Deploy Windows cluster on two sites with only one domain controller.

By | April 13, 2016

The requirement that an enterprise system has high availability on site and across sites is very often encountered in the world of financial systems.
To achieve this requirement the obvious solution is to have a cluster on the primary site (PR) and another cluster on the disaster recovery site (DR).

On the PR we created a normal windows fail-over cluster with prNode1.voina.org and prNode2.voina.org linked with the primary site domain controller dc.voina.org. Note that this was done using the GUI cluster admin tools from Windows Server 2012 R2.

On the DR site the problem we run into was the fact that there is no dedicated domain controller on the DR site. In principle we can construct a cluster on the DR site the same way as it was done on PR but using the PR domain controller. But this is not a HA solution because in case of total site failure on PR the domain controller will also fail so also the DR cluster will fail.

The solution to this is found here https://blogs.technet.microsoft.com/askcore/2014/03/24/failover-clustering-and-active-directory-integration/ in the Microsoft knowledge base.
The suggested idea is to create on the DR site an “Active Directory-Detached Cluster”.

As noted by Microsoft:

We have introduced, a new mode to create a Failover Cluster on Windows Server 2012 R2, known as Active Directory detached Cluster. Using this mode, you would not only no longer need to pre-stage these objects but also stop worrying about the management and maintenance of these objects. Cluster Administrators would no longer need to be wary about accidental deletions of the CNO or the Virtual Computer Objects (VCOs). The CNOs and VCOs are now instead created in Domain Name System (DNS).

This feature provides greater flexibility when creating a Failover Cluster and enables you to choose to install Clusters with or without AD integration. It also improves the overall resiliency of cluster by reducing the dependencies on CNO and VCOs, thereby reducing the points of failure on the cluster.

According to the above link the following steps were done on the DR site:

STEP 1: Add the DR nodes to the domain controller
First we have to make sure that the DR nodes, running Windows Server 2012 R2 are part of the same domain. At this step we have to add to the domain controller the DR nodes as drnode1.voina.org and drnode2.voina.org

STEP 2: Install cluster support on DR site
On the DR site nodes start PowerShell and do:

STEP 3: Add the detached cluster
The detached cluster cannot be created using the GUI. So we have to do it in PowerShell:

Note: It is very important to add the nodes with the fully qualified name, otherwise the cluster is not validated because from some reason the domainName of the nodes is considered as null.

Initially we were using the same as in the tutorial:

This was continuously giving the error:

After this we can see both clusters PRCluster and DRCluster and in case we disconnect the sites the DRCluster is still up without the need of the domain controller.

Advertisements

One thought on “Deploy Windows cluster on two sites with only one domain controller.

  1. Pingback: Change Parameters of Windows Fail-Over Cluster with PowerShell – blog.voina.org