Share via

Windows Failover Cluster Hostname Unreachable for Passive Node

Apurva Pathak 690 Reputation points
2025-04-18T13:50:52.7766667+00:00

Hi folks,

We have a failover cluster setup. We don't have any issues with the cluster or its components but for some reason the cluster hostname is not reachable from anywhere except its active node, even from its passive node.

This is an AVG SQL cluster with two nodes.

I initially suspected this to be network/ firewall issue but since the cluster hostname is not even reachable from the passive node as well, hence I'm doubting if something is wrong with the cluster configuration itself.

Pasting a few snips to understand the configuration. Any help do this is highly appreciated.

Thanks in advance!

{C5A3A784-DD9C-4769-9010-E4732A978C23} {7B935512-01D2-41AA-831B-5A2DC66759B6}

{1689D3C9-B56A-478C-A755-E99D6403AD12}

{67775C5F-55EF-45A1-B44C-B7180A20C7B9}

{62E261F9-628F-4AA1-901E-2853D8718174}

Windows Server High availability Clustering and high availability
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Henry Mai 80 Reputation points
    2025-04-25T17:11:16.7966667+00:00

    Hi, I am Henry, I am happy to help you with this.

    "We have a failover cluster setup. We don't have any issues with the cluster or its components but for some reason the cluster hostname is not reachable from anywhere except its active node, even from its passive node."

    From your description the cluster hostname is unreachable from all nodes except the active owner, including passive nodes. This suggests a DNS, cluster resource, or network configuration issue rather than a simple firewall block. Please follow these below steps to check further:

     

    Step 1: Verify Connectivity (Bypass ICMP Blocking)

    Since ICMP may be blocked, test TCP connectivity (e.g., SMB port 445 or HTTPS 443):

    Test-Connection -TargetName "ClusterHostname" -TcpPort 445 # PowerShell

    Step 2: Check DNS Resolution

    From the passive node and a client machine, run:

    Resolve-DnsName "ClusterHostname"  # PowerShell

    nslookup ClusterHostname           # CMD

    Critical Checks:

    1. Does the hostname resolve at all?
    • If NO: DNS registration failed.
    1. Does the resolved IP match the current cluster IP?
    • Find the cluster IP: Get-ClusterResource -Name "Cluster Name" | Get-ClusterParameter -Name "Address"# PowerShell
    1. If mismatched: Stale DNS record or registration failure.

    Step 3: Validate Cluster Resources

    A. Network Name Resource Status

    Get-ClusterResource -Name "Cluster Name" | Select-Object State, OwnerNode # PowerShell

    1. Expected: State = Online on the active node.
    2. If offline:
    • Restart it: Stop-ClusterResource -Name "Cluster Name"; Start-ClusterResource -Name "Cluster Name" # PowerShell
    • Check dependencies: (Get-ClusterResource -Name "Cluster Name").DependencyExpression # PowerShell

    B. IP Address Resource Status

    Get-ClusterResource | Where-Object { $_.ResourceType -eq "IP Address" } | Select-Object Name, State # PowerShell

    1. Ensure the IP resource is Online and matches the DNS record.

    Step 4: Check DNS Registration Permissions

    The Cluster Name Object (CNO) needs Active Directory permissions to update its DNS record:

    1. Open Active Directory Users and Computers (ADUC).
    2. Enable Advanced Features (View menu).
    3. Locate the CNO (computer object for the cluster name).
    4. Under Security Tab, verify:
    • The CNO has Write permissions to its own object.
    • Permissions for DNS registration (if manually configured).

    "I initially suspected this to be network/ firewall issue but since the cluster hostname is not even reachable from the passive node as well, hence I'm doubting if something is wrong with the cluster configuration itself."

    Step 5: Test Cluster Configuration

    Run a full cluster validation, the Test-Cluster cmdlet runs validation tests for failover cluster hardware and settings so that we can see whether the your cluster configuration itself:

    Test-Cluster -Include "Network", "DNS", "System Configuration"

    You can reference the link https://learn.microsoft.com/en-us/powershell/module/failoverclusters/test-cluster?view=windowsserver2025-ps for more detail .

    Focus on:

    • Network tests: Correct NIC binding, no conflicts.
    • DNS tests: Cluster name registration.
    • System Configuration: Quorum, resource health.

    Step 6: Review Firewall Rules

    • Ensure the active node allows traffic from passive nodes:

    Get-NetFirewallRule -DisplayGroup "Failover Clusters" | Where-Object { $_.Enabled -ne "True" }

    • Enable missing rules: Enable-NetFirewallRule -DisplayGroup "Failover Clusters"

    Step 7: Collect Logs for Deeper Analysis

    1. Cluster logs: Get-ClusterLog -Node "ActiveNode" -TimeSpan 30 -Destination C:\Temp
    2. Event Logs:
    • Event Viewer > Applications and Services > FailoverClustering.
    • Filter for errors/warnings near the time of failure.

    Next Steps

    1. Share your outputs of:
    • Test-Cluster results.
    • DNS resolution tests (nslookup).
    • Cluster resource states (Get-ClusterResource). 2. If unresolved, check:
    • Network teaming/hardware (NIC drivers, VLAN tagging).
    • AD replication (if DNS is AD-integrated).

    Let me know the results, and we can dive deeper!

  2. Apurva Pathak 690 Reputation points
    2025-04-26T15:14:02.4033333+00:00

    I managed to figure out the issue, it is a known limitation with Windows Clusters Hosted in Azure IaaS VMs as per this.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.