1. Home
  2. Docs
  3. LDS Edition Installation Guide
  4. Configure HA Server (Recommended)

Configure HA Server (Recommended)

Celestix recommends the use of additional DigitalPersona LDS Servers to make use of the solution’s built-in load balancing and failover capabilities.

However, each DigitalPersona LDS Server and its associated AD LDS database must reside on a separate machine. Multiple DigitalPersona LDS Servers cannot coexist on the same machine, and an associated database must be on the same machine as the DigitalPersona LDS Server.

To configure an additional DigitalPersona LDS Server for load balancing and failover, follow the steps provided below. This will result in multiple AD LDS instances that are automatically synchronized and load balanced.

It is recommended to have the first AD LDS instance and DigitalPersona LDS Server completely set up following the instructions in the first part of this chapter before creating any additional instances. This is because any additional AD LDS instances require information from the original instance for configuration when joining the configuration set.

For scenarios where separate DigitalPersona LDS Servers are desired that are not synchronized and will not load balance or failover, simply follow the instructions for installation and setup provided in the first part of this chapter.

Add Server roles and features

Before installing DigitalPersona LDS Server, there are a few roles and features that need to be added to the default installation of Windows Server.

To add the required roles and features required by the DigitalPersona LDS Server

  1. In Windows Server, open the Server Manager and select Dashboard.
  2. Under Configure this local server, click Add roles and features.
  3. On the Before you begin page of the Add Roles and Features Wizard, verify that you have completed the prerequisite tasks before continuing. Then click Next.
  4. On the Select installation type page, select Role-based or feature-based installation. Then click Next.
  5. On the Select destination server page, choose Select a server from the server pool. Then click Next.
  6. On the Select server roles page, in addition to the roles selected by default, ensure that the Active Directory Lightweight Directory Services role is included and then click Next.
  7. On the Select features page, in addition to the features selected by default, ensure that the following features are selected and then click Next.Group Policy Management AD DS and AD LDS Tools
  8. The following page simply explains how to create an AD LDS instance, by using the AD LDS Setup Wizard, and how to remove the AD LDS role through the Windows Control Panel. Click Next.
  9. On the Confirm installation selections page, click Install.
  10. The Installation progress page displays a bar indicating the approximate progress of the installation process. Note that you can close the wizard (by clicking the Close (X) button) without interrupting the installation, and open it again to view progress by clicking Notifications and then Task Details in the Server Manager Dashboard Command Bar.
  11. Upon completion of the installation, the wizard will close and the following information will display. An automatic refresh will also be performed.

Set up a replica of an existing AD LDS instance

Once the LDS feature has been installed, you will use the Active Directory Lightweight Directory Services Setup Wizard to install a new AD LDS instance on this machine that is a replica of the existing instance created during the installation of your first DigitalPersona LDS Server.

To set up an AD LDS replica

  1. In the Server Manager Dashboard Command Bar, select Tools. Then select Active Directory Lightweight Directory Services Setup Wizard.
  2. The Active Directory Lightweight Directory Services Setup Wizard displays. Click Next.
  3. On the Setup options page, select A replica of an existing instance. Then click Next. This will create a new AD LDS instance on this machine that uses the configuration and schema pattern from the instance associated with your previously installed DigitalPersona LDS Server.
  4. Enter the name for the instance you are creating. This must be the same name as the original instance that you are replicating. Optionally, enter a description.
  5. Enter the LDAP and SSL port numbers for this The default port numbers for this computer are shown. In most cases, the default port numbers should be accepted.
  6. Enter the Server Name and LDAP port for the Configuration Set that you want to join.
  7. If you do not have the exact Server Name and port, click Select to search for and select the server. You will be asked for your network credentials. Enter the LDAP port that was used in the installation of the original DigitalPersona LDS Once the Configuration Set information has been entered, click Next to continue.
  8. Select an account with administrative credentials for the configuration set.
  9. Select the Application Directory Partitions to copy from the Configuration Set to the selected server.If no Application Directory Partition is shown, this may indicate that the DigitalPersona AD LDS Configuration Wizard was not run on the initial AD LDS instance. Close this wizard, return to the original instance and run the configuration wizard there before continuing.
  10. Specify a location for each type of file associated with this instance of AD LDS.
  11. Specify the user or group that will have administrative privileges for this AD LDS
  12. At the Ready to Install page, click Next.
  13. During the installation, a progress bar is shown along with details about the installation process.
  14. When the AD LDS Setup Wizard has finished the installation, a final dialog displays. Click Finish.
  15. Closing the above dialog leaves the Add Roles and Features Wizard page on the Additional tasks will be running, but you can close this page without interrupting them. You can open the page again by clicking Notifications in the command bar and then Task Details.
  16. Finally, closing the Add Roles and Features page will leave the Server Manager Dashboard on the screen. There will be an error flag in the upper right of the page until the AD LDS replica setup has completed post deployment configuration. To cause the page to refresh, click the Refresh button to the left of the warning flag.

Configuration of the AD LDS Service

DO NOT run the DigitalPersona AD LDS Configuration Wizard when setting up your replica. Configuration and schema information for the replica is automatically set to match the joined unique instance associated with your previous DigitalPersona LDS Server.

Configuring replication frequency and availability

By default, replication of data from one instance to another within a configuration set is set to occur every 180 minutes (3 hours). This time interval is configurable. Additionally specified blocks of time may be designated as available or unavailable for replication in order to limit scheduled replication intervals to certain times of the day (such as after normal business hours).

For instructions on configuring replication frequency and availability, see the following article on Microsoft’s TechNet site: https://technet.microsoft.com/en-us/library/cc731862(v=ws.11).aspx

Install DigitalPersona Server

Before installing DigitalPersona Server, ensure that the computer meets the minimum requirements listed on page 15, and that the Windows AD LDS feature has been added to the Windows Server machine and properly configured. Note that installations of DigitalPersona LDS Server using a replica of the AD LDS instance tied to a properly licensed of DigitalPersona LDS Server do not require an additional license, as the license information is automatically applied as part of the replication process.

To install the DigitalPersona LDS Server

  1. Launch the DigitalPersona LDS Server – InstallShield Wizard by running exe, located in the Server/ DigitalPersona LDS Server folder in your product package. (Or see Command Line installation)
  2. The wizard’s Welcome page displays. Click Next.
  3. Read the License Agreement If you agree with the stated terms, select I accept the license agreement. and click Next.
  4. On the Destination Folder page, accept the default install destination folder, or click Change to install to a different folder. Click Next.
  5. On the Setup type page, choose the type of install you want to perform, Typical or Custom. Then click Next.
  6. The Custom setup allows removing the DigitalPersona Fingerprint Recognition Engine from the installation in progress. This option allows the administrator to separately install a different fingerprint recognitionWARNING: The fingerprint recognition engine installed on the server and on the DigitalPersona client must be the same.
  7. On the Ready to Install the Program page, click Install.
  8. The Installing DigitalPersona LDS Server page displays the progress of the installation.
  9. Upon completion of the wizard, the InstallShield Wizard Completed page displays. Click Finish to close the wizard.

Do not activate a DigitalPersona Server License

When installing a DigitalPersona LDS Server using a replicated AD LDS instance, you do not need to separately license the additional DigitalPersona LDS Server. Licensing information from the original unique AD LDS instance is replicated for any additional DigitalPersona LDS Servers in the same configuration set.

Optionally open the DigitalPersona Authorization Store

In most cases, when configuring additional DigitalPersona LDS Servers for load balancing and failover, you would not need to use the Microsoft Authorization Manager or connect it to the DigitalPersona Authorization Store on the additional servers.

However, the Authorization Manager Snap-in may be added to any new or existing Microsoft Management Console on any computer that is a member of the same domain as the installed DigitalPersona LDS Servers. The Authorization Manager can also be run directly from the command line by entering azman.mmc. A shortcut to the MMC placed on the Start screen or Taskbar provides immediate and convenient access to the Authorization Manager and Authorization Store.

Installation and administration of the Microsoft Authorization Manager Snap-in must be performed by a member of the computer’s local Administrators group.

For instructions on opening the DigitalPersona Authorization Store, see Define the authorization store name)