Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Event 1573 can't form a cluster because witness not accessible : Symantec Endpoint related?

Posted on 2013-10-22
9
Medium Priority
?
3,088 Views
Last Modified: 2013-12-09
After rebooting this DBS02 server, it could not join the
cluster : refer to attached screens.

Could it be due to recently we installed Symantec Endpoint
Protection & it blocks certain traffic?  I login using domain adid
as well as local administrator but in services.msc, I can't stop
the Symantec Client Protection & the other Symantec service:
the "Stop" option was simply greyed out (ie I can't select it).

Any help wud be appreciated
WitnessClus.jpg
CantStartClusvc.jpg
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
9 Comments
 

Author Comment

by:sunhux
ID: 39591506
Another question:
I'm completely newbie to Win 2012 so need step by step
instruction on how to get into Symantec Endpoint Protection
to disable its firewall rules (if there's any)
0
 

Author Comment

by:sunhux
ID: 39591508
0
 
LVL 27

Assisted Solution

by:Steve
Steve earned 2000 total points
ID: 39596648
this is pretty normal. if the witness server has firewall software on it may be preventing the node from seeing it, and therefore killing the cluster.

Is the node on the same site/subnet as the witness?
can it ping it?
can it browse to fileshares?
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:sunhux
ID: 39602326
> Is the node on the same site/subnet as the witness?
Yes, on same subnet 10.7.3.x/24.

> can it ping it?
Yes, could ping.

> can it browse to fileshares?
Could browse (using 'net view \\witness_IP'    &
even map a drive to (using 'net use x: \\witness_IP' )

I've figured out how to disable Syman Endpt Protectn's
firewall.

Curious, which port is that that needs to be permitted
without which it would show in Failover Cluster Manager
the member node as 'Down'
0
 
LVL 27

Assisted Solution

by:Steve
Steve earned 2000 total points
ID: 39608520
Could browse (using 'net view \\witness_IP'    &
Cluster system uses names. can you ping/browse it by it's name on the domain?
click start>run '\\servername\' and see if you are presented with shared folders that you can browse.
if you don't have any shares on that server, try browsing to '\\servername\c$' to see the default C drive share.

Curious, which port is that that needs to be permitted
without which it would show in Failover Cluster Manager
the member node as 'Down'
There are many ports needed to allow this to work. In general if you can browse to a share it means the right ports are probably open.
0
 

Author Comment

by:sunhux
ID: 39611972
> can you ping/browse it by it's name on the domain?
Yes

> start>run '\\servername\' and see if you are presented with shared folders
Yes

Thing is I still would like to know which port was being blocked
by SEP which caused this issue.  Some other ports were permitted
by SEP : for this reason I could map drives & thus the 2 "Yes" answers above
0
 
LVL 27

Accepted Solution

by:
Steve earned 2000 total points
ID: 39613716
this is a good post for fileshare ports:
http://www.experts-exchange.com/Security/Misc/Q_21157694.html

and here is window's official one:
http://technet.microsoft.com/en-us/library/cc731402.aspx

The cluster element of this does add a requirement to access the server's RPC ports too.
http://technet.microsoft.com/en-us/library/cc738291(v=ws.10).aspx
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question