Hi

I am getting the following error while validating a three-node Windows failover cluster

The Windows Firewall on node XX-XEV-UKW-DB1.xxdevtest.local is not properly configured for 
failover clustering. In particular, the 'Domain' firewall profile is enabled on 
adapter 'XX-XEV-UKW-DB1.xxdevtest.local - Ethernet 2'. 
The 'Failover Clusters' rule group is not enabled in firewall profile 'Domain'. 
This may prevent some network communication between cluster nodes.

I am still getting the even with firewall disabled. How can I resolve it

Thanks

Hi,

I've a Windows Server 2008 R2 file server cluster to which I recently added a new Client Access Point. It's working except that every 24h hours the IP on the DNS record it's changed to the IP of the owner node, and few minutes later, changed back to the IP address assigned to the CAP. I understand why the process occurs every 24h (DNS client registration runs every 24h), but not why or what it's indeed happening.

To put some context, and hints on what I've done wrong: this new name comes from a consolidation DFS (hosted in another server, turned off, DNS records deleted), and before add it as a CAP I tried:
 - Add it as a CNAME record pointing to the (didn't work).
 - Set DisableStrickNameChecking (didn't work).
 - Add a new Service Principal Name (didn't work).

I've then undo all of that, and added the new name as CAP. As I said, it's working except for that issue. I've search in the registry for keys with that name, and the only one that I can find is related to the cluster service (so it's expected).

Any guess, hint? Thanks!

Please don't laugh, but yes, in the year 2019 I'm still running in an environment that does not have DDNS.

Does anyone know of a reference that shows what DNS records must exist to create a SOFS on Windows Server 2016?

TIA

Mike J ( stuck in the year 2000 )

MJ

Hi,

I have configured Self-updating CAU  for 2 Nodes Windows 2012 FO Cluster . I use "Microsoft.HotfixPlugin" of using insatall hotfix at cluster nodes. 

  In my Lab, 3 Windows 2012 Servers -  1 AD & 2 are Cluster Nodes(W2016-N1 & W2016-N2). Shared folder at AD server (BLUEAD01 - 10.10.10.10) with "Full Permission" for Cluster Administrator  (User Name : Cluadmin - both nodes are loginto Blue.Local\Cluadmin user) . I am suspecting the issue is related with WUSA & having some conflict with security patch with extension *.msu.

Please check attached snap. If you have any way out, please let me know.

-Suddhaman

Hi,

I got the following error when I have created the Cluster. All validation tests are passed and Cluster nodes (Windows Server 2016 core) are updated.

d

Any help would be appreciated.

Thanks

Hello Experts,

I have Windows Server 2016 installed on both my nodes, which is part of a failover cluster. I am running a VB Script role for High Availability of my application. My VB script <g class="gr_ gr_233 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del" data-gr-id="233" id="233">inturn</g> calls a PowerShell Script which reads an <g class="gr_ gr_296 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="296" id="296">xml</g> file which stores encrypted username and password of our application. Below is the command which is used to generate the <g class="gr_ gr_574 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="574" id="574">xml</g> file with credentials. Now since the below command is run using the Domain User (as I was logged in using the domain user). This file can be read only by the domain user.

So whenever my VB script which is running in failover cluster generic script role, calls my Powershell script within to read the above file using below command:

$credential = Import-CliXml -Path "C:\My\Secrets\myCred.xml" 

The cluster is unable to file the file to read it and extract the credentials.

My requirement is simple, to run the cluster service also with the same Domain user so that the <g class="gr_ gr_1427 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="1427" id="1427">xml</g> is accessible and read via failover cluster generic script role.

Also is there a way I can call the ps1 script using the domain account from the Generic script (VB script)?

Hope this makes sense!! Thanks in advance!!

Generic Script Role (VB Script:)

PowerShell Script (StartCommPoints.ps1):

$credential = Import-CliXml -Path "C:\Program Files (x86)\Philips\IBE\IBEInstaller\HighAvailability\Scripts\rhapsody.xml" 

$cred =New-Object System.Management.Automation.PSCredential  ($credential.UserName, $credential.Password)

Whenever I try changing Log on for Cluster Service I get below error. I made sure the domain user has all the required permissions.

'The Cluster Service service failed to start due to the following error:  A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.'

Please Help!!!

Thanks,

Surabhi

Surabhi

I have just finished updating our cluster nodes from Windows server 2016 to 2019.

On 2 of our clusters there were no issues, but on a 3rd I am having the following issue.

When O go to update the functional level, I get this.

Update-ClusterFunctionalLevel : You do not have administrative privileges on the cluster.

I am a domain admin, in the local admins group on each node, and have full cluster access.

I can run any other administrative powershell cluster command without issue, and can fully admin via the GUI, but running the command Update-ClusterFunctionalLevel gives the no privileges error.

If I ask my other admin to run it, he gets the same.

If I create a net new AD account, assign it local admin on each node, and grant-cluster access full  , that account also get it.

I opened a MS support ticket, but after 10 days I have still yet to get a call back. I even called back in (Sev-B = 4 hours...) and they said, yes I am still in the queue - wth....)

Anyway, I am assuming it is likely a bad registry entry, or something messed up on an AD object perhaps, but not sure where to look.

I currently have a dell VRTX running two blades (server 2012r2 on each).  The blades are setup for failover clustering and are sharing storage.  I have hyper-v installed on the vrtx.  I'm  quickly running out of storage and need to add some new hard drives into the shared storage.  I've been told that this will "break" my cluster and I will have to rebuild everything from scratch.  

Can anyone give me some insight on this?  I was hoping it would be as easy as popping the new drives in and allocating them to the shared storage.  Thanks in advance.

I have a Windows Server 2012 r2 cluster set up with 3 nodes.

2 nodes, vm3 and vm5, have no issues acting as owner of any role, including the CSV volumes, Quorum Disk Witness, and the individual VMs.  

1 node, vm1, has no issues owning any of the individual VM roles, one of the CSV volumes (high-speed-lun), or the Quorum Disk Witness.  However, if vm1 is set as the owner of LUN_1 or LUN_2, any of the VMs that have their OS vhd(x) file hosted on those LUNS and are not owned by vm1, fail and can't be restarted. 

The VMs that 

• a) are owned by vm1 and have their os vhd(x) files on the a LUN that is owned by vm1 or,
• b) are owned by any vm host and have their os vhd(x) files on the "high-speed-lun" no matter what node owns "high-speed-lun"

are not affected and have no issues booting or running.  It does not matter if LUN/CSV ownership fails over automatically, or if I manually change the owner node to vm1, any running VM that does not fit one of the above 2 descriptions will immediately die and not be able to restart.

Some scenarios that will hopefully clarify this issue a bit:

1. vmguest1 and vmguest2 are hosted on vm1 node and their os storage is located on LUN_2, which is owned by vm5 node. this is not a problem and everything works.  also no issues if this is reversed.
2. vmguest1 is owned by vm1 and vmguest2 is owned by vm3 node and their os storage is located on "high-speed-lun", which is owned by vm1 node.  This is not a problem and everything works.
3. vmguest1 is owned by vm1 and vmguest2 is owned by vm3 node, with both os storage located on LUN_1, which is owned by vm1 node.  vmguest1 will be fine, while vmguest2 will fail to run/start.

When this issue occurs, I see the following errors in the Cluster Events/Event Viewer:

• Error, Event ID 1069 "Cluster resource 'Virtual Machine vmguest1' of type 'Virtual Machine' in clustered role 'vmguest1' failed. The error code was '0x780' ('The file cannot be accessed by the system.').
• Error, Event Id 1205 "The Cluster service failed to bring clustered role 'vmguest1' completely online or offline. One or more resources may be in a failed state. This may impact the availability of the clustered role."

I know this is a lot of info, just trying to give as clear of an outline of the issues I'm seeing as possible up front.

Any thoughts anyone has to help get this all cleaned up would be greatly appreciated.

In the interest of reducing questions about the cluster setup/environment, I'm going to try and get all of the potentially relevant info here in one fell swoop below.

Node info ("vm1", "vm3", "vm5"):

• all 3 nodes are running 2012 r2,
• all have the same updates [verified by cluster validation],
• 2x xeon e5-2430l hex-core, 64gb memory,
• 2x onboard nics teamed for cluster comms,
• 2x onboard nics teamed and assigned to hyper-v switch,
• 4x nics on individual subnets for communication with SAN
• only known physical difference between the nodes is that vm1 has it's OS drive set up as a 2-disk 558GB RAID1, while vm3/vm5 have their OS drives set up as 4-disk 1.1tb RAID10.
• all AD Joined with 3 DCs in 2 locations, 2 remote in the satellite office, 1 in the dc local to this cluster on separate hardware.  All AD tests/replication/etc have been tested and are, to the best of my knowledge, working properly.

Storage hardware ("dcsan"):

• Dell MD3200i with dual controllers
• each controller has 4 nics that are set up on individual subnets to match how the server nics are configured
• One disk group set up as RAID10 across 8 physical 2tb, 7.2k rpm drives, with 7,430 gb total storage available ("Disk Group 0")
• One disk group set up as RAID5 across 4 physical 600gb, 15k rpm drives, with 1,660 gb total storage available ("Disk Group 2")
• MPIO is configured on each server node

Dell MDSM host mappings (see screenshot, actual host names changed for security):

The LUNs are available in Storage->Disks on each node as follows (LUN name in screenshot above, LUN Size, disk group, assigned to, Disk Number):

1.     High-Speed-lun (HighSpeed1, 1.6 tb, Disk Group 2, Cluster Shared Volume, 4)
2.     LUN_1 (Lun_1, 3.5tb, Disk Group 1, Cluster Shared Volume, 3)
3.     LUN_2 (LUN_2, 3.5tb, Disk Group 1, Cluster Shared Volume, 3)
4.     Quorum Witness (Cluster_Quorum, 520 mb, Disk Group 1, Disk Witness in Quorum, 1)

Cluster Roles:

    approx 20-25 guest vms, majority running 2012 r2, with a few running ubuntu (14.04-18.04 os)

Hello Experts,

I have Windows Server 2016 installed on both my nodes, which is part of a failover cluster. I am running a VB Script role for High Availability of my application. My VB script calls a PowerShell Script which reads an XML file which stores encrypted username and password of our application. Below is the command which is used to generate the XML file with credentials. Now since the below command is run using the Domain User (as I was logged in using the domain user). This file can be read only by the domain user.

$credential = Get-Credential
$credential | Export-CliXml -Path "C:\My\Secrets\myCred.xml" 
So whenever my VB script which is running in failover cluster generic script role, calls my Powershell script within to read the above file using below command:

$credential = Import-CliXml -Path "C:\My\Secrets\myCred.xml" 

The cluster is unable to file the file to read it and extract the credentials.

My requirement is simple, to run the cluster service also with the same Domain user so that the XML is accessible and read via failover cluster generic script role.

Also is there a way I can call the ps1 script using the domain account from the Generic script (VB script)?

Hope this makes sense!! Thanks in advance!!

Generic Script Role (VB Script:)
Function Online( )
    PScmd = "powershell.exe -executionpolicy bypass -file " & ROOTFOLDERPATH & "\" & "StartCommPoints.ps1"
    Dim WshShell
    Set WshShell = CreateObject("WScript.Shell")
    rv = WshShell.Run(PScmd, , True)
    Dim http
    Set http = wGet( "update&online" & SERVICE  )
    Online = 0
End Function

PowerShell Script (StartCommPoints.ps1):
$credential = Import-CliXml -Path "C:\Program Files (x86)\Philips\IBE\IBEInstaller\HighAvailability\Scripts\rhapsody.xml" 
$cred =New-Object System.Management.Automation.PSCredential  ($credential.UserName, $credential.Password)

Whenever I try changing Log on for Cluster Service I get below error. I made sure the domain user has all the required permissions.

'The Cluster Service service failed to start due to the following error:  A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.'

Please Help!!!

Thanks,

Surabhi

Surabhi

Hi

We have an exchange 2007 server running on windows 2008 R2. A spare server recently became available and I have been asked to see if its possible to create a fail over cluster with our existing environment.

I appreciate that we have an un-supported version of exchange and windows but my boss wants to keep costs down so I want to want to see if its possible and if not what version do i need to go to. (Also he has ruled out virtualization)

I think its not possible as purchasing licences for old software could prove difficult.

Any feedback would be greatly appreciated.

Cheers

Colin

Hi all,

I have file cluster setup on Windows Server 2016 environment with 4 nodes. Everything worked fine until now. I am not able to change share permission on one of the roles on all shared folders. The disk is connected via iSCSI and it is assigned to that role. I try with role re-creation, remove the disk and attach again, re-connect iSCSI connection for that disk. I found this topic, the guy who had the same issues with file cluster 2012 fix the issue with re-creation of file cluster, is that really necessary?

After few hours of troubleshooting i was able only to find this error in the event viewer:

Microsoft-Windows-FileServices-ServerManager-EventProvider/Operational 

Event ID: 1

Error: ERROR: Task 'example.ex.amp.le-Folder-SmbShareUpdate-4182a3a9-ecbe-4af6-96e7-12e7a1d1da36' has failed: Microsoft.FileServer.Management.Plugin.FSACException: Error occurred while updating an SMB share: The cluster resource could not be found.  ---> Microsoft.Management.Infrastructure.CimException: The cluster resource could not be found.
   at Microsoft.Management.Infrastructure.Internal.Operations.CimSyncEnumeratorBase`1.MoveNext()
   at System.Linq.Enumerable.SingleOrDefault[TSource](IEnumerable`1 source)
   at Microsoft.FileServer.Management.Plugin.Services.FSCimSession.ModifyInstance(ICimInstance instance)
   at Microsoft.FileServer.Management.Plugin.Providers.WmiUpdateTaskBase.DoWork(Object sender, DoWorkEventArgs e)
   --- End of inner exception stack trace ---
   at Microsoft.FileServer.Management.Plugin.Providers.WmiUpdateTaskBase.DoWork(Object sender, DoWorkEventArgs e)
   at System.ComponentModel.BackgroundWorker.OnDoWork(DoWorkEventArgs e)
   at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)

Microsoft-Windows-FileServices-ServerManager-EventProvider/Operational

Event ID: 0

Exception: Caught exception Microsoft.Management.Infrastructure.CimException: The cluster resource could not be found.
   at Microsoft.Management.Infrastructure.Internal.Operations.CimSyncEnumeratorBase`1.MoveNext()
   at System.Linq.Enumerable.SingleOrDefault[TSource](IEnumerable`1 source)
   at Microsoft.FileServer.Management.Plugin.Services.FSCimSession.ModifyInstance(ICimInstance instance)
   at Microsoft.FileServer.Management.Plugin.Providers.WmiUpdateTaskBase.DoWork(Object sender, DoWorkEventArgs e)

This is the error in the file cluster management console:

Hi,

Server connected with local hard disks which has data about 5 TB. No SAN Attached. 

We need to move the data to different location. We cant ship the server. 

Dont want to do via ROBOCOPY. 

Please let me know other possibilities 

I am not a server expert here, but I am a general admin, so I'll try to keep up ;) I know that versions of this question have been asked, but the answers vary. Hypothetically, I have a server, with a 1TB OS drive, and a 10TB data drive. We are going to run SQL and a proprietary application that keeps the Database updated. We want to make this a highly available server, so we have an identical server that we want to use (along with the first one) to create a two node cluster. 

From what I am reading, there are people saying that I cannot create a cluster using servers with local storage, and must use a SAN or NAS, others are saying yes I can. But there is no definitive answer I've found, and I do not want to spend the money to go from hypothetical to reality, if it can't be done.

The problem with a shared storage like NAS, is that it creates a single point of failure. If the NAS fails (power failure, board failure, fire, etc.), then the Database server cluster fails, and that defeats the whole point of the cluster. Clustering is all about eliminating single points of failure, so NAS is not the solution. SAN seems to me like clustered storage, and makes me wonder why I can't just eliminate the complication of the extra hardware, and utilize the two perfectly good arrays I already have in the existing nodes I'm clustering. A SAN in this case just seems like redundant overkill, and a waste of money. I already have the high availability of the two server cluster, and their identical internal storage arrays, with all the storage I need. Why can't I use them? 

Is there a way to cluster two servers, with their own locally attached storage? For example, can I take server A with a C: and a locally attached (eg internally configured RAID array) D: drive, and make server B (configured identically) work in a cluster with server A? And can it be made to work with the OS on C:, and the database on the internal D:, without a NAS or a SAN?

Go...

Building out a File server CLuster.

1.I currently have a NIC team to be used for file host

2. I have 2 sep NICs for ISCSI.

Should i create another team and use that as cluster only and potentially just IPV6 or is it best practice to just have the first NIC team as cluster and client and heartbeat will just go through that?

We have three Node N-1, N-2, N-3. I drain role from N-2 and there10 VM's Moved out of 14. 4 VM are not moving getting error . Tried to move manually but the error same. Please assists All the Node in are WIN-2012 R2

Error Message : "operation did not complete on resource virtual machine live migration"