Error adding cloud witness to SQL 2016 cluster

Question

Attempting to add cloud witness running PowerShell:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Set-ClusterQuorum -Cluster <clustername> -CloudWitness -AccountName "<accountname>" -AccessKey "<AccessKey>"

I get:

"Set-ClusterQuorum : Unable to save property changes for 'Cloud Witness'. Access is denied"

Using the "Configure Cluster Quorum Wizard" in "Failover Cluster Manager" I get:

"An error occurred while attempting to delete the resource 'Cloud Witness'. An error occurred while retrieving state information for the resource 'Cloud Witness'. The cluster resource is not available"

The storage account is also being used for 5 other clusters successfully. I've confirmed the cluster computer object has full control of computer accounts in the OU in Active Directory where all the computer objects related to the cluster exist. There was a file share witness configured, but I have removed it. It is running Microsoft SQL Server 2016 SP3 CU1 13.0.7029.3. What more steps may I take to troubleshoot? It looks like it may be something network related, but core.windows.net doesn't resolve even on the clusters it works on.

Answer 1

Hi James,

Hope you're doing well.

Ensure that you have an "Azure subscription" and access to create an Azure storage account. And make sure your SQL Server 2016 cluster nodes can communicate with "Azure Blob Storage"

Open the "Failover Cluster Management" console. Select the name of your Windows Server Failover Cluster (WSFC). Right-click, choose "More Actions," and click "Configure Cluster Quorum Settings". In the "Select Quorum Configuration Option" dialog, select "Select the quorum witness" and proceed.

Use the following PowerShell command to configure the cloud witness:

Set-ClusterQuorum -Cluster "<clustername>" -CloudWitness -AccountName "<StorageAccountName>" -AccessKey "<StorageAccountAccessKey>"

Replace "<clustername>", "<StorageAccountName>", and "<StorageAccountAccessKey>" with your actual values.

Best Regards,

Ian Xue

---

If the Answer is helpful, please click "Accept Answer" and upvote it.

Answer 2

duplicate post.

Answer 3

Hey,

As mentioned, you should have a valid Azure subscription. In addition, you should have proper storage account configured. Check for more information: https://learn.microsoft.com/en-us/windows-server/failover-clustering/deploy-cloud-witness?tabs=powershell

As another option, you can configure disk witness with StarWind VSAN. VSAN can be used replicated shared storage, which can be connected to cluster nodes via iSCSI. Might help: https://www.starwindsoftware.com/resource-library/starwind-virtual-san-for-hyper-v-2-node-hyperconverged-scenario-with-windows-server-2016/

Cheers,

Alex Bykovskyi

StarWind Software

Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

Answer 4

Working with Microsoft Support, the issue was resolved after giving Administrators full control of C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys. Once that was done, the witness was added fine. In the cluster log after attempting to connect, there was an error "Failed to open crypto key container"

Thanks to Support Engineer Raj Shinde