Start here

Let’s Spread the Action Around… With NLB! (Part 1)

**AUTHOR’S NOTE: I have written hundreds of articles on this blog over the past decade.  Until recently I spent a lot of time taking screen shots of GUI consoles for my how-to articles.  For the time being, as I try to force myself into the habit, I will be using Windows PowerShell as much as possible, and thus will not be taking screen shots, but instead giving you the cmdlets that I use.  I hope this helps you as much as it is helping me! –MDG

I have written at length about Failover Clusters for Active-Passive services.  Let’s move away from that for a moment to discuss Network Load Balancing (NLB) – the tool that we can use to create Active-Active clusters for web sites (and other static-information services).

While NLB does, after a fact, cluster services, it is not a failover service… and is in fact a completely different service.  For my use case, it is usually installed on a server running IIS.  Start by installing it:

PS C:\> Install-WindowsFeature NLB –ComputerName Server1

Of course, having a single server NLB cluster is like juggling one ball… not very impressive at all.  So we are going to perform the same function for at least a couple of hosts…

PS C:\> Install-WindowsFeature NLB –ComputerName Server1,Server2,Server3

By the way, notice that I am referring to the servers as hosts, and not nodes.  Even the terminology is different from Failover Clusters.  This is going to get confusing at a certain point, because some of the PowerShell cmdlets and switches will refer to nodes.

Now that the feature is installed on all of our servers, we are almost ready to create our NLB Cluster.  Before we do, we have to determine the following:

  • Ethernet Adapter name
  • Static IP Address to be assigned to the Cluster

You are on your own for the IP address… it is up to you to pick one and to make sure it doesn’t conflict with another server or DHCP Server.

However with regard to the Ethernet Adapter name, there’s a cmdlet for that:

PS C:\> Invoke-Command –ComputerName Server1 –ScriptBlock {Get-NlbClusterNodeNetworkInterface}

Notice that I am only doing this, for the time being, against one server.  That is because I am going to create the cluster on a single server, then add my hosts to it afterward.

So now that we have the information we need, let’s go ahead and create an NLB Cluster named WebCluster, on Server1, with the Interface named Ethernet 2, and with an IP Address of 172.16.10.199:

PS C:\> New-NlbCluster –HostName Server1 –InterfaceName “Ethernet 2” –ClusterName WebCluster –ClusterPrimaryIP 172.16.10.199 –OperationMode Multicast

It will only take a minute, and you will get a response table listing the name, IP Address, Subnet Mask, and Mode of your cluster.

Now that we’ve done that, we can add another host to the NLB Cluster.  We’ll start by checking the NIC name on the second server, then we will add that server to the NLB Cluster:

PS C:\> Invoke-Command –ComputerName Server2 –ScriptBlock {Get-NlbClusterNodeNetworkInterface}

PS C:\> Get-NlbCluster –HostName Server1 | Add-NlbClusterNode –NewNodeName Server2 –NewNodeInterface “Ethernet”

Notice that in the first part of the script we are getting the NLB Cluster Name from the Host Name, and not the Cluster Name.

This part may take a few minutes… Don’t worry, it will work.  When it is done you will get a response table listing the name, State, and Interface name of the second host.

You can repeat this across as many hosts as you like… For the sake of this series, I will stick to two.

In the next article of the series, we will figure out how to publish our web sites to the NLB Cluster.

Help! My Servers Aren’t Being Monitored!

SNAGHTML6643d4fThis isn’t right… I have System Center Operations Manager monitoring all of my servers for me, but this morning I noticed that several of my servers are in a warning state, but they are greyed out (which implies that they aren’t reporting in properly).  What do I do?

This is not uncommon, especially in smaller organizations where you may have a single IT Professional running everything.  While it is not a good practice, some IT Pros will use their own credentials (which are obviously going to be Domain or Enterprise Admin accounts) to make things work.  Here’s the problem… you set up your credentials in System Center Operations Manager as a Run As account… and then at some later date you changed your password.

It is never a good idea to use an individual’s credentials as a Run As account.  It is also never a good idea to provide Domain Admin credentials to a program, but that is another issue that I will tackle later on.  What you should do, when configuring System Center Operations Manager, is create action (or Service) accounts in Active Directory.  Use ridiculously long and impossible to guess passwords (Jean MacDonald Kennedy was the 23rd Queen of Tahiti) and change them on a less frequent basis… say, when you change the batteries in your smoke detectors.

So now we have a bunch of computers that are being monitored… oh wait, no they aren’t.  They only look like they are being monitored.  We’d better fix that, and pronto!

We have to figure out what servers this account applies to.  We cannot simply delete the RunAs account, because it is going to be associated with a profile.  So let’s start by figuring out what profile that is.

1) In the Administration workspace navigate to Run As Configuration – Accounts and locate the errant account in the list of action accounts.  Right-click on it, and click Properties.

2) In the Properties window click on Where is this credential used?For the sake of this article, the only profile listed is Default Action Account.  Close Account Usage and Run As Account Properties.

3) Navigate to Run As Configuration – Accounts and locate the profile.  Right-click on it and click Properties.

4) In the Run As Profile Wizard navigate to Run As Accounts.

5) In the list of Run As accounts find all instances where the user account is listed.

image

6) One by one, click Edit… In the Add a Run As Account window change the account to your Service Account.  Click OK.

SNAGHTML6821e2c 

7) When you have done this for all instances (remember, you may need to scroll down) click Save.

** IMPORTANT NOTE: If you get error messages preventing you from saving the profile, you can either break your back trying to troubleshoot the SQL errors… or if there aren’t too many systems using the offending account, you can delete those servers from SCOM, and when you have resolved the issue, go back and re-discover them.

Once this is done, you can now delete the Run As account:

8) Navigate to Run As Configuration – Accounts

9) Right-click on the offending account and click Delete. (Accept any warning).

That should do it!  Go forth and manage, and remember… an unmanaged server can work great and save you all sorts of time… until it stops working and you have no idea why, or even that it did stop working.

The Things We Do For Charity…

Over the last few weeks I have done some Facebook reposts about the OMAC Juvenile Arthritis Charity Tournament.  One of our students at Master Kim’s Oriental Martial Arts College is a kid named Ayden Soares.  As you can imagine, Arthritis is a very painful disease, especially for children.  When our school decided to get together to raise money, there were plenty of incentives we could give to our students… but the one that seemed to get the most attention was the promise that for every thousand dollars raised, one of the instructors would shave his (or her) head.

Mark headshotI had spoken to Ayden’s mother a few weeks ago, and after promising to attend but also to make a (what I consider) very nice donation, I told her that I consider my hair one of my few redeeming physical features, and that she could put me around #25 on that list. 

Holy cow if we didn’t raise in excess of $25,000… FAR in excess of it!

Fortunately for me, time was working in my favour; the volunteers from First Choice Hair Cutters told us that from their viewpoint, it would be impractical to shave the heads of twenty-five people.  At 5-7 minutes per person, we would have been there for over two hours.

Somebody (I don’t know who) decided that we would shave five heads – Master Harrison, who represents the entire organization, and four instructors, to represent each branch of the school.

Master Harrison went first, and I suppose like all of us was more than a little reticent, but he is a man of his word, and it was for a good cause.

As this was going on, I looked at Master Godoy (my branch’s Master) who was a bit uneasy.  I could tell that he was not looking forward to this.  Aside from myself, the other instructors from our school are Mr. Peter, who was not at the event, and Mr. Bernard, who is mostly bald.  When Instructor Dorian was done, I stepped forward.

I should mention that even in the army, where we kept our hair very short, I never actually went down to shaved.  But as I said, it was for a good cause, and I like to think myself a good sport.  I sat in the chair, and when she asked me if I wanted to hedge my bet and use the ‘1’ shaver, I said no… let’s go all the way.

Instructor Mark went next, and then to our shock one of our female Black Belts stepped forward.  As she is under age I will not name her, but she had incredible long hair.  She asked for the back of her head to be shaved – I cannot explain it better, but I assure you that the end result looked perfectly normal and stylish (see the picture – she is one of the girls standing in front of me).

OMAC Group Shaved

The tournament was a great success, not only for the charity but also for our students who raised their confidence and won some trophies.  Everyone had fun.  As we say, together we’ll Kick Arthritis.

OMAC Instructor Garvis & AydenAyden is a very brave boy.  It is hard to live your life in pain.  One of my sons has Arthritis, and I know how hard it is.  Ayden is not giving up, and we are all cheering for him.  When it was all over, he came up to me and asked if he could take a picture with me.  I was proud to do so.

By the way, I know that Mr. Al Poulis, the very capable webmaster for OMAC, was the official photographer for the tournament, and took some great pictures throughout… including, I am told, of the hair part.  Stay tuned, when he sends them to me I will post the pictures of it actually happening!

Insanity Is…

Insanity

We have all heard this quote before… and it is exactly true.  However in your server environment, when you want things identical, then we would turn this phrase around:

Insanity: Doing things manually over and over and expecting identical results.

I have not spent a great deal of time learning PowerShell… but whenever I have a task to do, such as installing a role or a feature, I try to do it with PowerShell.  I actually leverage another of Einstein’s great axioms:

Memorize

The Internet is a great tool for this… I can look up nearly anything I need, especially with regard to PowerShell. 

So previously, when I wanted to install a role on multiple servers I would run a series of cmdlets:

PS C:\>Install-WindowsFeature Failover-Clustering –IncludeManagementTools –ComputerName Server1

PS C:\>Install-WindowsFeature Failover-Clustering –IncludeManagementTools –ComputerName Server2

PS C:\>Install-WindowsFeature Failover-Clustering –IncludeManagementTools –ComputerName Server3

Of course, this would work perfectly.  However recently I was looking up one of the cmdlets I needed on the Internet and stumbled across an easier way to do it… and especially when I want to run a series of identical cmdlets across the multiple servers.  I can simply create a multi-server session.  Watch:

PS C:\>$session=New-PSSession –ComputerName Server1,Server2,Server3

PS C:\>Invoke-Command –session $session {Add-WindowsFeature Failover-Clustering –IncludeManagementTools}

Two lines instead of three doesn’t really make my life a lot easier… but let’s say I was doing more than simply adding a role… this could save me a lot of time and, more importantly, ensure uniformity across my servers.

Creating a PSSession is great for things like initial configuration of servers… think of all of the tasks you perform on every server in your organization… or even just every web server, or file server.  This will work for Firewall rules, and any number of other settings you can think of.

Try it out… It will save you time going forward!

Broken Cluster? Clear it up.

Three years ago I wrote an article about cleaning up nodes of clusters that had been corrupted and destroyed (See Cluster Issues… how to clean out cluster nodes from destroyed clusters). 

Unfortunately the cluster command has been deprecated in Windows Server 2012 R2, so we need to go to PowerShell… which frankly is where we should be going anyways!

PS C:\> Clear-ClusterNode –Cluster Toronto –Force

In this example we had a cluster named Toronto that is no longer accessible.  Unfortunately one of the nodes was off-line when the cluster was destroyed, so it didn’t ‘get the message.’  As such, when we try later to join it to a new cluster we get an error that the server is already a node in another cluster.

The cmdlet only takes a minute to run, and when you do run it you are all set… you will immediately be able to join it to another cluster.

For the fun of it, I have not figured out yet how to (natively) run this cmdlet against a remote server, so you can either do it by connecting to each server or…

Invoke-Command –ComputerName Server1 –ScriptBlock {Clear-ClusterNode –Cluster Toronto –Force}

I covered this option in a previous article (Do IT Remotely) which shows how to run cmdlets (or any script) against a remote server.

No go forth and script!

New (and Free!) E-Books

Last month I posted an updated list of free ebooks that Microsoft Press offers (Free E-Books… Way beyond PDF Files!) which was extremely well received.  Well today I was given information that MS Press released two new ebooks this month, both of which are extremely of interest to a lot of my readers.

Microsoft System Center Deploying Hyper-V with Software-Defined Storage & Networking

Microsoft System Center Software Update Management Field Experience

You can download one or both of them from here.  They are not yet available on Kobo.com but I hope that will change soon!

Cluster-Aware Updates: Be Aware!

When I started evangelizing Windows Server 2012 for Microsoft, there was a long list of features that I was always happy to point to.  There are a few of them that I have never really gone into detail on, that I am currently working with.  Hopefully these articles will help you.

Cluster Aware Updates (CAU) is a feature that does exactly what it says – it helps us to update the nodes in a Failover Cluster without having to manually take them down, put them into maintenance mode, or whatever else.  It is a feature that works in conjunction with our patch management servers as well as our Failover Cluster.

I have written extensively about Failover Clusters before, but just to refresh, we need to install the Failover Clustering feature on each server that will be a cluster node:

PS C:\Install-WindowsFeature –Name Failover-Clustering –IncludeManagementTools –ComputerName <ServerName>

We could of course use the Server Manager GUI tool, but if you have several servers it is easier and quicker to use Windows PowerShell.

Once this is done we can create our cluster.  Let’s create a cluster called Toronto with three nodes:

PS C:\New-Cluster –Name Toronto –Node Server1, Server2, Server3

This will create our cluster for us and assign it a dynamic IP address.  If you are still skittish about dynamic IP you can add a static IP address by modifying your command like this:

PS C:\New-Cluster –Name Toronto –Node Server1, Server2, Server3 –StaticAddress 10.10.10.201

Great, you have a three-node cluster.  So now onto the subject at hand: Cluster Aware Updates.

You would think that CAU would be a default behaviour.  After all, why would anyone NOT want to use it? Nonetheless, you have to actually enable the role feature.

PS C:\Add-CauClusterRole –EnableFirewallRules

Notice that we are not using the –ComputerName switch.  That is because we do not install the role service to the servers but to the actual cluster.  You will be asked: Do you want to add the Cluster-Aware Updating clustered role on cluster “Toronto”? The default is YES.

By the way, in case you are curious the Firewall Rules that you need to enable is the ‘Remote Shutdown’ rule.  This enables Cluster-Aware Updating to restart each node during the update process.

Okay, you are ready to go… In the Failover Cluster Manager console right-click on your cluster, and under More Actions click Cluster-Aware Updating.  In the window Failover – Cluster-Aware Updating click Apply updates to this cluster.  Follow the instructions, and your patches will begin to apply to each node in turn.  Of course, if you want to avoid the management console, all you have to do (from PowerShell) is run:

PS C:\Invoke-CauRun

However be careful… you cannot run this cmdlet from a server that is a cluster node.  So from a remote system (I use my management client that has all of my RSAT tools installed) run:

PS C:\Invoke-CauRun –ClusterName Toronto

You can watch the PowerShell progress of the update… or you can go out for ice cream.  Just make sure it doesn’t crash in the first few seconds, and it should take some time to run.

Good luck, and my the cluster force be with you!

DONATE

%d bloggers like this: