johlju
commented
7 years ago A few questions.
- How is your AD environment set up?
- Are you using a domain user?
- Does the domain user have permission to create computer objects or are you prestaging?
Closed dead8171 closed 6 years ago
johlju
commented
7 years ago A few questions.
dead8171
commented
6 years ago @johlju I have set up the enviroment manually, enabled the domain Controller features forest and other things on a DC machine, after that I have joined 2 sql nodes into that. Yes I am using a domain user to create the cluster, cluster is getting created correctly but I cant join the second node to the cluster, However I can manually perform this action joining second node to the cluster. Yes the domain user have full permissions to create the objects, its that I Cant join the second node via DSC but Can do it manually.
dead8171
commented
6 years ago @johlju Can you provide me something that I can test with.
johlju
commented
6 years ago The user in the error message ('Test123’), what is it used for? I can’t see it in the configuration. Is that a domain user? Are you using the same account (‘Test123’) when you successfully join the second node to the cluster?
dead8171
commented
6 years ago @johlju test123 is the domain user account which I am using for adding the second node to the cluster but its not getting done with that way, Am passing test123@testfci.com and its credentials in automation account inside and using it in my script.
johlju
commented
6 years ago It seems that the line 368 does not work. It fails to login, because the error message is thrown when $bLogin is $false or null.
If you run the following, do you get the expected output?
$credential = Get-AutomationPSCredential -Name "dctest"
$credential .GetNetworkCredential().UserName
$credential .GetNetworkCredential().Domain
$credential .GetNetworkCredential().PasswordIf you do, can you debug (or output verbose messages) to verify that it is indeed Set-ImpersonateAs that fails?
Maybe you have an error in the security log in the server as well? If it fails to impersonate the login, then maybe it is logged in the security log (it should right?)
dead8171
commented
6 years ago @johlju But The cluster did gets created when running the scripts but I cant join the second Node to it, I dont think its anything to do with the login, as for creating the cluster its still using the domain user credentials. However I was testing the scripts from github the one which is named as JoinSecondNode, (I dont know the correct naming), I was running that script on Node2 and the script contains the IP address and CNO name of Primary Node which is hosting the cluster, but I was getting error something like this:-
System.InvalidOperation.Exception Failovercluster sql1.testfci.com was not found after 10 attempts with 10seconds of interval.
How is that I am getting the same error every time I run the command
johlju
commented
6 years ago Okay, so you don't get that error message any longer that is in the issue description?
Can you join the second node using the PowerShell cmdlets below running as the user 'Test123'?
# Make sure we can get the domain name.
$computerInformation = Get-CimInstance -ClassName Win32_ComputerSystem
$computerInformation.Domain
# Make sure we can get the cluster.
$cluster = Get-Cluster -Name 'Cluster01' -Domain $computerInformation.Domain
$cluster
# Make sure second node can list the nodes (primary node in this case).
$nodes = Get-ClusterNode -Cluster 'Cluster01'
$nodes
# Join the second node to the cluster
Add-ClusterNode -Name $env:COMPUTERNAME -Cluster 'Cluster01' -NoStorage@johlju Where should I run these commands from Primary Node that contains the cluster or Secondary Node (Which I want to join)??
dead8171
commented
6 years ago PS C:\Users\test123> $computerInformation = Get-CimInstance -ClassName Win32_ComputerSystem
$computerInformation.Domain
testfci.com
PS C:\Users\test123> $cluster = Get-Cluster -Name 'Cluster' -Domain $computerInformation.Domain
$cluster
Name
----
Cluster
PS C:\Users\test123> $nodes = Get-ClusterNode -Cluster 'Cluster'
$nodes
Name ID State
---- -- -----
SQL1 1 Up I am getting the error when passing the node joining command which you have provided, I am running all these commands on SQL1(Where the server is hosted), the error that I am getting:-
PS C:\Users\test123> # Join the second node to the cluster
Add-ClusterNode -Name $env:COMPUTERNAME -Cluster 'Cluster' -NoStorage
WARNING: If you are running Windows PowerShell remotely, note that some failover clustering cmdlets do not work remotely. When possible, run the cmdlet
locally and specify a remote computer as the target. To run the cmdlet remotely, try using the Credential Security Service Provider (CredSSP). All addit
ional errors or warnings from this cmdlet might be caused by running it remotely.
Add-ClusterNode : The computer 'SQL1.testfci.com' is joined to a cluster.
At line:2 char:1
+ Add-ClusterNode -Name $env:COMPUTERNAME -Cluster 'Cluster' -NoStorage
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Add-ClusterNode], ClusterCmdletException
+ FullyQualifiedErrorId : Add-ClusterNode,Microsoft.FailoverClusters.PowerShell.AddClusterNodeCommandPlease let me know if I am doing enything wrong here
I am running these commands By logging in as domain admin. i.e test123@testfci.com
johlju
commented
6 years ago @dead8171 Please run those commands on the second node. I want to rule out if you can join the second node manually, if that does not work either, then we can rule out DCS (LCM).
dead8171
commented
6 years ago @johlju So I have logged in to my Second node with the domain user i.e test123@testfci.com
Below is the output of the commands that I have got:-
[PS C:\Users\test123> # Make sure we can get the domain name.
$computerInformation = Get-CimInstance -ClassName Win32_ComputerSystem
$computerInformation.Domain
testfci.com
PS C:\Users\test123> $cluster = Get-Cluster -Name 'Cluster' -Domain $computerInformation.Domain
$cluster
Name
----
Cluster
PS C:\Users\test123> $nodes = Get-ClusterNode -Cluster 'Cluster'
$nodes
Get-ClusterNode : Check the spelling of the cluster name. Otherwise, there might be a problem with your network. Make sure the cluster nodes are
turned on and connected to the network or contact your network administrator.
The RPC server is unavailable
At line:1 char:10
+ $nodes = Get-ClusterNode -Cluster 'Cluster'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ConnectionError: (:) [Get-ClusterNode], ClusterCmdletException
+ FullyQualifiedErrorId : ClusterRpcConnection,Microsoft.FailoverClusters.PowerShell.GetNodeCommand
PS C:\Users\test123> # Join the second node to the cluster
Add-ClusterNode -Name $env:COMPUTERNAME -Cluster 'Cluster' -NoStorage
Add-ClusterNode : Check the spelling of the cluster name. Otherwise, there might be a problem with your network. Make sure the cluster nodes are
turned on and connected to the network or contact your network administrator.
The RPC server is unavailable
At line:2 char:1
+ Add-ClusterNode -Name $env:COMPUTERNAME -Cluster 'Cluster' -NoStorage
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ConnectionError: (:) [Add-ClusterNode], ClusterCmdletException
+ FullyQualifiedErrorId : ClusterRpcConnection,Microsoft.FailoverClusters.PowerShell.AddClusterNodeCommand
](url)So from the above commands I can figure out that I can really join the second node to the cluster neither it can find the cluster nor any nodes connected to it.
dead8171
commented
6 years ago @johlju can you help me please its kinda urgent and important as well.
dead8171
commented
6 years ago @johlju When I pass in the name of the primary node in place of the cluster (See below commands), I can see the nodes joined to the cluster(Primary Node SQL1 in this case).
So I used the name of the SQL1 node that is the active node that contains the cluster I can join the SQL2 node to the cluster, seems like the cluster name is not being taken.
$nodes = Get-ClusterNode -Cluster 'sql1'
$nodes
//Using the above on second node gives me the details of the nodes attached to the cluster
Add-ClusterNode -Name $env:COMPUTERNAME -Cluster 'sql1' -NoStorage
//Using the above on second node joins the second node to the cluster.Even I can evict the node by using the name of the cluster as sql1(Where the cluster is hosted)
I am going to try the same procedure to add the sql2 node to the cluster using the DSC lets see how it goes.
dead8171
commented
6 years ago @johlju I Have run the below configuration on SQL2 to join it to SQL1 I am passing the IP address of SQL1 and running the configuration on SQL2 itself, but still I cant join the node to the cluster, But running the same powershell command to the SQL2 and specifying the name of SQL1 as the cluster joins the node??
This has something to do with the xFailovercluster module itself I suppose.
I am running the below script on Automation Account over the SQL2:-
Configuration JoiningSecondNode
{
Import-DscResource -ModuleName xFailOverCluster
Import-DscResource -ModuleName PSDesiredStateConfiguration
$credential = Get-AutomationPSCredential -Name "fci"
Node SQL2
{
LocalConfigurationManager
{
DebugMode = "ForceModuleImport"
RebootNodeIfNeeded = $true
}
WindowsFeature AddFailoverFeature
{
Ensure = 'Present'
Name = 'Failover-clustering'
}
WindowsFeature AddFailoverClusterTools
{
Ensure = "Present"
Name = "RSAT-Clustering-Mgmt"
}
WindowsFeature AddRemoteServerAdministrationToolsClusteringPowerShellFeature
{
Ensure = 'Present'
Name = 'RSAT-Clustering-PowerShell'
}
WindowsFeature AddRemoteServerAdministrationToolsClusteringCmdInterfaceFeature
{
Ensure = 'Present'
Name = 'RSAT-Clustering-CmdInterface'
}
xWaitForCluster WaitForCluster
{
Name = "sql1"
RetryIntervalSec = 10
RetryCount = 10
}
xCluster JoinSecondNodeToCluster
{
Name = "sql1"
StaticIPAddress = "10.0.0.4"
DomainAdministratorCredential = $credential
DependsOn = '[xWaitForCluster]WaitForCluster'
}
}
}Getting the Below Error when running the above:-
{
"Exception": {
"Message": "PowerShell DSC resource MSFT_xWaitForCluster failed to execute Set-TargetResource functionality with error message: System.InvalidOperationException: Failover cluster sql1 was not found after 10 attempts with 10 seconds interval. ",
"Data": {
},
"InnerException": {
"ErrorRecord": "System.InvalidOperationException: Failover cluster sql1 was not found after 10 attempts with 10 seconds interval.",
"WasThrownFromThrowStatement": true,
"Message": "System.InvalidOperationException: Failover cluster sql1 was not found after 10 attempts with 10 seconds interval.",
"Data": "System.Collections.ListDictionaryInternal",
"InnerException": "System.Exception: System.InvalidOperationException: Failover cluster sql1 was not found after 10 attempts with 10 seconds interval.",
"TargetSite": "System.Collections.ObjectModel.Collection`1[System.Management.Automation.PSObject] Invoke(System.Collections.IEnumerable)",
"StackTrace": " at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)\r\n at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)\r\n at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)\r\n at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)\r\n at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)\r\n at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)\r\n at Microsoft.PowerShell.DesiredStateConfiguration.Internal.ResourceProviderAdapter.ExecuteCommand(PowerShell powerShell, ResourceModuleInfo resInfo, String operationCmd, List`1 acceptedProperties, CimInstance nonResourcePropeties, CimInstance resourceConfiguration, LCMDebugMode debugMode, PSInvocationSettings pSInvocationSettings, UInt32\u0026 resultStatusHandle, Collection`1\u0026 result, ErrorRecord\u0026 errorRecord, PSModuleInfo localRunSpaceModuleInfo)",
"HelpLink": null,
"Source": "System.Management.Automation",
"HResult": -2146233087
},
"TargetSite": null,
"StackTrace": null,
"HelpLink": null,
"Source": null,
"HResult": -2146233079
},
"TargetObject": null,
"CategoryInfo": {
"Category": 7,
"Activity": "",
"Reason": "InvalidOperationException",
"TargetName": "",
"TargetType": ""
},
"FullyQualifiedErrorId": "ProviderOperationExecutionFailure",
"ErrorDetails": null,
"InvocationInfo": null,
"ScriptStackTrace": null,
"PipelineIterationInfo": [
]
}
mgreenegit
commented
6 years ago @johlju I dug in to this with @dead8171 and it looks like we need to make an update so that xCluster can accept a "nodes" parameter.
There is a "modified for Azure" resource package in this: https://github.com/Azure/azure-quickstart-templates/blob/master/sqlvm-alwayson-cluster/scripts/CreateFailoverCluster.ps1.zip
I am reaching out to the author, because I think that is over-complicated. Based on walking cmdlet by cmdlet, we should just need to (optionally) specify an array of string values listing node names and pass it to New-Cluster. For that to be successful, it would be combined with WaitForAll [WindowsFeature]Failover-Cluster.
If you want to take a look at comment, I can submit a PR based on the conclusion we reach.
johlju
commented
6 years ago @mgreenegit if you found a bug and have a solution for this, then please send in a PR. I'm trying to set up a lab in Azure for this, but it is a slow progress. Glad you found a solution.
viksrini
commented
6 years ago Hi, I am seeing the same error message creating the cluster.
PowerShell DSC resource MSFT_xCluster failed to execute Set-TargetResource functionality with error message: System.InvalidOperationException: Can't logon as user
Debugging this further , it looks like the $usertoken get set in this statement to a value
$userToken
$ImpersonateLib = Get-ImpersonatetLibWhen it further tries build the $blogin, the $usertoken value is 0
$bLogin = $ImpersonateLib::LogonUser($cred.GetNetworkCredential().UserName, $cred.GetNetworkCredential().Domain, $cred.GetNetworkCredential().Password, 9, 0, [ref]$userToken)
I have been successfully building clusters using version 1.6.0.0 and this snippet has not changed between that version and the current version.
Any pointers will be helpful. Thanks
johlju
commented
6 years ago @viksrini Are you getting this on Azure VM's? Have you built clusters in Azure before successfully?
viksrini
commented
6 years ago @johlju,
This is not on Azure. I have been able to build clusters successfully before though using the same module. The only change I see in version 1.9.0.0 is the removal of static node IP as a required property
viksrini
commented
6 years ago Debugging this further, the domain for the credential was coming up blank. The credential specified was just "accountname" as opposed to "domain\accountname" . Not sure why this is an issue now since I was able to use only the accountname before but pre fixing the credential with the domain did the trick.
Thanks Johan for looking.
stale[bot]
commented
6 years ago This issue has been automatically marked as stale because it has not had activity from the community in the last 30 days. It will be closed if no further activity occurs within 10 days. If the issue is labelled with any of the work labels (e.g bug, enhancement, documentation, or tests) then the issue will not auto-close.
stale[bot]
commented
6 years ago This issue has been automatically closed because it is has not had activity from the community in the last 40 days.
I was configuring FCI Cluster using DSC in azure, So I was doing this in azure via automation account I was refering to this article which I found in github https://github.com/PowerShell/xFailOverCluster/blob/dev/Examples/Resources/xCluster/3-CreateFailoverClusterWithTwoNodes.ps1
I modified the script slightly:-
here I was using $credential that contains my credentials of the user.
When I ran the configdata file from power shell:-
After registering the node, the windows feature was getting configured but I cant get xcluster feature to work here, I was getting the error in the screenshot, How can I make this right?
this was the Error which I was getting in here