Infrastructure & Storage - Knowledge Transfer
Epic on Azure Knowledge Transfer Infrastructure and Storage
Knowledge transfer sessions were conducted with the Optum stakeholders who are identified as owners for Infra and Storage operations.
- The recordings for the infra KT sessions are available here
- The recordings for the storage KT sessions are available here
DNS Update for ANF SMB Server & Alias
Whenever a new volume is provisioned under an ANF account, the SMB server does not resolve a reverse lookup, resulting in failure to create a PTR (Pointer) record in the Reverse Lookup Zone of a DNS server.
Procedure for Submitting DNS Changes
- Change Template:
CHG0670076(Pre-approved DNS change template) - DNS Team Contacts:
- Syed, Faiq M – [email protected]
- Sajjad, Laeeq – [email protected]
- Instructions on the HUB: https://hubconnect.uhg.com/docs/DOC-210596
ServiceNow Steps
- Go to Change – Create New
- Set Type of Change =
Pre-approved - Enter Change ID:
CHG0670076 - Add the following Configuration Items (CIs):
NS0-1NS13-1
- Set Start Time for changes after 1900 CST
- Attach the DNS update template to the CTASK/Change request
DNS Update Instructions
-
Update the SMB server with a PTR record to correct reverse lookup resolution (You can explicitly guide the assigned engineer on this)
-
Create a new alias name for the A Record
Validation
After the change is completed:
-
Open Command Prompt
-
Run the following commands to validate DNS resolution:
nslookup [alias] nslookup [SMB server name]
Ensure both resolve correctly as per requirements.
| Request Type | Current Host Name | New Host Name | Domain | IP Address | Alias FQDN | Subnet IP Address | Requester Name | Requester Phone | Requester Email Address | Owner Name | Owner Phone | Owner Email Address | Owner Business Unit | Required Date and Time | Device Description and Comments |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| New IP Address | zewranofc-f41e7.ms.ds.uhc.com | ms.ds.uhc.com | 10.153.15.12 | zewfnpambu.ms.ds.uhc.com | Liviu Brezaei | [email protected] | Liviu Brezaei | [email protected] | Create/update A record for this Host for a PTR record... So that reverse lookup works |
Once the change is completed go to cmd prompt and do nslookup for the alias and the SMB server to validate it is resolving as per requirements.
SPN Setup and Deletion for MS and MSNONPROD Domains
Step 1: Login Requirements
- Login to a Windows host in the MS or MSNONPROD domain.
- Use an account with delegated rights to Write servicePrincipalName permission.
- The account must be a domain user with appropriate permissions.
Step 2: Setting Up SPNs
Examples for MS Domain
| DNS Alias | SPN Options | AD Domain | NetBIOS | AD Object | Command to Create SPN Entry | Command to List SPNs |
|---|---|---|---|---|---|---|
| zwefprtechnical | -F -S HOST/ | .ms.ds.uhc.com | ms\ | zewpanfc-872b | setspn -F -S HOST/zwefprtechnical.ms.ds.uhc.com ms\zewpanfc-872b | setspn -l zewpanfc-872b |
| zwefprtechnical | -F -S HOST/ | ms\ | zewpanfc-872b | setspn -F -S HOST/zwefprtechnical ms\zewpanfc-872b | setspn -l zewpanfc-872b | |
| zwefprambuprc | -F -S HOST/ | .ms.ds.uhc.com | ms\ | zewpanfc-872b | setspn -F -S HOST/zwefprambuprc.ms.ds.uhc.com ms\zewpanfc-872b | setspn -l zewpanfc-872b |
| zwefprambuprc | -F -S HOST/ | ms\ | zewpanfc-872b | setspn -F -S HOST/zwefprambuprc ms\zewpanfc-872b | setspn -l zewpanfc-872b | |
| zwefprwbsbca | -F -S HOST/ | .ms.ds.uhc.com | ms\ | zewpanfc-872b | setspn -F -S HOST/zwefprwbsbca.ms.ds.uhc.com ms\zewpanfc-872b | setspn -l zewpanfc-872b |
| zwefprwbsbca | -F -S HOST/ | ms\ | zewpanfc-872b | setspn -F -S HOST/zwefprwbsbca ms\zewpanfc-872b | setspn -l zewpanfc-872b |
Examples for MSNONPROD Domain
| DNS Alias | SPN Options | AD Domain | NetBIOS | AD Object | Command to Create SPN Entry | Command to List SPNs |
|---|---|---|---|---|---|---|
| zwtanfw3a4kuip | -F -S HOST/ | .msnonprod.dsnonprod.uhc.com | msnonprod\ | zwtanfw3-8c7e | setspn -F -S HOST/zwtanfw3a4kuip.msnonprod.dsnonprod.uhc.com msnonprod\\zwtanfw3-8c7e | setspn -l zwtanfw3-8c7e |
| zwtanfw3a4kuip | -F -S HOST/ | msnonprod\ | zwtanfw3-8c7e | setspn -F -S HOST/zwtanfw3a4kuip msnonprod\\zwtanfw3-8c7e | setspn -l zwtanfw3-8c7e | |
| zwtanfw3a4tech | -F -S HOST/ | .msnonprod.dsnonprod.uhc.com | msnonprod\ | zwtanfw3-8c7e | setspn -F -S HOST/zwtanfw3a4tech.msnonprod.dsnonprod.uhc.com msnonprod\\zwtanfw3-8c7e | setspn -l zwtanfw3-8c7e |
| zwtanfw3a4tech | -F -S HOST/ | msnonprod\ | zwtanfw3-8c7e | setspn -F -S HOST/zwtanfw3a4tech msnonprod\\zwtanfw3-8c7e | setspn -l zwtanfw3-8c7e |
Step 3: Deleting SPNs (Only if Required)
Examples for MS Domain
| DNS Alias | SPN Options | AD Domain | NetBIOS | AD Object | Command to Delete SPN Entry | Command to List SPNs |
|---|---|---|---|---|---|---|
| zwnanfw3a4kuip | -D HOST/ | .ms.ds.uhc.com | ms\ | zwnanfw3-5d6f | setspn -D CIFS/zwnanfw3a4kuip.ms.ds.uhc.com ms\zwnanfw3-5d6f | setspn -l zwnanfw3-5d6f |
| zwnanfw3a4kuip | -D HOST/ | ms\ | zwnanfw3-5d6f | setspn -D CIFS/zwnanfw3a4kuip ms\zwnanfw3-5d6f | setspn -l zwnanfw3-5d6f |