Solved

Event 1573 can't form a cluster because witness not accessible : Symantec Endpoint related?

Posted on 2013-10-22
9
2,526 Views
Last Modified: 2013-12-09
After rebooting this DBS02 server, it could not join the
cluster : refer to attached screens.

Could it be due to recently we installed Symantec Endpoint
Protection & it blocks certain traffic?  I login using domain adid
as well as local administrator but in services.msc, I can't stop
the Symantec Client Protection & the other Symantec service:
the "Stop" option was simply greyed out (ie I can't select it).

Any help wud be appreciated
WitnessClus.jpg
CantStartClusvc.jpg
0
Comment
Question by:sunhux
  • 4
  • 3
9 Comments
 

Author Comment

by:sunhux
ID: 39591506
Another question:
I'm completely newbie to Win 2012 so need step by step
instruction on how to get into Symantec Endpoint Protection
to disable its firewall rules (if there's any)
0
 

Author Comment

by:sunhux
ID: 39591508
0
 
LVL 27

Assisted Solution

by:Steve
Steve earned 500 total points
ID: 39596648
this is pretty normal. if the witness server has firewall software on it may be preventing the node from seeing it, and therefore killing the cluster.

Is the node on the same site/subnet as the witness?
can it ping it?
can it browse to fileshares?
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:sunhux
ID: 39602326
> Is the node on the same site/subnet as the witness?
Yes, on same subnet 10.7.3.x/24.

> can it ping it?
Yes, could ping.

> can it browse to fileshares?
Could browse (using 'net view \\witness_IP'    &
even map a drive to (using 'net use x: \\witness_IP' )

I've figured out how to disable Syman Endpt Protectn's
firewall.

Curious, which port is that that needs to be permitted
without which it would show in Failover Cluster Manager
the member node as 'Down'
0
 
LVL 27

Assisted Solution

by:Steve
Steve earned 500 total points
ID: 39608520
Could browse (using 'net view \\witness_IP'    &
Cluster system uses names. can you ping/browse it by it's name on the domain?
click start>run '\\servername\' and see if you are presented with shared folders that you can browse.
if you don't have any shares on that server, try browsing to '\\servername\c$' to see the default C drive share.

Curious, which port is that that needs to be permitted
without which it would show in Failover Cluster Manager
the member node as 'Down'
There are many ports needed to allow this to work. In general if you can browse to a share it means the right ports are probably open.
0
 

Author Comment

by:sunhux
ID: 39611972
> can you ping/browse it by it's name on the domain?
Yes

> start>run '\\servername\' and see if you are presented with shared folders
Yes

Thing is I still would like to know which port was being blocked
by SEP which caused this issue.  Some other ports were permitted
by SEP : for this reason I could map drives & thus the 2 "Yes" answers above
0
 
LVL 27

Accepted Solution

by:
Steve earned 500 total points
ID: 39613716
this is a good post for fileshare ports:
http://www.experts-exchange.com/Security/Misc/Q_21157694.html

and here is window's official one:
http://technet.microsoft.com/en-us/library/cc731402.aspx

The cluster element of this does add a requirement to access the server's RPC ports too.
http://technet.microsoft.com/en-us/library/cc738291(v=ws.10).aspx
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My GPO's made for 2008 R2 servers were not allowing me to RDP into a new 2012 server by default.  That’s why I tried to allow RDP via Powershell, because I could log into a remote shell without further configuration. Below I will describe how I wen…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question