Hi
I have a scenario in failover clustering which I am unsure on how to work around.
Our setup is a 2 node cluster, one node in building A, the other in building B.
In each building we have the following setup:
Datacenter switch where Live Migration, Heartbeat, and Disk connection goes through
A main public switch where Host management and Virtual switch connect through.
A physical domain controller is a separate physical machine and utilises the public switch
The cluster communication therefore is private between the datacenter switches
Earlier today our public switch crashed, at the time we didn’t know what caused the problem but this prevented the host in Building A from talking to the DC in Building A, and with the host in Building B. According to the cluster everything was fine except that initially the cluster was partitioned, and then it figured out that only Building A was not contactable. I first tried a live migration but this failed (I see event errors 21502, 2050 and 2051) I had to use quick migration and this worked. As far as I can tell, it was problems relating to authentication to the domain (all workloads were running in Building A by the way), which makes sense since Building A host couldn’t talk to a DC, and the DC in Building B is non routable through the datacenter switch (a fibre optic links the two data switches from one building to the other).
How can I use live migration when I can’t authenticate to a domain controller – is this the Kerberos authentication option in the hyper-v configuration (constrained delegation) or will this not help me?
Since the two nodes can talk to each other through the datacenter switches and belong to the same cluster…. I thought the node wouldn’t need to contact AD for authentication, or if it did then the second node would have some sense to talk to it on behalf of the other server – maybe I am expecting too much from the inner workings of the cluster to do this.
Any suggestions on what I need to do to get this to work under this scenario, we can not re-route physical cables between the two buildings unfortunately, and I am not looking at “buy additional switches” as an answer, I already know that. I am specifically looking for a server configuration change which could address this – if there is one.
Many thanks
Steve