We have a Server 2012 R2 Cluster running our production VMs, and were looking at removing the need for our last physical DC. We have two other DCs running as VMs. However testing whether the cluster would start without any DCs running completely failed.

I even tested this is a completely new testlab environment and had exactly the same result. The cluster wouldn't start unless there was a DC running.

So what's going if all of Microsoft's documentations seems to suggest that this is no longer a requirement due to the addition of AD-less Cluster Bootstrapping???? Was it added in Server 2012 and then removed in R2, doesn't make sense?

Hi Andrew,

We can suspect, there is some problem in gaining quorum. Pleae check quorum configuration once.

In general, Cluster node that boots up first can create the cluster & can try to gain quorum without authenticating with DC.  Other node also start without contacting the DC (unless there is other technical issues blocking those nodes to start), first node gains quorum & whole cluster can start.

Thanks for the reply. So to confirm, from your perspective you've seen this work, and if there's an issue the first place to look is the quorum configuration? I just wanted to check, as I've never had to configure anything special for the quorum, apart from a disk, and there no documentation from Microsoft as to how the quorum should be configured so this works.

Hi Andrew,

As per this link,  AD-less Cluster Bootstrapping solution is implemented in failover cluster service itself. So, no additional settings or AD schema / configuration changes are required in AD. I agree with you, as there is nothing additional settings needs to be done for quorum for this to work and no documentation from MS either :)

However, not sure what is happening in your case. Can you provide us the error message you get when you try starting cluster service without DC? Also please check event logs for any clues.

-Umesh.S.K

• Proposed as answer by Alex LvMicrosoft contingent staff, Moderator 4 hours 58 minutes ago

Hi Andrew,

As per this link,  AD-less Cluster Bootstrapping solution is implemented in failover cluster service itself. So, no additional settings or AD schema / configuration changes are required in AD. I agree with you, as there is nothing additional settings needs to be done for quorum for this to work and no documentation from MS either :)

However, not sure what is happening in your case. Can you provide us the error message you get when you try starting cluster service without DC? Also please check event logs for any clues.

-Umesh.S.K

• Proposed as answer by Alex LvMicrosoft contingent staff, Moderator Wednesday, August 12, 2015 2:04 AM
• Unproposed as answer by Andrew France 10 hours 42 minutes ago

Hi Umesh,

Here's an extract from the cluster logs

00008548.00008558::2015/07/27-15:05:30.732 WARN [RES] Network Name: [NNLIB] LogonUserEx fails for user HYPERV-CLUSTER-$: 1311 (useSecondaryPassword: 0) 00008548.00008558::2015/07/27-15:05:30.732 WARN [RES] Network Name: [NNLIB] LogonUserEx fails for user HYPERV-CLUSTER-$: 1311 (useSecondaryPassword: 1) 00008548.00008558::2015/07/27-15:05:30.732 INFO [RES] Network Name: [NNLIB] Logon failed for user HYPERV-CLUSTER-$ (Error 1311), DC \\DC03.benendensch.local, domain benendensch.local 00008548.00008558::2015/07/27-15:05:30.732 INFO [RES] Network Name <Cluster Name>: Identity: Obtaining Windows Token for Name: HYPERV-CLUSTER-1, SamName: HYPERV-CLUSTER-$, Type: Singleton, Result: 1311, LastDC: \DC03.benendensch.local 00008548.00008558::2015/07/27-15:05:30.732 INFO [RES] Network Name: Agent: OnInitializeReply, Failure on (084f7a65-a8fa-44e6-9823-7b15e4c61355,Identity): 1311

You can see it's trying to validate the network name and fails to authenticate. For whatever reason it was a requirement to have a DC to start the cluster.

To test this I created a test cluster in a sandbox environment, which is a replica of our production domain. Just a simple cluster of 2 Server 2012 R2 nodes. This setup also could not start the cluster when no DCs were running.

The danger here is if you believe what Microsoft is saying then you might be inclined to get rid of any DC deemed unnecessary, and then find yourself in a chicken and egg situation when your cluster refuses to start. Luckily for us I wanted to test this before we got rid of our last physical DC, and I'm glad I did now.

I just built a small VM environment - DC with two other servers.  All nodes are 2012 R2.  Configured a cluster with the two other servers, node and file share majority.  File share on the DC.  Turned off all the VMs.  Turned on just the two clustered servers.  Cluster came up fine - took a little longer than normal, but did come up.  So in my case it worked fine.

What the functional level of your d

Thanks Tim, that's really interesting. Only difference I can see is in my test environment I don't have a file share for the quorum, but in my production environment I do.

Functional level of the domain is Server 2012, which I assumed would be ok. After all it's the cluster which should have a special account which it uses when there is no AD present to form the cluster.

How long did it take to come up?

It was only a minute or so longer to come up than if the DC was available. Basically waiting for some timeouts.

Yes, I don't know that functional level makes any difference, but the AD-less capability was introduced in 2012 clustering.  Any time something like that happens, I like to match the AD, but my guess is that it would work with 2008, too.

I just put the file share witness in there to have a resource other than IP.  Pretty skinny cluster.  Because it was all VM I did not make it a Hyper-V cluster.  I'll give that a try, even though it is not supported.

Yeah that doesn't make any sense why it wouldn't work then.

Our production cluster is obviously running our Hyper-V environment. It consists of 4 hosts, with only Failover and Hyper-V added. But like you to keep things simple in the test environment I just ran up two Server 2012 R2 vms, added failover and nothing else. Both setups acted the same way.

Only difference is the domain level, comparing against your experience.

Andrew

I did a little more digging.  Turns out it was a change in AD 2012 - https://technet.microsoft.com/en-us/library/dn265972.aspx#BKMK_AD - Ability of the cluster to start with no AD DS dependencies. Enables certain virtualized data center scenarios.

I missed that the first time I sc

I can definitely confirm that it's not the functional level, as I've added the two test vms to a Server 2012 R2 level domain and re-tested. The cluster still refused to start.

Scratching my head over this, can't think what can be different.

Andrew

Hi Tim,

How did you create your cluster, was it just from the wizard in the Failover Cluster Manager. Or did you use PowerShell? Added a fileshare quorum like you had, but no change.

Andrew

OK I'm gonna have to retest this, but I've just created a cluster via PowerShell and it started fine without AD.

Hi Andrew France,

The AD detached cluster need the specific design when you create cluster, if you are using the general method to create the cluster, please setup domain controllers out of the cluster, if your current vm DCs on CSV, please take The DC out of cluster and started the DC and then rebooted the Nodes and the Cluster.

More information:

Deploy an Active Directory-Detached Cluster

https://technet.microsoft.com/en-us/library/Dn265970.aspx?f=255&MSPPError=-2147217396

DNS Registration with the Network Name Resource

http://blogs.msdn.com/b/clustering/archive/2009/07/17/9836756.aspx

Im glad to be of help to you!

For quick tests like this I generally use PowerShell.  I'll see if I can find some time to go back and create one using the GUI.  Very strange it works one way and not the other.

Hi Alex,

From my understanding AD detached cluster was brought in R2 to complete the whole dependency on the AD problem, and allow the creation of clusters without the reqiurement of AD. This was on top of AD-Less Cluster Bootstrapping.

It also doesn't explain who in my environment AD-Less cluster bootstrapping works when the cluster was created by PowerShell as opposed to the GUI, with exactly the same setup.