adding Availability cluster created on Windows 2016 - error
Odd_Mikalsen
Posts: 1
I have earlier added availability cluster created on Windows 2012R2 with no problem, after following the firewall opening rules and registry changes.
But on Windows 2016 server I get almost same error that I have seen before (group WMI, event: OpenNamespace:Root\MSCluster, outcome:Cannot connect, Exception: COMException, Exception message: The RPC server is unavailable (Exception from HRESLUT: 0x800706BA) )
I have no problem adding a none cluster SQL Server instance on Windows 2016.
I have checked that all the needed firewall openings are in place, and that the registry are changed, and now I don't know what I need, are there some added changes that needs to be done when you are trying to add a availability cluster created on Windows 2016 servers?
I have found that one setting on the windows cluster has changed from Windows 2012R2 to Windows 2016, and that the rights that's given to NETWORK SERVICE, it does not have full Control anymore. (I need domain admin to change that for me, but I don't want to change it if its not needed)
Best regards Odd Mikalsen
But on Windows 2016 server I get almost same error that I have seen before (group WMI, event: OpenNamespace:Root\MSCluster, outcome:Cannot connect, Exception: COMException, Exception message: The RPC server is unavailable (Exception from HRESLUT: 0x800706BA) )
I have no problem adding a none cluster SQL Server instance on Windows 2016.
I have checked that all the needed firewall openings are in place, and that the registry are changed, and now I don't know what I need, are there some added changes that needs to be done when you are trying to add a availability cluster created on Windows 2016 servers?
I have found that one setting on the windows cluster has changed from Windows 2012R2 to Windows 2016, and that the rights that's given to NETWORK SERVICE, it does not have full Control anymore. (I need domain admin to change that for me, but I don't want to change it if its not needed)
Best regards Odd Mikalsen
Tagged:
Comments
We have had a very similar issue with a 2016 availability group and are not able to use our SQL monitor licenses at all since upgrading SQL.
Here’s a quick run-down of we've looked at and tested:
- When adding the VUL-SQL-01 server, it correctly queries the WMI and finds the cluster name. But when it tries to query the WMI repository using the cluster name it fails.
- we’ve tested a WMI query remotely, which succeeded, so WMI is working fine and open for remote queries.
- As we know SQL remote connections are working ok.
- we’ve tested our agent account and it can connect and query WMI, and is a local admin on the DB servers.
- we’ve gone through all the connection tests that are listed on the Red-Gate support site. And they all work fine talking to the local server, but not to the cluster name.
- we’ve checked the cluster permissions, and the local admin group has full control over the cluster, and the SQLMonitor.Agent account is a local admin. So it’s not a permissions issue.
But none of that has fixed the connection issue.
My suspicion is the changes to clustering in Windows 2016 has broken how SQL Monitor connects. But it’s just a suspicion.
Thanks,
Tane
I find if you reboot the Redgate server it will work for several hours, then start giving the COMException errors on connectivity in the Configuration page.
UPDATE: I may have found the problem in our situation. If your setup has the base monitor in another LAN or in a DMZ, dynamic WMI port rule may not work and you may need to set static WMI ports. When I added "ALL" to our Firewall rule, immediately WMI connectivity was re-established. I'm going to try and set the static WMI port on the cluster servers and see if that works. - https://documentation.red-gate.com/display/SM7/Adding+servers+on+a+different+network+from+your+base+monitor
UPDATE 2: It seems to be a problem with Fortigate firewalls not passing the WMI traffic through properly. If you create a rule with from RG server to SQL on the Firewall and allow ALL ports/protocols, then everything works without issues. Pretty much the same scenario I was having - https://forum.fortinet.com/tm.aspx?m=65235