How to fix VMM error 20553

Hi,

today I want you to provide you some GPO Templates, which could help you to fix following error in VMM:

Error (20553)
The Windows Remote Management (WinRM) client on the VMM server cannot process the request. A computer policy does not allow the delegation of the user credentials to the target computer **.

WinRM: URL: ** , Verb: [ENUMERATE], Resource: [http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/Win32_ComputerSystemProduct], Filter: []

Unknown error (0x803381a3)

Recommended Action
Use gpedit.msc and look at the following policy: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Allow Delegating Fresh Credentials. Verify that it is enabled and configured with an SPN appropriate for the target computer. For example, for a target computer name myserver.domain.com, the SPN can be one of the following: WSMAN/myserver.domain.com OR WSMAN/*.domain.com OR WSMAN/*

Thanks to Radhika Gupta for his blog on TechNet which gave me the final solution 🙂

In my case I needed to create two GPOs.

The first deployed on the Hyper-V Hosts to enable WinRM with CreedSSP

Computer Configuration\Administrative template\Windows Components\Windows Remote Management (WinRM)\WinRM Service\[Allow CredSSP authentication] = true

The first deployed on the VMM Hosts to enable WinRM with CreedSSP and Credentials Delegation

Computer Configuration\Administrative template\Windows Components\Windows Remote Management (WinRM)\WinRM Service\[Allow CredSSP authentication] = true

Computer Configuration\Administrative Templates\System\Credentials Delegation\[AllowFreshCredentials ] = “WSMAN/*”

How to plan redundancy for Scale out Fileser

Hey everybody,

after I posted some of my thoughts I normally put behind Hyper-V redundancy, today I want to show you some examples how you could plan redundancy for Scale out Fileserver.

When to choose a redundancy where only one or two cluster nodes can fail?

That is the most common and easiest why for node redundancy in a cluster. It means you have enough nodes in your cluster to cover one or two node failures. You would choose that cluster config when all of your nodes are in one datacenter or server room and you need no geo-redundant storage solution. Please notice, for a JBOD based Scale out Filserver you need at least a minimum of three JBODs. For converged Scale out Fileserver with Windows Server 2016 you will need 4 equal Scale out Fileserver Systems.

Sofs01

Traditional Scale out Fileserver with Storage Spaces and JBODs

sofs02

Traditional Scale out Fileserver with SAN Storage Backend

sofs03

Scale out Fileserver with Storage Spaces Direct in Windows Server 2016

When to choose a redundancy where you can choose half of the nodes?

In this scenario you can lose one half of your nodes but you need to fulfill some more requirements like storage replications or direct WAN links. You would normally use if you want to keep your services alive if one datacenter or serverroom fails.

sofs04

With Storage Spaces Direct in Windows Server 2016 and RDMA RoCE

sofs05

Scale out Fileserver with classic SAN storage replication

Rolling Cluster Update with Windows Server 2016 TP3 – short notes & first tries

Hi everybody,

the following post is just a short one out of my learnings during my tests with rolling cluster upgrade.

In the first place, I think many of you already noticed the new failover cluster feature. It enables you to migrate clusters deployed on Windows Server 2012 R2 to Windows Server 2016 without building a new cluster and migrating the cluster roles to it. Currently there is only a validation for clusters running Hyper-V and Scale out Fileserver but as soon as I have some more time I will also try to Upgrade some of my Virtual Machine Manager and Fileserver Clusters and report back to you.

The way how you migrate the cluster is already very well documented on technet.

For those of you who are familiar with Active Directory Migrations, the way a Failover Cluster is Upgrade looks very familiar. At first you have three phases like shown in the figure below.

Source: Microsoft TechNet

Preparations before you start with the migration.

  1. Check if your Servers are compatible with Windows Server 2016. Run the new build only on supported environments.
  2. Ensure that you have always enough compute resources during the whole time upgrade process. Normally you run a cluster with a minimum of n+1 cluster nodes. During the cluster upgrade, I would suggest to add another node to the cluster and run with a minimum of n+2 nodes. That would prevent you from any resource shortages during the upgrade.

In the first Phase with nativ Windows Server 2012 R2 you have the following tasks to perform:

  1. Run Cluster Aware Update on your Cluster and Update it to the lates patchstate
  2. Backup your Cluster Database and Cluster Configuration
  3. Install the first 2016 node, add the server role and failover cluster feature and features like MPIO (if needed). Please note inplace upgrades of nodes are not supported, so please reinstall the nodes.

Source: Microsoft TechNet

In the second Phase, you will run in cluster mixed mode:

Please notice that the mixed mode is only supported for 4 weeks and you should get out of it as soon as possible. Anyway, you should take your time to check if the new hosts and the cluster runs stable. As soon as you are on Windows Server 2016 native mode there is no way back.

  1. Add the first 2016 node to the cluster
  2. when the node is added  properly and runs fine, migrate to cluster role over to the new role
  3. if the migration runs fine and for example the VMs are working, set the first Windows Server 2012 R2 node in maintenance mode and drain the roles. After that evict the Windows Server 2012 R2 node
  4. Now you can install the second node and redo the steps 1. to 3. until you have removed all Windows Server 2012 R2 nodes

At this point as, long as you still have one Windows Server 2012 R2 node left in the cluster you can go back if anything goes wrong.

Source: Microsoft TechNet

At the end, you have a native Windows Server 2016 cluster node running in functional level Windows Server 2012 R2. Like an active directory with Windows Server 2012 R2 and running on forest function and domain level Windows Server 200 R2 before you raised the level.

Source: Microsoft TechNet

Now we enter the third stage, here we need to raise the Cluster Function Level. For that we need to run a powershell command.

So please open the PowerShell Commandline on one of your new cluster nodes as administrator.

 

Afterwards you can start your backup again and restart the cluster aware update service.

Source: Microsoft TechNet

 

Now the last point, housekeeping. That means, update the virtual machine versions of you VMs and install the new version of the virtual machine management tools or what ever need to be done for the cluster roles.

So that’s all from my site today. I will write a much more detailed post, as soon as Windows Server 2016 reaches RTM.

 

How to configure cluster traffic priority on a windows server

During writing my current cluster network series, I saw some points some people normally miss when configuring a Microsoft Cluster via Failover Cluster Manager.

One thing is, that they do not prioties Cluster Networks against each other and to change the routing interface.

The following task must be done on every cluster server. We change the connection settings so that our routed traffic goes over the management interface first.

1. navigate to your network adapter properties and open the advanced settings in the menu bar.

06-07-_2015_15-27-332. in the next menu you move you management interface which will be your gateway on the highest place.

Network

 

So thats all for the routing part. For the next point you connect to a cluster node. You only need to do that operation once per cluster.

1. Check your Cluster Network. All Networks should be up and running.

Clusternetwork

2. Now you need to open and change the network metric. Here the lowest metric means, that cluster network has the highes priority. I recommand you to give cluster heartbeat traffic the highest priority because if that traffic fails, your node will go down within the cluster.

I set that configuration on a scale out fileserver, so my traffic will be priotiesed as followed:

high -> Cluster – Storage 01 – Storage 02 – Management -> low

So that means I need to run following script:

You can check the result with:

The result should look like the screen below.

metric

Thats all, only small changes but improves the stability of your clusters in a high rate.

 

 

Why you should plan your storage structure when working with clusters Part#1 Single Storage / Single Cluster

Hi everybody,

today I want to talk a bit about “why you should think about your storage structure when planning a cluster”.

Now most of you think “hey why thinking, I ask the storage guy to create a new LUN für me and thats it.”

Sorry guy’s theres the mistake. What if the storage guy provisions your new LUN on the same diskgroup like you others or on a full storage? What if the diskgroup or storage failes?

Within this post, you will get some of my personal best practices how to provison LUNs and cluster share volumes on Storages and diskgroups.

Let us start with an easy one.

 

What you should do is to create two disk groups. Yes you will lose some diskspace depending on the raid level but we are talking about redudancy and to minimize service outages. So a lose of diskspace shouldn’t be a problem.

Diskpool

Now you need to decide which RAID you want to use on your disk pool. Here it depends from storage to storage if you have SSD Disks as level 0 cache which most enterprises use, you can decide to use RAID 5 to enhance your capacity otherwise you should use RAID 10 to encrease your IO performance. NEVER use RAID 0!!!!

For the best storage capacity to perfomance relation for your storage, please talk to your storage vendor. He can tell you 🙂

Diskgroup

Now you decide you LUNs that will provisioned on the Storage. Here you should use a designe which is logical for you. For me it depends on the cluster service I run. I will show you one of the most common and understandable ones.

LUN

At least comes the Windows Server Cluster Magic. Dependig on the cluster service you are running, you should now deploy the services and rolles on the different cluster shared volumes.

I will try to show it with the example Scale Out Fileserver and Hyper-V.

 Microsoft Hyper-V  Microsoft Scale Out Fileserver
 hyper-V Place
 SoFS Place

So that’s all for today, I hope that blogs helps you out a bit.