We have a Server 2012 R2 Cluster running our production VMs, and were looking at removing the need for our last physical DC. We have two other DCs running as VMs. However testing whether the cluster would start without any DCs running completely failed.

I even tested this is a completely new testlab environment and had exactly the same result. The cluster wouldn't start unless there was a DC running.

So what's going if all of Microsoft's documentations seems to suggest that this is no longer a requirement due to the addition of AD-less Cluster Bootstrapping???? Was it added in Server 2012 and then removed in R2, doesn't make sense?

Hi Andrew,

We can suspect, there is some problem in gaining quorum. Pleae check quorum configuration once.

In general, Cluster node that boots up first can create the cluster & can try to gain quorum without authenticating with DC.  Other node also start without contacting the DC (unless there is other technical issues blocking those nodes to start), first node gains quorum & whole cluster can start.

Thanks for the reply. So to confirm, from your perspective you've seen this work, and if there's an issue the first place to look is the quorum configuration? I just wanted to check, as I've never had to configure anything special for the quorum, apart from a disk, and there no documentation from Microsoft as to how the quorum should be configured so this works.

Hi Andrew,

As per this link,  AD-less Cluster Bootstrapping solution is implemented in failover cluster service itself. So, no additional settings or AD schema / configuration changes are required in AD. I agree with you, as there is nothing additional settings needs to be done for quorum for this to work and no documentation from MS either :)

However, not sure what is happening in your case. Can you provide us the error message you get when you try starting cluster service without DC? Also please check event logs for any clues.

-Umesh.S.K

Hi Umesh,

Here's an extract from the cluster logs

00008548.00008558::2015/07/27-15:05:30.732 WARN [RES] Network Name: [NNLIB] LogonUserEx fails for user HYPERV-CLUSTER-$: 1311 (useSecondaryPassword: 0) 00008548.00008558::2015/07/27-15:05:30.732 WARN [RES] Network Name: [NNLIB] LogonUserEx fails for user HYPERV-CLUSTER-$: 1311 (useSecondaryPassword: 1) 00008548.00008558::2015/07/27-15:05:30.732 INFO [RES] Network Name: [NNLIB] Logon failed for user HYPERV-CLUSTER-$ (Error 1311), DC \\DC03.benendensch.local, domain benendensch.local 00008548.00008558::2015/07/27-15:05:30.732 INFO [RES] Network Name <Cluster Name>: Identity: Obtaining Windows Token for Name: HYPERV-CLUSTER-1, SamName: HYPERV-CLUSTER-$, Type: Singleton, Result: 1311, LastDC: \DC03.benendensch.local 00008548.00008558::2015/07/27-15:05:30.732 INFO [RES] Network Name: Agent: OnInitializeReply, Failure on (084f7a65-a8fa-44e6-9823-7b15e4c61355,Identity): 1311

You can see it's trying to validate the network name and fails to authenticate. For whatever reason it was a requirement to have a DC to start the cluster.

To test this I created a test cluster in a sandbox environment, which is a replica of our production domain. Just a simple cluster of 2 Server 2012 R2 nodes. This setup also could not start the cluster when no DCs were running.

The danger here is if you believe what Microsoft is saying then you might be inclined to get rid of any DC deemed unnecessary, and then find yourself in a chicken and egg situation when your cluster refuses to start. Luckily for us I wanted to test this before we got rid of our last physical DC, and I'm glad I did now.