Failover Cluster Validation Stuck
Hello everyone, I'm having the following problem when creating a 2-node HA cluster (Server 2025) using the Windows Admin Center (Gateway). Up to the point "Validate Cluster" everything worked fine. Unfortunately, the process gets stuck at "1% Gathering data about nodes". However, I can confirm that the cluster report was successfully created on the first node without any errors. Has anyone else seen something similar and, ideally, have a solution for me? I checked the following: Permissions such as CredSSP, Remote Powershell and WinRM are correctly implemented on the WAC gateway and nodes. Manually execute the PowerShell command successfully: Test-Cluster -Node $ServerList -Include "Storage Spaces Direct", "Inventory", "System Configuration"New-FileShare and FileServerFriendlyName
Hi, I tried to use the New-FileShare CMDLet (or functions actually) for creating network share on my cluster, but that seems to requiring argument: FileServerFriendlyName. Anybody knows what that argument should be? I have tried to use resource name from the file share or cluster name, both of them failed with error: "New-FileShare : No MSFT_FileServer objects found with property 'FriendlyName' equal to. . ." When I used active node name I got a bit different error: "The operation failed with return code 2147948333. . ." The error is referring that node is not active, but at least the storages are. When the share is done from File Explorer there are no troubles.
Server 2019 no "Server Hello" when using TLS_RSA_WITH_AES_ ciphers (TLS1.2) schannel 36874
Hi Hoping someone might have come across something similar as the support forum entries are filled with irrelevant responses and tumbleweed. A recently migrated CA cluster is not sending any TLS conversation completion when the client uses a cipher from the TLS_RSA_WITH_AES_* type (so TLS_RSA_WITH_AES_128_CBC_SHA256 or similar). This also seems to be negatively impacting RPC certificate enrolment from Windows 7 systems. Using Nartac tools and manually (double, triple, quadruple) checking the registry settings myself I can see that the ciphers are present in the list of supported/available ciphers. I can see that TLS1.2 is working. As soon as a client offers TLS_ECDH_* the server responds like an enthusiastic puppy. using TLS_RSA_WITH_AES_ it ignores the traffic (no server hello or attempt to negotiate) and logs Schannel Errors 36874 in the server event log. I have verified this using wireshark on client and server. Whilst these are hosted in azure there shouldn't be any network layer kit interfering with the connection. There is a standard load balancer which single routes all traffic to the active AD CS cluster node. No inspection or TLS termination should be occurring. There are no GPOs controlling anything to do with TLS or communication security (checked with gpresult and gpmc, along with repeated verification of the registry settings) has anyone seen anything like this before? yes I have been through the enabling TLS 1.2 articles a bajillion times and know where to enable TLS 1.2 for both schannel and .net In need of more straws to clutch at.[Bug] Can't connect to cluster or node running WAC
Our environment is a Hyper-V hyper-converged S2D cluster running Windows Server 2016 Datacenter edition. WAC has been installed as a high availability deployment option called wac. WAC is currently running on node 1 in the cluster. When it is on node 1, connecting to node 1 in WAC is really slow and connecting to node 2 in WAC is really fast. If I failover WAC to node 2, then connecting to node 1 in WAC is really fast and connecting to node 2 is really slow. If I try and add the cluster by it's FQDN it says it cannot verify it's network. If I click the blue hyper-link to the cluster from one of the nodes via their WAC page it adds the cluster but it fails to load. It prompts for credentials, using my windows credentials or supplying alternative credentials does not work. It says that the process could not be completed. Kerberos delegation has been done as documented by MSFT for the SSO to work. Winrm is enabled and listening on HTTP on all IPs on all nodes. We have another cluster - cluster2 that is also Hyper-V hyper-converged running Windows Server 2016 Data edition. If I try and access that cluster or it's nodes from the same WAC install it works absolutely fine.
