Monday, 12 December 2016

Windows Cluster 2016 Without Active Directory

You can have a cluster without a domain is not something that is common however if you need to put a cluster into a DMZ lets say and you don't want to expose any domain credentials or cause a denial of service by constant wrong passwords against a user then this could be the solution you are looking for.

Before we start there are a few things you should do
Create an account that can be used to sync the services and this should be a member of the Administrators group and import the PowerShell modules we will be using.

First the user creation, you will need to run this on each server
net user /add ClusterAdmin Super!SecurePa22Word
net localgroup administrators ClusterAdmin /add

Naming servers is something that you should consider in my case that was CL for cluster and node1-2 as names like WIN-LNF6MLM119B are kind of hard to remember later on.

Renaming the server via PowerShell and restarting is easy.
Rename-Computer -NewName "CL-NODE1"  -Restart
Rename-Computer -NewName "CL-NODE2"  -Restart

If you wanted to do this remotely then use something like this.
Rename-Computer -ComputerName "WIN-LNF6MLM119B" -NewName "CL-NODE1" -LocalCredential -Restart

Just remember you will need Enable-PSRemoting enabled first.

Next, we have to change the local policy on the servers to allow a non-active directory cluster to be created
new-itemproperty -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name LocalAccountTokenFilterPolicy -Value 1

Now that is done we can proceed with creating the cluster, now I recommend that you check the shared disks and other things you plan to use in your cluster before starting.

new-cluster -Name <clustername> -Node <servername> -AdministrativeAccessPoint DNS

new-cluster -Name MySQLCluster -Node CL-NODE1,CL-NODE2 -AdministrativeAccessPoint DNS

after passing this command you will have one of three outputs a failure, and i recommend you recheck your steps, a cluster message telling you it's done or a cluster setup with some warnings, this could be missing best practices and worth fixing.

No comments: