Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Error during Windows Failover Cluster Validation during "Validate Windows Firewall Configuration"

Posted on 2010-09-21
13
Medium Priority
?
1,634 Views
Last Modified: 2012-05-10
I am setting up a 2008 Windows Failover Cluster with VMWare. When I run the validation test, it fails on "Validate Windows Firewall Configuration" with the following error:


"An error occurred while executing the test.
There was an error verifying the firewall configuration.
An item with the same key has already been added."


To troubleshoot this, I tried to completely disable the firewall.

I found this website, where the author ran into the same issue, in a very similar configuration: http://geekcroft.wordpress.com/2010/01/29/cluster-firewall-issue-an-item-with-the-same-key-has-already-been-added/

The author suggests that the issue is a duplicate NIC GUID (due to using VMWare) of some kind and advises adding a new NIC.

Is there any way to manually change this GUID?

Unfortunately, adding another NIC is not possible because this version of VMWare is apparently limited to 5 virtual PCI slots. Currently all are occupied (2 SCSI cards and 3 NICs).

To get around this, I tried removing one of the NICs from the VM Settings and then re-adding it, hoping that it would detect it as a new NIC, but Windows immediately redetects it as the same NIC and assigns all of the original IPs, etc to it.

I also tried manually editing the VMX file for one of the nodes to completely change the MAC address, yet VMWare still somehow just assigns the old IP information to the NICs, even though they have new MAC addresses.

Assuming there is no easy way to manually change the GUID, is there way to get VMWare to recognize a NIC as new, since changing the MACs doesn't seem to do the trick?

Any ideas?

Thanks!
0
Comment
Question by:Mister_Tog
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 33732196
Once the NIC is removed, it may be holding on to it.  Try the link below once you remove the NIC:

http://support.microsoft.com/kb/269155


Also, here are steps to view the GUID of NICs installed.  I don't know if it's possible to just change the GUID here:

2. In order to make the vmnet bridge service bind the exact NIC I want it to, I had to do some Registry work. TO do this for yourself, go to Start -> run -> cmd then type regedt32 (or do this directly from the run line.) I found that under HKey_Local_Machine\SYSTEM\CurrentControlSet\Control\Network\{GUID}\ are listed all the NICs by their GUID (ugly hex-string).

In other words, find the ..\network\ folder mentioned above, and just double click everything you can, opening things up to the lowest level. At some point, you will find keys like which may look something like {66525611-5824-44A8-9E4F-C4955B8D9C68}. Double click on this, and there will be one last folder called 'connection'. single click on this and the right half of the window will display which actual ethernet card is connected to this key. Mine would say something like:

Name: REG_SZ: 3com 4 where 3com 4 is one of the names I see when I righclick properties on my network places icon on the desktop. I had to open first the top-level GUID ("Network Adapters") and then open each NIC (sub-GUID) and look under \{GUID}\Connection and read the Name value (if you're unsure which is which, just rename the different adapters under Start\Settings\Network and Dial-up Connections, and then the name you give it is reflected in the Name value in the Registry.)

Once you've found the correct NIC, you now know it's GUID (tip: right-click the Registry key and 'Copy Key Name' [this did not work for me, I had to use the 'save key' option under the file menu, open the saved file in a text editor, and look for the key information within a bunch of other hexadecimal junk]). Next you need to find the settings for the vmnet bridging service, under HKLM\SYSTEM\CurrentControlSet\Services\vmnetbr0. If you look under \vmnetbr0\Parameters\ you find the value NetworkDevice, which reads "\Device\{GUID}". This is the GUID you need to replace with the GUID of the NIC you want the service to bind to (i.e. the stuff you just copied), and then just restart the vmnetbr0 service.

Now restart the vmnet0 service, restart vmware, boot your linux guest OS, and if you are lucky (it worked for me) the booting process should give the OK to eth0.


Ref: http://maartenrutgers.org/info/vmware/vmware.html
0
 
LVL 1

Author Comment

by:Mister_Tog
ID: 33735884
Thanks!

I found the GUID of the NIC and it does indeed match a NIC on the other node. Also, I've found that if you run getmac -v, the GUID will be listed.

If I browse to
HKLM\SYSTEM\CurrentControlSet\Services\

I do not see a "vmnetbr0." I do see items like "vmbus" and "VMBusHID," and "VMTools." Is there somewhere I should look instead?

I think this is VMWare Server 1.0.9 (not sure if that build refers to the server itself or the console GUI).

0
 
LVL 33

Expert Comment

by:digitap
ID: 33735931
but, you did find the GUID in the registry?  i'm a hyper-v shop, but i've heard of this happening in hyper-v.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 1

Author Comment

by:Mister_Tog
ID: 33735965
Yes, I found the GUID in the path you specified.
0
 
LVL 1

Author Comment

by:Mister_Tog
ID: 33738766
But, as I mentioned above, I'm not sure how to change it. The registry key you mentioned doesn't appear to exist in my configuration.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33740980
Could you clarify where the error is occurring?  Is it within the VMWare servers or on the cluster servers?
0
 
LVL 1

Author Comment

by:Mister_Tog
ID: 33743838
I have two 2008 images that are running on VMWare server. Each of these images is going to be a node of the cluster.

When I try to set up a Windows Failover Cluster, the error occurs during the validation process.
0
 
LVL 33

Accepted Solution

by:
digitap earned 2000 total points
ID: 33745188
The error information I'm seeing is the servers were created by using an image and without using a tool like Sysprep, the GUID's are duplicated.  Is that what we're talking about here?
0
 
LVL 1

Author Comment

by:Mister_Tog
ID: 33746729
Just checked on that. Yes, it appears that these were created without Sysprep. Is this something that I can run after-the-fact or do the images need to be recreated?
0
 
LVL 1

Author Comment

by:Mister_Tog
ID: 33746783
OK, I see.

I am running Sysprep on the second node now. I will then try reconfiguring the cluster and will see if the same error occurs again.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33747042
yes...you can run it after the fact.  however, i don't know how this plays in with 2008 server.  i haven't used sysprep since i was imaging boxes with WinNT 4.0!
0
 
LVL 1

Author Comment

by:Mister_Tog
ID: 33748028
It looks like not running Sysprep was the culprit.

These are the steps I took to resolve the issue:

1. Started over with new clones of the image.
2. Ran Sysprep on the second image using the following settings:
- "Enter System Out-of-Box Experience (OOBE)"
- Checked "Generalize"
3. After rebooting, I configured the nodes as usual.
4. The WFC Cluster Validation wizard completed successfully!

I am crediting you with the solution since it was your mention of Sysprep that led to the resolution.

Thanks!
0
 
LVL 33

Expert Comment

by:digitap
ID: 33748086
I'm glad I could help and thanks for the points!  Also, thanks for posting your steps for resolution.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question