Creating Cluster through point to point VPN

Discussion in 'Clustering' started by Dustin Cornell, Apr 19, 2006.

  1. I am trying to create a 2 Node cluster. The active directory and DNS servers
    are located on a different network through a LAN-to-LAN VPN. I have an
    account created to run the cluster service, however when Wizard starts the
    "Creating the Cluster" portion of setup it fails with:

    Date: 4/19/2006
    Time: 9:31:35 AM
    Computer: wor00302.xxx.xxxxxxx.com
    Major Task ID: {E25968DA-9C7B-42DB-ADA9-BC4E34F17E6E}
    Minor Task ID: {07D8047B-01FD-40DC-9132-4B535A77CDE4}
    Progress (min, max, current): 0, 1, 1
    Description:
    Comparing cluster and node configurations...
    Status: 0x80070569
    Logon failure: the user has not been granted the requested logon type at
    this computer.
    Additional Information:
    For more information, visit Help and Support Services at
    http://go.microsoft.com/fwlink/?LinkId=4441.



    Date: 4/19/2006
    Time: 9:31:35 AM
    Computer: wor00302.xxx.xxxxxx.com
    Major Task ID: {E25968DA-9C7B-42DB-ADA9-BC4E34F17E6E}
    Minor Task ID: {07D8047B-01FD-40DC-9132-4B535A77CDE4}
    Progress (min, max, current): 0, 1, 1
    Description:
    Comparing cluster and node configurations...
    Status: 0x80070569
    Logon failure: the user has not been granted the requested logon type at
    this computer.
    Additional Information:
    For more information, visit Help and Support Services at
    http://go.microsoft.com/fwlink/?LinkId=4441.


    I have added the credentials manually to the cluster account stated in
    KB269229 "How to Manually Re-Create the Cluster Service Account".

    I have already created a 2-Node cluster in this domain, the primary
    difference with this installation is that I am doing it over a VPN on
    different networks which leads me to believe that that has something to do
    with it.

    Thanks for any help/advice,

    Dustin Cornell
     
    Dustin Cornell, Apr 19, 2006
    #1
    1. Advertisements

  2. Never tried this...it seems highly suspect, as you're now introducing a
    single point-of-failure to the cluster in the form of the PtP VPN
    connection. Even if you get this working, if that connection drops, bye-bye
    cluster...

    That said, have you verified that the cluster service account has
    permissions to the VPN connection itself?

    --
    Ryan Sokolowski
    MVP - Windows Server - Clustering
    MCSE, CCNA, CCDA, BCFP
    Clustering101.com - Coming Soon!

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Ryan Sokolowski [MVP], Apr 19, 2006
    #2
    1. Advertisements

  3. Never tried this...it seems highly suspect, as you're now introducing a
    single point-of-failure to the cluster in the form of the PtP VPN
    connection. Even if you get this working, if that connection drops, bye-bye
    cluster...

    That said, have you verified that the cluster service account has
    permissions to the VPN connection itself?

    --
    Ryan Sokolowski
    MVP - Windows Server - Clustering
    MCSE, CCNA, CCDA, BCFP
    Clustering101.com - Coming Soon!

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Ryan Sokolowski [MVP], Apr 19, 2006
    #3
  4. Actually, the system will only be at this remote location for a short period
    of time. It will then be moved on-site and the IPs will basically need
    changed. So that's about it. It seems like NetBIOS is used in a number of
    different areas which is where I think my problems reside as NetBIOS traffic
    will not transfer through the router..

    The account works, I can log into the system with the cluster service
    account without any problems.

    I found this article which appears to contain part of my problems:

    MS kb827486

    Dustin
     
    Dustin Cornell, Apr 19, 2006
    #4
  5. Ramon Jiménez [MVP], Apr 20, 2006
    #5
  6. Remember, there are requirements for geographically disperse clusters,
    including:
    1. The public LAN for all nodes must be on the same network segment (IP
    range) and this usually requires a VLAN to make it happen
    2. The private/heartbeat LAN for all nodes must be on the same network
    segment (IP range) and this usually requires a VLAN to make it happen
    3. The quorum must be able to be accessed by all nodes and in the case of
    replicated quorum drives, there must be a method of locking so that nodes
    not owning the quorum are not able to write to it.
    4. All clustered disks must be able to be accessed by all nodes and in the
    case of replicated drives, there must be a method of locking so that nodes
    not owning the the physical disk resource are not able to write to it.

    Does your configuration meet these requirements? If not, you will have to
    wait until you have a configuration that will support geographically
    disperse clustering.


    --
    Russ Kaufmann
    MVP - Windows Server - Clustering
    ClusterHelp.com, a Microsoft Certified Gold Partner
    Web http://www.clusterhelp.com
    Blog http://msmvps.com/clusterhelp
     
    Russ Kaufmann [MVP], Apr 20, 2006
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.