How to fix VMM error 20553

Hi,

today I want you to provide you some GPO Templates, which could help you to fix following error in VMM:

Error (20553)
The Windows Remote Management (WinRM) client on the VMM server cannot process the request. A computer policy does not allow the delegation of the user credentials to the target computer **.

WinRM: URL: ** , Verb: [ENUMERATE], Resource: [http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/Win32_ComputerSystemProduct], Filter: []

Unknown error (0x803381a3)

Recommended Action
Use gpedit.msc and look at the following policy: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Allow Delegating Fresh Credentials. Verify that it is enabled and configured with an SPN appropriate for the target computer. For example, for a target computer name myserver.domain.com, the SPN can be one of the following: WSMAN/myserver.domain.com OR WSMAN/*.domain.com OR WSMAN/*

Thanks to Radhika Gupta for his blog on TechNet which gave me the final solution 🙂

In my case I needed to create two GPOs.

The first deployed on the Hyper-V Hosts to enable WinRM with CreedSSP

Computer Configuration\Administrative template\Windows Components\Windows Remote Management (WinRM)\WinRM Service\[Allow CredSSP authentication] = true

The first deployed on the VMM Hosts to enable WinRM with CreedSSP and Credentials Delegation

Computer Configuration\Administrative template\Windows Components\Windows Remote Management (WinRM)\WinRM Service\[Allow CredSSP authentication] = true

Computer Configuration\Administrative Templates\System\Credentials Delegation\[AllowFreshCredentials ] = “WSMAN/*”

How a Microsoft Failover Cluster works

During my daily work in the field I often have to explain how a Failover cluster in the Microsoft world is working. Currently I mostly discribe three kinds of clusters. First is the Clustertyp which is used for DHCP Failover Cluster, like discribed in a former blogpost. The other is a DAG or Database availability group, how it is used in Exchange and Failover Cluster how it works in Scale out Fileserver and Hyper-V Cluster.

Today I want to focus on the Fileserver and Hyper-V Failover Cluster and try to explain it.

At first, you need to know such a failover cluster must have an uneven number of cluster members.

Why do we need an uneven number of cluster member? The reason for is a thing named split brain.

Source wikipedia:

Split-brain is a term in computer jargon, based on an analogy with the medical Split-brain syndrome. It indicates data or availability inconsistencies originating from the maintenance of two separate data sets with overlap in scope, either because of servers in a network design, or a failure condition based on servers not communicating and synchronizing their data to each other. This last case is also commonly referred to as a network partition.

An uneven number of cluster members? But dies this mean I can only have 1,3,5, … etc. servers in my cluster?

Normally yes but hear comes the Magic. The uneven  member do not need to be a Server, it could also be a share or LUN. This share is named Cluster Shared Volume (CSV) or cluster witness. Every Server and the cluster witness have the same wight in the cluster.

1

Now one server catches the witness and becomes the “clustermaster” and has more votes in the cluster. He will give the direction for the other nodes.

1

What happens if one cluster when the cluster master files? Very easy, together with the cluster master, the cluster shared volume fails too. That means at the end we will have an uneven number of cluster nodes and there won’t be a split brain.

1

 

If a cluster member failes, the witness will be disconnected and deaktivated. That will also bring an uneven number of cluster nodes and we won’t run in split brain.

1

 

Now you will ask, I have more than two nodes. What will happen if the connection splits the cluster in two halfes? which means it would force the split brain issue again!

1

The cluster member will notice their numbers on both sides. Than the cluster will go and run on the uneven cluster half.

1

 

 

Automatic SMB Scale-Out Rebalancing in Windows Server 2012 R2 by Jose Barreto

Jose Barreto wrote a blog about my favorite changes in Windows Server 2012 R2.

Automatic SMB Scale-Out Rebalancing. Why is it cool? Easy to answer, when you use a SoFS with Windows Server 2012 and one nodes fail the CSV switches over to the other Clusternode. That is ok but becomes worst when the other Clusternode comes back, because with Windows Server 2012 the is no automated rebalacing or fallback and the Clusternode redirects all traffic throw the CSV owner. This has an enormously performance decrease.

With 2012 R2, this is history and how it works you can read on Jose’s blog. Click here.