none
Windows Clustering with Bitlocker RRS feed

  • Question

  • Hi,

    We are having a problem with Windows cluster(Windows 2012 R2)with encrypted shared storage as follows:

    At the beginning, all shared storage drives were mounted in the Windows cluster and the failover between 2 cluster nodes were always successful.  Later on,  bitlocker encryption was added to the shared storage by the following methods.  

    1) install BitLocker feature in Windows Server on each cluster server
    2) set "AES 256" in "Choose drive encryption method and cipher strength" in group policy ("Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption") on each cluster server

    3) turn on maintenance mode on the clustered disk to be encrypted in failover cluster manager

    4) disable shadow copies on the clustered disk if it is enabled

    5) run powershell

    6) type "manage-bde -on <drive:> -recoverypassword

    7) type "manage-bde <drive:> -protectors -add -sid <clusternode$>

    8) turn on shadow copies of the clustered disk if necessary

    9) turn off maintenance mode of the clustered disk in failover cluster manager

    The Windows cluster with bitlocker encrypted shared disks had been used for almost 5 years without any issue until yesterday.  The cluster failover(for maintenance reason) was unsuccessful and all shared disk failed in the cluster node.  We had to unlock the shared drive by encryption key, removed them from the cluster and decrypt the drives before adding back to the cluster.  We also could not perform the same method mentioned above for encryption in the cluster anymore.  The clustered disk would go to fail state once we performed the same method above. 

    My question is:

    How could we encrypt the shared storage in the cluster node and prevent the encryption failure from happening again?

    Thursday, January 23, 2020 8:57 AM

All replies

  • Hi,

    Are there any error message occur in Event Viewer\Windows logs\System, security, application?

    Please refer the following link to compare with your steps or we could refer the link to check if the issue persists.

    Improve your Cluster Shared Volume security with Microsoft BitLocker

    Note: This is a third-party link and we do not have any guarantees on this website. And Microsoft does not make any guarantees about the content.

    Bests,


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    • Edited by Joy-Qiao Friday, January 24, 2020 3:55 AM
    • Proposed as answer by Joy-Qiao Monday, February 10, 2020 4:14 PM
    Friday, January 24, 2020 3:43 AM
  • Hi,

    Haven't received your message a few days, was your issue resolved? 
    I am proposing previous helpful replies as "Answered". Please feel free to try it and let me know the result. If the reply is helpful, please remember to mark it as answer which can help other community members who have same questions and find the helpful reply quickly.

    Bests,

    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 10, 2020 4:14 PM