5

I have deployed 2 nodes Failover Cluster with Hyper-V 2016 on top of a hyperconverged setup using S2D. The cluster managed by VMM 2016. VMM 2016 has latest UR3, Win 2016 nodes have latest Windows updates

I have two issues:

1) I can't create highly available VM using VMM. I have this error ("name" is the name of cluster, htt* ending with "p"):

Error (2927) A Hardware Management error has occurred trying to contact server 'name' .

WinRM: URL: [http://name:5985], Verb: [GET], Resource: [http://schemas.microsoft.com/wbem/wsman/1/wmi/root/mscluster/MSCluster_ResourceGroup?Name=SCVMM wwew Resources]

Unknown error (0x803381a4)

Recommended Action Check that WinRM is installed and running on server 'name'. For more information use the command "winrm helpmsg hresult" and http://support.microsoft.com/kb/2742275

I can create HA VM using Failover cluster manager. The VMM agents on the hosts are in good status, all green. No errors in logs. I already did WinRM diags check, both hosts return correct response. No firewalls between nodes and VMM. Antivirus is installed, but real-time scan is off. I can add/remove hosts from/to VMM without any issues (no WinRM errors). Basically I did same setup in my lab using two VMs, it works in this configuration, I can create HA VM.

2) Very often I have status "in Maintenance" on some PD and SSD. The virtual disks are in warning status. When I run repair on them, nothing happen, 0% progess. Only help to reboot one node or rebuild VD itself, then disk status become to normal. Any ideas?

Update 06/06/2017 - I could get some understading what's this error means:

winrm helpmsg 0x803381a4

The WinRM client cannot process the request. A computer policy does not allow the delegation of the user credentials to the target computer because the computer is not trusted. The identity of the target computer can be verified if you configure the WSMAN service to use a valid certificate using the following command: winrm set winrm/config/service @{CertificateThumbprint=""} Or you can check the Event Viewer for an event that specifies that the following SPN could not be created: WSMAN/. If you find this event, you can manually create the SPN using setspn.exe . If the SPN exists, but CredSSP cannot use Kerberos to validate the identity of the target computer and you still want to allow the delegation of the user credentials to the target computer, use gpedit.msc and look at the following policy: Comp uter Configuration -> Administrative Templates -> System -> Credentials Delegation -> Allow Fresh Credentials with NTLM-only Server Authentication. Verify that it is enabled and configured with an SPN appropriate for the target computer. For example, for a target computer name "myserver.domain.com", the SPN can be one of the following: WSMAN/myserver.domain.com or WSMAN/*.domain.com. Try the request again after these changes.

Basically I enabled CredSSP on my hyper-v hosts and added WSMAN to GPO as help suggests. But it didn't help.

pauska
  • 19,532
  • 4
  • 55
  • 75
Dmitry
  • 73
  • 2

2 Answers2

5

Please try the following:

On the VMM and then Navigate to

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft System Center Virtual Machine Manager Server\Settings
  • Change the value of BITSTcpPort from 443 to an unused port number. (i.e 8500) Reboot the VMM server after changing the value register.
  • The fix might be to update all nodes to latest updates (the hotfix was included in May's or April's rollup update (don't remember which one))

And I would like to add my 0.5$ about S2D design. First, I would recommend adding at least 2 nodes to your configuration thus you can achieve benefits from erasure coding and stop be under FT=1( this option is costly).

Net Runner
  • 5,626
  • 11
  • 29
-1

the issue has been solved:

  1. I’ve configured GPO settings on VMM Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Allow Fresh Credentials with NTLM-only Server Authentication” with “”wsman/clusterFQDN” suffix
  2. I ran this Powershell command on all Hyper-V hosts in the cluser “Enable-WSManCredSSP Server”
  3. I ran this Powershell command on VMM “Enable-WSManCredSSP Client –DelegateComputer name (where name is Hyper-V host FQDN)

More info about troubleshooting steps on my blog's post: http://dmitryivakin.info/windows-server/solved-vmm-and-failover-cluster-winrm-error-0x803381a4/

Dmitry
  • 73
  • 2