How to Install and Configure Windows Server Failover Clustering on an ECS Instance

In this tutorial, we will show you how to prepare your remote cloud and deploy Windows Server Failover Clustering on an Alibaba Cloud ECS Instance.

We recommend you use Windows Server Failover Clustering (WSFC) and SQL Server AlwaysOn Availability Groups as your SQL Server high availability solution on Alibaba Cloud's ECS (Elastic Compute Service) Instances.

WSFC is a feature of the Windows Server platform, which is generally used to improve the high availability of applications and services on your network. WSFC is a successor to the Microsoft Cluster Service (MCS).

An Alibaba Cloud ECS Instance provides fast memory and the latest Intel CPUs to help you to power your cloud applications and achieve faster results with low latency. All ECS instances come with Anti-DDoS protection to safeguard your data and applications from DDoS and Trojan attacks.

The Alibaba Cloud ECS allows you to load applications with multiple operating systems and manage network access rights and permissions. Within the user console, you can also access the latest storage features, including auto snapshots, which is perfect for testing new tasks or operating systems as it allows you to make a quick copy and restore later. It offers a variety of configurable CPU, memory, data disk and bandwidth variations allowing you to tailor each Instance to your specific needs.

We recommend the following hardware to deploy this solution:

1. ECS: 4-core CPU or above with 16GB of memory, or above.
2. Mount SSD cloud disks as ECS.

We also recommend the following software with the listed specifications:

1. .NET Framework 4.0 or above
2. Powershell 5.0 or above
3. Windows Server 2016 64-bit Data Center Edition
4. SQL Server 2016 64-bit Enterprise Edition

1. Set Up Your ECS and Remote Cloud

1.1. Modify Your Host Name

Since images produce ECS instances, some of them may share the same name. While this problem is rare with VPCs (Virtual Path Connections), to ensure absolute security, modify the host name to shorter than 15 characters and immediately restart the host.

You can manually alter the name using the following Powershell command:

Rename-Computer -NewName "ServerName" -restart -force  

1.2. Disable UAC Restrictions

You can disable the User Account Control (UAC) remote restrictions using the following Powershell command:

new-itemproperty -path 
HKLM:SOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem -Name 
LocalAccountTokenFilterPolicy -Value 1

1.3. Install the Windows Failover Cluster Feature

This is a mandatory and basic structure that allows AlwaysOn to grow on the Windows Cluster. Use the Powershell command:

Install -WindowsFeature -Name Failover-Clustering - IncludeManagementTools

1.4. Modify the DNS Suffix of a Windows Host

This solution involves a stand-alone control. To make the solution successfully run under Windows Cluster, you need to add the uniform suffix to the hostname for identification purposes.

You can modify it through the UI, or use the Powershell command:

$ParentKeyPath = "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters"
$DnsSuffix="aliyunrds.com"
New-ItemProperty -Path $ParentKeyPath -Name "NV Domain" -Value $DnsSuffix -PropertyType 

1.5. Change the Host's Static IP Address

Strictly speaking, you can use a DHCP for configuration in Windows Server. However, we suggest you use a static IP address to configure the host's network connection.

You can use the UI or the Powershell command for configuration. However, remember to check the DNS configuration and adjust it as necessary. The Powershell command is as follows:

$IPType = "IPv4"

$Adapter = Get-NetAdapter | Where-Object {$_.Status -eq 'up' -and $_.name -ne 'loopback'}

$IpAddress=((($Adapter | Get-NetIPConfiguration).IPv4Address) | Where InterfaceAlias -ne "loopback").IPAddress
$PrefixLength=((($Adapter | Get-NetIPConfiguration).IPv4Address) | Where InterfaceAlias -ne "loopback").PrefixLength
$Gateway=((Get-NetIPConfiguration).Ipv4DefaultGateway).NextHop

If (($adapter | Get-NetIPConfiguration).IPv4Address.IPAddress) 
{
    $adapter | Remove-NetIPAddress -AddressFamily $IPType -Confirm:$false
}

If (($adapter | Get-NetIPConfiguration).Ipv4DefaultGateway) 
{
    $adapter | Remove-NetRoute -AddressFamily $IPType -Confirm:$false
}

# config static ip address
$Adapter | New-NetIPAddress -AddressFamily $IPType  -PrefixLength $PrefixLength  -IPAddress $IpAddress -DefaultGateway $Gateway

1.6. Modify the Host's Hosts File

The file is located at hosts under C:WindowsSystem32driversetc. You need to map the name and DNS suffix of every host along with the IP addresses. You can do this with the following cmd command:

copy C:\Windows\System32\drivers\etc\hosts C:\Windows\System32\drivers\etc\hosts_2017033141131
echo 172.16.18.247 iZbp1ehi2dopyqC.aliyunrds.com >> C:\Windows\System32\drivers\etc\hosts
echo 172.16.18.246 iZbp1ehi2dopyqZ.aliyunrds.com >> C:\Windows\System32\drivers\etc\hosts
echo 172.16.18.248 iZbp1ehi2dopyqA.aliyunrds.com >> C:\Windows\System32\drivers\etc\hosts

1.7. Create a Windows Cluster

Next, we'll create the Windows cluster. The latest version of Windows Server 2016 supports cluster creation through the UI, but you can also choose to create the cluster through the Powershell command. You need to specify staticAddress, which is the IP address in the VPC. Be careful not to occupy it:

New-Cluster –Name clus-aliyun0001 -Node 
iZbp1ehi2dopyqC.aliyunrds.com,iZbp1ehi2dopyqZ.aliyunrds.com,iZbp1ehi2dopyqA.aliyunrds.com -AdministrativeAccessPoint DNS -StaticAddress 172.16.18.101

1.8. Set an Arbitration Mechanism for Windows Cluster

Non-domain-control AlwaysOn availability groups only support arbitration through majority nodes or based on Microsoft cloud files. Alibaba Cloud only supports the majority nodes mode. As a result, you must deploy at least three nodes for your Windows Cluster. If you deploy four nodes, make sure to set one of them to zero voting rights. If you only need two database copies, you can use two ECS instances, with one serving as an AlwaysOn node and the other only joining the Windows Cluster.

Set VOTE: 
$node = "Always OnSrv1"  
(Get-ClusterNode $node).NodeWeight = 0 

Set no-witness:  
Set-ClusterQuorum -NoWitness  

Set majority-node arbitration: 
Set-ClusterQuorum –NodeMajority

1.9. Set the Interval for the Windows Cluster Failovers

You may observe in your testing process that after several failovers, automatic failover ceases to function after some time. This is because Windows Cluster imposes a limit on the number of automatic failovers for each resource group within a certain period.

If you want to increase the limit of automatic failovers to, say 30 failovers, use the following command.

(Get-ClusterGroup "Cluster Group").FailoverThreshold = 30

1.10. Create a Read-Only Server Load Balancer

Bind the read-only ECS instance to the Server Load Balancer and specify the weight.

2. Deploy an Active Directory (AD) Domain Service and the CA (Certificate) Service

2.1. Add AD Domain Service

Open the Windows Server UI and click "Add roles and features."

Under Server Roles, click "Active Directory Domain Service" and click "Next."

Make sure the "Include management tools" checkbox is selected and click "Add Features."

Check your installation selection matches the screenshot below. Click "Install."

The installation process will start, and you will see a progress bar. When the installation is complete, the following line will appear, indicating that you need to configure your installation:

Your installation is complete. Click "Close" and proceed to the next step.

2.2. Configure the AD Domain Service

Now, you need to configure your AD Domain Service. A small hazard sign should appear on the Server Manager Dashboard, alerting you to complete your configuration. Click the hazard sign, and then click "Promote this server to a domain controller."

The configuration wizard window will appear:

Check to "Add a new forest" and enter your root domain name. Next, click the "Domain Controller Options" on the left-hand menu and fill in the password fields, leaving all the other options as the default values:

Click "Next." The prerequisite checks should pass successfully. You can now click "Install" to begin the installation:

After the installation your computer will automatically restart. Use "rwstest.comAdministrator" to log in to Windows Server.

2.3. Install the CA (Certificate) Service

Return to your "Add Roles and Features Wizard" and click "Server Roles." Check "Active Directory Certificate Services:"

Go to "Role Services" and check "Certification Authority Web Enrollment:"

Click "Next" and the following screen should appear:

The CA Service installation is complete.

2.4. Configure the CA (Certificate) Service

Open the AD CS Configuration window, go to "Role Services" and check "Certification Authority Web Enrollment:"

Click "Next" and make sure the "Enterprise CA" is selected:

Click "Next." Then, add the details of your CA:

Click "Next" and check your configuration:

Click "Configure" and the following screen should appear:

3. Verification

Open a browser window and type "http://servername/certsrv in the address line (where servername is the name of the server on which the CA certificate is installed).

The following should appear:

That's it! You've installed and configured Windows Server Failover Clustering for Alibaba Cloud ECS.