Since autumn 2019, the Cluster Creation Tool has been available as an extension to Windows Admin Center (WAC). It enables the creation of failover clusters based on Windows Server via a graphical assistant. While this simplifies the task, the tool is not entirely without problems; nor is it complete.

Up until now, admins had to rely on a mix of MMC-based tools and PowerShell to set up a Hyper-V cluster, which took many individual steps. In comparison, the Web GUI of the WAC and the wizard-driven workflow are a big step forward.

Cluster tool now included in WAC

While initially you had to install the cluster extension separately, it has been included in the distribution package of WAC for some time now. The version supplied is also more up-to-date than the one found in the extension catalog. So once you have installed WAC, you are ready to set up a cluster.

Usually, you run Admin Center on a gateway server, so that this instance can be used simultaneously by several clients. However, since WAC uses WMI and PowerShell behind the scenes for most actions, the double-hop problem arises time and again.

In this case, the gateway cannot pass the credentials of the logged-in user to the managed endpoints. Microsoft therefore uses CredSSP for cluster validation in WAC to delegate the credentials.

The CredSSP problem has existed from the beginning and is still waiting to be resolved

The CredSSP problem has existed from the beginning and is still waiting to be resolved

However, activating CredSSP via a WAC gateway fails with a message that this is a known bug (the link to the documentation is useless). You can't bypass this error by running the browser on the gateway server and entering localhost as address.

In contrast, the entire cluster configuration works if you set up WAC on a workstation and communicate directly with the future cluster nodes. The gateway can then be used again for subsequent management.

Starting with cluster setup

To start the process, execute the Add command from the overview and then select the Create New option under Server clusters.

Creating a new server cluster via WAC

Creating a new server cluster via WAC

In the subsequent dialog box, decide whether you want to create a normal failover cluster or a hyper-convergent infrastructure based on the Azure Stack HCI.

Select the type of cluster and workload and specify whether you want to create a stretched cluster

Select the type of cluster and workload and specify whether you want to create a stretched cluster

Since we want to set up a conventional Hyper-V cluster, we choose the first option. In this case, we select Virtual machines under Workload Type, as expected.

Before we get started with the creation workflow, the Cluster Creation Tool presents a checklist of prerequisites that should be verified first. From the list, you can see that machines with a plain installation of Windows 2016 or later suffice. All further configuration is done by the WAC extension, as will be shown in the following.

Requirements for setting up a Windows cluster

Requirements for setting up a Windows cluster

If the requirements are met, the next step is to add the servers that will become members of the cluster. The tool immediately checks whether the respective computers can be reached and only then allows them to be added to the list.

Adding servers that will serve as nodes in the new cluster

Adding servers that will serve as nodes in the new cluster

In the next dialog box, join a domain with the selected computers. Here, you can change the host name in the New name field. The tool will add the account that you enter for the domain join to the group of local admins.

Join cluster nodes to an AD domain

Join cluster nodes to an AD domain

In the following step, the WAC tool installs the required features; in our case, these are the Hyper-V role and the cluster feature.

Automatic installation of the required features, depending on the selected cluster and workload type

Automatic installation of the required features, depending on the selected cluster and workload type

The wizard then checks whether the servers have all the latest updates and optionally installs them if they are not yet present.

Installation of pending updates using the WAC tool

Installation of pending updates using the WAC tool

If the updates require a reboot, it will be initiated before the wizard moves on to the next phase of the cluster installation. This stage deals with network configuration. When checking the network adapters, you can choose to exclude or deactivate certain NICs.

Review and management of existing network adapters

Review and management of existing network adapters

One requirement of a Hyper-V cluster is that each host has at least two NICs, one for the management network and the other for VM traffic. In practice, there are usually more; for example, there may be one for the storage network.

In the following dialog box, select the adapter to be used for administration on each node. WAC then renames the respective networks to Management. For higher availability, you could bundle two adapters here.

Selecting the adapter for the management network

Selecting the adapter for the management network

The next step is to define the networks over which the VMs handle their traffic. The cluster tool reads the current configuration and allows the network names and IP configuration to be changed.

Defining networks for virtual machine traffic

Defining networks for virtual machine traffic

In the last dialog box of the network configuration section, WAC sets up the virtual switches. The options available here depend largely on the equipment of the servers.

Creating a virtual switch on the nodes

Creating a virtual switch on the nodes

In the last phase, the tool proceeds to the actual creation of the cluster. As with other setup methods, the tool validates the existing configuration.

Here, you get the error message described above in gateway mode, while the workstation installation of WAC overcomes this hurdle and asks for confirmation to activate CredSSP.

For the delegation of credentials WAC wants to use the relatively insecure CredSSP

For the delegation of credentials WAC wants to use the relatively insecure CredSSP

As soon as the cluster is set up, it should be deactivated again in the settings of the individual nodes.

Disable CredSSP on the nodes after cluster creation for security reasons

Disable CredSSP on the nodes after cluster creation for security reasons

If the validation is successful, you can create the cluster in the last step. To do this, you assign a name that is used in Active Directory as CNO and also in the DNS.

The actual cluster creation is done in the last step

The actual cluster creation is done in the last step

Connecting to the cluster

After successfully completing the operation, you can connect to the newly created cluster. To do so, click Add in the overview of the Windows Admin Center and then click Server Cluster > Add.

You do not enter the name of a node as the name, but the name that you assigned to the cluster in the last step. However, the connection might fail.

The Admin Center cannot establish a connection to the cluster if the DNS configuration is wrong

The Admin Center cannot establish a connection to the cluster if the DNS configuration is wrong

Usually, the nodes get their IP configuration for the management network via DHCP (as recommended by Microsoft) and thus may receive an (alternative) DNS server that cannot be updated by the nodes. This should be removed or replaced by one that the nodes can write to.

If you connect to the individual nodes in the admin center (which should work regardless of the cluster problem), then you can view and change their IP configuration relatively easily under Networks.

Editing the DNS server via the Admin Center in the IP configuration of the nodes

Editing the DNS server via the Admin Center in the IP configuration of the nodes

Follow-up tasks

Before a Hyper-V cluster can be used in production, there are usually further steps necessary that are not covered by the WAC tool. In particular, these include the addition of shared storage based on cluster shared volumes (CSV) to ensure rapid failover in the event of a host failure.

If you, for example, are setting up a 2 Node cluster, another task is to add a cluster witness. Again, you have to use the classic tools such as the Failover Cluster Manager or PowerShell.

Conclusion

The Cluster Creation Tool in Windows Admin Center makes the complex task of cluster creation much easier. The starting point is a group of naked Windows servers, which the GUI assistant forms into a cluster during a continuous workflow.

Subscribe to 4sysops newsletter!

However, Microsoft's agile programming model exposes the user to immature software; hence, one has to find workarounds for known errors. In addition, two important aspects of cluster configuration are still missing: connecting to shared storage and the setup of a witness.

avataravataravataravatar
1 Comment
  1. Pedro 2 years ago

    Hello,

    Can this be done without the AD part? I would want to test this but with a Workgroup instead of AD.

    regards,

    P.

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account