none
Big problem!!! Cluster fail with virtual domain controller RRS feed

  • Question

  • Hi,

    I'm in big trouble...Yesterday due to big and urgent problem on DNS, I was forced to seize the FMSO from phisic PDC to a second virtual DC that become now a virtual PDC.

    This virtual PDC live in a cluster. Today, due to an electrical problem I shutdown my entire lan :-(

    I could not do otherwise.

    Now, I want to restart my lan starting from first node of cluster to restart my virtual PDC but cluster fail.

    I know that DC isn't active and ther are authentication problem, but I now in a loop...

    Please, any suggestion?

    Thanks in advance.

    Wednesday, May 25, 2016 8:25 PM

Answers

  • As Tim pointed out, with Win2008 R2 you need at least one domain controller on bare metal or on a stand-alone host.  This changed with Win2012... and with current versions this is a fully supported scenario.

    You will need to bring up a single node, then disable the cluster service and clusdisk driver and reboot.  You should then have access to the storage, and be able to copy off the VHD and get the DC running.

    This gets a little complex, you might want to open up a support case and they can get you back up and running.  And I strongly recommend upgrading to Win2012 R2 so that you never have to worry getting in this situation again.

    Thanks!
    Elden

    Wednesday, June 1, 2016 8:00 PM
    Owner

All replies

  • Sorry,

    the server is win 2008 R2, the virtualization aremade by Hyper-v.

    The virtual DC is a win 2008 std.

    I see the cluster volume, but I can't see the folders.

    Wednesday, May 25, 2016 8:32 PM
  • Hi M.Santoni,

    >>...Yesterday due to big and urgent problem on DNS, I was forced to seize the FMSO from phisic PDC to a second virtual DC that become now a virtual PDC.

    The former DC could not be brought online again?

    Is the disk connected using iSCSI?

    If yes, connect from another Hyper-V server, import and run the Virtual PDC.

    Here is a post of the similar issue:

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/fd5c96e3-3974-4fca-ba56-ae6863091640/help-hyperv-with-failover-clustering-has-vm-domain-controller-not-starting-cannot-access?forum=winserverClustering

    Best Regards,

    Leo


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, May 26, 2016 6:36 AM
    Moderator
  • Hi Leo,

    the discs are not iSCSI. The resources are located in a MSA HP via SAS interface (purchased year 2010).

    I see the volumes and they are online, but I can't read the content.

    The VMs are in pending and the filesystem that contain the VMs is online but fail bringing.

    Regards.

    Massimilano.

    Thursday, May 26, 2016 7:56 AM
  • Yes, back in 2008 R2 days it was not supported to host your only DC in a cluster for the very situation that you have run into.

    Can you mount the SAS disk to a standalone server?  This may require some physical cabling in order to mount the SAS disk to another system.  Then you can copy the DC's files off the cluster volume and create a new VM (same DC) on a standalone system.  That will allow you to get your cluster up an running.

    Then, if you still want to have the DC running on the cluster hosts, create a VM on local storage and create it as a non-HA VM.  Configure the settings to always start the VM.  I would also suggest getting at least a second DC deployed in your environment. 


    . : | : . : | : . tim

    Tuesday, May 31, 2016 4:20 PM
  • As Tim pointed out, with Win2008 R2 you need at least one domain controller on bare metal or on a stand-alone host.  This changed with Win2012... and with current versions this is a fully supported scenario.

    You will need to bring up a single node, then disable the cluster service and clusdisk driver and reboot.  You should then have access to the storage, and be able to copy off the VHD and get the DC running.

    This gets a little complex, you might want to open up a support case and they can get you back up and running.  And I strongly recommend upgrading to Win2012 R2 so that you never have to worry getting in this situation again.

    Thanks!
    Elden

    Wednesday, June 1, 2016 8:00 PM
    Owner
  • Hi,

    thanks to Eleden and Leo!

    In order, before stop the cluster I applied seize and moved FSMO from PDC to DC in the cluster. (The particularity is that the PDC not dialogue with DC and the original FSMO remained in this server).

    Aftem many failed attempts to reboot the virtual DC, we have decided to reuse the failed PDC because in this server the DNS are functionally and no many time are passed from the last use. Great! The cluster now is on and the volume are readeble.

    Now we have stopped the PDC and reboot the virtual DC with own FSMO but the DNS not work in any manner... Damn... We create a DC from new virtual PDC to obtain a DNS that run correctly but it don't work because non authenticate correctly with PDC. After trying many tools to debug the problem (all of the list in Microsoft KB for domain debug and many other to debug network) all without success, we decided to stop all new domain structure and reboot the physical PDC.

    Starting from PDc we have recreate a DC, migrate FSMO role to this VM and stopped definitively the physical PDC. Then we have created a new DC on a secondary cluster.

    Now all work fine without any loss of domain data.

    We will use the physical failed server to reinstall a 2012 R2 version and promote at PDC with reise from 2008 to 2012 domain version.

    The lesson is: not install a virtual PDC in a cluster that is in a domain. And if you want to place a DC directly on the node of cluster, install it on all node to prevent fault of cluster.

    Thanks a lot for your support!

    Saturday, June 4, 2016 9:35 AM