none
Windows 2012 Cluster without Hyper-V

    Pergunta

  • Recently I created a windows 2012 cluster.  I have two servers, both connected to a single SAN, three NICs from each server (team together) is connected as data, and one NIC from each server is connected to each other as "heartbeat".  I created the cluster with no problem, but when I run validation test, I get a CSV warning:

    Failed to validate Server Message Block (SMB) share access through the IP
    address of the fault tolerant network driver for failover clustering (NetFT).
    The connection was attempted with the Cluster Shared Volumes test user account,
    from node server1.somedomain.net to the share on node server2.somedomain.net.
    Access is denied.

    I have disabled the IP v6 on the "Microsoft Failover Cluster Virtual Adapter", so I only have IP v4 enable.  I don't have a switch with IPv6 ready, which is why I disable it.  The IP of the Failover Cluster Virtual adapter is as follow:

         Server1: 169.254.1.100

         Server2: 169.254.2.151

    I get a directory listing when I run "dir \\169.254.1.100\c$" from server2 and vice versa.  So I know that I have access.  However, the validation test is telling me that I don't have access from both servers.

    The firewall on both servers are OFF at this time.

    In that warning message, it stated something about "test user account", I am not sure what account it is using.  I see a "CLIUSR" account on each server after creating the cluster.  I made sure that the CLIUSR's password on both servers is the same.

    So I am not sure what else that I need to check.  Anyone with any suggestions?  This warning is currently causing me problem when I try to proceed with my SQL install.  Thank you in advance for your assistance.


    • Editado SeanSuHouston quinta-feira, 7 de fevereiro de 2013 09:48
    quinta-feira, 7 de fevereiro de 2013 03:03

Respostas

  • You say you have three NICs teamed for accessing storage.  Microsoft does not support teaming iSCSI connections.  Instead, you should have two NICs in an MPIO configuration.

    I am guessing your 'heartbeat' network is carrying cluster communication.  You should always have at least two network paths for carrying cluster communications, either by teaming the network carrying cluster communication, or assigning cluster communication to a teamed network.

    I have never had to disable IPv6 in a cluster.  In fact, the cluster will use it when it is there.  If you have 169.254 addresses in your environment, it means that you have not configured your network properly.  By default, networks are configured for DHCP.  If you do not have a DHCP server on the network segment, you will received an APIPA address, which cannot be used by clustering.  You need to either get a valid DHCP service on the network, or assign static IP address.

    Installing the cluster service will properly set the firewall rules.

    BTW, there is a clustering forum http://social.technet.microsoft.com/Forums/en-US/winserverClustering/threads


    .:|:.:|:. tim


    quinta-feira, 7 de fevereiro de 2013 20:53

Todas as Respostas

  • You say you have three NICs teamed for accessing storage.  Microsoft does not support teaming iSCSI connections.  Instead, you should have two NICs in an MPIO configuration.

    I am guessing your 'heartbeat' network is carrying cluster communication.  You should always have at least two network paths for carrying cluster communications, either by teaming the network carrying cluster communication, or assigning cluster communication to a teamed network.

    I have never had to disable IPv6 in a cluster.  In fact, the cluster will use it when it is there.  If you have 169.254 addresses in your environment, it means that you have not configured your network properly.  By default, networks are configured for DHCP.  If you do not have a DHCP server on the network segment, you will received an APIPA address, which cannot be used by clustering.  You need to either get a valid DHCP service on the network, or assign static IP address.

    Installing the cluster service will properly set the firewall rules.

    BTW, there is a clustering forum http://social.technet.microsoft.com/Forums/en-US/winserverClustering/threads


    .:|:.:|:. tim


    quinta-feira, 7 de fevereiro de 2013 20:53
  • Hi Tim,

    The 3 team NIC is for data network (public).  My storage is connected thru FC.  As for the heartbeat, I setup using the 4th NIC that connect directly from one server to the other.

    I guess you are saying that I need to sign an IP even on the "Cluster Failover Adapter"?  Since I don't have DHCP on that subnet and the adapter does not show up, how can I statically assign an IP address.

    I know that installing the cluster will set the firewall rules, but I put it in there just in case someone said that my problem with the firewall.  So I just want to take that out of the equation.

    Thanks for the link and I'll check it out.

    sexta-feira, 8 de fevereiro de 2013 16:45
  • Okay, your teminology was confusing me.  If by "data network (public)", you mean that those are the networks that are going to be used to access the services of the cluster, that is generally referred to as the client network.  In the configuration of the networks, that is the checkbox that states "Allow clients to connect through this network".  Also, the 'heartbeat' network is the cluster communication network.  In the setup, it is the selection "Allow cluster communication on this network". And, as noted earlier, it is highly recommened to have cluster communications on more than one network.  If you only have it on a single dedicated link, you have a single point of failure.

    " I setup using the 4th NIC that connect directly from one server to the other"   This is not a good practice.  If you ever decide to make the cluster greater than two nodes, you have to rewire.  The other thing that could be you don't have a cross-over cable for connecting the systems.  If you have a regular network cable, it might not be communicating correctly.

    Use the Network Connections control panel to find your NICs and change the properties to assign static IP configuration information.


    .:|:.:|:. tim

    sexta-feira, 8 de fevereiro de 2013 21:25
  • Sorry for my wrong terminilogy.  I have everything cabled and configured the way you said it.  I know that the direct connect between two NICs limit me from having only two nodes.  However, it is quicker at this time, also, I only have these two servers for now.  By the way, I can ping to/from both servers, so I know the connections are good.

    Apparently I can attach picture.  Here is my configuration:

         Cluster Client Network - "Allow cluster network communication on this network" is selected, also "Allow clients to connect through this network" checkbox is check.

          Cluster Heartbeat - "Allow cluster network communication on this network" is selected, all others are uncheck.

    As for assigning the static IP, the "Microsoft Failover Cluster Virtual Adapter" does not show up in "change adapter setting".  It shows in the IPCONFIG /ALL.  I find a tool (nvspbind) that I'll try to change the IP.

    Thanks.

    sexta-feira, 8 de fevereiro de 2013 23:23
  • By the way, even with 169.254.x.x address, I can access the servers.  Say if I am on server 1 (169.254.1.100) and I do "dir \\169.254.2.151\c$", I get the listing of the C drive out of server 2.  And when I do "dir \\169.254.1.100\c$" from the second server, I also get a listing result of server 1.  So, I think the connection is there.  I think the denied access is from the "test user account", which I am not sure which account it is using.

    Thanks.

    sexta-feira, 8 de fevereiro de 2013 23:38