Share via

Alwayson /WSFC services fileshare wintness access/permssion

Ashwan 521 Reputation points
2020-10-19T02:31:23.33+00:00

We have confgured alwayson(SQl server 2016 SP2 on windows 2012 ) with two nodes and fileshare wintness use network share. need to secure the file share wintess access to other doman users in the compnay an limited acccess only for Windows failover custer services . But not sure what the users belongs/should have to custer services which will have access /rites on network share . Its very import to restricted down access other than cluster services . please see the following network share permissions

33211-fileshare.png

Any one knows please advice

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,367 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,636 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ben Miller (DBAduck) 956 Reputation points
    2020-10-19T02:46:56.273+00:00

    The Cluster Name Object (CNO) needs write permissions on the share and there needs to be 5MB free on the share.

    So if your cluster name is CLUSTER1, then the DOMAIN\CLUSTER1$ account needs write permissions on the share.

    1 person found this answer helpful.
    0 comments
  2. m 4,271 Reputation points
    2020-10-19T05:50:08.15+00:00

    Hi @Ashwan ,

    ...But not sure what the users belongs/should have to custer services which will have access /rites on network share . Its very import to restricted down access other than >cluster services . please see the following network share permissions

    Quote from this doc.: step-by-step-how-to-configure-a-sql-server-failover-cluster-instance-fci-in-microsoft-azure-iaas-sqlserver-azure-sanless

    The file share witness will be created on the Domain Controller. Essentially you need to create a file share on DC and give read/write permissions to the cluster computer account “xxxcluster”. Make sure to make these changes to both the Share and Security permissions.

    1. Create a new folder;
    2. Make sure you search for Computer objects and pick the cluster computer object name, in our case, xxxCLUSTER;
    3. Make sure you give it Change permissions;
    4. You also need to change the Security to allow the cluster computer object Modify permissions on the folder.
    5. Once you create the shared folder, you will add the File Share Witness using the Windows Server Failover Cluster interface on either of the nodes.
      ...

    More information: manage-cluster-quorum-witness-configuration

    BTW, I consult our premier about this, he says this is one scope of windows cluster, so I add one windows-server tag below your case.

    BR,
    Mia

    If the answer is helpful, please click "Accept Answer" and upvote it.

    1 person found this answer helpful.
    0 comments
  3. m 4,271 Reputation points
    2020-10-20T01:33:38.123+00:00

    Hi @Ashwan ,

    Is the reply helpful?

    BR,
    Mia

    If the answer is helpful, please click "Accept Answer" and upvote it.

    0 comments