Event 1573 can't form a cluster because witness not accessible : Symantec Endpoint related?

After rebooting this DBS02 server, it could not join the
cluster : refer to attached screens.

Could it be due to recently we installed Symantec Endpoint
Protection & it blocks certain traffic?  I login using domain adid
as well as local administrator but in services.msc, I can't stop
the Symantec Client Protection & the other Symantec service:
the "Stop" option was simply greyed out (ie I can't select it).

Any help wud be appreciated
WitnessClus.jpg
CantStartClusvc.jpg
sunhuxAsked:
Who is Participating?
 
SteveConnect With a Mentor Commented:
this is a good post for fileshare ports:
http://www.experts-exchange.com/Security/Misc/Q_21157694.html

and here is window's official one:
http://technet.microsoft.com/en-us/library/cc731402.aspx

The cluster element of this does add a requirement to access the server's RPC ports too.
http://technet.microsoft.com/en-us/library/cc738291(v=ws.10).aspx
0
 
sunhuxAuthor Commented:
Another question:
I'm completely newbie to Win 2012 so need step by step
instruction on how to get into Symantec Endpoint Protection
to disable its firewall rules (if there's any)
0
 
sunhuxAuthor Commented:
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
SteveConnect With a Mentor Commented:
this is pretty normal. if the witness server has firewall software on it may be preventing the node from seeing it, and therefore killing the cluster.

Is the node on the same site/subnet as the witness?
can it ping it?
can it browse to fileshares?
0
 
sunhuxAuthor Commented:
> Is the node on the same site/subnet as the witness?
Yes, on same subnet 10.7.3.x/24.

> can it ping it?
Yes, could ping.

> can it browse to fileshares?
Could browse (using 'net view \\witness_IP'    &
even map a drive to (using 'net use x: \\witness_IP' )

I've figured out how to disable Syman Endpt Protectn's
firewall.

Curious, which port is that that needs to be permitted
without which it would show in Failover Cluster Manager
the member node as 'Down'
0
 
SteveConnect With a Mentor Commented:
Could browse (using 'net view \\witness_IP'    &
Cluster system uses names. can you ping/browse it by it's name on the domain?
click start>run '\\servername\' and see if you are presented with shared folders that you can browse.
if you don't have any shares on that server, try browsing to '\\servername\c$' to see the default C drive share.

Curious, which port is that that needs to be permitted
without which it would show in Failover Cluster Manager
the member node as 'Down'
There are many ports needed to allow this to work. In general if you can browse to a share it means the right ports are probably open.
0
 
sunhuxAuthor Commented:
> can you ping/browse it by it's name on the domain?
Yes

> start>run '\\servername\' and see if you are presented with shared folders
Yes

Thing is I still would like to know which port was being blocked
by SEP which caused this issue.  Some other ports were permitted
by SEP : for this reason I could map drives & thus the 2 "Yes" answers above
0
All Courses

From novice to tech pro — start learning today.