# How to share the Primary and Secondary OpManager folders with each other for failover configuration?

The information between the primary and secondary instances are synced periodically. Failover support for OpManager is necessary to achieve uninterrupted service in case of server failure. It has a primary and secondary server, and if the Primary server fails, the Standby server automatically starts monitoring the network.

- **Windows Installations**
  - [Same domain](#same-domain)
  - [Different domains](#different-domains)
  - [Workgroup domain](#workgroup-domain)
- [Linux installations](https://manageengine.com/network-monitoring/help/filesharing-failover-linux.html)
- [User privilege](#user-privilege)
- [Possible Reasons for File Synchronization Failure](#possible-reasons-for-file-synchronization-failure)

## Same domain

### Steps to share primary and secondary OpManager folders with each other in same domain

- Go to the **<OpManagerHome>** directory on the primary or secondary server.
- Right-click on the OpManager folder and select **Properties**.
- Navigate to the **Sharing** tab and click on **Advanced Sharing**.
- Enable **'Share this folder'** and set the share name as follows, depending on the OpManager edition:

| OpManager Edition | Component | Share Name |
|---|---|---|
| Standalone / Professional |  | OpManager |
| Enterprise | Central | OpManagerCentral |
| Enterprise | Probe | OpManagerProbe |
| OpManager Nexus (Enterprise) | Central | OpManagerPlus_Central |
| OpManager Nexus (Enterprise) | Probe | OpManagerPlus_Probe |
| OpManager MSP | Central | OpManager_MSP_Central |
| OpManager MSP | Probe | OpManager_MSP_Probe |

**Note:** The Share Name must match the OpManager Home Path folder name exactly.

![To share the primary and secondary folders with each other for failover configuration in OpManager: Same domain - Share the folder through advanced sharing](https://www.manageengine.com/network-monitoring/help/images/same-domain.png)

- Click on **Permissions**.
- In the Share Permissions window, click **Add**.
- Click **Object Types** and enable both **Computers** and **Users**.
- Select the server name and the user name, then click **Check Names** and **OK**.
- Back in the **Permissions** window, select the added entries and enable **Full Control** (it will automatically select Change and Read).
- Click **Apply** and **OK** to close the dialogs.
- Go to the **Security** tab in the folder’s Properties window:
  - Click **Edit**, then click **Add**.
  - In the object types, enable **Computers** and **Users**.
  - Select the correct server name and user.
  - Grant **Full Control** or **Modify** permissions.
  - Click **Apply** and **OK**.
- If using a specific user to run the OpManager service, ensure that user has Backup and Restore rights by following the steps [here](#user-privilege).

![To share the primary and secondary folders with each other for failover configuration in OpManager: Same domain - Modify permissions under security tab](https://www.manageengine.com/network-monitoring/help/images/same-domain-2.png)

## Different domains

### Steps to share primary and secondary OpManager folders with each other in different domains

To allow seamless sharing between the primary and secondary OpManager servers, the folders must be properly shared with the right permissions. If the servers are in different domains, establishing a two-way domain trust will enable them to function as if they are in the same domain.

#### 1. Configure two-way domain trust

Setting up a two-way trust between the domains of the primary and secondary servers enables cross-domain authentication, making them recognize each other as if they belong to the same domain.

Refer to the official Microsoft documentation [here](https://learn.microsoft.com/en-us/entra/identity/domain-services/tutorial-create-forest-trust#create-a-two-way-forest-trust-in-the-on-premises-domain).

#### 2. Share the `<OpManagerHome>` folder

Once the domain trust is configured, the servers effectively function as if they are in the same domain. Follow these steps to share the OpManager folder:

- Go to the **<OpManagerHome>** directory on the primary or secondary server.
- Right-click on the OpManager folder and select **Properties**.
- Navigate to the **Sharing** tab and click on **Advanced Sharing**.
- Enable **'Share this folder'** and set the share name as follows, depending on the OpManager edition:

| OpManager Edition | Component | Share Name |
|---|---|---|
| Standalone / Professional |  | OpManager |
| Enterprise | Central | OpManagerCentral |
| Enterprise | Probe | OpManagerProbe |
| OpManager Nexus (Enterprise) | Central | OpManagerPlus_Central |
| OpManager Nexus (Enterprise) | Probe | OpManagerPlus_Probe |
| OpManager MSP | Central | OpManager_MSP_Central |
| OpManager MSP | Probe | OpManager_MSP_Probe |

**Note:** The Share Name must match the OpManager Home Path folder name exactly.

- Click on **Permissions**.
- In the Share Permissions window, click **Add**.

![To share the primary and secondary folders with each other for failover configuration in OpManager: Different domain - Share the folder through advanced sharing](https://www.manageengine.com/network-monitoring/help/images/diff-domains-1.png)

- Click **Object Types** and enable both **Computers** and **Users**.
- Click **Locations** next, and select the domain where the other server (primary or secondary) is located.
- Select the server name and the user name, then click **Check Names** and **OK**.
- Back in the **Permissions** window, select the added entries and enable **Full Control** (it will automatically select Change and Read).
- Click **Apply** and **OK** to close the dialogs.
- Go to the **Security** tab in the folder’s Properties window:
  - Click **Edit**, then click **Add**.
  - In the object types, enable **Computers** and **Users**.
  - Select the correct server name and user.
  - Grant **Full Control** or **Modify** permissions.
  - Click **Apply** and **OK**.
- If using a specific user to run the OpManager service, ensure that user has Backup and Restore rights by following the steps [here](#user-privilege).

![To share the primary and secondary folders with each other for failover configuration in OpManager: Different domain - Modify permissions under security tab](https://www.manageengine.com/network-monitoring/help/images/diff-domains-2.png)

#### 3. Verify accessibility

Test folder access from both servers:

- Press **Win + R** to open the Run dialog.
- Enter the shared folder path:
  - **\\<Primary_Server>\<OpManagerHome>** from the Secondary server.
  - **\\<Secondary_Server>\<OpManagerHome>** from the Primary server.
- Ensure that the folder opens and you have both **read** and **write** access.

## Workgroup domain

### Steps to share primary and secondary OpManager folders with each other in workgroup machines

#### 1. Share the OpManagerHome folder on both the servers

1. Go to the **<OpManagerHome>** directory on the Primary and Secondary servers.
2. Right-click on the **<OpManagerHome>** folder and select:
   - **Properties → Sharing → Advanced Sharing**.
3. Enable **'Share this folder'** and set the share name as follows, depending on the OpManager edition:

| OpManager Edition | Component | Share Name |
|---|---|---|
| Standalone / Professional |  | OpManager |
| Enterprise | Central | OpManagerCentral |
| Enterprise | Probe | OpManagerProbe |
| OpManager Nexus (Enterprise) | Central | OpManagerPlus_Central |
| OpManager Nexus (Enterprise) | Probe | OpManagerPlus_Probe |
| OpManager MSP | Central | OpManager_MSP_Central |
| OpManager MSP | Probe | OpManager_MSP_Probe |

**Note:** The Share Name must match the OpManager Home Path folder name exactly.

4. Click on **Permissions**, select **Everyone**, and allow **Full Control**.
5. Click **Apply** and **OK**.

**Note:**

- Sharing folders and ensuring proper authentication is mandatory in workgroup environments. Authentication must be configured using Windows Credential Manager, and the Log On user for the OpManager service must match the credentials added.
- Sharing with **'Everyone'** is still safe in a workgroup domain-based setup, because the other server must still authenticate using proper credentials stored in Windows Credential Manager. Without valid credentials, access will be denied.

#### 2. Add credentials in Windows Credential Manager

1. Open **Windows Credential Manager** on the Primary/Secondary servers.
2. Add a **Windows Credential** of the Primary in the Secondary server, and vice versa for the Primary server:
   - Provide the username and password of a valid user account on the other machine.
3. Save the credentials.

#### 3. Update the Log On User for the OpManager service

1. Open **Services** (Run `services.msc`) on both servers.
2. Locate the **OpManager** service.
3. Right-click and select:
   - **Properties → Log On** tab.
4. Choose **'This account'** and provide the same username and password added in Windows Credential Manager.
5. Click **Apply** and restart the service.

#### 4. Verify Windows Credential Manager functionality

1. Test folder access using the credentials configured in Windows Credential Manager from both the Primary and Secondary servers.
2. Open **Run** (Win + R) and enter the shared folder path:
   - `\\<Primary or Secondary server>\<OpManagerHomePath>`
   - Example: `\\opm-1\OpManager` from the Primary server and `\\opm-2\OpManager` from the Secondary server.
3. Ensure that the folder opens without prompting for additional credentials and verify that you have read and write access.
4. If prompted for credentials or if access fails:
   - Re-check the username and password entered in Credential Manager.
   - Confirm that the shared folder permissions are set correctly.

**Note:**

- Add valid credentials in Windows Credential Manager on both servers for authentication.
- Ensure the Log On user for the OpManager service matches the credentials added in Windows Credential Manager.
- Proper folder sharing and permissions (with Everyone) must be configured for seamless access.

## User privilege

When a user tries to log on as a specific user in a service, the user should be given backup and restore rights.

![To share the primary and secondary folders with each other for failover configuration in OpManager: User privilege - backup and restore rights](https://www.manageengine.com/network-monitoring/faq/images/UserPrivilege1.png)

To provide the user backup and restore rights, please add the user in the **Back up files and directories**, and **Restore files and directories** as done below.

### To add the User in Backup files and directories

Go to:

Local Security Policy → Security settings → Local Policies → User Rights Assignment → Back up files and directories

Add the Logon user (DomainName\TestFailover).

![To share the primary and secondary folders with each other for failover configuration in OpManager: To add the User in Backup files and directories](https://www.manageengine.com/network-monitoring/faq/images/UserPrivilege2.png)

### To add the User in Restore files and directories

Go to:

Local Security Policy → Security settings → Local Policies → User Rights Assignment → Restore files and directories

Add the Logon user (DomainName\TestFailover).

![To share the primary and secondary folders with each other for failover configuration in OpManager: To add the User in Restore files and directories](https://www.manageengine.com/network-monitoring/faq/images/UserPrivilege3.png)

## Possible reasons for file synchronization failure

File synchronization between primary and secondary servers can fail due to configuration errors, permission issues, or network connectivity problems. To resolve this, ensure that both servers are properly configured, have the necessary permissions, and can communicate effectively over the network.

### For Windows

1. Verify that the Windows share name matches the **<OpManagerHomePath>**. For example:
   - For Essential Setup: `\\PEER_SERVER_HOST\OpManager`
   - For Enterprise Central Setup: `\\PEER_SERVER_HOST\OpManagerCentral`
2. Confirm that all required steps for Windows sharing are correctly implemented.
3. Check network accessibility:
   - Access the peer server **<OpManagerHomePath>** from the current server using the network path.
   - Ensure you have **read** and **write** permissions for the shared folder.
4. Validate credentials:
   - Verify that the credentials stored in Windows Credential Manager are correct and have the required permissions (applicable only for the Old Model Failover setup).

### For Linux

1. Ensure SSH authentication is configured correctly: Follow the steps detailed here: https://manageengine.com/network-monitoring/help/filesharing-failover-linux.html#setup
2. Test password-less SSH access:
   - Use the command: `ssh <PRIMARY_HOST_NAME>` from the secondary server and vice versa to confirm SSH functionality.
3. Check network connectivity between the servers:
   - Use tools like `ping` or `telnet` to verify the connection.

If the issue persists, please contact support and provide logs from both the primary and secondary servers for further assistance.