question

DanielPuls-5313 avatar image
0 Votes"
DanielPuls-5313 asked TrentHelms-MSFT commented

Build Azure Stack HCI Cluster - vSwitch creation fails

Hello Community,

I try to setup a HCI cluster in my lab.
on the step for the vswitch creation, there a some errors with the creation of the switch.
Please see screenshots for details, have anybody an idea how can I resolve this?

Thank you.

81667-bild1.png81668-bild2.png81687-bild3.png81688-bild4.png


azure-stack-hci
bild1.png (37.0 KiB)
bild2.png (20.6 KiB)
bild3.png (40.9 KiB)
bild4.png (435.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DarrylvanderPeijl-3070 avatar image
0 Votes"
DarrylvanderPeijl-3070 answered

Hi @DanielPuls-5313,

Based on your screenshots and error it seems you are not specifying a VLAN ID.
Try '0' if you do not need a VLAN tag.



Regards,

Darryl van der Peijl
Splitbrain


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DanielPuls-5313 avatar image
0 Votes"
DanielPuls-5313 answered TrentHelms-MSFT commented

Hi Darryl,

thanks for your info. In the menu I cant edit the VLAN ID, its not possible.
PoSH says, the ID = 0.

81877-image.png
I will try to edit this via PoSh.



image.png (74.2 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @DanielPuls-5313,

DefaultIsolationID is the VLAN parameter which is used by Windows Admin Center to set the VLAN on the virtual NIC. If you are creating a converged switch (where your compute and storage traffic share the same SET switch), you would need to specify VLANs to keep your storage traffic separated.

In looking more closely at the screenshot you provided of the setup wizard in Windows Admin Center, I can see that the field under the VLAN ID column is not editable, which is strange. Because there is no value in this field, this might be why this error is being thrown. Can you provide us with exactly what options you are selecting in the Cluster Creation Wizard along with the version/build of Windows Admin Center you are using?

Thanks!

1 Vote 1 ·
DanielPuls-5313 avatar image
0 Votes"
DanielPuls-5313 answered TrentHelms-MSFT commented

Hi @TrentHelms-MSFT ,

thanks for your time in this case.
The problem with the VLAN was real...fixed this with set in in PoSh to VLAN 1 and after that back to VLAN 0.
Now its editable...crazy.
81900-image.png

But, get another error after the point "checking cluster".
81982-image.png

81946-image.png

Must I change something in WinRM on the HCI Servers?

Thanks

Edit:
WAC Version:
81890-image.png



image.png (11.0 KiB)
image.png (35.2 KiB)
image.png (62.2 KiB)
image.png (5.8 KiB)
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, @DanielPuls-5313,

Many different things can cause WinRM failures. Something you could try is adding all nodes as TrustedHosts. You could initially test with the command below, then refine the command to just the specific nodes if it resolves the issue.

Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value '*'

Run this on each of your cluster nodes then try again.

Thanks!

0 Votes 0 ·

Hi @TrentHelms-MSFT
Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value '*' was one the 1st steps in my setup on every machine.
I did some research and I think CredSSP is the key.

82359-image.png



I create GPOs for "Allow CredSSP" on winrm client and service, also system -> credential delegation "allow delegating fresh credentials" with WSMAN/*.domain.xyz.
But...no success.

Have you more ideas how I can handle this? Its frustrating...

Thanks.
Daniel


0 Votes 0 ·
image.png (22.5 KiB)

Hi @DanielPuls-5313,

From what I have been able to research, either WinRM is attempting to use a cert that doesn't exist or the Network Service doesn't have permissions to the cert itself. Here is a blog that you can reference to see if this may be the case.

Note that this blog is third-party and any actions you take should be thoroughly tested before implementing...
http://blog.skadefro.dk/2011/03/winrm-remote-management-and-powershell.html

That said, beyond this, it would like require some more in-depth analysis which could be provided by opening a support case with us.

I hope this information is helpful.

Thanks!

0 Votes 0 ·