none
Disabling Disk Write Cache for a Windows Server 2012 Domain Controller Running as a Hyper-V Guest

    Question

  • Hello,

    We have a physical server running Windows 2012 Server Standard with the Hyper-V role enabled. One of the guest systems is a Windows 2012 Server Domain Controller. We are getting the following error message in the System Event Log:

    Event ID: 32 - Source: disk - Description: The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.

    In addition to this, there is the following event in the Directory Services Event Log:

    Event ID: 1539 - Source: ActiveDirectory_DomainService - Description: Active Directory Domain Services could not disable the software-based disk write cache on the following hard disk.

    Hard disk:

    c:

    Data might be lost during system failures.

    I checked the properties of the logical disks on the host server, and the setting 'Enable write caching on the device' is not selected on both logical drives.

    The update KB2855336 is installed on the host server.

    The guest server is using a virtual IDE controller for the hard drive, and the virtual hard disk is VHDX.

    When I check the properties of the disk drive within the gues OS (virtual HD ATA device), the setting 'Enable write caching on the device' is selected, and there is a warning that says: "This device does not allow its write-caching setting to be changed."

    I have yet to find a clear answer through the forums on if the above log entries can be disregarded, or if there is still additional work that needs to be done to ensure we do not lose AD if the host server crashes.

    I am moving my customer from physical DCs to all Windows Server 2012 virtual DCs, and I need to know if I need to have a physical server running as their DC with the FSMO roles.

    Any help would be appreciated.


    Thursday, July 25, 2013 6:01 PM

Answers

All replies

  • Hi Jason,

    please have a look at the following link:
    http://www.hyper-v.nu/archives/hvredevoort/2013/07/keeping-your-virtual-active-directory-domain-controllers-safe/

    Best Regards,
    Jens


    jensit.wordpress.com

    Thursday, July 25, 2013 7:20 PM
  • Thanks Jens,

    I have actually read that article. In fact, it is the closest thing to an answer to what I'm looking for. Unfortunately, it's not 100% clear on whether or not the events are erroneous if you have the updates installed, or if a physical Domain Controller is required. Unless I missed something when I read that article.

    Jason

    Thursday, July 25, 2013 7:23 PM
  • Hi Jason,

    as you are writing above, it sounds like you do not have a physical domain controller, but only one virtual.
    Is that correct?

    Best Regards,
    Jens


    jensit.wordpress.com

    Thursday, July 25, 2013 7:53 PM
  • We currently have two physical domain controllers. The plan is to migrate them to virtual domain controllers, both running 2012.
    Thursday, July 25, 2013 7:54 PM
  • Maybe you should consider to keep a physical Domain Controller, just in case.
    If you want to have both domain controllers virtual, please keep in mind to have them on different hosts, better different sites.

    Best Regards,
    Jens



    jensit.wordpress.com

    Thursday, July 25, 2013 8:10 PM
  • Maybe you should consider to keep a physical Domain Controller, just in case.
    If you want to have both domain controllers virtual, please keep in mind to have them on different hosts, better different sites.

    There's no reason not to virtualize DC. Write cache properties cannot be toggled for virtual storage devices with Hyper-V. Also these settings are of course not propagated down the storage stack to the physical hardware. Subject to ignore.

    StarWind iSCSI SAN & NAS

    Thursday, July 25, 2013 8:15 PM
  • Hello,

    I'm not saying that it's a bad idea to virtualize DCs. We are doing it since years.

    But depending on the size of the environment, it should be considered to keep a physical DC.

    For example in small environments with 2 DCs and 1 Hyper-V Host:
    What are you doing if you have both of your DCs virtualized and on the same host (which is in the worst case domain-joined)?

    That's just something to consider.

    Regards,
    Jens


    jensit.wordpress.com

    Thursday, July 25, 2013 8:30 PM
  • You are correct. We actually have a Hyper-V host at each of their two locations, and each host is running a virtual DC. The problem here is that if disk write cache is truly enabled, and we have an extended power outage or the Hyper-V host fails, then we have a good chance of corrupting AD.

    It sounds like Microsoft may have already addressed the problem, but I can't seem to find anything that validates this. And if the best practice is that everyone should be running at least one physical server in their environment, that's fine, but again, I can't find anything that documents this requirement.

    Jason

    Friday, July 26, 2013 6:04 AM
  • Hello,

    I'm not saying that it's a bad idea to virtualize DCs. We are doing it since years.

    But depending on the size of the environment, it should be considered to keep a physical DC.

    For example in small environments with 2 DCs and 1 Hyper-V Host:
    What are you doing if you have both of your DCs virtualized and on the same host (which is in the worst case domain-joined)?

    [ /// ]

    I think you're right on this. However I'd re-build 3 physical hosts as a 3-node Hyper-V cluster :)

    StarWind iSCSI SAN & NAS

    Friday, July 26, 2013 7:17 AM
  • After re-reading the above link: http://www.hyper-v.nu/archives/hvredevoort/2013/07/keeping-your-virtual-active-directory-domain-controllers-safe/

    And also http://support.microsoft.com/kb/2853952/en-us

    It does appear that this is being handled correctly. The assumption here is that Active Directory is in fact aware that disk write cache is not disabled, and therefore knows how to properly handle writing data to prevent problems in the event of a power loss or server crash.

    According to the text in the KB2853952 article, that is the case:

    "After you apply this fix, you may receive a warning message generated by Active Directory in the guest machine operating system.  This event 1539 warning message states that "Active Directory Domain Services could not disable the software-based disk write cache on the following hard disk," followed by the drive letter of the hard disk.  This warning message is generated when the Hyper-V virtual IDE controller correctly refuses the request to disable the disk cache. However, Active Directory requests all database updates be completed without caching, which the Hyper-V storage subsystem ensures in order to prevent data loss from a power failure or other unexpected reboot."

    So I guess that means we're OK.

    • Proposed as answer by mcbsys Monday, September 16, 2013 4:53 PM
    Friday, July 26, 2013 3:44 PM
  • Jason,

    Thanks for that analysis. On my 2008R2 Hyper-V host, I installed update KB2853952 that was recommended this past patch Tuesday (9/10/2013). I immediately started getting ActiveDirectory_DomainService warning 1539 on my Server 2012 Essentials guest.

    Have I got this right:  it's a Good Thing that the guest knows write caching can't be disabled, because then Active Directory falls back to non-cached updating. The 1539 message says "Data might be lost during system failures" but really it means "Active Directory data will NOT be lost during system failures because Active Directory will not use write caching."

    Mark Berry
    MCB Systems

    Monday, September 16, 2013 5:09 PM
  • Mark,

    Based on the text from the article, yes. Honestly, I would have thought that a fix could have been written that didn't require us to read it seven times before we were sure that we were in the clear.

    Of course, the only real way to be sure would be to build a test environment, and then crash the host OS, and see what happens. But for now, I'll take their word for it.

    Jason

    Tuesday, September 17, 2013 3:54 AM
  • Hi Guys,

    I can report that on a fresh Server 2012 R2 Host (fully patched) with a Gen 2 Server 2012 (Fully patched) Domain Controller (in other words, not IDE), the same issue happens.  After reading this thread and all the related articles I presume it's safe to ignore this warning.  My Host is on an APC and set to shut down gracefully (all VMs included) in the event of a power outage.  Not to mention, my actually data is on a Raid 10 array with BBU.  

    Very disturbing error tho... 

    Thursday, November 14, 2013 2:24 AM
  • Just a quick question: did this happen after upgrading an Eval Version with a Retail Key?  I have the same issue after doing that. I know MS recommends demoting first, but to save time I just ran the DSIM command without demoting and this error started showing up.  Even though I demoted after (so much for time saving) and uninstalled ADDS and then did the process over hoping it would disable write caching in the process it did not remove the error. I know everyone says it's no biggie, but I like to see only blue in my Event Viewer :)

    Just wondering because never had the problem before that and the next VM DC is clean as a whistle. Wanted to know if the two were related somehow.

    Thanks

    Wednesday, December 10, 2014 2:46 PM
  • Dexter,

    No, this was not after upgrading an eval version using a retail key.

    Tuesday, December 16, 2014 9:21 PM
  • Same error message, I guess this is another one to add to the 'Just Ignore' list of Windows Event Errors
    Monday, March 23, 2015 6:09 PM