Archive for the ‘Windows Server’ Tag

Upgrading and what is new in Windows Server 2019 Clustering #winserv #RunWS2019 #WindowsServer2019   Leave a comment

This blog post is the first of a series on Windows Server 2019. #MSIgnite is coming and there will be a lot of new features coming. So in preparation I’ll show you what is changed and how to build things in Windows Server 2019. In this there is a upgrade and some new functions to the Cluster.

  1. Hybrid: Windows Server 2019 and Windows Admin Center will make it easier for our customers to connect existing on-premises environments to Azure. With Windows Admin Center it also easier for customers on Windows Server 2019 to use Azure services such as Azure Backup, Azure Site Recovery, and more services will be added over time.
  2. Security: Security continues to be a top priority for our customers and we are committed to helping our customers elevate their security posture. Windows Server 2016 started on this journey and Windows Server 2019 builds on that strong foundation, along with some shared security features with Windows 10, such as Defender ATP for server and Defender Exploit Guard.
  3. Application Platform: Containers are becoming popular as developers and operations teams realize the benefits of running in this new model. In addition to the work we did in Windows Server 2016, we have been busy with the Semi-Annual Channel releases and all that work culminates in Windows Server 2019. Examples of these include Linux containers on Windows, the work on the Windows Subsystem for Linux (WSL), and the smaller container images.
  4. Hyper-converged Infrastructure (HCI): If you are thinking about evolving your physical or host server infrastructure, you should consider HCI. This new deployment model allows you to consolidate compute, storage, and networking into the same nodes allowing you to reduce the infrastructure cost while still getting better performance, scalability, and reliability.

 

Installing the Windows Server 2019 is not different than 2016. There is an extra disk space warning menu.

imageimage

As an upgrade I want to keep my files.

imageimage

If you need to free up more disk space then there is a little warning. It may happen that the screen needs to refresh before you see the confirm option.

image

The upgrade is starting depending on the server speed it will take some time.image image

After the upgrade is done and the first logon the Server manager is starting and there is a popup of would you like to install Windows Admin Center.

image

 

Now that the upgrade is done we can take a look at the Cluster Changes. First if we check the Cluster Functional Level with PowerShell.

Get-Cluster | Select ClusterFunctionalLevel

image

This is now Version 10

  • Windows Server 2012 R2 functional level value of 8
  • Windows Server 2016 functional level value of 9
  • Windows Server 2019 functional level value of 10

 

Windows Server 2019 USB file Witness

The other big change is the placement of your witness files. this can now be on a USB device.

image

One of the quorum models for Failover Clustering is the ability to use a file share as a witness resource.  As a recap, the File Share Witness is designated a vote in the Cluster when needed and can act as a tie breaker in case there is ever a split between nodes (mainly seen in multi-site scenarios). See also my other blog posts https://robertsmit.wordpress.com/category/clustering/ 

This means NO kerberos, NO domain controller, NO certificates, and NO Cluster Name Object needed, and NO account needed on the nodes.

Simply plug your USB drive into the port in the router and get into your router’s interface.  In there, you can set up your share name, username, and password for access.  Use the PowerShell command above pointing it to the router and share, and you are good to go.  To answer your next question, this works with SMB 2.0 and above.  SMB 3.0 is not required for the witness type.

image

Setting up the share on my network device

Next is setting the Witness, this can only be done with PowerShell.

Set-ClusterQuorum -FileShareWitness \\SERVER\SHARE -Credential $(Get-Credential)

image

A credential popup, and type your account and password.

image

After this check your cluster and you can see the Witness is set.

image

 

Other Cluster Changes are there but not direct visible in the Gui PowerShell is needed/

When comparing the Storage space section there are some other options and more. Not all options are new some have a different value.

 

Windows Server 2019                                                                                                          Windows Server 2016

imageimage

One of these changes is S2DBusTypes in Windows Server 2016 it has a value of 0 but it could be changed if you had different storage. (not supported)

I created a blog post about this to add USB storage to build a SOFS with clustered storage spaces. So enabling the options I start Building My Scaleout File Server with My USB thumbdrive Storage.

https://robertsmit.wordpress.com/2015/05/18/building-usb-sofs-with-storage-spaces-direct-s2d-ws2016/

With a little help of this STORAGE_BUS_TYPE enumeration on MSDN we could do Fun things with some old disks.

https://msdn.microsoft.com/en-us/library/windows/desktop/ff800833(v=vs.85).aspx

 

In server 2019 it has a value of 396288 which is the the number of the supported disk types for Storage spaces direct.

S2DBusTypes                           : 396288

Changing these values is not best practice and could brake your cluster. Or bring unstable situations. 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Make Windows Admin Center High available running on a Windows Server 2019 Cluster #winserv #RunWS2019 #WindowsAdminCenter #WindowsServer2019   Leave a comment

The new new tool Windows Admin Center is THE tool to use when managing your Environment you can install this on almost any server (no Domain Controller) but even this device needs a reboot from time to time. Therefor we make the Windows Admin Center High available. When installing this on a cluster the Tools gets better uptime. And is there when you need it. The resources that are used is minimal.

Windows Admin Center is a new, locally-deployed, browser-based management tool set that lets you manage your Windows Servers with no Azure or cloud dependency. Windows Admin Center gives you full control over all aspects of your server infrastructure and is particularly useful for managing servers on private networks that are not connected to the Internet.

Windows Admin Center is the modern evolution of "in-box" management tools, like Server Manager and MMC. It complements System Center – it’s not a replacement.

First we take our cluster, in this case my test cluster witch runs all kinds of load.

image

Get the latest Windows Admin center build. http://aka.ms/WACDownload

save this on the Cluster node, and remember you can’t run Windows Admin Center with IE – Internet Explorer!

When checking this I saw the Cluster team create already a Powershell Script to make the WAC HA. so there goes my blog.

image

Well You can run the PowerShell Scripts. But that’s no Fun.  but I understand if you are busy and or you don’t want to know what is behind the script.

https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/deploy/high-availability

image

In this case I do it all manual, well not all there are some good parts in the Script

First we need a Certificate, I use a self signed and yes this needs to be changed every 90 days

Fill in the Variables 

$clientAccessPoint="mvpwac03"
$tmpPassword = "Temppassword"
$certPath = "c:\temp\sme3.pfx"
#####
Write-Output "Creating self signed certificate"
    $domain= (Get-WmiObject win32_computersystem).Domain
    $dnsName = $clientAccessPoint+"."+$domain
    $cert = New-SelfSignedCertificate -DnsName $dnsName -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddMonths(3)
    $certPassword = ConvertTo-SecureString -String $tmpPassword -Force -AsPlainText
    $cert | Export-PfxCertificate -FilePath $certPath -Password $certPassword | Out-Null 

 

image

Import the Certificate

$cert.Import($certPath, $certPassword,’DefaultKeySet’)

image

Save the Thumbprint for later

$cert.Thumbprint

image

Now We are installing the Windows Admin Center , I use a preview but get the latest version here http://aka.ms/WACDownload

imageimage

Don’t forget the trusted site checkbox.

imageimage

Here is the Thumbprint that is used in the Certificate , Next is installing the Windows Admin Center.

image

Now that Windows Admin Center is installed We are almost ready.

The next steps are stopping the services and set this to manual as the Failover Cluster Manager controls the run status

Set-Service ServerManagementGateway -startuptype "manual"
Stop-Service ServerManagementGateway

image

Now that this is ready we need to think about the file location as this is currently on the C drive.

image

And we don’t want to have two or more configurations. there for we place this on the CSV volume.

Copy all the file into the CSV volume folder

imageimage

When this is done we are adjusting the Services.

imageimage

 

$staticAddress="10.255.255.222"
$portNumber="443"
$smePath="C:\ClusterStorage\vdisk20\ux"
$certThumbprint="1D243A17BBD62271DA0DF8EE4FF0FD65C5AE5A37"
$clientAccessPoint="mvpwac03"
$registryPath = "HKLM:\Software\Microsoft\ServerManagementGateway\Ha"

    New-ItemProperty -Path $registryPath -Name IsHaEnabled -Value "true" -PropertyType String -Force | Out-Null
    New-ItemProperty -Path $registryPath -Name StoragePath -Value $smePath -PropertyType String -Force | Out-Null
    New-ItemProperty -Path $registryPath -Name Thumbprint -Value $certThumbprint -PropertyType String -Force | Out-Null
    New-ItemProperty -Path $registryPath -Name Port -Value $portNumber -PropertyType DWord -Force | Out-Null
    New-ItemProperty -Path $registryPath -Name ClientAccessPoint -Value $clientAccessPoint -PropertyType String -Force | Out-Null
    $staticAddressValue = $staticAddress -join ‘,’
    New-ItemProperty -Path $registryPath -Name StaticAddress -Value $staticAddress -PropertyType String -Force | Out-Null
   
    New-ItemProperty -Path HKLM:\Software\Microsoft\ServerManagementGateway -Name InstallDir -Value $smePath -PropertyType String -Force | Out-Null
    New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\ServerManagementGateway -Name ImagePath -Value $smePath\sme.exe -PropertyType String -Force | Out-Null

   
    #grant permissions to Network Service for the UX folder
    $Acl = Get-Acl $UxFolder
    $sID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-20")
    $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule($sID,"FullControl","ContainerInherit,ObjectInherit","None", "Allow")
    $Acl.SetAccessRule($Ar)
    Set-Acl $UxFolder $Acl

 

After running this the path changed to the CSV location and the HA values are there

image

 

image

The Windows Admin Center HA values are there.

The last step on this cluster node is creating the cluster resource.

$staticAddress="10.255.255.222"
$clientAccessPoint="mvpwac03"
$registryPath2 = "SOFTWARE\Microsoft\ServerManagementGateway\Ha"
   
Add-ClusterGenericServiceRole -ServiceName ServerManagementGateway -Name $clientAccessPoint -CheckpointKey $registryPath2 -StaticAddress $staticAddress

image

Remember the HA cluster resource does not need the  HKLM:\ as in the other variables.

image

Now we have installed the Windows Admin Center in the Cluster.  For all the other nodes in the cluster we need to do almost the same.

Or we could export the Register keys and add them in the nodes as we already placed the files on the CSV and created a cluster resource.

All the other nodes don’t have a Windows Admin Center services. Using the register keys is working but you will need a reboot.  As we create first a fake services and then place the regkeys no reboot is needed. Or just import the register keys and do a reboot of the node.

New-Service -Name ServerManagementGateway -DisplayName "Windows Admin Center" -BinaryPathName "C:\ClusterStorage\vdisk20\ux"

First regkey <>

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManagementGateway]
"Version"="1.1.24609.0"
"InstallDir"="C:\\ClusterStorage\\vdisk20\\ux"
"SmePort"="443"
"UseHttps"="1"
"DevMode"=""
"DataEncryptionCertificateThumbprint"="83D5FBC5AD758C2B23BADBD83117AC5EAA0E8F2B"
"RedirectPort80"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManagementGateway\Ha]
"IsHaEnabled"="true"
"StoragePath"="C:\\ClusterStorage\\vdisk20\\ux"
"Thumbprint"="1D243A17BBD62271DA0DF8EE4FF0FD65C5AE5A37"
"Port"=dword:000001bb
"ClientAccessPoint"="mvpwac03"
"StaticAddress"="10.255.255.222"

 

Second Regkey <>

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServerManagementGateway]
"Type"=dword:00000010
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"="C:\\ClusterStorage\\vdisk20\\ux\\sme.exe"
"DisplayName"="Windows Admin Center"
"ObjectName"="NT Authority\\NetworkService"
"Description"="Windows Admin Center"
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,00,00,00,00,d0,07,00,00,00,00,00,00,d0,07,00,00,00,00,00,00,00,00,00,00
"Environment"=hex(7):43,00,4f,00,4d,00,50,00,55,00,54,00,45,00,52,00,4e,00,41,\
  00,4d,00,45,00,3d,00,4d,00,56,00,50,00,57,00,41,00,43,00,30,00,33,00,00,00,\
  5f,00,43,00,4c,00,55,00,53,00,54,00,45,00,52,00,5f,00,4e,00,45,00,54,00,57,\
  00,4f,00,52,00,4b,00,5f,00,46,00,51,00,44,00,4e,00,5f,00,3d,00,4d,00,56,00,\
  50,00,57,00,41,00,43,00,30,00,33,00,2e,00,6d,00,76,00,70,00,2e,00,6c,00,6f,\
  00,63,00,61,00,6c,00,00,00,5f,00,43,00,4c,00,55,00,53,00,54,00,45,00,52,00,\
  5f,00,4e,00,45,00,54,00,57,00,4f,00,52,00,4b,00,5f,00,48,00,4f,00,53,00,54,\
  00,4e,00,41,00,4d,00,45,00,5f,00,3d,00,4d,00,56,00,50,00,57,00,41,00,43,00,\
  30,00,33,00,00,00,5f,00,43,00,4c,00,55,00,53,00,54,00,45,00,52,00,5f,00,4e,\
  00,45,00,54,00,57,00,4f,00,52,00,4b,00,5f,00,4e,00,41,00,4d,00,45,00,5f,00,\
  3d,00,4d,00,56,00,50,00,57,00,41,00,43,00,30,00,33,00,00,00,00,00

With this in place all nodes can run Windows admin center in HA mode, but it will not run on IE. and this is the only default browser on the server. To test if it is working you will need Edge or Chrome.

image

As you can see it is not that simple to make things high available. Using the Powershell scripts provided by microsoft But if using these script you need to rename the MSI file if you are using the insiderspreview or any other build that is not named as ServerManagementGateway.msi

WindowsAdminCenterPreview1808.msi rename to ServerManagementGateway.msi 

You can deploy Windows Admin Center in a failover cluster to provide high availability for your Windows Admin Center gateway service. The solution provided is an active-passive solution, where only one instance of Windows Admin Center is active. If one of the nodes in the cluster fails, Windows Admin Center gracefully fails over to another node, letting you continue managing the servers in your environment seamlessly.

High-availability deployment scripts from Windows Admin Center HA Setup Scripts zip file. Download the .zip file containing these scripts to your local machine and then copy the scripts as needed.

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

First look at Windows Volume Replication Storage Replica in Windows Server #windows10 #winserv #storage #WVR   3 comments

With the release of the Windows Server Technical Preview, a lot of new features are there as  Storage Replica.

Storage Replica enables storage-agnostic, block-level, synchronous replication between clusters or servers for disaster recovery, as well as stretching of a failover cluster for high availability. Synchronous replication enables mirroring of data in physical sites with crash-consistent volumes ensuring zero data loss at the file system level. Asynchronous replication allows site extension beyond metropolitan ranges with the possibility of data loss.

 

First look at Windows Volume Replication Storage Replica in Windows Server

In this post I take a look a this and see if it is working in the demo lab, My first impression is this needs planning and this is not that easy and how does this work. Well you need to play with this the get the feeling.

In this case I build a normal cluster just a set of disk with a file server on it and two nodes both running the Windows Server 10.

For the disk you will need some steps to prepare not all disk are suitable for the

Disk prerequisites :

  • You must create two volumes on each enclosure: one for data and one for logs.
  • Data volumes must be formatted as GPT, not MBR
  • The two data volumes must be of identical size.
  • The two log volumes should be of identical size.
  • The log volume should use SSD storage with a mirrored space or RAID 1/RAID 10
  • The data volume can use HDD, SSD, or a tiered combination and can use either mirrored or parity spaces or RAID 1 or 10, or RAID 5 or RAID 50
  • The data volume should be no larger than 10TB (for a first test, we recommend no more than 1TB, in order to lower initial replication sync times)
  • The log volume should be at least 10% of the size of the data volume and must be at least 2GB

 

First look at Windows Volume Replication Storage Replica in Windows Server

As you create a role and added a disk to this there is an new option Replication on the Disk

On a available disk the replication is grayed out.

image

Added the Disk to a Cluster Role the Replication can be enabled.

image

Currently the GUI is not the best method to test this.

Starting With Windows Volume Replication On windows Server

I use a cluster based on shared VHDX.

I just need to create some disks and add them to the cluster nodes

1..8 | % { New-VHD -Path n:\hyper-v\WVR_SSD_$_.VHDX -Fixed –Size 12GB}

1..8 | % { Add-VMHardDiskDrive -VMName windows10-node1 -ControllerType SCSI -Path n:\hyper-v\WVR_SSD_$_.VHDX -ShareVirtualDisk}
1..8 | % { Add-VMHardDiskDrive -VMName windows10-node2 -ControllerType SCSI -Path n:\hyper-v\WVR_SSD_$_.VHDX -ShareVirtualDisk}

 

So what is needed to get this working, is an extra feature installed on both nodes Windows Volume Replication

image

When starting to build our cluster we installed all our features

add-windowsfeature Failover-Clustering,WVR,RSAT-Clustering –IncludeAllSubFeature

After this we get new powershell commands from the WVR Windows Volume Replication

image

and with the new-cluster we create a new Cluster

New-Cluster -Name Windowscl10 -Node win2015-1,win2015-2 -NoStorage -StaticAddress "10.255.255.21"

Get-ClusterAvailableDisk –Cluster Windowscl10 |Add-ClusterDisk

Now that the cluster is in place with the disk we can start and we create a new File server and add two disks to this File server Role.

image

It does not need to be a scale-out file server.

Next step is create a Storage Replication Partnership based on Source and Destination with the Replication Groups

This can also be done in the GUI.

New-SRPartnership -SourceComputerName win2015-1 -SourceRGName resource_group01 -SourceVolumeName p: -SourceLogVolumeName h: -DestinationComputerName win2015-2 -DestinationRGName resource_group02 -DestinationVolumeName I: -DestinationLogVolumeName J: -LogSizeInBytes 2gb

 

imageimage

but the destination disk is not selectable. and in PowerShell it is working.

But you can also follow this guide in the GIU : a downloadable guide to provide you with step-by-step instructions for evaluating the Stretch Cluster and the Server-to-Server scenarios. These are both designed for Disaster Recovery and provide “over the river” synchronous metro replication.

When first playing with this and added just a couple of drives I got this “ disk with different Sizes”

Possible reasons:
– log size in those two groups are different.
– data partition sizes are different in those two groups.
– data partition physical section size are different in those two groups.

So keep in mind the Disk need to be GPT and the size must be the same. 

image

 

New-SRPartnership : Unable to create replication partnership between "rg01" and "rg02", detail reason: "Replication groups "rg01" and "rg02" do not
match. Possible reasons:

– log size in those two groups are different.
– data partition sizes are different in those two groups.
– data partition physical section size are different in those two groups.".
At line:1 char:1
+ New-SRPartnership -SourceComputerName win2015-1 -SourceRGName rg01 -S …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_WvrAdminTasks:root/Microsoft/…T_WvrAdminTasks) [New-SRPartnership], CimException
    + FullyQualifiedErrorId : Windows System Error 4,New-SRPartnership

 

Building the Windows Volume Replication

First create the new Replication Partnership.

And I must say there is a lot of things going on in your cluster and disk when you do this. watch your cluster Failover manager! and select the Disk view !

But after this you got a working replication.

New-SRPartnership -SourceComputerName win2015-1 -SourceRGName resource_group01 -SourceVolumeName p: -SourceLogVolumeName h: -DestinationComputerName win2015-2 -DestinationRGName resource_group02 -DestinationVolumeName I: -DestinationLogVolumeName J: -LogSizeInBytes 2gb

All the Available disk are moved from one node to the other node and there will be a new resource group

and the output will be like this

ComputerName       : Windows10
Description        : 
Id                 : 279b4fb3-239f-4238-a3dd-fdd42fb8f772
IsAutoFailover     : True
IsCascade          : False
IsCluster          : True
IsInPartnership    : True
IsPrimary          : True
IsSuspended        : False
IsWriteConsistency : False
LogSizeInByte      : 2147483648
LogVolume          : H:\
Name               : resource_group01
NumOfReplicas      : 1
Partitions         : {776e66b8-f26c-4480-85bf-c37df3a58e98}
PSComputerName     :
ReplicationMode    :

Now Close the FCM GUI and reopen this else you won’t see the replication tabs

image

image

After the GUI restart you can see the replication.

image

and as you can see the source resource is also in the destination resource. So in case of a failover the replica will also be briefly down.

And if you want to reverse  the source destination with the GET-SRPartnership

Set-SRPartnership -NewSourceComputerName win2015-2 -SourceRGName resource_group02 -DestinationComputerName win2015-1 -DestinationRGName resource_group01

In the Event log you can find the WVR ( windows Volume Replication ) this is a separate Event log

 

image

As you can see in the event log the replication is there and working.

image

There are a few PowerShell commands to see if things are working.

Get-SRPartnership

There is no info in the GUI as this is a Preview.

image

This is a nice new playground and I can see the benefit of this.

There is a great guide from Microsoft on how to to this wit more background information on WVR

Download the guide:

Download Windows Server Technical Preview evaluations:

To help you get familiar with Storage Replica, we have a downloadable guide to provide you with step-by-step instructions for evaluating the Stretch Cluster and the Server-to-Server scenarios. These are both designed for Disaster Recovery and provide “over the river” synchronous metro replication.

Happy clustering

Robert Smit

@clusterMVP

https://robertsmit.wordpress.com

Technorati Tags: ,,,,,,,,,,,,,

WordPress Tags: Windows,Volume,Replication,Storage,Replica,Server,preview,Cluster,Role,VHDX,disks,Path,WVR

  • Twitter

    Error: Twitter did not respond. Please wait a few minutes and refresh this page.

  • %d bloggers like this: