How to setup Azure VPN for Site-to-Site Cross-Premises or Create a Virtual Network for Point-to-Site #VPN #Azure #winserv

There are a lot of real good Blog post on how to create Azure Site to Site. And as the Vnext Windows Server is more and more connecting to the Cloud. I’ll show you how to create a S2S & P2P VPN setup. And The VPN option will get you to a real hybrid Network and This could be awesome. keep reading my blog posts. The Next blog post will be more about Hybrid Configurations.


So what do we need for a hybrid Environment Well I’ll setup a poor men’s version, that means One Hyper-v server home Router and an Azure Subscription.

First We setup a windows Server No special needs for this 4GB memory and 1 Disk but with two network cards. ( this is a VM )

So one NIC is on my corp network and the other NIC is connected to the friendly Internet.

When you have the server installed you only need to install RRAS Role Service and no direct configuration needed.

So by GUI or with Powershell   add-WindowsFeature DirectAccess-VPN,Routing


That is all what needed and you will need to create two NAT rules on your router ( however NAT is not supported )


But this all depends on you network configuration. 

The next step is Azure .

As I do net have a Network in azure I create a network that I will use for my VM’s that I will build after the network configuration, But I you already have a network in azure you can use that network.



But what Do I need Well It does not mater the Quick is configurable after creating the network. And the Custom is more Wizard driven.

For the screenshots I’ll pick Custom.

image The First step is pick a network name, No Change can me made afterwards ( well not easily )



Next step is Setting Checkboxes and DNS. I use an on premise DNS server but If you run a DNS in Azure You can use this server.


If you have already a network then you can pick the DNS servers from the list and pick also a local network.

I this case everything is New So give the DNS server a name and IP this is my local DNS server and I use a Internet DNS server. Just because this is an Easy IP address.

And I selected the Configure a point-to-site VPN and Configure a site-to-site VPN and on the Local Network I choose a new local network.



Now that the Diagram is filled we do some configuration, As my local network is a 10 network and I like to not have this in the same range in this Scenario.


So I pick a For my point-to-site VPN.

The next step is more Complicated, We need to pick a Local-Network name and We need to find the External IP on you network.



To find My external IP I use Bing just ask “ what is my IP “



The Next step is create a Address space for this network.




You have to check the Add Gateway Subnet this is uses for the Site-to-Site VPN

see Virtual Network Address Spaces page in About Configuring a Virtual Network using the Management Portal.


image image

Check the Box and you can see it is creating the network configuration but not the Gateway this is done in the next step.



After the Network Creation is Done We add the Gateway Configuration / Creation



This will take about 30 minutes to create ( and Will cost you about 12 euro a month )

While this is creating we will configure the P2P VPN.


One way to create an X.509 certificate is by using the Certificate Creation Tool (makecert.exe). To use makecert, download and install Microsoft Visual Studio Express 2013 for Windows Desktop, which is free of charge.

In this case I’ll use make cert.

Generate a self-signed root certificate the name can be your name or what you like.

makecert -sky exchange -r -n "CN=BlogRootCert" -pe -a sha1 -len 2048 -ss My "BlogRootCert.cer"

Generate a client certificate

makecert.exe -n "CN=BlogClientCert1" -pe -sky exchange -m 96 -ss My -in "BlogRootCert" -is my -a sha1


All certificates are stored in your Personal certificate store on your computer. Check certmgr to verify. You can generate as many client certificates as needed based on this procedure. Recommend is that you create unique client certificates for each computer that you want to connect to the virtual network.

A client certificate must be installed on each computer that you want to connect to the virtual network. This means you will probably create multiple client certificates and then need to export them. To export the client certificates, use certmgr.msc. Right click on the client certificate that you want to export, click all tasks, and then click export.


Export the client certificate with the private key. This will be a .pfx file. Make sure to record or remember the password (key) that you set for this certificate.


Copy the .pfx file to the client computer. On the client computer, double-click the .pfx file in order to install it. Enter the password when requested. Do not modify the installation location.

But the ROOTCERT is needed in Azure and we need to import this. When the Gateway is ready you can see in the Clients that it needs a certificate



Uploading the Certificate is the Certificate that we just Created

makecert -sky exchange -r -n "CN=BlogRootCert" -pe -a sha1 -len 2048 -ss My "BlogRootCert.cer"



Now that all the Azure Configuration is Done We configure the RRAS server as you can see in the overview the Gateway and P2P VPN is not Connected.



On the right there is a little list with some Download links


First we download the RRAS Configurations Script   Download VPN Device Script

Just make sure You select the Windows Server 2012 R2 as we are using this for the gateway.


When running this script in the RRAS server there is a Common Error the RRAS service is restarted so therefor it can not connect just run the connect line again and it will work.

However this is a CFG script you can rename this to PS1 Or Run this in Powershell ISE like I did.



# Dial-in to Azure gateway
Connect-VpnS2SInterface -Name



The Site To –Site VPN is now connected

For the Client You will use the Download the 64-bit Client VPN Package



Keep in mind Windows Does not trust an Downloaded EXE file so before you can install this it needs to unblock 



Now that the File is unblocked we can install the VPN this is a real quick install and no screens to view but in the network You can see a new network, in this case BlogHybrid.

For connecting just click the network and connect.


image  image

Now I’m Connected.


As you can see I’m connected With point-to-site VPN and a site-to-site VPN.


With a site-to-site VPN I can use Windows Azure Servers connecting To my local Domain.

With point-to-site VPN I can Connect With a Windows Azure VM on the Internal IP without using the IP.

And you can also connect Azure to Azure VPN between Subscriptions

This Will be the basic’s for my next Blog post Azure is very useful for easy testing an getting a heavy machine for your workload even for one day.


Happy clustering

Robert Smit


Technorati Tags: Windows Azure,Azure File service,Windows,Server,Clustermvp,Blob,cloud witness

What is change in Windows Server 2016 (10) cluster – Setting Cluster Common Properties #winserv

In the new Windows Server 2016 ( Windows Server Technical Preview )there are a lot of new features an not all are clear what they are doing.

I call it here Windows server 2016 there is currently no indication that the server 10 will be named 2016 but as the product will come in 2015 it will make sense that it will be called Windows server 2015.

I made a Quick compare from the old cluster Windows Server 2012R2 to the new Windows server 2016

In the GUI there is not much change the only part that is real changed is the Enclosure part. ( See my other blog about this )

image  image

But what is change is underwater. when we do a Get-cluster | fl *  We get a list of all the cluster property’s that can be set.


Check this MSDN site for more info about Cluster Common Properties


There are a lot of new options but one option is gone RootMemoryReserved is not longer available.

cluster environment variable RootMemoryReserved was introduced to ensure that clustered VM hosts have a minimum amount of physical memory reserve for the host.

The RootMemoryReserved is by default set at 512 MB. This should be sufficient for the host VM that is not performing any operation other than manage the VMs.

As above windows10 is my cluster name and must be used in the PowerShell command

(get-cluster windows10).RootMemoryReserved

To change the RootMemoryReserved, the desired reserved memory size is assigned to the PowerShell cmdlet above. Use the following PowerShell cmdlet to set RootMemoryReserved to 1024 MB:

(get-cluster <cluster name>).RootMemoryReserved=1024

So it is no longer there.!

But now what is new.

When we do a Get-cluster | fl *

It will give us a long list but I filtered out and here are only the new parts that is only available in Windows Server 2015

ClusSvcRegroupStageTimeout        5
ClusSvcRegroupTickInMilliseconds        300
ClusterFunctionalLevel        9
ResiliencyDefaultPeriod        0
QuarantineDuration        0
ResiliencyLevel        Default
ClusterGroupWaitDelay        120
QuorumArbitrationTimeMax        20
RequestReplyTimeout        60
DumpPolicy        69913

When we need to change these options that can be done with (get-cluster).ClusterFunctionalLevel=9

(get-cluster).< with the name> = Value

As I noticed there are options from 2008 back and all have to do with latency so a logical conclusion would be will the cluster go to Azure or is there something coming that we need the values to get a better cluster. and all

Let us review these Commands



These options where there in 2008 but removed in 2012 and now they are back.

Controls the amount of time, in seconds, that a node waits on other nodes in a membership stage before deciding that they have failed.

Controls the interval of time, in milliseconds, that the membership algorithm waits between issuances of periodic membership messages.


Upgrading a Hyper-V or Scale-Out File Server cluster from Windows Server 2012 R2 to Windows Server Technical Preview no longer requires downtime. The cluster will continue to function at a Windows Server 2012 R2 level until all of the nodes in the cluster are running Windows Server Technical Preview. The cluster functional level is upgraded to Windows Server Technical Preview by using the Windows PowerShell cmdlt Update-ClusterFunctionalLevel.


The default resiliency period for the cluster, in seconds


Specifies the amount of time groups will wait for their default or preferred owner node to come up during cluster cold start, before the groups are moved to another node.


Specifies the maximum number of seconds a node is allowed to spend arbitrating for the quorum resource in a cluster.


Describes the length of time a request from a node with a cluster state update will wait for replies from the other healthy nodes before the request times out. Any nodes that do not reply within the request time out period will be removed from active membership in the cluster. The following table summarizes the attributes of the RequestReplyTimeout property.


Queries that can be used to export resource type specific logs.


There a fresh new options and currently not well documented or <NDA> but I’m sure when the server product is right a lot more new features will be made public.

When the next release of Windows Server will be available I’ll discuss the DASMode properties in a future blog

Happy clustering

Robert Smit


Azure File share usage for Windows Server 2012R2 and Cluster Quorum usage #Azure #winserv #cloud

The file share option in azure can be used for several configurations. Say you want a azure share on your desktop or build a DFS in azure and use this in your private cloud. or build a file share witness for your cluster, and in the Windows Server technical preview there is the Cloud witness. But this can be done in windows server 2008 also.  there is no change but only the method on how to do this and maybe the cluster Support.

Azure Files is built on the same technology as the Blob, Table, and Queue Services, which means Azure Files is able to leverage the existing availability, durability, scalability, and geo redundancy that is built into our platform.





The File share can be used for several Scenarios

  • “Lift and Shift” applications

Azure Files makes it easier to “lift and shift” applications to the cloud that use on-premise file shares to share data between parts of the application. To make this happen, each VM connects to the file share (see “Getting Started” below) and then it can read and write files just like it would against an on-premise file share.

  • Shared Application Settings

A common pattern for distributed applications is to have configuration files in a centralized location where they can be accessed from many different virtual machines. Such configuration files can now be stored in an Azure File share, and read by all application instances. These settings can also be managed via the REST interface, which allows worldwide access to the configuration files.

  • Diagnostic Share

An Azure File share can also be used to save diagnostic files like logs, metrics, and crash dumps. Having these available through both the SMB and REST interface allows applications to build or leverage a variety of analysis tools for processing and analyzing the diagnostic data.

  • Dev/Test/Debug

When developers or administrators are working on virtual machines in the cloud, they often need a set of tools or utilities. Installing and distributing these utilities on each virtual machine where they are needed can be a time consuming exercise. With Azure Files, a developer or administrator can store their favorite tools on a file share, which can be easily connected to from any virtual machine.


Again this is just a preview Just be sure to understand the limitations of Azure Files the most important are:

  • 5TB per share
  • Max file size 1TB
  • Up to 1000 IOPS (of size 8KB) per share
  • Up to 60MB/s per share of data transfer for large IOs
  • SMB 2.1 support only


Here are the Links to the How to create a azure file share and build your desktop share

Build the Windows Server Cluster Azure Quorum Cloud Witness  in just a few Steps.

And yes you can build several configurations with the Azure File share Cloud Storage is there to use it. there is only one thing with the Cloud you will need an internet connection to your servers. unless you already use expressroute.


Happy clustering

Robert Smit



Technorati Tags: Windows Azure,Azure File service,Windows,Server,Clustermvp,Blob,cloud witness

Failed to install .NET Framework 3.5 Feature Windows Server 2012R2 OR on #Azure VM Error 0x800f081f Working Solution #winserv #MVPBuzz

you have just installed a fresh new Windows Server 2012R2 on premise or in Azure and you need to install .Net Framework 3.5 Features

But it fails with an error 0x800f081f

a quick search says you need this command to do this well eh why ? but any way it is on the web so it must be right .

dism.exe /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:E:\sources\sxs  <> Will not Work

But why everybody says thanks! let me that you to the real problem. Reminder this is for all Servers even in Azure !


We checked the .Net Framework 3.5 Features and failed


Next attempt Give the Source to the installation. not very handy in Azure first download a ISO then mount this to the OS.

But it is on the Web so it must be true and the installation says he I need a Source I do not have these files and the OS is not lying or does it ?


So we put in the Source and give it a try.




Same error and with the source, maybe my source is not right , yeh right.

Test tis one more time form the Command

Then there is this line, this should work eh yes is did not.

dism.exe /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:E:\sources\sxs



See it did not work, I told you so in the first line So what is really going on in this system.

The Real fix for installing .NET Framework 3.5 Feature and Error 0x800f081f

If you open a PowerShell window and query the roles and features Get-WindowsFeature take a look at .NET Framework 3.5.


In the last column the Install state is different, it says Removed ?

  1. Removed means that you can install the feature but the source files for that are not available for this OS (not always)
  2. Installed means that the role or feature is already enabled and in use
  3. Available means that you can install the feature and the source files are on the machine and the OS can use them

But Removed, If the @Azure Team has removed this feature could this be the problem ?

Let me check if there are Updates for my system.



What there is an update for me and I do not have the .NET 3.5 Framework features installed.

then there must be an update there for me that is nagging me. Let me search the updates for .NET 3.5 Framework and compare them to the Installed updates.


This is an .NET 3.5 Framework update ad must be installed when the .NET 3.5 Framework was installed and patched


I uninstalled this update


Reinstalled .NET 3.5 Framework feature and see now it is working.


So all the time a Windows Update is keeping me from installing the .NET 3.5 Framework Feature.

Sometimes Windows can be a pain, But you are in control !

Happy Clustering!

Robert Smit




Technorati Tags: ,,,,,,
WordPress Tags: Framework,Feature,Windows,Server,Azure,Error,Solution

Hyper-v Virtual Machine Connection in Windows Server 2012R2 #hyper-v #winserv

Did you know that you could connect to other Hyper-v servers and then open the Console ?

In the system32 folder there is a file vmconnect.exe

You can connect to the local or to other Hyper-v servers in your domain




Just type your Hyper-v server and all the VM’s are listed and you can easy connect to them.


The console is opened and you can even change the settings. how cool is that!


With this there is less reason to connect with RDP to the Hyper-v Servers for just to change something in the VM. this is an easy tip.

Happy Hyper-v

Robert Smit


Cluster-Aware Updating Windows 2012R2 with SQL Server 2014 AlwaysOn availability groups #Cau #winserv #SQL

Cluster Aware Updating or CAU is a great tool for patching your cluster but there are some situations that you need to be carefully when using CAU.

Patching your SQL Clusters is no problem unless you have a Windows Server 2012 cluster with SQL Server AlwaysOn availability groups.

then you can’t use CAU the #NNFW (next next finish way) For Cluster.

Windows Server 2012 cluster with SQL Server AlwaysOn availability groups

I’ll not showing the Setup for this you can jump to my blog

but what I do show you is the basic steps for updating the Windows Server 2012 cluster with SQL Server AlwaysOn availability groups


Here is my SQL Cluster and it is a two node cluster ready for patching but most of the time the advanced options are skipped.

who cares about a pre and after setup I just want to install the updates.   let me show you why this is important !



My cluster is hitting the download and after this one node is set on Pause.


Eh pause but what about my SQL Server AlwaysOn availability group yes this is no longer working. eh the DBA guy is calling you right now Winking smile

How CAU Affects SQL Server AlwaysOn Availability Groups

Disclaimer: Microsoft does not support the use of CAU to update Windows Server 2012 clusters with SQL Server AlwaysOn availability groups. CAU is currently not aware of AlwaysOn availability groups. When CAU brings a node into maintenance mode to update the node, AlwaysOn availability groups are affected by the following known issues. Potential mitigations for these issues are provided to be transparent about our findings, and are meant for your non-production test environment only. These mitigations are not guaranteed to solve all issues.

review the document, please download the Patching SQL Server Failover Cluster Instances with Cluster-Aware Updating (CAU)

Main reason why you must be careful :

Do not use the Failover Cluster Manager to manipulate availability groups:


  • Do not change any availability group properties, such as the possible owners.

  • Do not use the Failover Cluster Manager to fail over availability groups. You must use Transact-SQL or SQL Server Management Studio.


But what Can you do ?

first connecting to all the SQL boxes and clicking on the SQL Server AlwaysOn availability group that is a lot of work.

Connect to the server instance that hosts the replica whose database you want to suspend.

  1. Suspend the database by using the following ALTER DATABASE statement:


Well a TSQL Script still connecting to my SQL box manually

Using PowerShell

To suspend a database

  1. Change directory to the server instance that hosts the replica whose database you want to suspend.

  2. Use the Suspend-SqlAvailabilityDatabase cmdlet to suspend the availability group.

  3. For example, the following command suspends data synchronization for the availability database MVPDB in the availability group MVPSQLAG01 

    Suspend-SqlAvailabilityDatabase -Path SQLSERVER:\Sql\Computer\Instance\AvailabilityGroups\MVPSQLAG01\Databases\MVPDB

To resume a secondary database

  1. Change directory to the server instance that hosts the replica whose database you want to resume. 

  2. Use the Resume-SqlAvailabilityDatabase cmdlet to resume the availability group.

  3. For example, the following command resumes data synchronization for the availability database MVPDB in the availability group MVPSQLAG01

    Resume-SqlAvailabilityDatabase -Path SQLSERVER:\Sql\Computer\Instance\AvailabilityGroups\MVPSQLAG01\Databases\MVPDB


So I placed the scripts on the CSV from my Cluster 






Disclaimer: Microsoft does not support the use of CAU to update Windows Server 2012 clusters with SQL Server AlwaysOn availability groups. CAU is currently not aware of AlwaysOn availability groups. When CAU brings a node into maintenance mode to update the node, AlwaysOn availability groups are affected by the following known issues. Potential mitigations for these issues are provided to be transparent about our findings, and are meant for your non-production test environment only. These mitigations are not guaranteed to solve all issues. 


Robert Smit

StorScore A test framework to evaluate SSDs and HDDs #Cloud Server Infrastructure Engineering #CSI #ssd #winserv @microsoft

StorScore is a component-level evaluation tool for testing storage devices.
When run with default settings it should give realistic metrics similar to
what can be expected by a Windows application developer.


You must download and install the following or StorScore will not work:

    A Windows Perl interpreter:

Strawberry Perl is a perl environment for MS Windows containing all you need to run and develop perl applications. It is designed to be as close as possible to perl environment on UNIX systems.


With the output you can create some pivot tables and get great output.


Create a New Network Load Balancing NLB Cluster On Windows Server 2012 R2 #Winserv #nlb

Still I thought NLB is so common that there is no point here to create a blog. but recently I see a lot of misconfigurations of NLB or people trying to do the easy way and not listen to the guidelines. So this blog is all about NLB only in the private cloud you can’t extend this to Azure even if you have a S2S.

So I have two servers in my private cloud.  MVPNLB001 and MVPNLB002 Both Machines have two NIC’s one for LAN and the other is for the NLB actions.

and yes it can be with one but with two is it much easier and fault tolerant. Less errors and less administration.

Both domain joined and ready for Setup of my basic IIS.

First we setup IIS with the Management tools


Install-WindowsFeature -Name Web-Server Or Add-WindowsFeature Web-WebServer –IncludeAllSubFeature to get all the features

Install-WindowsFeature -Name Web-Mgmt-Tools
Add-WindowsFeature NET-Framework-45-ASPNET

Get-WindowsFeature nlb*



add-WindowsFeature –Name NLB

add-WindowsFeature RSAT-NLB

Now we are ready to configure the NLB. We can do this With powershell but the GUI also Works.  ( I show both )



The First Step will be Create a New NLB Cluster. As I do like things clear and therefor I start with rename the NIC names

Rename-NetAdapter -Name "Ethernet 2" -NewName "NLB"

Rename-NetAdapter -Name "Ethernet" -NewName "LAN"


Open the NLB Manager and select Cluster NEW


Or use powershell

Rename-NetAdapter -Name "Ethernet 2" -NewName "NLB"

New-NetIPAddress -IPAddress -InterfaceAlias "NLB" -AddressFamily IPv4 -PrefixLength 24

In this case we renamed the adapter and give the nic a static IP.

The next steps Will be creating the NLB with his own IP and Remove the default port rule and use only ports that I want say port 80


Well that was easy Creating the NLB Next step will be delete the port rule and create a 80 port rule 


We will remove the default line and just create a rule for one port that I need in this case port 80

Network Load Balancing parameters



These steps can be done in just a few more PowerShell lines ( I use variables see below the post for the complete script )

#Creating new cluster
Write-Host "Creating NLB Cluster…" -ForegroundColor yellow
New-NlbCluster -ClusterName $ClusterFqdn -InterfaceName $InterfaceName -ClusterPrimaryIP $ClusterPrimaryIP -SubnetMask $ClusterPrimaryIPSubnetMask -OperationMode $OperationMode

#Removing default port rule for the new cluster
Write-Host "Removing default port rule…" -ForegroundColor yellow
Get-NlbClusterPortRule -HostName . | Remove-NlbClusterPortRule -Force


But now what we have only One Server and we need to add the other node or nodes.


With two more confirmations screens you are done and have a Configured NLB on One 1 IP listening on port 80

Suppose you have multiple websites and all running on different IP or hostnames just add a cluster IP


Now that the NLB is created We can do some testing

Now to get this to work with IIS


That is right page not found. Check the DNS see if the record is created. and make sure the website IIS is running on this IP

Go to the IIS manager and check the website bindings, default it is listening on all IP but this is not the behavior that I want I want a NLB. So we need to set the website on the NLB IP configured earlier.  When Having multiple IP on the NLB pick the right IP!


Remember this you need to do this on all the Webservers!



A complete script to automate all these steps and add a second node. only the IP is fixed in the script and can be set as variable but this is up to you.

use this at free will. I created small steps so you can use also little steps if you need this or just give you an Idea.


#Set IP for NLB
Write-Host "Set NLB IP and change Network adapter" -ForegroundColor yellow
Rename-NetAdapter -Name "Ethernet 2" -NewName "NLB"
New-NetIPAddress -IPAddress -InterfaceAlias "NLB" -AddressFamily IPv4 -PrefixLength 24

#Set ExecutionPolicy
Write-Host "Set ExecutionPolicy" -ForegroundColor yellow
Set-ExecutionPolicy -scope LocalMachine RemoteSigned –force

Write-Host "Add-WindowsFeature NLB" -ForegroundColor yellow
add-WindowsFeature NLB
add-WindowsFeature RSAT-NLB

#Variables for creating the new cluster
Write-Host "Variables for creating the new cluster" -ForegroundColor yellow
$ClusterFqdn = Read-Host "Enter NLB cluster Name FQDN"
$InterfaceName = Read-Host "Enter interface name for NLB-adapter"
$ClusterPrimaryIP = Read-Host "Enter cluster primary IP"
$ClusterPrimaryIPSubnetMask = Read-Host "Enter subnetmask for cluster primary IP"

Write-Host "Choose cluster operation mode"
Write-Host "1 – Unicast"
Write-Host "2 – Multicast"
Write-Host "3 – IGMP Multicast"
switch (Read-Host "Enter the number for your chosen operation mode")
1 {$OperationMode = "unicast"}
2 {$OperationMode = "multicastcast"}
3 {$OperationMode = "igmpmulticast"}
default {Write-Warning "Invalid option, choose ‘1’, ‘2’ or ‘3’";return}

#Creating new cluster
Write-Host "Creating NLB Cluster…" -ForegroundColor yellow
New-NlbCluster -ClusterName $ClusterFqdn -InterfaceName $InterfaceName -ClusterPrimaryIP $ClusterPrimaryIP -SubnetMask $ClusterPrimaryIPSubnetMask -OperationMode $OperationMode

#Removing default port rule for the new cluster
Write-Host "Removing default port rule…" -ForegroundColor yellow
Get-NlbClusterPortRule -HostName . | Remove-NlbClusterPortRule -Force

#Adding port rules

Add-NlbClusterPortRule -Protocol Tcp -Mode Multiple -Affinity Single -StartPort 80 -EndPort 80 -InterfaceName $InterfaceName | Out-Null
Write-Host "Added port rule for http (tcp 80)" -ForegroundColor yellow

Add-NlbClusterPortRule -Protocol Tcp -Mode Multiple -Affinity Single -StartPort 443 -EndPort 443 -InterfaceName $InterfaceName | Out-Null
Write-Host "Added port rule for https (tcp 443)" -ForegroundColor yellow

#Adding additional cluster nodes based on user input
Write-Host "Give Second NLB host" -ForegroundColor yellow
$Node2Fqdn = Read-Host "Enter 2e NLB node"

#Set Network Adapter
Enter-PSSession -ComputerName $Node2Fqdn
invoke-command -computername $Node2Fqdn -scriptblock { Rename-NetAdapter -Name "Ethernet 2" -NewName "NLB"}
invoke-command -computername $Node2Fqdn -scriptblock { New-NetIPAddress -IPAddress -InterfaceAlias "NLB" -AddressFamily IPv4 -PrefixLength 24}
Write-Host "Placed NLB IP and changed NIC to NLB" -ForegroundColor yellow

Write-Host "Add-WindowsFeature NLB" -ForegroundColor yellow
Enter-PSSession -ComputerName $Node2Fqdn
invoke-command -computername $Node2Fqdn { add-WindowsFeature NLB}
invoke-command -computername $Node2Fqdn { add-WindowsFeature RSAT-NLB}

#Add Remote Node To NLB
Write-Host "Adding cluster node $Node2Fqdn" -ForegroundColor yellow
Get-NlbCluster | Add-NlbClusterNode -NewNodeName $Node2Fqdn -NewNodeInterface NLB


Have fun

Robert Smit

Twitter : @clustermvpTwitter : @clustermvp

AlwaysOn Availability Groups (SQL Server) Connecting To #Azure #part3 #AlwaysOn #winserv #SQL #msteched #mvpbuzz

As we did AlwaysOn FCI we make a step into the AlwaysOn AG. The Configuration options are divided with a lot of options. But the methods are the same. Pardon I did already a post

As there are a lot of extra options to extend your SQL server and give your DB the HA feeling. I hope the next post will give you insight in a how to get there. In a follow up post I will explain the Azure and extra options of SQL Server 2014.

AlwaysOn Availability Groups (SQL Server)

The AlwaysOn Availability Groups feature is a high-availability and disaster recovery solution that provides an enterprise level alternative to database mirroring. An availability group supports a failover environment for a discrete set of user databases, known as availability databases, that fail over together. An availability group supports a set of read-write primary databases and one to four sets of corresponding secondary databases.

Deploying AlwaysOn Availability Groups requires a Windows Server Failover Cluster. To be enabled for AlwaysOn Availability Groups, an instance of SQL Server must reside on a Windows Server Failover Cluster node, and the Windows Server Failover Cluster and node must be online. Furthermore, each availability replica of a given availability group must reside on a different node of the same Windows Server Failover Cluster.

AlwaysOn Availability Groups supports cross-cluster migration of availability groups for deployments to a new Windows Server Failover Clustering. A cross-cluster migration moves one availability group or a batch of availability groups to the new, destination WSFC cluster with minimal downtime.

By implementing AlwaysOn SQL Server FCI an availability replica can be hosted by either a standalone instance of SQL Server or an FCI instance. Only one FCI partner can host a replica for a given availability group.

AlwaysOn Availability Groups does not depend on any form of shared storage. However, if you use a SQL Server failover cluster instance (FCI) to host one or more availability replicas, each of those FCIs will require shared storage as per standard SQL Server failover cluster instance installation.

You might need to configure a Windows Server Failover Clustering (WSFC) cluster to include shared disks that are not available on all nodes. For example, consider a WSFC cluster across two data centers with three nodes. Two of the nodes host a SQL Server failover clustering instance (FCI) in the primary data center and have access to the same shared disks. The third node hosts a stand-alone instance of SQL Server in a different data center and does not have access to the shared disks from the primary data center. This WSFC cluster configuration supports the deployment of an availability group if the FCI hosts the primary replica and the stand-alone instance hosts the secondary replica.


AlwaysOn Availability Groups

I already had my cluster in place with the SQL AlwaysOn FCI and I have also installed a Second Cluster and a Second Instance on the cluster and already extended the SQL site to Azure and with several standalone server.

Before we start we need to enable the AlwaysOn HA option in on the server this is only done on the running server and is cluster aware. One setting for all the nodes for the same instance!

When we tried to enable the AG it is grayed out. in the SQL management.


Go to the SQL Server Configuration Manager

image image

When you are connecting to the passive node on the cluster you will see this, on a standalone install you can only connect to the active node.

Go to the other node and Set this setting. You can only change this setting on the running node that hold the SQL server

image  image

Now that we enabled the AlwaysOn Availability Groups we can start the wizard in SQL

image Pick a name for the AG


I just created a dummy DB just to set this up and I will later Add the real DB.

The dummy DB needs to have a full Backup ! So If your DB is as large as a TB a full backup is needed.


This is a interesting Screen Lots of Options and also Connections To Azure.

First we do a on premise connection and build a Replica to Azure.

and make a choice “ add Replica “  When we select the add replica a SQL login screen will popup.

 imageRemenber you need to connect to the replica SQL server.

This server is my standalone instance but installed on a failover cluster.

and as you can see I connected My Cluster SQL Server with the CSV installation now to a local SQL instance installed on Cluster Node 4

Some basics you need to know when connecting :

  • All the cluster nodes must be in the same Active Directory Domain Services (AD DS) domain.
  • Each availability replica in an availability group must reside on a different node of the same Windows Server Failover Clustering (WSFC) cluster.

  • The cluster creator must have the following accounts and permissions:



The Chosen Server is selected and added to secondary. In a cluster there is no automatically failover!

Readable secondary: No
In the secondary role, this availability replica will not allow any connections. I’ll use this pure as a backup and no changes will be made in the backup location. If the cluster is failing I have more problems than a not working Application.

All the options can be set but If you have multiple instances (AlwaysOn FCI ) and installed a local standalone Instance You may need to change the Endpoint Port! the default is 5022. I changed the port to 5023 just to make sure that there is no problem on my server.


Changing the port is easy “ SELECT * FROM sys.tcp_endpoints “  will show you the ports.


With “ ALTER ENDPOINT [hadr_endpoint] AS TCP (listener_port = 5023) “ you change the port to a better one.



Normally If you run this wizard and doing this steps you are fine, but in my demo site I had already a connection to Azure and therefor my listener want not only a local IP but also an Azure IP as described in the error message.

But this error is not saying he you need to do this again no simple add an IP address to your listener  You can Add this by hand or create listener in SQL




As you could see I needed to add a second IP for my listener that is I already setup a failover to azure.

In the fist step we could choose Azure Replica or a replica

image  And I dis the Azure Replica and If you are not already connected and added the thumbprint to your SQL server then you need to do this.

Just click Download and the Azure Login will popup and you need to login with the Azure Admin account that can create the Azure VM


image  When check the down the Azure login screen will pop up



a quick connection screen will popup and does fill in your subscriptions. If you have multiple just pick the right one.

So after connecting and downloading you will have the following. Reminder there is only creating NEW VM available ! If you want to use an existing VM then use the add replica just as in a normal situation.


The bad thing is here you can not pick a SQL server that already is build. But in the Screenshots you will see this is much easier. But it would be nice to tweak this a bit. It Would be handy if you could also pick an existing VM.

After filling in my name and version Size We can go to the next step. keep in mind you can always lower the size of the VM but now it is faster and the setup process will be quicker.


As you can see the Azure Replica server is added.


As I connected the Azure SQL with a Azure Gateway to my LAB environment we can share files thru the domain.


The wizard kick in and we have to wait until it is done. I did not create a listener for this, I just want to replicate the data to Azure.


Real Pity that there is no export to script I would like to see the script that created my azure SQL VM


The progress screen an this can take a while. With a quick peek in Azure We can see this.


This is a Critical Point I have done this now several times and sometimes it fails in a time out , and I found out that I used most of the time a small server and then the script will fail with “Error” so a quick tip use the default size and adjust this after the creation.

Checking the VM 4 cores and with an extra disk from 1TB holding my DB


My Lessons learned

As you can see there are multiple disks and the Wizard has run successfully.

My source was clustered and the DB is running on a CSV. Witch s a bad choice for running a Replica. The reason is the Replica wizard want to see the same disk and placing the DB files on C is no problem but a CSV volume placed  C:\ClusterStorage\Volume1\MSSQL12.MSSQL001\MSSQL\DATA

and this path is available for every cluster node and therefore also in the Azure cloud. and the “ normal” wizard tells me he the DB is already there. but now this step is skipped.

Second mistake I used a sample DB. there is no way I can add a second DB because of the CSV problem “ Database is already there “ and this is the Source DB Winking smile I think this will be better in the next version. Or not using CSV with AlwaysOn AG


Now that the wizard is done and a lot of scripting is passed the line to azure. But what is changed and does it work ?


no votes and an extra node image

The replica is created and as shown in the dashboard replicated.


The Following Issue can happen when you use CSV and or you want to create a replica from FCI to FCI. The reason is the disk letter need to be the same on source and destination, as the CSV volume is mounted to every node and therefor the DB is already there and the setup will fail.


image image


Right I use CSV but is the CSV replicated to Azure Yes the cluster does this! But there is no disk mounted in azure and all the files will be placed on the c drive! and the replica can not be created on the location because the source DB is there. If you create the replica by hand you can do this but not by default with the wizard.  just a reminder when you playing with this.


There are some options when you enable AlwaysOn the easiest way is having standalone SQL server running on a cluster node. More advanced is using AlwaysOn FCI. But all this can be done just test everything before you go in production . So that you know how your configuration is working.

And just because you can will not say this is your best solution or design. There are many options and will grow are products evolve.


SQL Server AlwaysOn Availability Group concepts

A SQL Server Availability Group enables you to specify a set of databases that you want to fail over together as a single entity. When an availability group fails over to a target instance or target server, all the databases in the group fail over also. Because SQL Server 2012 can host multiple availability groups on a single server, you can configure AlwaysOn to fail over to SQL Server instances on different servers. This reduces the need to have idle high performance standby servers to handle the full load of the primary server, which is one of the many benefits of using availability groups.

An availability group consists of the following components:

  • Replicas, which are a discrete set of user databases called availability databases that fail over together as a single unit. Every availability group supports one primary replica and up to four secondary replicas.

  • A specific instance of SQL Server to host each replica and to maintain a local copy of each database that belongs to the availability group.

Replicas and failover

The primary replica makes the availability databases available for read-write connections from clients and sends transaction log records for each primary database to every secondary replica. Each secondary replica applies transaction log records to its secondary databases.

All replicas can run under asynchronous-commit mode, or up to three of them can run under synchronous-commit mode. For more information about synchronous and asynchronous commit mode, see Availability Modes (AlwaysOn Availability Groups).


Database issues, such as a database becoming suspect due to a loss of a data file, deletion of a database, or corruption of a transaction log do not cause failovers.

Read the following articles to learn required and important concepts about SQL Server AlwaysOn technology:

  • For details about the benefits of AlwaysOn Availability Groups and an overview of AlwaysOn Availability Groups terminology, see AlwaysOn Availability Groups (SQL Server).

  • For detailed information about prerequisites, see Prerequisites, Restrictions, and Recommendations for AlwaysOn Availability Groups (SQL Server). This article contains the following information:

    • Windows Server system requirements and recommendations

    • SQL Server instance prerequisites and restrictions

    • Prerequisites and restrictions for using a SQL Server Failover Cluster Instance (FCI) to host an availability replica

  • Availability group prerequisites and restrictions

  • Availability database prerequisites and restrictions

Windows 2012R2 UR1 Cluster Event ID 1223,1069,1077 does not have a valid value for the read-only property ‘ObjectGUID’ #winserv #network

You just created a fresh new cluster based on a PowerShell script and you checked the validation report and read only “Success” great you open the Failover cluster manager and yes there is a cluster

image image

#Install cluster options
Get-WindowsFeature Failover-Clustering
install-WindowsFeature “Failover-Clustering”,”RSAT-Clustering” -IncludeAllSubFeature
#Create cluster validation report
Test-Cluster -Node mvpsql141,mvpsql142
#Create cluster
New-Cluster -Name MVPSQL1401 -Node mvpsql141,mvpsql142 -NoStorage -StaticAddress “”
#Add disks to the cluster
Get-ClusterAvailableDisk -Cluster MVPSQL1401
Get-ClusterAvailableDisk -Cluster MVPSQL1401 |Add-ClusterDisk
#Add disk to CSV
Add-ClusterSharedVolume -Cluster MVPSQL1401 -Name “Cluster Disk 1”
#Set Cluster Quorum
Set-ClusterQuorum -Cluster MVPSQL1401 -FileShareWitness \\mvpdc01\cluster
#set network configuration
(Get-ClusterNetwork “Cluster Network 1”). Role =0


But you want to setup some resources but it fails you double check your script and again it failed. you looked at the last error and see an error

“ The network name Name: MVPSQL2014 does not have a valid value for the read-only property ‘ObjectGUID’.”

Followed by several event ID Event ID 1223 1069 1077

You checked the networks



but after open the IP resource you can’t select a network ! but all networks are up !

So what is the problem ?  lets check all the events this must be a but I did everything right

This resource is marked with a state of ‘Failed’ instead of ‘Online’. This failed state indicates that the resource had a problem either coming online or had a failure while it was online

The network name Name: MVPSQL2014 does not have a valid value for the read-only property ‘ObjectGUID’. To validate the service principal name the read-only private property ‘ObjectGuid’ must have a valid value. To correct this issue make sure that the network name has been brought online at least once. If this does not correct this issue you will need to delete the network name and re-create it

Health check for IP interface ‘Cluster IP Address’ (address ‘’) failed (status is ‘1168’). Run the Validate a Configuration wizard to ensure that the network adapter is functioning properly.

Cluster IP address resource ‘Cluster IP Address’ cannot be brought online because the cluster network ‘Cluster Network 1’ is not configured to allow client access. Please use the Failover Cluster Manager snap-in to check the configured properties of the cluster network.

Event ID 1223 1069 1077

See the last error “ ‘Cluster Network 1’ is not configured to allow client access. “ but I did set this option , yes you did see the script

(Get-ClusterNetwork “Cluster Network 1”). Role =0


but Role 0 ?

Cluster Network Roles:

Cluster networks are automatically created for all logical subnets connected to all nodes in the Cluster.  Each network adapter card connected to a common subnet will be listed in Failover Cluster Manager.  Cluster networks can be configured for different uses.




Disabled for Cluster Communication


No cluster communication of any kind sent over this network

Enabled for Cluster Communication only


Internal cluster communication and CSV traffic can be sent over this network

Enabled for client and cluster communication


Cluster IP Address resources can be created on this network for clients to connect to. Internal and CSV traffic can be sent over this network


I changed the Role to 3

(Get-ClusterNetwork “Cluster Network 1”). Role =3

Or in the gui



One happy cluster again as you can see mistakes are easily made and not always detected directly so just make sure your cluster is running healthy before you move further

Windows Server 2012 R2 Update KB2919355 #update #winserv #PoshPAIG #Patch #Audit/Installation GUI

Don’t forget to update your servers with update 1 and keep in mind that if you choose to update your clusters by hand. That you patch all the servers and not leave the cluster is a split-patched environment!. You will not be the first that have cluster troubles by mispatching.

now that there is a Update 1 you can see different patch models from 800 Mb to 3 MB depends on the update status from the machine.



Windows Server 2012 R2 Update is a cumulative set of security updates, critical updates and updates. You must install Windows Server 2012 R2 Update to ensure that your computer can continue to receive future Windows Updates, including security updates. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

But if you don’t know the status of your servers and you don’t use wsus but patching from Microsoft update and there is no SCCM in place. you need some other tool to audit your servers. Write a Powershell script DSC or use a tool from codeplex Enter the PowerShell Patch Audit/Installation GUI (PoshPAIG).


This is a little toolkit that can do this for you If you don’t have tools in place and you need fast results this is the best way.

The tool is self explaining So I don’t go in to detail the source is here:



/Happy Patching

Cannot Create External Virtual Switch (Grayed out) Network ObjectNotFound New-VMSwitch : Cannot find a physical network adapter #hyperv #winserv

After you created a hyper-v server and did some configurations you are ready to create some networking.

But after running some PowerShell scripts you have errors on creating a external vswitch.

PS C:\Users\Administrator> New-VMSwitch -Name HVNET -NetAdapterName "ethernet 3" -AllowManagementOS $True -MinimumBandwidthMode Weight
New-VMSwitch : Cannot find a physical network adapter named Realtek PCIe GBE Family Controller.


The nic is there and working I updated the nic with new drivers uninstalled still the same problem.

Lets see if the nic is there :  Get-NetAdapter |? status

Present and up. lets check this with WMI , If the nic is not there or not UP make sure it is there and UP. Uninstall the network device and scan for new devices.

WMIC NICCONFIG GET Description,SettingID


We could find this in the register if needed. But lets see if the bindings are ok

If the Hyper-v Extensible Virtual Switch Protocol is not there you can not Create a external VSwitch !

Easy thing to do is add the Vswitch protocol !

image  image

Now that the Protocol is there you can create the external vswitch and create a working Hyper-v Server!

There are multiple errors or issues that can avoid you for creating a external vswitch.

tools like nvspbind are helpful more info on this :

Or see my older blog post on Windows Server 2012 R2 update thoughts hyper-v virtual Ethernet adapter network cable unplugged

A port on the virtual switch has the same MAC as one of the underlying team members on Team Nic Event ID 16945 #winserv

If you are using Windows Server 2012 R2 and configured NIC Teaming you could have this Event ID : 16945

This is showing up as a Warning in the event log.
What the event is saying is that you have a host vNIC (virtual NIC presented to the host that is connected to the Virtual Switch)
That has the same MAC address as one of the NIC (physical NIC) members of the NIC team.  
This shouldn’t cause an issue as long as the team member that has the same MAC as the vNIC remains in the team. If that team member is ever removed from the team and attempt standalone operation with that MAC then there could be duplicate MAC address on the network assuming the vNIC is also in operation.  


What is NIC Teaming?

A solution commonly employed to solve the network availability and performance challenges is NIC Teaming. NIC Teaming (aka NIC bonding, network adapter teaming, Load balancing and failover, etc.) is the ability to operate multiple NICs as a single interface from the perspective of the system. In Windows Server 2012, NIC Teaming provides two key capabilities:

  1. Protection against NIC failures by automatically moving the traffic to remaining operational members of the team, i.e., Failover, and
  2. Increased throughput by combining the bandwidth of the team members as though they were a single larger bandwidth interface, i.e., bandwidth aggregation.

My current Team


You can see a all the vNIC/pNIC and MAC addresses by doing a “get-netadapter | sort macaddress” in PowerShell. 
You should see one of your physical NIC and a virtual NIC called something like "vEthernet" and both will have the same MAC. 

get-netadapter | sort macaddress


But what If I change the MAC of the Team by looking at the properties of the team interface (in Network Connections, "Microsoft Network Adapter Multiplexor", then click the Configure button, then select the Advanced tab.
The 7th item in the list is MAC Address. You could configure a MAC there for the team.



The Team is has now the given MAC More about the MAC reservations

Hyper-V How To: Manage MAC Address Conflicts

Windows Server 2012 NIC Teaming (LBFO) Deployment and Management

Capacity Planner for Hyper-V Replica #hyperv #winserv #scvmm

The Capacity Planner for Hyper-V Replica guides the IT administrator to design the server, storage and network infrastructure which is required to successfully deploy Hyper-V Replica.

Hyper-V administrators of Windows Server 2012 and Windows Server 2012 R2 can replicate their virtual machines from a primary server / cluster to a replica server / cluster for business continuity and disaster recovery purposes. The Capacity Planner for Hyper-V Replica provides server, storage and network provisioning guidance which would allow IT administrators to successfully plan for a Hyper-V Replica deployment

Get Hyper-V Replica Capacity Planner

The Setup is real easy and a comprehensive report is prepared that shows CPU, RAM, Disk and Network capacity needed to successfully support your specific configuration and environment.


First we choose a time to collect utilization metrics for the Vm’s to replicate. best way to test this is during work hours and 30 minutes or longer. 


10 hyper-v server can be selected in one Run.

image image

If you use a Cluster use the Broker and not the Hyper-v FQDN.


And If a server is not enabled for replication you will see this error. and you can run this with or without Certificates.


You can only pick VM’s that are not Replica Enabled and if the VM holds more Disk you can unselect the disk.


After running this there will be a HTML report with all the metrics CPU,Memory,IOPS,Storage usage, network throughput.

This way you get insight information on what can I expect when using hyper-v replica


How many IOPS do I need and gives you the optimal setting


The Network info is great info What do I need and how many is consumed during the Replica.

And read the documentation there is a lot of useful info in this document and this will help you to understand the report.

Get Hyper-V Replica Capacity Planner

Separate VM in Hyper-V virtual machines using anti-affinity #winserv #hyperv #DRS

For some Virtual machines you don’t want to run them on the same hyper-v server in a cluster. sys you have a two node cluster and running two DC’s you don’t want to run the VM’s on the same hyper-v box.

With anti-affinity you can prevent this that both VM’s are running on the same box. But this is not the same as preferred owner.

With the preferred owner you prevent that the VM will failover to a other Hyper-v host. If the hyper-v host is failing so are all the VM’s on this host there will be no failover to an other Hyper-v host.


With the anti-affinity you create a “rule” that says he these two VM’s or cluster roles may never be seen on the same hyper-v host. unless there is no other way.

Anti-Affinity – For a given VM (technically any cluster Group) there is a cluster group property called AntiAffinityClassNames that allows you to configure the preference to attempt to keep that VM off the same node as other similar VMs. Let’s say for example you have two domain controllers running in VMs. It would probably be best to keep those running on different nodes if possible. When determining failover, the cluster service will deprioritize any node which is hosting a similar VM. If there is no other option (in the goal of making VMs available) it will place them on the same host. More information:

but there is no GUI option for this. PowerShell only and this need settings on all your hyper-v nodes in the cluster.

So get some listing of the classes

Get-ClusterGroup | get-member -name AntiAffinityClassNames

these are the objects “System.Object AntiAffinityClassNames {get;set;}”

If you need more info check this link :



With a quick check we can see the current affinity settings

Get-ClusterGroup | Select AntiAffinityClassNames


Currently there are no rules in place.

Because I need to run this on all servers I create a nice step by step and easy to change Powershell script

I create several groups names  SQL,VM,DC,APP now I know what machines I can place in the groups.

So I create a small amount of variables


$SQLAntiAffinity = New-Object System.Collections.Specialized.StringCollection

$SQLAntiAffinity.Add("SQL Server Instance")

$DCAntiAffinity = New-Object System.Collections.Specialized.StringCollection

$DCAntiAffinity.Add("Domain Controllers")

$WEBAntiAffinity = New-Object System.Collections.Specialized.StringCollection

$WEBAntiAffinity.Add("WEB Servers")

$APPAntiAffinity = New-Object System.Collections.Specialized.StringCollection

$APPAntiAffinity.Add("Application Servers")



The last part is assign the VM to the group.

(Get-ClusterGroup –Name VMSQL01).AntiAffinityClassNames = $SQLAntiAffinity

(Get-ClusterGroup –Name VMSQL02).AntiAffinityClassNames = $SQLAntiAffinity

(Get-ClusterGroup –Name VMDC01).AntiAffinityClassNames = $DCAntiAffinity

(Get-ClusterGroup –Name VMDC02).AntiAffinityClassNames = $DCAntiAffinity

(Get-ClusterGroup –Name VMWEB01).AntiAffinityClassNames = $WEBAntiAffinity

(Get-ClusterGroup –Name VMWEB02).AntiAffinityClassNames = $WEBAntiAffinity

(Get-ClusterGroup –Name VMAPP01).AntiAffinityClassNames = $APPAntiAffinity

(Get-ClusterGroup –Name VMAPP02).AntiAffinityClassNames = $APPAntiAffinity


and You did know you can use the + = to add a VM to the group or Clear the group

(Get-ClusterGroup –Name NEWVM01).AntiAffinityClassNames += $SQLAntiAffinity

or clear the VM from all Groups

(Get-ClusterGroup –Name NEWVM01).AntiAffinityClassNames = “”


the rules are in place lets see if we can find them back

Get-ClusterGroup |Select-Object -Property name,AntiAffinityClassNames


(Get-ClusterGroup demo01).AntiAffinityClassNames

Now that the roles are in place We can see how It works. I paused a hyper-v node and As soon as I resume the node the anti-affinity rule kicks the VM Winking smile