question

ThomasJoos-9876 avatar image
0 Votes"
ThomasJoos-9876 asked ThomasJoos-9876 commented

Creation of the cluster hangs at WAC at domain join

I created the two cluster nodes in Hyper-V and connected them to the Windows Admin Center. When creating the HCI cluster, the wizard detects the two nodes and I can start the creation. On the second page of the wizard, which asks for domain membership, the wizard hangs and does not bring up any messages or information.I am using Windows Admin Center 2103.2 I have Hyper-V installed on the nodes and can also mount them in Windows Admin Center and view information. The wizard to create the HCI cluster does not show any error messages, but the circle in the Admin Center just keeps spinning. I can also reach the domain controllers in the PowerShell of the nodes via nslookup and log into Hyper-V with the domain admin account. Remote Management is shown as "enabled

azure-stack-hci
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @ThomasJoos-9876,

I have a few questions for clarity.

  1. Are the nodes already joined to the domain, or are you trying to join them to the domain from the wizard?

  2. Does Windows Admin Center hang immediately once you are on this screen (when it is attempting to determine if the nodes are already domain joined), or does it hang when you click to go to the next screen?

  3. How long have you waited to see if the spinning circle disappears?

  4. Have you ever collected a HAR trace to see what part of the process is failing?

I suspect the issue is a call that is going from Windows Admin Center to one or both nodes is not completing. If you haven't already, I would suggest collecting a HAR trace using the steps in the link below. Be sure to start the trace at a point prior to the issue occurring, then stop them once the issue has occurred to see the last things happening. This can usually give clues to where the issue lies.

https://docs.microsoft.com/en-us/azure/azure-portal/capture-browser-trace

Hope this helps!
Trent






0 Votes 0 ·

Hi Trent,
thanks for your answer.
1: The nodes are member of the domain and I can manage the nodes in Windows Admin Center too. Remote PowerShell sessions from the WAC machine to the nodes also works
2: Yes - The WAC hangs immediately. I can cancel the process but it does not continue. I can switch back, but not to the next screen, as that requires configuring the domain membership first.
3. several hours, it does not bring any change. I also tested the same thing with ESXi. Again, the process aborts at the same point.
4. no, I try a HAR trace next.
Greetings
Thomas Joos

0 Votes 0 ·
ThomasJoos-9876 avatar image
0 Votes"
ThomasJoos-9876 answered

Hi,

I have created a HAR trace. This is what the Developer tools show:

main.4fbecef9680d6db7e9f9.js:1 Welcome to the Windows Admin Center debugging api. Type "MsftSme.help()" to see a list of available commands
/api/nodes/hci/features/powershellApi/invokeCommand?api-version=2019-02-01:1 Failed to load resource: the server responded with a status of 404 (Not Found)

134684-har.txt



har.txt (312.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TrentHelms-MSFT avatar image
0 Votes"
TrentHelms-MSFT answered

Hi @ThomasJoos-9876,

Thank you for providing the HAR file. The error message being returned in the HAR file is below:

"The trust relationship between the primary domain and the trusted domain could not be established."

This is causing the validation to fail as it cannot verify if the domain account you are using has administrative privileges on the HCI nodes.

Try testing the secure channel between the HCI nodes and the domain. You can do this in PowerShell using Test-ComputerSecureChannel -Verbose. If this fails, you can attempt to repair the secure channel by running Test-ComputerSecureChannel -Repair -Credential (Get-Credential). When prompted, enter creds that have domain admin rights. When this completes, re-run Test-ComputerSecureChannel -Verbose to see if the error is resolved. If you would like, you could also rejoin the nodes to the domain and test again.

Finally, also be sure that the domain account you are using is in the administrators group on the HCI nodes.

Hope this helps!
Trent

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ThomasJoos-9876 avatar image
0 Votes"
ThomasJoos-9876 answered ThomasJoos-9876 commented

Hi,
thanks for the answer. I'll test the commands. However, I use the default administrator account "administrator" in the test domain. With this account I can access the HCI servers and change settings using the Windows Admin Center. Only creating the cluster does not work. I can also log in to the HCI nodes with the account, and I can also establish a remote PowerShell session from the WAC server with this user account to the HCI server.
The cmdlets to test the secure channel give the status that the channel is working.

Greetings Thomas

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @ThomasJoos-9876,

The domain name being returned in the HAR file is called joos.int. Is this the correct domain the nodes are joined to? Is this the right domain for the creds you are using? Is this a standalone domain in its own forest or does it have a trust with any other domain?

One thing you could try is when you specify the credentials, you could use the full domain name instead of the NetBIOS name just in case the wrong suffix is being added (such as joos.int\administrator instead of joos\administrator).

Hope this helps!
Trent

0 Votes 0 ·

HI,

yes, the domain is correct and in my network there is only this domain. There are no trusts. I can also log on to the domain with the HCI nodes without any problems and I can establish RemotePower shell sessions with the WAC without any problems and perform all actions you can think of. The only thing that doesn't work is that the wizard in the WAC to create the cluster hangs when displaying the domain info without showing any info. I'll reinstall the environment sometime. Because my test cluster in Azure is working. Thank you.

0 Votes 0 ·