want to install.

Add the XProtect Management Server Failover component to an existing VMS installation

1. Open Add or remove programs on Windows and select Milestone.

2. Select Modify to launch the Milestone XProtect VMS wizard.

3. On the Uninstall or change Milestone XProtect VMS components, select Change one or more
Milestone XProtect VMS components. Select Continue.

4. Select XProtect Management Server Failover. Select Continue to install the component.

5. When the installation is complete, the list displays the installed components.

To continue with the cluster configuration, see Configure the failover cluster on page 29

28 | Installation
Administrator manual | XProtect® Management Server Failover 2024 R1

Configuration

Configure XProtect Management Server Failover (wizard)

When you select Configure XProtect Management Server Failover from the Management Server Manager tray
icon, you get one of the following messages:

Your XProtect product does not support XProtect Management Server Failover

To learn more about the supported products, see Compatibility on page 7.

No failover management server installed on this computer

Make sure that you have installed the XProtect Management Server Failover component on the computer, see
Install XProtect Management Server Failover on page 28.

Select the step in your configuration flow

You have started the configuration process, see Configure the failover cluster on page 29.

Manage your configuration

From this page you can:

l Apply failover license, see Add a license for XProtect Management Server Failover on page 36.

l Download server certificate on your computer, see Download the server certificate to access the
failover web console on page 36.

l Change current password for authentication, see Change the password for authentication on page 38.

l Remove existing configuration, see Remove the existing failover cluster configuration on page 37.

Configure the failover cluster

During the configuration process, you switch between Node 1 and Node 2. To configure the failover cluster
successfully:

I. Start the configuration on Node 2. Once you prepare Node 2, move to Node 1.

II. Continue the configuration on Node 1. Once done, move to Node 2.

III. Finish the configuration on Node 2.

Considerations

Before starting the configuration, consider the following:

29 | Configuration
Administrator manual | XProtect® Management Server Failover 2024 R1

l VMS access - The users won't be able to log in to any XProtect client during configuration. Milestone
recommends that you schedule downtime during the configuration process.

l If using internal SQL Server - The wizard will replicate the SQL Server databases from Node 1 to Node
2 and overwrite the databases on Node 2.

l If using external SQL Server - Make sure that the Management Server and the IIS application pools for
the VMS on Node 1 are running.

l If you have installed a recording server or failover recording server on the nodes - If you select
HTTPS as the connection protocol for the failover cluster, you must stop the Recording Server and
Failover Recording Server services. You can start the services when you have configured the failover
cluster. See Start or stop a VMS service on page 25.

Start the configuration on Node 2

1. In the notification area, right-click the Management Server Manager tray icon and select Configure
failover management server.

2. Select Configure the secondary computer and select Continue.

3. Make sure that you have installed the required system components and scheduled downtime. Select
Confirm to continue.

4. On the Select connection protocol page, select a protocol for communication with the failover web
console. Select Continue.

To secure your connection, select HTTPS.

5. On the Set a password for authentication page, specify a password for login to the failover web console.
You need to set the same password on Node 1.

Select Continue.

The wizard prepares the node and informs when successfully completed.

(For HTTPS only) Save the security code. To establish a secure connection between the
nodes, you must specify the security code on the Node 1.

You are now ready to continue on Node 1.

30 | Configuration
Administrator manual | XProtect® Management Server Failover 2024 R1

Continue the configuration on Node 1

1. In the notification area, right-click the Management Server Manager tray icon and select Configure
failover management server.

2. In the Failover management server wizard, select Configure the primary computer.

If you want to exclude SQL Server from the failover cluster, select Use an external SQL Server.

If you select to use external SQL Server, XProtect Management Server Failover will
not replicate the data on the SQL Server databases. To keep your SQL Server
databases safe, you must configure a backup solution yourself.

Then, select Continue.

3. If you have prepared Node 2, select Confirm to continue.

4. On the Select connection protocol page, select the same connection protocol you selected on Node 2.
Select Continue.

31 | Configuration
Administrator manual | XProtect® Management Server Failover 2024 R1

5. On the Connect to the secondary computer page, specify the required system information.

Name Description

Specify the address of Node 2.

Secondary computer’s
l When in an AD domain, you must specify the Fully Qualified
FQDN (recommended),
Domain Name (FQDN) of Node 2.
host name, or IPv4
address l If it is a workgroup environment, specify the host name
(recommended) or IP address of Node 2.

If you have purchased an XProtect Management Server Failover license,

you can add it now on this node.

If you do not add a license within three days, the

Management Server service will stop.
Failover license

You must add the same XProtect Management

Server Failover license on both nodes.

The remote servers will communicate with this IPv4 address instead of
Virtual IPv4 address the management server address. Specify an available IPv4 address in
your network to replace the actual address of the management server.

Security code (for To establish a secure connection between the nodes, specify the security
HTTPS only) code you got from Node 2.

Then, select Continue. If you have not added a license, a message informs you that the management
server becomes unavailable after three days.

6. On the Set a password for authentication page, enter the password that you set on Node 2 in step 5,
then select Continue.

The wizard configures the failover cluster. It may take 5 to 10 minutes, depending on the system load and
connection speed.

32 | Configuration
Administrator manual | XProtect® Management Server Failover 2024 R1

7. (For HTTPS only) On the Select destination folder for the server certificate page, specify a destination
folder. If you do not select a destination folder, the wizard will export the certificate to C:\Users\
{user}\Documents.

Select Continue. The wizard saves the certificate to the selected folder.

When the configuration of Node 1 succeeds, go to Node 2 to finish the configuration.

Finish the configuration on Node 2

1. Confirm that you have completed the configuration on Node 1, and then select Continue.

2. On the Add a failover license on this computer page, you can add your failover license.

Select Continue.

3. When the configuration is successful, the failover web console opens automatically on Node 2. Node 1
comes into the PRIM state, and Node 2 comes into the SECOND state.

The wizard adds a shortcut to the failover web console to your desktop on both nodes.

To finish the setup, you must register the remote servers. See Register remote servers on page 33.

If you have selected an HTTPS connection

Install the server certificate. See Install the server certificate on a computer on page 35.

You can enforce a node failover to ensure that the setup is correct. You can then swap the nodes again to revert
to the original state of the nodes.

If the configuration fails, remove the current configuration and start the process again, see Remove the existing
failover cluster configuration on page 37.

Register remote servers

A remote server is any server that does not run on Node 1 or Node 2. The remote servers connect to the node that
that runs the Management Server service, Event Server service, and Log Server service through the virtual IP.

You must register all remote servers with the virtual IP address of the failover cluster.

If you have not registered the remote servers with the virtual IP address of the failover
cluster, the communication with the running management server will fail if failover occurs.

Change the address of the Management Server on the following system components:

l Recording Server service

l Mobile Server service

l DLNA Server service

33 | Configuration
Administrator manual | XProtect® Management Server Failover 2024 R1

l Milestone Open Network Bridge

l API Gateway

Use the virtual IP address of the management server when logging in from the following clients:

l XProtect Management Client

l XProtect Smart Client

l XProtect Mobile client

l XProtect Web Client

Change the management server address on the recording server

1. On the recording server computer, right-click the server manager tray icon and select Server
Configurator.

2. In Server Configurator, select Registering servers.

3. Specify the virtual IP address of the failover cluster and the selected protocol (HTTPS or HTTPS), and
select Register.

If the change is successful, a confirmation window appears.

Change the management server address on the mobile server

1. On the mobile server computer, right-click the Mobile Server Manager tray icon and select Management
server address.

2. Specify the virtual IP address of the failover cluster and the selected protocol (HTTPS or HTTPS), and
select OK.

The Mobile Server service restarts and the tray icon turns green.

Change the management server address on the DLNA server

1. On the DLNA Server computer, right-click the XProtect DLNA Server Manager tray icon, and select
Management server address.

2. Specify the virtual IP address of the failover cluster and the selected protocol (HTTPS or HTTPS), and
select OK.

The XProtect DLNA Server service restarts and the tray icon turns green.

34 | Configuration
Administrator manual | XProtect® Management Server Failover 2024 R1

Change the management server address for Milestone Open Network Bridge

1. On the computer that runs Milestone Open Network Bridge, right-click the Milestone ONVIF Bridge tray
icon, and select Configuration.

2. On the Surveillance Server Credentials page, in the Management server field, specify the virtual IP
address of the failover cluster and the selected protocol (HTTPS or HTTPS), and select OK.

If the change is successful, a confirmation window appears.

Install the server certificate on a computer

Install the server certificate on all computers that will access the failover web console.

1. Copy the serverCert.crt file from Node 1 to the computer that needs to access the failover web
console.

2. Right-click the server certificate and select Install Certificate.

3. In the Certificate Import wizard, choose the Store Location:

l For Node 1 and Node 2, select Local Machine

l For all other computers, select Current User

Select Next to continue.

4. Select Place all certificates in the following store and specify a folder.

5. Select Browse, and then Trusted Root Certification Authorities.

6. Select OK and Next.

7. On the Completing the Certificate Import Wizard dialog, select Finish.

If you receive a security warning that you are about to install a root certificate, select Yes to continue.

If the import has succeeded, a confirmation dialogue box appears.

8. Verify that the server certificate is listed in the center view of the Trusted Root Certification Authorities
subtree.

35 | Configuration
Administrator manual | XProtect® Management Server Failover 2024 R1

Maintenance

Add a license for XProtect Management Server Failover

You receive the XProtect Management Server Failover license in your email.

You have the option for when to add the license:

l During the failover cluster configuration, see Configure XProtect Management Server Failover (wizard)
on page 29.

l After the failover cluster configuration, from the Manage your configuration page.

Add a license from the Manage your configuration page

You must add the same license on both nodes.

1. On Node 1, in the notification area, right-click the Management Server Manager tray icon and select
Configure failover management server.

2. Select Apply failover license and select Continue.

3. On the Add a failover license on this computer page, select Browse and select your XProtect
Management Server Failover license. Select OK, then Continue. A message informs you that the
configuration of the failover management server is successful.

4. Repeat steps 1 to 4 on Node 2.

Download the server certificate to access the failover web console

To establish a secure connection with the failover web console, you need a certificate that your browser trusts.
To learn more about the server certificate, see Server certificate for the failover web console on page 18.

You must install the server certificate on every computer that needs access to the failover web console.

If you have a running recording server on Node 1, you must stop the XProtect Recording
Server service on that node until you have completed the steps. Then, you must manually
start the service. See Start or stop a VMS service on page 25.

You can only download the server certificate from Node 1.

To download the server certificate after you have configured the failover cluster:

36 | Maintenance
Administrator manual | XProtect® Management Server Failover 2024 R1

1. In the notification area, right-click the Management Server Manager tray icon and select Configure
failover management server.

2. Select Download server certificate on your computer and then select Continue.

3. On the Select a destination folder for the server certificate page, select a destination folder. If you do
not select a destination folder, the wizard will export the certificate to C:\Users\{user}\Documents.

4. Select Continue. The wizard downloads the server certificate to the selected destination.

You can now install the server certificate, see Install the server certificate on a computer on page 35.

Remove the existing failover cluster configuration

Remove your failover cluster configuration when you make changes in your VMS configuration, for example
when you change the location of a SQL Server database or the system configuration password.

To remove the failover cluster configuration successfully and make sure the work of the VMS users is restored:

l Use a Windows user that has administrative permissions for XProtect.

l Replace the virtual IP address with the address of the running management server on all clients and
remote servers.

l If you have installed a recordings server or failover recording server on any node, you must stop the
Recording Server service on that node.

l If you use external SQL Server and want to remove your configuration, see Removing the failover cluster
configuration when connected to an external SQL Server instance on page 38.

The wizard does not remove the XProtect Management Server Failover license, the SQL Server databases, and
the server certificate.

To remove the existing failover cluster configuration:

1. On Node 2, in the notification area, right-click the Management Server Manager tray icon.

2. Select Configure Failover Management Server.

3. Select Remove existing configuration and then Continue. The wizard removes the failover
management server configuration from the computer.

4. Select Close to exit the wizard. Wait for the Management Server service to start.

(When in a workgroup environment) If the Management Server service does not

start automatically, register the management server with the local address from
the management server's Server Configurator.

5. Repeat steps 1-4 on Node 1.

37 | Maintenance
Administrator manual | XProtect® Management Server Failover 2024 R1

Removing the failover cluster configuration when connected to an

external SQL Server instance
To avoid any potential issues with your external SQL Server, you must take extra steps when you remove the
existing failover configuration:

1. Backup your existing SQL Server.

2. Stop Node 1 and Node 2 from the failover web console. See Start or stop a node on page 45

3. Remove the existing failover cluster configuration from Node 2. See Remove the existing failover cluster
configuration on page 37.

4. Stop the VMS services on Node 2 or change the address of SQL Server. See Start or stop a VMS service
on page 25.

5. Remove the existing failover cluster configuration from Node 1. See Remove the existing failover cluster
configuration on page 37.

Change the password for authentication

To log in to the failover web console, you need to authenticate using a user name and a password.

You cannot change the predefined user name admin. During the configuration of the failover cluster, you must
set a password for authentication.

To change the password for authentication:

1. On Node 1, in the notification area, right-click the Management Server Manager tray icon and select
Configure failover management server.

2. Select Change password for authentication and then select Continue.

3. On the Change password for authentication page, specify and confirm a new password. Your password
must be between 6 and 32 characters in length. You can use a combination of letters, numbers, and the
following characters ( ) * _ - .

4. Select Continue to set a new password.

5. Repeat steps 1-4 on Node 2.

Uninstall XProtect Management Server Failover

Before you uninstall XProtect Management Server Failover, you must remove the failover
management server configuration from both nodes.

38 | Maintenance
Administrator manual | XProtect® Management Server Failover 2024 R1

1. Open the Windows Control Panel. Then double-click Add or remove programs and select Milestone.

2. Select Modify to launch the Milestone XProtect VMS wizard.

3. On the Uninstall or change Milestone XProtect VMS components page, select Change one or more
Milestone XProtect VMS components. Select Continue.

4. Clear the check box for the XProtect Management Server Failover component and select Continue.

5. When the installation completes, a list shows the components that you have installed on the computer.

The failover web console

Use the failover web console to manage the failover cluster. You can access the failover web console from any
computer that can connect to Node 1 and Node 2.

How you open the failover web console depends on the computer:

l On Node 1 and Node 2, double-click the icon of the XProtect Management Server Failover web console on
your desktop.

l On all other computers, type the URL of the failover web console in your browser: http://
[computername.domainname]:9010 or https://[computername.domainname]:9453.

[computername.domainname] is the FQDN of either Node 1 or Node 2.

To log in to the failover web console, you must authenticate with the user name admin and the password you
set during the configuration of the failover cluster. If you do not remember your password, see Change the
password for authentication on page 38.

From the failover web console, you can, for example:

l View the status of the nodes on page 44

l Swap the state of the nodes on page 45

l Start or stop a node on page 45

l Identify the host name of a node on page 46

l Change the behavior of a node after restart on page 46

l See your license information

l View logs entries

User interface details

The failover web console consists of two main tabs:

Control

On the Control tab, you can view the following:

39 | Maintenance
Administrator manual | XProtect® Management Server Failover 2024 R1

Tab Description

View the resources status of the module. Place the mouse cursor over the
Resources
resource name to get the internal name of the resource.

Read the execution log of the module. Set or clear the verbose log’s checkbox to
Module Log display the short log (with only E messages) or the verbose log (all messages
including debug ones).

Read application output messages of start and stop scripts. These messages are
Application Log saved on the server side in SAFEVAR/modules/AM/userlog.ulog (where AM is the
module name).

Display the commands that have been executed on the node (commands applied
Commands Log
on the module and all global commands).

Information Check the server level and the module configuration.

On the Module Log, Application Log, and Commands Log tabs, click on the refresh
button to get the last messages or on the save button to save the log locally.

Monitoring

The Monitoring tab presents a simplified view of the current state of the module instances.

You can view and manage the nodes on both tabs from the Cluster Configuration panel.

Cluster options
The control panel consists of four columns:

40 | Maintenance
Administrator manual | XProtect® Management Server Failover 2024 R1

Node actions

Node actions menu shows the options to change the state of a node:

Option Description

Start Start a node.

Stop Stop a node.

Restart Restart a node.

Swap Swap the states of the nodes.

Stop and start a node, swap without

Expert data sync, force start or estimate
the data sync.

Configure boot start, suspend or

resume the error detection of
Admin module processes, start or stop all
checkers, and set failover to on or
off.

Save logs, dumps, or snapshots for

Support
troubleshooting.

Nodes

Nodes are the members of the failover cluster. node1 corresponds to the computer you selected as the
primary computer, while node2 corresponds to the computer you selected as the secondary computer.

Node states

The node state column shows the current state of a node:

41 | Maintenance
Administrator manual | XProtect® Management Server Failover 2024 R1

Tab Description

PRIM The data replicates from this node.

SECOND The data replicates to this node.

ALONE No data replication. The node acts as a single unit.

STOP The node stopped, and no redundancy is available.

(Transient) The node is starting up (magenta) or waiting

WAIT
for the availability of a resource (red).

Color

A color indicates if the node is available:

Tab Description

Green The node is available.

Magenta The node status is transient.

Red The node is unavailable.

Data synchronization status

The node data synchronization status column shows the current data synchronization status of a node. The
column is not available when the failover cluster is connected to external SQL Server.

Tab Description

uptodate The replicated files are up-to-date.

42 | Maintenance
Administrator manual | XProtect® Management Server Failover 2024 R1

Tab Description

not uptodate The replicated files are not up-to-date.

connection error Cannot connect to the node.

not configured The configuration is missing from the node.

Open the failover web console

1. On a computer that has access to the failover cluster, open a browser and specify the URL of the failover
web console using this format: http://[computername.domainname]:9010 or https://
[computername.domainname]:9453.

The [computername.domainname] is the FQDN of either Node 1 or Node 2.

On Node 1 and Node 2, double-click the icon of the XProtect Management Server
Failover web console on your desktop.

2. To log in to the failover web console, you must authenticate with the user name admin and the password
you set during the configuration of the failover cluster. If you do not remember your password, see
Change the password for authentication on page 38.

The failover web console opens:

43 | Maintenance
Administrator manual | XProtect® Management Server Failover 2024 R1

View the status of the nodes

The [computername.domainname] is the FQDN of either Node 1 or Node 2.

On Node 1 and Node 2, double-click the icon of the XProtect Management Server
Failover web console on your desktop.

3. On the left-hand side of the failover web console, select the Monitoring tab to view the current state of
the nodes. To learn more about node statuses, see User interface details on page 39.

44 | Maintenance
Administrator manual | XProtect® Management Server Failover 2024 R1

Start or stop a node

The [computername.domainname] is the FQDN of either Node 1 or Node 2.

On Node 1 and Node 2, double-click the icon of the XProtect Management Server
Failover web console on your desktop.

3. On the left-hand side of the failover web console, select the arrow next to a node.

You can select the arrow next to videoos-cluster1 to trigger an action on both
nodes.

Select Start or Stop. The console refreshes with the expected state.

Swap the state of the nodes

By default, after a failback, the failed node is stopped. If you decide to start the node, it comes into SECOND
state.

To swap the state of the nodes:

The [computername.domainname] is the FQDN of either Node 1 or Node 2.

On Node 1 and Node 2, double-click the icon of the XProtect Management Server
Failover web console on your desktop.

45 | Maintenance
Administrator manual | XProtect® Management Server Failover 2024 R1

3. Select the arrow next to the node in PRIM state and select Swap. A window appears. Select Confirm to
swap the states of the nodes.

The Management Server, Log Server, Event Server, and the SQL Server services stop, and there is no
data replication. Once the roles are swapped, and the services start on the other node. The data
replication between the nodes is restored.

Identify the host name of a node

The failover web console represents the primary computer as node1 and the secondary computer as node2. To
see the host name that corresponds to a node:

The [computername.domainname] is the FQDN of either Node 1 or Node 2.

On Node 1 and Node 2, double-click the icon of the XProtect Management Server
Failover web console on your desktop.

3. Select one of the nodes.

4. Select the Information tab.

5. In the Server information area, you can see the host name of the computer.

Change the behavior of a node after restart

By default, if a node restarts, it keeps its previous state. You can change that behavior and make a node to
always start or stop after restart.

The [computername.domainname] is the FQDN of either Node 1 or Node 2.

On Node 1 and Node 2, double-click the icon of the XProtect Management Server
Failover web console on your desktop.

46 | Maintenance
Administrator manual | XProtect® Management Server Failover 2024 R1

3. Select the arrow next to a node and select Admin > Configure boot start.

4. From the Module start at boot time window, select:

l enabled - the node starts automatically after restart and comes into SECOND state.

l disabled - the node comes into STOP state after restart. You can start the node manually from the
failover web console.

To revert to the default behavior and set the node to keep the state from before the
restart, you need to remove the existing failover configuration and configure the failover
cluster again.

Create snapshots of a module for support

The [computername.domainname] is the FQDN of either Node 1 or Node 2.

On Node 1 and Node 2, double-click the icon of the XProtect Management Server
Failover web console on your desktop.

3. In Control tab, click on the button of the node. It opens a menu with all actions that can be executed on
the selected node.

4. Select the Support submenu, then Snapshot command. The web console relies on the web browser
download settings for saving the snapshot file on your workstation.

5. Repeat this operation for the other node in the cluster.

6. Send snapshots to support.

The module snapshot action for a node is available in Control and Monitoring tabs.

A snapshot command creates a dump and gathers under SAFEVAR/snapshot/modules/AM the last 3 dumps and
last 3 configurations to archive them in a ZIP file.

47 | Maintenance
Administrator manual | XProtect® Management Server Failover 2024 R1

A dump command creates a directory dump_<date>_<hour> on the server side under

SAFEVAR/snapshot/modules/AM. The dump_<date>_<hour> directory contains the module logs (verbose
and not verbose) and information on the system state and processes of the failover cluster at the time of the
dump.

Ports used by XProtect Management Server Failover services and

modules

XProtect Management Server Failover services

Service Default ports Purpose

Communicate with other

safeadmin instances on other
Remote access on UDP port 4800 and
safeadmin computers. The main and
local access on UDP port 6259
mandatory administration
service that is started at boot.

The safewebserver service is a

standard Apache web service
Local and remote TCP access on port
that is mandatory for running
safewebserver 9010 for the HTTP web console or port
the web console, the distributed
9453 for the HTTPS web console
comman-line interface, and the
<module> checkers.

The safecaserv service is a web

Local and remote access on TCP port
safecaserv (optional) service for securing the web
9001
console with the SafeKit PKI.

Local and remote access on UDP port The safeagent service for SNMP
safeagent (optional)
3600 v2.

Failover cluster modules

The ports values of one module are automatically computed depending on its module ID.

48 | Maintenance
Administrator manual | XProtect® Management Server Failover 2024 R1

Module Ports Purpose

heart port=8888 +(id-1) UDP port used for sending heartbeats between the servers.

rfs safenfs_port=5600 +(id-1)x4 TCP port used for replications requests between the servers.

49 | Maintenance
Administrator manual | XProtect® Management Server Failover 2024 R1

Upgrade

XProtect Management Server Failover upgrade

XProtect Management Server Failover is part of the VMS, so you do not have to download additional files. To
upgrade XProtect Management Server Failover, you must upgrade your XProtect VMS. See Upgrade best
practices.

Before you upgrade, you must remove the existing failover cluster configuration. See Remove the existing
failover cluster configuration on page 37.

After you upgrade your XProtect VMS, Milestone recommends that you restart the nodes.

If you want to configure the failover cluster afterward, you do not need to add the XProtect Management Server
Failover license or install the certificates again.

50 | Upgrade
Administrator manual | XProtect® Management Server Failover 2024 R1

FAQ

XProtect Management Server Failover FAQ

What happens if a node restarts unexpectedly?

By default, when a node restarts, it keeps the state from before the restart.

What happens when the three-day demo license expires?

The Management Server service stops every day and you have to start the service manually.

How can I determine if a node has failed?

You can view the states of the nodes from the failover web console or create an event in XProtect Management
Client.

Does XProtect supports events from the failover cluster?

Yes, you can configure an event in XProtect Management Client when a failover occurs.

What editions of SQL Server does XProtect Management Server Failover support?

XProtect Management Server Failover supports all editions of SQL Server.

Do I have to remove my existing VMS configuration before I can configure a failover cluster?

You can configure a failover cluster with an existing VMS configuration. Before you start the configuration,
backup the existing SQL Server databases and the XProtect system configuration.

Which Windows users can see the desktop icon for the XProtect Management Server Failover web
console?

All users of Node 1 and Node 2 can see the desktop icon for the XProtect Management Server Failover web
console.

I upgraded my VMS and tried to configure the failover cluster, but my configuration failed. What can
I do?

Before you start the configuration process again, remove the existing failover cluster configuration, then restart
the nodes..

I have configured the failover cluster and I want to change or add a system configuration password.
What should I do?

You must remove the failover cluster configuration on both nodes every time you want to:

l Assign a password

l Change a password

l Remove a password

You must use one system configuration password for the VMS installations on both nodes. Once you have
applied your password changes, you can configure the failover cluster again.

51 | FAQ
Administrator manual | XProtect® Management Server Failover 2024 R1

I have an external SQL Server installation connected to the failover cluster. What should I do to
update my SQL Server?

Before you start, you must stop the nodes from the failover web console. Once you have updated your external
SQL Server, you can start the nodes.

52 | FAQ
Administrator manual | XProtect® Management Server Failover 2024 R1

Troubleshooting

Troubleshooting XProtect Management Server Failover

System log file

To troubleshoot system errors, you can find the ManagementServerFailover.log file on the computer where
you have installed XProtect Management Server Failover at C:\ProgramData\Milestone\XProtect
Management Server\Logs.

The configuration of the failover cluster has failed

Error: <primary machine fqdn> not in server certificate

If you have multiple network adapters on Node 1 or Node 2, the wizard might not resolve their IP addresses or
host names.

Solution: Check the address resolution on the nodes using DNS lookups on page 22. If the IP address or host
name of a node does not resolve as expected, disable all network adapters except the one you use for the
failover cluster. You can re-enable the network adapters after you configure the failover cluster.

Error: Cannot find any service with service name 'MSSQLServer'. Service MSSQLServer was not found
on computer.

The failover cluster configuration fails because the SQL Server instance name does not match the name in the
configuration files.

Solution: Check the SQL Server instance names on Node 1 and Node 2. See View the SQL Server instance name
on page 23. If the instance name of your SQL Server is not MSSQLServer, you need to update the contents of the
configuration files.

Before you make any changes, make a backup of the configuration files.

You can find the configuration files at C:\Program Files\Milestone\XProtect Management Server
Failover\scripts. You must replace MSSQLServer with the name of your SQL Server instance:

l ConfigureServices.ps1 - you can open the file with a text editor.

l videoos.safe - open the file with a file archiver such as 7zip and go to the bin folder. Edit the start_
prim.cmd and stop_prim.cmd files.

Error: StartCertificateServerException occured during RunConfigurationStepsAsync: No connection to

certificate authority service.

The system uses port 9001 to connect to the safecaserv service and generate a server certificate. If the port is in
use by another service, for example the Recording Server service, the configuration fails..

53 | Troubleshooting
Administrator manual | XProtect® Management Server Failover 2024 R1

Solution: Stop all services that use port 9001 on Node 1 and Node 2. Then, configure the failover cluster. The
safecaserv service is necessary only during configuration.

Error: PSSecurityException occured during RunConfigurationStepsAsync: File C:\Program

Files\XProtect\XProtect Management Server Failover\scripts\ConfigureNativeFailoverServices.ps1
cannot be loaded because running scripts is disabled on this system

During the configuration of the failover cluster, the wizard runs PowerShell scripts in the background. Your
PowerShell execution policy might block the scripts from running.

Solution: Set your PowerShell execution policy to Unrestricted and configure the failover cluster again. See
about_Execution_Policies.

The failover cluster does not function properly

Failover events are not triggered

When you log in to XProtect clients and services as a basic user, your request goes to the Identity Provider. The
Identity Provider keeps the certificate keys that were generated during the initial VMS configuration. To ensure
the users have access to the resources you have allowed them to, you must remove the certificate keys before
you configure the failover cluster.

Solution: Remove the failover cluster configuration, then set up data protection and remove the existing
certificate private keys for the Identity Prover, then configure the failover cluster again. See Update the data
protection settings for Identity Provider on page 20.

Cannot remove configuration

Error: StartCertificateServerException occured during RunConfigurationStepsAsync: No connection to
certificate authority service.

The system uses port 9001 to connect to the safecaserv service to remove the stored server certificate. If the
port is in use by another service, for example the Recording Server service, the configuration fails.

Solution: Remove the existing failover cluster configuration, then stop all services that use port 9001 on Node 1
and Node 2. After you have removed the configuration, you can start the services that use port 9001.

The VMS services do not start after removing the configuration

The Management Server and Event Server services will not start (when in a domain environment)

If you have removed the configuration and you have logged in as a standard user in Windows or administrator
user that is not added to administrator role in XProtect, the services may fail to register.

Solution: Log in to the computer with an AD user that has administrative permissions in XProtect and remove the
configuration.

The Management Server and Event Server services will not start (when in a workgroup environment)

The services fail to register as the configuration still keeps the virtual IP of the failover cluster.

54 | Troubleshooting
Administrator manual | XProtect® Management Server Failover 2024 R1

Solution: From the Server Configurator, register the management server and event server with the address of
the management server computer.

55 | Troubleshooting
[email protected]

About Milestone

Milestone Systems is a leading provider of open platform video management software; technology that helps
the world see how to ensure safety, protect assets and increase business efficiency. Milestone Systems
enables an open platform community that drives collaboration and innovation in the development and use of
network video technology, with reliable and scalable solutions that are proven in more than 150,000 sites
worldwide. Founded in 1998, Milestone Systems is a stand-alone company in the Canon Group. For more
information, visit https://www.milestonesys.com/.

HG6010A GPON Optical Network Terminal Product Manual A 1
0% (1)
HG6010A GPON Optical Network Terminal Product Manual A 1
37 pages
Mastering KVM Virtualization
From Everand
Mastering KVM Virtualization
Humble Devassy Chirammal
5/5 (1)
700 765 V1.1
No ratings yet
700 765 V1.1
16 pages
VMware Certified Professional Data Center Virtualization on vSphere 6.7 Study Guide: Exam 2V0-21.19
From Everand
VMware Certified Professional Data Center Virtualization on vSphere 6.7 Study Guide: Exam 2V0-21.19
Jon Hall
No ratings yet
MilestoneXProtectManagementServerFailover_AdministratorManual_en-US
No ratings yet
MilestoneXProtectManagementServerFailover_AdministratorManual_en-US
51 pages
MilestoneXProtectManagementServerFailover_AdministratorManual_en-US
No ratings yet
MilestoneXProtectManagementServerFailover_AdministratorManual_en-US
41 pages
MilestoneXProtectVMSproducts_FailoverClusteringQuickGuide_en-US
No ratings yet
MilestoneXProtectVMSproducts_FailoverClusteringQuickGuide_en-US
22 pages
MilestoneXProtectVMSproducts AdministratorManual en-US
No ratings yet
MilestoneXProtectVMSproducts AdministratorManual en-US
577 pages
MilestoneXProtectVMSproducts AdministratorManual en-US
No ratings yet
MilestoneXProtectVMSproducts AdministratorManual en-US
566 pages
MilestoneXProtectVMSproducts AdministratorManual en-US
No ratings yet
MilestoneXProtectVMSproducts AdministratorManual en-US
573 pages
Milestone Systems: Quick Guide: Failover Clustering
No ratings yet
Milestone Systems: Quick Guide: Failover Clustering
15 pages
Xprotect Backup Config System en
No ratings yet
Xprotect Backup Config System en
9 pages
MilestoneXProtectVMSproducts SystemArchitectureDocument en-US
No ratings yet
MilestoneXProtectVMSproducts SystemArchitectureDocument en-US
73 pages
MilestoneXProtectVMSproducts SystemArchitectureDocument en-US
No ratings yet
MilestoneXProtectVMSproducts SystemArchitectureDocument en-US
74 pages
VMware vSphere Troubleshooting
From Everand
VMware vSphere Troubleshooting
Munir Muhammad Zeeshan
No ratings yet
Milestone XProtect VMS System Architecture Document
No ratings yet
Milestone XProtect VMS System Architecture Document
66 pages
MilestoneXProtectMobileServer AdministratorManual en-US
No ratings yet
MilestoneXProtectMobileServer AdministratorManual en-US
52 pages
Virtualization Security: Protecting Virtualized Environments
From Everand
Virtualization Security: Protecting Virtualized Environments
Dave Shackleford
3/5 (1)
VMware Scenario Based
100% (1)
VMware Scenario Based
18 pages
VMware Real Time Scenario
No ratings yet
VMware Real Time Scenario
51 pages
Milestone HardeningGuide en-US
No ratings yet
Milestone HardeningGuide en-US
125 pages
Lxca Users Guide
No ratings yet
Lxca Users Guide
590 pages
Windows Failover Cluster-Overview
No ratings yet
Windows Failover Cluster-Overview
6 pages
Milestone_HardeningGuide
No ratings yet
Milestone_HardeningGuide
126 pages
ClusterServices
No ratings yet
ClusterServices
46 pages
SQL Server Failover Clustering
No ratings yet
SQL Server Failover Clustering
4 pages
Efm v4 Documentation
No ratings yet
Efm v4 Documentation
115 pages
Milestone_HardeningGuide_en-US_1
No ratings yet
Milestone_HardeningGuide_en-US_1
126 pages
Managing SG B3936 90065
No ratings yet
Managing SG B3936 90065
390 pages
Microsoft Failover Clustering 2008
No ratings yet
Microsoft Failover Clustering 2008
58 pages
Edb Efm User
No ratings yet
Edb Efm User
115 pages
Implementing Failover Clustering
No ratings yet
Implementing Failover Clustering
67 pages
Firepower 1010
No ratings yet
Firepower 1010
190 pages
Computer Cluster
100% (1)
Computer Cluster
60 pages
An-ESW-002 Fiber SenSys XProtect Integrator Rev B
No ratings yet
An-ESW-002 Fiber SenSys XProtect Integrator Rev B
26 pages
68-Veritas Cluster Server 6.0 For UNIX Cluster Management
100% (1)
68-Veritas Cluster Server 6.0 For UNIX Cluster Management
252 pages
Synology_APM_admin_guide_APM_1_0_enu
No ratings yet
Synology_APM_admin_guide_APM_1_0_enu
346 pages
Spfs 6.0 GSG New
No ratings yet
Spfs 6.0 GSG New
222 pages
Implementing Failover Clustering
No ratings yet
Implementing Failover Clustering
46 pages
Double Take5.3
No ratings yet
Double Take5.3
628 pages
Implementing Failover Clustering
No ratings yet
Implementing Failover Clustering
67 pages
Vsphere Esxi Vcenter Server 651 Setup Mscs
No ratings yet
Vsphere Esxi Vcenter Server 651 Setup Mscs
36 pages
Edb Efm User
No ratings yet
Edb Efm User
113 pages
Windows Server Failover Clustering (WSFC) With SQL Server
No ratings yet
Windows Server Failover Clustering (WSFC) With SQL Server
23 pages
Configure Always On Availability Group in Azure VM Manually
100% (1)
Configure Always On Availability Group in Azure VM Manually
32 pages
Firepower 1010 Gsg
No ratings yet
Firepower 1010 Gsg
208 pages
SQL Server 2008 Fail Over Cluster
No ratings yet
SQL Server 2008 Fail Over Cluster
176 pages
Microsoft Official Course: Implementing Failover Clustering
No ratings yet
Microsoft Official Course: Implementing Failover Clustering
50 pages
SQL Server 2008 Failover Clustering
No ratings yet
SQL Server 2008 Failover Clustering
176 pages
Microsoft Official Course: Planning and Implementing A High Availability Infrastructure Using Failover Clustering
No ratings yet
Microsoft Official Course: Planning and Implementing A High Availability Infrastructure Using Failover Clustering
42 pages
Milestone HardeningGuide en-US
No ratings yet
Milestone HardeningGuide en-US
123 pages
MilestoneXProtectAdvancedVMS Administrators Manual en-US
No ratings yet
MilestoneXProtectAdvancedVMS Administrators Manual en-US
297 pages
SOLVED System and Network Administration CIT-505 - BS IT (5th Semester) External Fall Examination Fall 2023-24
No ratings yet
SOLVED System and Network Administration CIT-505 - BS IT (5th Semester) External Fall Examination Fall 2023-24
6 pages
Learning VMware vRealize Automation: Learn the fundamentals of vRealize Automation to accelerate the delivery of your IT services
From Everand
Learning VMware vRealize Automation: Learn the fundamentals of vRealize Automation to accelerate the delivery of your IT services
Sriram Rajendran
No ratings yet
FDM TS
No ratings yet
FDM TS
46 pages
Failover Cluster: Download The Authoritative Guide: Download The Authoritative Guide
No ratings yet
Failover Cluster: Download The Authoritative Guide: Download The Authoritative Guide
4 pages
SQL Server 2012 AlwaysOn
No ratings yet
SQL Server 2012 AlwaysOn
30 pages
Setup For Failover Clustering and Microsoft Cluster Service PDF
No ratings yet
Setup For Failover Clustering and Microsoft Cluster Service PDF
40 pages
Vsphere Esxi Vcenter Server 60 Setup Mscs PDF
No ratings yet
Vsphere Esxi Vcenter Server 60 Setup Mscs PDF
32 pages
SQL Server 2008 Active-Passive or Active-Active Cluster Installation
No ratings yet
SQL Server 2008 Active-Passive or Active-Active Cluster Installation
11 pages
Oracle SOA Suite 11g Administrator's Handbook
From Everand
Oracle SOA Suite 11g Administrator's Handbook
Ahmed Aboulnaga
No ratings yet
Windows Server 2012 Hyper-V: Deploying Hyper-V Enterprise Server Virtualization Platform
From Everand
Windows Server 2012 Hyper-V: Deploying Hyper-V Enterprise Server Virtualization Platform
Zahir Hussain Shah
No ratings yet
27.1.5 Lab - Convert Data into a Universal Format - ILM
No ratings yet
27.1.5 Lab - Convert Data into a Universal Format - ILM
9 pages
Corrigendum 3 ATV
No ratings yet
Corrigendum 3 ATV
28 pages
Sna Bullet 8 Mcqs
No ratings yet
Sna Bullet 8 Mcqs
12 pages
The Learning and Development Revolution PDF
No ratings yet
The Learning and Development Revolution PDF
6 pages
Siliconindia June 12 Issue
No ratings yet
Siliconindia June 12 Issue
25 pages
DC-module 1 - Notes
No ratings yet
DC-module 1 - Notes
69 pages
Optical Encryption: First Line of Defense For Network Services
No ratings yet
Optical Encryption: First Line of Defense For Network Services
32 pages
Distributed Systems: Andrew S. Tanenbaum Maarten Van Steen
No ratings yet
Distributed Systems: Andrew S. Tanenbaum Maarten Van Steen
65 pages
CH - 5
No ratings yet
CH - 5
31 pages
VPR - CC - Unit3.2 - Aneka - CometCloud - TSystems - Workflow - MapReduce - PPSX
No ratings yet
VPR - CC - Unit3.2 - Aneka - CometCloud - TSystems - Workflow - MapReduce - PPSX
67 pages
NTA UGC NET Computer Science Syllabus
No ratings yet
NTA UGC NET Computer Science Syllabus
9 pages
Trade Lens
100% (1)
Trade Lens
18 pages
RIO Digital Audio Receiver User Guide
No ratings yet
RIO Digital Audio Receiver User Guide
50 pages
NCC Level5 Save
No ratings yet
NCC Level5 Save
46 pages
Huawei OceanStor V3 Converged Storage Pre-Sales Training
No ratings yet
Huawei OceanStor V3 Converged Storage Pre-Sales Training
49 pages
20198488733
No ratings yet
20198488733
3 pages
JNTU Study Materials
No ratings yet
JNTU Study Materials
6 pages
Airbus-Daher Readness Review V2 0
No ratings yet
Airbus-Daher Readness Review V2 0
115 pages
Conf. Router Comunicacion
No ratings yet
Conf. Router Comunicacion
3 pages
Compro Moratelindo Nusantara Data Center - JAKARTA 2016
No ratings yet
Compro Moratelindo Nusantara Data Center - JAKARTA 2016
49 pages
CST448-A
No ratings yet
CST448-A
2 pages
Case Study: Submitted by
No ratings yet
Case Study: Submitted by
3 pages
DICOM Conformance Statement Fluorostar
No ratings yet
DICOM Conformance Statement Fluorostar
65 pages
Session 4 Class Activities / Tasks: Topic: Install, Configure, and Test The Functionality of Virtual Machines
No ratings yet
Session 4 Class Activities / Tasks: Topic: Install, Configure, and Test The Functionality of Virtual Machines
7 pages
Protecting-SAP-Systems-from-Cyber-Attack
No ratings yet
Protecting-SAP-Systems-from-Cyber-Attack
47 pages
Unit 5 (CSS)
No ratings yet
Unit 5 (CSS)
9 pages
حاسب تشابتر ون مترجم
No ratings yet
حاسب تشابتر ون مترجم
40 pages
Is7 - User Manual - ModbusTCP - V1.00 - 090113 - EN
No ratings yet
Is7 - User Manual - ModbusTCP - V1.00 - 090113 - EN
17 pages