Solved

Error during Windows Failover Cluster Validation during "Validate Windows Firewall Configuration"

Posted on 2010-09-21
13
1,598 Views
Last Modified: 2012-05-10
I am setting up a 2008 Windows Failover Cluster with VMWare. When I run the validation test, it fails on "Validate Windows Firewall Configuration" with the following error:


"An error occurred while executing the test.
There was an error verifying the firewall configuration.
An item with the same key has already been added."


To troubleshoot this, I tried to completely disable the firewall.

I found this website, where the author ran into the same issue, in a very similar configuration: http://geekcroft.wordpress.com/2010/01/29/cluster-firewall-issue-an-item-with-the-same-key-has-already-been-added/

The author suggests that the issue is a duplicate NIC GUID (due to using VMWare) of some kind and advises adding a new NIC.

Is there any way to manually change this GUID?

Unfortunately, adding another NIC is not possible because this version of VMWare is apparently limited to 5 virtual PCI slots. Currently all are occupied (2 SCSI cards and 3 NICs).

To get around this, I tried removing one of the NICs from the VM Settings and then re-adding it, hoping that it would detect it as a new NIC, but Windows immediately redetects it as the same NIC and assigns all of the original IPs, etc to it.

I also tried manually editing the VMX file for one of the nodes to completely change the MAC address, yet VMWare still somehow just assigns the old IP information to the NICs, even though they have new MAC addresses.

Assuming there is no easy way to manually change the GUID, is there way to get VMWare to recognize a NIC as new, since changing the MACs doesn't seem to do the trick?

Any ideas?

Thanks!
0
Comment
Question by:Mister_Tog
  • 7
  • 6
13 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 33732196
Once the NIC is removed, it may be holding on to it.  Try the link below once you remove the NIC:

http://support.microsoft.com/kb/269155


Also, here are steps to view the GUID of NICs installed.  I don't know if it's possible to just change the GUID here:

2. In order to make the vmnet bridge service bind the exact NIC I want it to, I had to do some Registry work. TO do this for yourself, go to Start -> run -> cmd then type regedt32 (or do this directly from the run line.) I found that under HKey_Local_Machine\SYSTEM\CurrentControlSet\Control\Network\{GUID}\ are listed all the NICs by their GUID (ugly hex-string).

In other words, find the ..\network\ folder mentioned above, and just double click everything you can, opening things up to the lowest level. At some point, you will find keys like which may look something like {66525611-5824-44A8-9E4F-C4955B8D9C68}. Double click on this, and there will be one last folder called 'connection'. single click on this and the right half of the window will display which actual ethernet card is connected to this key. Mine would say something like:

Name: REG_SZ: 3com 4 where 3com 4 is one of the names I see when I righclick properties on my network places icon on the desktop. I had to open first the top-level GUID ("Network Adapters") and then open each NIC (sub-GUID) and look under \{GUID}\Connection and read the Name value (if you're unsure which is which, just rename the different adapters under Start\Settings\Network and Dial-up Connections, and then the name you give it is reflected in the Name value in the Registry.)

Once you've found the correct NIC, you now know it's GUID (tip: right-click the Registry key and 'Copy Key Name' [this did not work for me, I had to use the 'save key' option under the file menu, open the saved file in a text editor, and look for the key information within a bunch of other hexadecimal junk]). Next you need to find the settings for the vmnet bridging service, under HKLM\SYSTEM\CurrentControlSet\Services\vmnetbr0. If you look under \vmnetbr0\Parameters\ you find the value NetworkDevice, which reads "\Device\{GUID}". This is the GUID you need to replace with the GUID of the NIC you want the service to bind to (i.e. the stuff you just copied), and then just restart the vmnetbr0 service.

Now restart the vmnet0 service, restart vmware, boot your linux guest OS, and if you are lucky (it worked for me) the booting process should give the OK to eth0.


Ref: http://maartenrutgers.org/info/vmware/vmware.html
0
 
LVL 1

Author Comment

by:Mister_Tog
ID: 33735884
Thanks!

I found the GUID of the NIC and it does indeed match a NIC on the other node. Also, I've found that if you run getmac -v, the GUID will be listed.

If I browse to
HKLM\SYSTEM\CurrentControlSet\Services\

I do not see a "vmnetbr0." I do see items like "vmbus" and "VMBusHID," and "VMTools." Is there somewhere I should look instead?

I think this is VMWare Server 1.0.9 (not sure if that build refers to the server itself or the console GUI).

0
 
LVL 33

Expert Comment

by:digitap
ID: 33735931
but, you did find the GUID in the registry?  i'm a hyper-v shop, but i've heard of this happening in hyper-v.
0
 
LVL 1

Author Comment

by:Mister_Tog
ID: 33735965
Yes, I found the GUID in the path you specified.
0
 
LVL 1

Author Comment

by:Mister_Tog
ID: 33738766
But, as I mentioned above, I'm not sure how to change it. The registry key you mentioned doesn't appear to exist in my configuration.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33740980
Could you clarify where the error is occurring?  Is it within the VMWare servers or on the cluster servers?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 1

Author Comment

by:Mister_Tog
ID: 33743838
I have two 2008 images that are running on VMWare server. Each of these images is going to be a node of the cluster.

When I try to set up a Windows Failover Cluster, the error occurs during the validation process.
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 33745188
The error information I'm seeing is the servers were created by using an image and without using a tool like Sysprep, the GUID's are duplicated.  Is that what we're talking about here?
0
 
LVL 1

Author Comment

by:Mister_Tog
ID: 33746729
Just checked on that. Yes, it appears that these were created without Sysprep. Is this something that I can run after-the-fact or do the images need to be recreated?
0
 
LVL 1

Author Comment

by:Mister_Tog
ID: 33746783
OK, I see.

I am running Sysprep on the second node now. I will then try reconfiguring the cluster and will see if the same error occurs again.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33747042
yes...you can run it after the fact.  however, i don't know how this plays in with 2008 server.  i haven't used sysprep since i was imaging boxes with WinNT 4.0!
0
 
LVL 1

Author Comment

by:Mister_Tog
ID: 33748028
It looks like not running Sysprep was the culprit.

These are the steps I took to resolve the issue:

1. Started over with new clones of the image.
2. Ran Sysprep on the second image using the following settings:
- "Enter System Out-of-Box Experience (OOBE)"
- Checked "Generalize"
3. After rebooting, I configured the nodes as usual.
4. The WFC Cluster Validation wizard completed successfully!

I am crediting you with the solution since it was your mention of Sysprep that led to the resolution.

Thanks!
0
 
LVL 33

Expert Comment

by:digitap
ID: 33748086
I'm glad I could help and thanks for the points!  Also, thanks for posting your steps for resolution.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now