none
Cluster Aware Update (CAU) on Storage Spaces Direct (S2D) with Pre-staged Virtual Cluster Object (VCO) RRS feed

  • Question

  • I have been running into a bug with CAU in RS1-14393 where it doesn’t accept the Pre-staged AD Object (fails both as Powershell parameter and GUI config), and instead tries to generate/submit a new randomized AD Object (example: CAU-81ea8e) to the domain controller to run the CAU from. Problem is, it doesn’t have permission to the AD domain controller (this is not my domain controller), and so it fails, but still tries to use the CAU object even though it was not correctly created in AD.

    Here’s the part I’m stuck on:

    https://docs.microsoft.com/en-us/windows-server/failover-clustering/cluster-aware-updating-requirements#additional-recommendations

    “To configure CAU in self-updating mode, a virtual computer object (VCO) for the CAU clustered role must be created in Active Directory. CAU can create this object automatically at the time that the CAU clustered role is added, if the failover cluster has sufficient permissions. However, because of the security policies in certain organizations, it may be necessary to prestage the object in Active Directory. For a procedure to do this, see Steps for prestaging an account for a clustered role.”

    The cluster object and cluster group both have Full Control permissions to the VCO, but the cluster still insists on trying to create a new randomized cluster object when I try to setup CAU.


    I found the following technet article regarding CAU: https://social.technet.microsoft.com/Forums/windowsserver/en-US/a7a0d434-cd37-4592-a1f5-6d85ae4e1797/storage-spaces-direct-cluster-aware-updating-behaviour?forum=winserverfiles

    This is the current procedure we use to run Windows Updates, which is all manual per-node: https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/maintain-servers. This procedure can take up to 2-3 weeks of manual work to patch the full 8 node cluster, waiting for CSV disk regeneration between each node reboot.

    I’m still waiting for my IT organization to certify Server 2019 (RS5-17763) for production use, which is why I’m still using Server 2016 (RS1-14393) on all my S2D clusters that I am deploying, or I would upgrade to Server 2019 already.

    If you have any additional data points you can share, or if you know of another forum who might use CAU and have some insight, I would be thankful for the assistance.
    Wednesday, September 11, 2019 7:46 PM

All replies