High Availability Considerations

The Adaptive Server 15.0.2 password security changes affect High Availability (HA).

HA configuration

The primary and companion servers must have equivalent “allow password downgrade” values before they are configured for HA. A new quorum attribute “allow password downgrade” has been added to check whether the value of “allow password downgrade” is same on both primary and secondary servers. This HA advisory check succeeds when the value for the quorum attribute is the same, and HA advisory check fails when the values are different.

Changed password behavior in syslogins with HA

After upgrading to Adaptive Server 15.0.2 and successful configuring HA, on the first connection to the primary server, the password of the user login is updated on both the primary and companion servers. This synchronizes the login password on primary and companion with the same on-disk encryption format. This is done to avoid password reset or locking when the “allow password downgrade” period ends as described in sp_passwordpolicy and with password downgrade to earlier Adaptive Server 15.0 versions with sp_downgrade. By synchronizing the password encryption format, the login passwords can continue to be used without being reset or locked by sp_passwordpolicy or sp_downgrade.