Failover Cluster & Domain Controller

  • Hi All!

    I've set up a small office with a 2 node Win2K8 failover cluster and was planning to install a SQL Server failover cluster on it. The office is most interested in high availability. The cluster will run an IIS web app that they use internally and it also faces the web for their clients.

    They don't have a domain controller currently because they haven't needed any domain features on their internal network yet. Well, Win2K8 cluster requires the two nodes be on the same domain, so since they currently didn't have domain controller, I made one of the nodes take that roll.

    The SQL Server 2008 installation does not allow this however, it halts during the support rules check with "Domain controller: Failed" because you can't install on a domain controller. I understand there is a workaround by installing from the command line using a switch but I want to do this the right way. Do I need to get another server and make it a domain controller just to support this cluster config?

    Also, by not having the domain controller on the cluster, doesn't that mean my cluster is at the mercy of the external domain controller... if it goes down, my cluster becomes unavailable?

    One idea I had was to use HyperV to setup a domain controller which would give failover support for the domain controller to the cluster and SQL Server would be happy, but this seems like a terrible waste of resources.

    Thanks in advance for your feedback!

    Larry

  • Get another server and make it the DC. Doesn't have to be a huge server.

    Cluster nodes need to be identical, so you shouldn't have the case where one node is a DC and the other isn't. Plus, installing SQL on a DC (regardless of cluster) is a major security vulnerability.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass
  • But what happens to the cluster if that DC goes down? IIS and SQL Server are on the same cluster, so all data is access via the web app. Will this DC become a single point of failure or will all services still be accessible to the users who are essentially access this through their browser over port 80?

  • They should still all be up.

    p.s IIS and SQL on the same server is generally recommended against, and afaik, IIS can't be clustered (it can be load-balanced)

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass
  • Thanks for the reply. Yes, IIS won't be clustered, there will be two instances, one on each machine. I'm aware that it is not recommended to run IIS and SQL Server on the same box but I haven't read that specifically for a cluster. I'll check into that a bit more.

    So if a DC is not required for the cluster to stay up, can this be installed using a local account?

  • larrykl (10/29/2011)


    Thanks for the reply. Yes, IIS won't be clustered, there will be two instances, one on each machine. I'm aware that it is not recommended to run IIS and SQL Server on the same box but I haven't read that specifically for a cluster.

    It's not specifically for a cluster. It's a general recommendation. SQL and IIS shouldn't be on the same machine, re

    So if a DC is not required for the cluster to stay up, can this be installed using a local account?

    For what, the cluster? No, iirc it has to be a domain account.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass
  • Windows 2008 no longer uses a dedicated account for the cluster service, this is system managed.

    Please read my response to your other post regarding taking a little more time to plan effectively what it is you require and how you may implement it.

    If you have a machine where you can install HyperV and virtualise a domain controller, why not just make that server a physical DC in the first place. There's nothing wrong with virtual DC's but you would ideally need at least one physical DC in your domain.

    A domain controller is required for all authentication purposes, if the only DC in the domain goes down anything bound by a domain account may suffer, even services running under the context of a domain account

    For more details on what is required to implement a SQL Server cluster see my highly rated article series starting at the following link[/url]

    -----------------------------------------------------------------------------------------------------------

    "Ya can't make an omelette without breaking just a few eggs" 😉

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply