How to configure a Cloud Witness for a Failover Cluster
In the past week, I changed the configuration of a Failover Cluster in Windows Server 2016 that operated with a File share witness to use a Cloud Witness. In this post, I will show you how I configured a cloud witness for a failover cluster using Windows PowerShell and an Azure storage account. This tutorial assumes that you already have a Microsoft Azure account configured and Azure PowerShell installed on your computer.
Requirements: #
- A Storage Account in Microsoft Azure. If you need to create a new Storage Account, check out this link.
- A Failover Cluster in Windows Server 2016/2019
Azure Storage Account #
The storage account used for this purpose must meet the following requirements.
- Type: General purpose
- Performance: Standard
- Replication: Locally-redundant storage (LRS)
To configure the Cloud Witness we need to know the name of the storage account and one of the two access keys associated with the storage account.
Gets the access keys for an Azure Storage account. #
To obtain this data we use Azure PowerShell. If you want to know how to install the PowerShell Azure module on your machine, check out this link. The simplest way to get started is to sign in interactively at the command line.
Login-AzAccount
This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account. If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task we will use the following commands:
Get-AzSubscription
Select-AzSubscription -Subscription "My Subscription"
List the storage accounts in your subscription #
To retrieve the list of storage accounts in the current subscription, use the Get-AzureStorageAccount** cmdlet with the following syntax:
Get-AzStorageAccount `
| Select StorageAccountName, ResourceGroupName
Obtain the access key of your Azure storage account #
As you know An Azure Storage account comes with two account keys. To retrieve the keys, use the Get-AzStorageAccountKey cmdlet with the following syntax:
$storageAccountKey = (Get-AzStorageAccountKey `
-ResourceGroupName <ResourceGroupName> `
-Name <StorageAccountName>).Value[1]
Specifies which key to retrieve. The acceptable values for this parameter are: Value[0]=key1 Value[1]=key2 For Azure PowerShell version 1.3.2, and previous versions use the following syntax:
$storageAccountKey = (Get-AzStorageAccountKey `
-ResourceGroupName <ResourceGroupName> `
-Name <StorageAccountName>).Key2
Configure Cloud Witness as a quorum witness #
You should connect to one of the servers that are part of the cluster and run the following PowerShell commands as administrator. To inspect the existing configuration of the quorum witness, use the Get-ClusterQuorum cmdlet with the following syntax:
Get-ClusterQuorum `
-Cluster <ClusterName>
You can view the witness resource in the Failover Cluster Manager snap-in. To configure Cloud Witness as a Quorum Witness, use the Set-ClusterQuorum cmdlet:
Set-ClusterQuorum -NoWitness
First, use the Set-ClusterQuorum cmdlet with the -NoWitness parameter to avoid blocking errors. And then set the Cloud Witness configuration with the following syntax:
Set-ClusterQuorum `
-CloudWitness `
-AccountName <StorageAccountName> `
-AccessKey <StorageAccountAccessKey>
You can verify the newly witness resource in the Failover Cluster Manager snap-in. Important: Cloud Witness uses HTTPS (port 443) to establish communication with Azure blob service.
If you want to know more about Failover Clustering in Windows Server, check out this link.