- Windows 11 taskbar: remove chat icon, customize search field with Group Policy - Tue, Oct 3 2023
- Allow non-admins to access Remote Desktop - Thu, Sep 28 2023
- Which WSUS products to select for Windows 11? - Tue, Sep 26 2023
Up until now, admins had to rely on a mix of MMC-based tools and PowerShell to set up a Hyper-V cluster, which took many individual steps. In comparison, the Web GUI of the WAC and the wizard-driven workflow are a big step forward.
Cluster tool now included in WAC
While initially you had to install the cluster extension separately, it has been included in the distribution package of WAC for some time now. The version supplied is also more up-to-date than the one found in the extension catalog. So once you have installed WAC, you are ready to set up a cluster.
Usually, you run Admin Center on a gateway server, so that this instance can be used simultaneously by several clients. However, since WAC uses WMI and PowerShell behind the scenes for most actions, the double-hop problem arises time and again.
In this case, the gateway cannot pass the credentials of the logged-in user to the managed endpoints. Microsoft therefore uses CredSSP for cluster validation in WAC to delegate the credentials.
The CredSSP problem has existed from the beginning and is still waiting to be resolved
However, activating CredSSP via a WAC gateway fails with a message that this is a known bug (the link to the documentation is useless). You can't bypass this error by running the browser on the gateway server and entering localhost as address.
In contrast, the entire cluster configuration works if you set up WAC on a workstation and communicate directly with the future cluster nodes. The gateway can then be used again for subsequent management.
Starting with cluster setup
To start the process, execute the Add command from the overview and then select the Create New option under Server clusters.
Creating a new server cluster via WAC
In the subsequent dialog box, decide whether you want to create a normal failover cluster or a hyper-convergent infrastructure based on the Azure Stack HCI.
Select the type of cluster and workload and specify whether you want to create a stretched cluster
Since we want to set up a conventional Hyper-V cluster, we choose the first option. In this case, we select Virtual machines under Workload Type, as expected.
Before we get started with the creation workflow, the Cluster Creation Tool presents a checklist of prerequisites that should be verified first. From the list, you can see that machines with a plain installation of Windows 2016 or later suffice. All further configuration is done by the WAC extension, as will be shown in the following.
Requirements for setting up a Windows cluster
If the requirements are met, the next step is to add the servers that will become members of the cluster. The tool immediately checks whether the respective computers can be reached and only then allows them to be added to the list.
Adding servers that will serve as nodes in the new cluster
In the next dialog box, join a domain with the selected computers. Here, you can change the host name in the New name field. The tool will add the account that you enter for the domain join to the group of local admins.
Join cluster nodes to an AD domain
In the following step, the WAC tool installs the required features; in our case, these are the Hyper-V role and the cluster feature.
Automatic installation of the required features, depending on the selected cluster and workload type
The wizard then checks whether the servers have all the latest updates and optionally installs them if they are not yet present.
Installation of pending updates using the WAC tool
If the updates require a reboot, it will be initiated before the wizard moves on to the next phase of the cluster installation. This stage deals with network configuration. When checking the network adapters, you can choose to exclude or deactivate certain NICs.
Review and management of existing network adapters
One requirement of a Hyper-V cluster is that each host has at least two NICs, one for the management network and the other for VM traffic. In practice, there are usually more; for example, there may be one for the storage network.
In the following dialog box, select the adapter to be used for administration on each node. WAC then renames the respective networks to Management. For higher availability, you could bundle two adapters here.
Selecting the adapter for the management network
The next step is to define the networks over which the VMs handle their traffic. The cluster tool reads the current configuration and allows the network names and IP configuration to be changed.
Defining networks for virtual machine traffic
In the last dialog box of the network configuration section, WAC sets up the virtual switches. The options available here depend largely on the equipment of the servers.
Creating a virtual switch on the nodes
In the last phase, the tool proceeds to the actual creation of the cluster. As with other setup methods, the tool validates the existing configuration.
Here, you get the error message described above in gateway mode, while the workstation installation of WAC overcomes this hurdle and asks for confirmation to activate CredSSP.
For the delegation of credentials WAC wants to use the relatively insecure CredSSP
As soon as the cluster is set up, it should be deactivated again in the settings of the individual nodes.
Disable CredSSP on the nodes after cluster creation for security reasons
If the validation is successful, you can create the cluster in the last step. To do this, you assign a name that is used in Active Directory as CNO and also in the DNS.
The actual cluster creation is done in the last step
Connecting to the cluster
After successfully completing the operation, you can connect to the newly created cluster. To do so, click Add in the overview of the Windows Admin Center and then click Server Cluster > Add.
You do not enter the name of a node as the name, but the name that you assigned to the cluster in the last step. However, the connection might fail.
The Admin Center cannot establish a connection to the cluster if the DNS configuration is wrong
Usually, the nodes get their IP configuration for the management network via DHCP (as recommended by Microsoft) and thus may receive an (alternative) DNS server that cannot be updated by the nodes. This should be removed or replaced by one that the nodes can write to.
If you connect to the individual nodes in the admin center (which should work regardless of the cluster problem), then you can view and change their IP configuration relatively easily under Networks.
Editing the DNS server via the Admin Center in the IP configuration of the nodes
Follow-up tasks
Before a Hyper-V cluster can be used in production, there are usually further steps necessary that are not covered by the WAC tool. In particular, these include the addition of shared storage based on cluster shared volumes (CSV) to ensure rapid failover in the event of a host failure.
If you, for example, are setting up a 2 Node cluster, another task is to add a cluster witness. Again, you have to use the classic tools such as the Failover Cluster Manager or PowerShell.
Conclusion
The Cluster Creation Tool in Windows Admin Center makes the complex task of cluster creation much easier. The starting point is a group of naked Windows servers, which the GUI assistant forms into a cluster during a continuous workflow.
Subscribe to 4sysops newsletter!
However, Microsoft's agile programming model exposes the user to immature software; hence, one has to find workarounds for known errors. In addition, two important aspects of cluster configuration are still missing: connecting to shared storage and the setup of a witness.
Hello,
Can this be done without the AD part? I would want to test this but with a Workgroup instead of AD.
regards,
P.