Set up a cluster witness

Applies to Azure Stack HCI, version 20H2; Windows Server 2019

Setting up a witness resource is highly recommended for all clusters, and should be set up right after you create a cluster. Two-node clusters need a witness so that either server going offline does not cause the other node to become unavailable as well. Three and higher-node clusters need a witness to be able to withstand two servers failing or being offline.

You can either use an SMB file share as a witness or an Azure cloud witness. An Azure cloud witness is recommended, provided all server nodes in the cluster have a reliable internet connection. This article covers creating a cloud witness.

Before you begin

Before you can create a cloud witness, you must have an Azure account and subscription, and register your Azure Stack HCI cluster with Azure. See the following articles for more information:

For file share witnesses, there are requirements for the file server. See System requirements for more information.

Create an Azure storage account

This section describes how to create an Azure storage account. This account is used to store an Azure blob file used for arbitration for a specific cluster. You can use the same Azure storage account to configure a cloud witness for multiple clusters.

  1. Sign in to the Azure portal.

  2. On the Azure portal home menu, under Azure services, select Storage accounts. If this icon is missing, select Create a resource to create a Storage accounts resource first.

    Azure portal home screen

  3. On the Storage accounts page, select New.

    Azure new storage account

  4. On the Create storage account page, complete the following:

    1. Select the Azure Subscription to apply the storage account to.
    2. Select the Azure Resource group to apply the storage account to.
    3. Enter a Storage account name.
      Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only. This name must also be unique within Azure.
    4. Select a Location that is closest to you physically.
    5. For Performance, select Standard.
    6. For Account kind, select Storage general purpose.
    7. For Replication, select Locally-redundant storage (LRS).
    8. When finished, click Review + create.

    Azure create storage account

  5. Ensure that the storage account passes validation and then review account settings. When finished, click Create.

    Azure storage account validation

  6. It may take a few seconds for account deployment to occur in Azure. When deployment is complete, click Go to resource.

    Azure storage account deployment

Copy the access key and endpoint URL

When you create an Azure storage account, the process automatically generates two access keys, a primary key (key1) and a secondary key (key2). For the first time creation of a cloud witness, key1 is used. The endpoint URL is also generated automatically.

An Azure cloud witness uses a blob file for storage, with an endpoint generated of the form storage_account_name.blob.core.windows.net as the endpoint.

Note

An Azure cloud witness uses HTTPS (default port 443) to establish communication with the Azure blob service. Ensure that the HTTPS port is accessible.

Copy the account name and access key

  1. In the Azure portal, under Settings, select Access keys.

  2. Select Show keys to display key information.

  3. Click the copy-and-paste icon to the right of the Storage account name and key1 fields and paste each text string to Notepad or other text editor.

    Azure storage account access keys

Copy the endpoint URL (optional)

The endpoint URL is optional and may not be needed for a cloud witness.

  1. In the Azure portal, select Properties.

  2. Select Show keys to display endpoint information.

  3. Under Blob service, click the copy-and-paste icon to the right of the Blob service field and paste the text string to Notepad or other text editor.

    Azure blob endpoint

Create a cloud witness using Windows Admin Center

Now you are ready to create a witness instance for your cluster using Windows Admin Center.

  1. In Windows Admin Center, select Cluster Manager from the top drop-down arrow.

  2. Under Cluster connections, select the cluster.

  3. Under Tools, select Settings.

  4. In the right pane, select Witness.

  5. For Witness type, select one of the following:

    • Cloud witness - enter your Azure storage account name, access key, and endpoint URL, as described previously
    • File share witness - enter the file share path "(//server/share)"
  6. For a cloud witness, for the following fields, paste the text strings you copied previously for:

    1. Azure storage account name
    2. Azure storage access key
    3. Azure service endpoint

    Cloud Witness access keys

  7. When finished, click Save. It might take a bit for the information to propagate to Azure.

Note

The third option, Disk witness, is not suitable for use in stretched clusters.

Create a cloud witness using Windows PowerShell

Alternatively, you can create a witness instance for your cluster using PowerShell.

Use the following cmdlet to create an Azure cloud witness. Enter the Azure storage account name and access key information as described previously:

Set-ClusterQuorum –Cluster "Cluster1" -CloudWitness -AccountName "AzureStorageAccountName" -AccessKey "AzureStorageAccountAccessKey"

Use the following cmdlet to create a file share witness. Enter the path to the file server share:

Set-ClusterQuorum -FileShareWitness "\\fileserver\share" -Credential (Get-Credential)

Next steps