MicrosoftMicrosoftThank you for the blog article! I'm currently setting this up in a lab and I've completed everything up to adding a Cloud Witness (S2D cluster). I cannot get the cloud witness to add, and I cannot get S2D to initialize past the local node. Test-WSMan works, as does Enter-PSSession with -UseSSL from all nodes to all other nodes just fine, all connect/test as working. I've turned off Windows Firewall as well to verify it's not a firewall issue, since this is just a lab. The only thing I have not done is create a user cert and add a WSMan binding for that. I've gone so far as to run a network trace while adding the cloud witness and I don't see anything odd other than some IPv6 communication. I do see an IPv6 return if I ping the server name that I'm on, so I've tried setting the registry to prefer IPv4 over IPv6, and that has not helped either. Everything appears correct and I have followed your steps (again, minus the user certificate binding), but I can't get it to work and have tried all I can think of; any help or guidance would be appreciated.
The command and error:
Set-ClusterQuorum -Cluster <cluster FQDN> -CloudWitness -AccountName "<myAccount>" -AccessKey "<myKey>"
Set-ClusterQuorum : ERROR CODE : 0x80131500;
NATIVE ERROR CODE : 1.
The client cannot connect to the destination specified in the request. Verify that the service on the destination is
running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the
destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the
destination to analyze and configure the WinRM service: "winrm quickconfig".
At line:1 char:1
+ Set-ClusterQuorum -Cluster <cluster FQDN> -CloudWitn ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-ClusterQuorum], ClusterCmdletException
+ FullyQualifiedErrorId : Set-ClusterQuorum,Microsoft.FailoverClusters.PowerShell.SetClusterQuorumCommand
MicrosoftHave you validated access to the Cloud Witness. You can do the following with the Az.Storage module
$ctx = New-AzStorageContext -StorageAccountName "<your-storage-account-name>" -StorageAccountKey "<your-key>"
Get-AzStorageBlob -Container "msft-cloud-witness" -Context $ctx
Also check if HTTPS traffic is blocked
Invoke-WebRequest -Uri "https://<your-storage-account-name>.blob.core.windows.net/" -UseBasicParsing
A 403 or 404 error is fine (it shows you're reaching the endpoint). A timeout or name resolution failure indicates networking issues.
I actually just tracked it down a few minutes ago; long story short I have a new lab setup and my ISP's modem/router combo cannot handle double NAT. Going to work through the steps again with new machines since I did a ton of stuff to troubleshoot and I'm not sure they were "clean" anymore.
