Επεξεργασία

Κοινή χρήση μέσω


Before Installing Failover Clustering

Applies to: SQL Server

Before you install a SQL Server failover cluster, you must select the hardware and the operating system on which SQL Server will run. You must also configure Windows Server Failover Clustering (WSFC) and review network, security, and considerations for other software that will run on your failover cluster.

If a Windows cluster has a local disk drive and the same drive letter is used on one or more cluster nodes as a shared drive, you can't install SQL Server on that drive. This restriction applies to both SQL Server failover cluster instances and standalone instances on a server that is part of a Windows Failover Cluster Instance.

You may also want to review the following articles to learn more about SQL Server failover clustering concepts, features and tasks.

Article Description Article
Describes SQL Server failover clustering concepts, and provides links to associated content and tasks. Always On Failover Cluster Instances (SQL Server)
Describes SQL Server failover policy concepts, and provides links to configuring the failover policy to suit your organizational requirements. Failover Policy for Failover Cluster Instances
Describes how to maintain and your existing SQL Server failover cluster. Failover Cluster Instance Administration and Maintenance
Explains how to install Analysis Services on a Windows Server Failover Cluster (WSFC). How to Cluster SQL Server Analysis Services

Best practices

Review the release notes for SQL Server 2019 and SQL Server 2022.

Install prerequisite software. Before running Setup to install or upgrade, install the following prerequisites to reduce installation time. You can install prerequisite software on each failover cluster node and then restart nodes once before running Setup.

  • Windows PowerShell is no longer installed by SQL Server Setup. Windows PowerShell is a prerequisite for installing SQL Server Database Engine components and SQL Server Management Studio. If Windows PowerShell isn't present on your computer, you can enable it by following the instructions on the Windows Management Framework page.

  • .NET Framework 3.5 SP1 is no longer installed by SQL Server Setup, but may be required while installing SQL Server on older Windows operating systems. For more information, see SQL Server 2019: Hardware and software requirements.

  • Microsoft Update package: To avoid computer restart due to .NET Framework 4 installation during setup, SQL Server Setup requires a Microsoft update to be installed on the computer. For SQL Server 2014 (12.x) and later versions installing on supported versions of Windows, this update is already included. If you're installing on an older Windows operating system, download it from Microsoft Update for .NET Framework 4.0 on Windows Vista and Windows Server 2008.

  • .NET Framework 4: Setup installs .NET Framework 4 on a clustered operating system. To reduce installation time, you may consider installing .NET Framework 4 before you run Setup.

  • SQL Server Set up support files. You can install these files by running SqlSupport.msi located on your installation media.

Verify that antivirus software isn't installed on your WSFC cluster. For more information, see the Microsoft Knowledge Base article, Antivirus software may cause problems with cluster services.

When naming a cluster group for your failover cluster installation, you must not use any of the following characters in the cluster group name:

  • Less than operator (<)

  • Greater than operator (>)

  • Double quote (")

  • Single quote (')

  • Ampersand (&)

    Also verify that existing cluster group names don't contain unsupported characters.

Ensure that all cluster nodes are configured identically, including COM+, disk drive letters, and users in the administrators group.

Verify that you've cleared the system logs in all nodes and viewed the system logs again. Ensure that the logs are free of any error messages before continuing.

Before you install or update a SQL Server failover cluster, disable all applications and services that might use SQL Server components during installation, but leave the disk resources online.

SQL Server Setup automatically sets dependencies between the SQL Server cluster group and the disks that will be in the failover cluster. Don't set dependencies for disks before Setup.

  • During SQL Server Failover Cluster installation, computer object (Active Directory computer accounts) for the SQL Server Network Resource Name is created. In a Windows Server 2008 cluster, the cluster name account (computer account of the cluster itself) needs to have permissions to create computer objects. For more information, see Configuring Accounts in Active Directory.

  • If you're using SMB File share as a storage option, the SQL Server Setup account must have SeSecurityPrivilege on the file server. To do this, using the Local Security Policy console on the file server, add the SQL Server Setup account to Manage auditing and security log rights.

Verify your hardware solution

If the cluster solution includes geographically dispersed cluster nodes, additional items like network latency and shared disk support must be verified.

Verify that the disk where SQL Server will be installed isn't compressed or encrypted. If you attempt to install SQL Server to a compressed drive or an encrypted drive, SQL Server Setup fails.

SAN configurations are also supported on Windows Server, starting with Windows Server 2008 and Windows Server 2008 R2 Advanced Server and Datacenter Server editions. The Windows Catalog and Hardware Compatibility List category "Cluster/Multi-cluster Device" list the set of SAN-capable storage devices that have been tested and are supported as SAN storage units with multiple WSFC clusters attached. Run cluster validation after finding the certified components.

SMB File Share is also supported for installing data files. For more information, see Storage Types for Data Files.

Warning

If you are using Windows File Server as a SMB File Share storage, the SQL Server Setup account must have SeSecurityPrivilege on the file server. To do this, using the Local Security Policy console on the file server, add the SQL Server Setup account to Manage auditing and security log rights.

If you are using SMB file share storage other than Windows File server, please consult the storage vendor for an equivalent setting on the file server side.

SQL Server supports mount points. A mounted volume, or mount point, allows you to use a single drive letter to refer to many disks or volumes. If you have a drive letter D: that refers to a regular disk or volume, you can connect or "mount" additional disks or volumes as directories under drive letter D: without the additional disks or volumes requiring drive letters of their own.

  • SQL Server Setup requires that the base drive of a mounted drive has an associated drive letter. If the base drive of a mounted drive doesn't have an associated drive letter, the Setup program will assign the next available drive letter to the drive.

    Note

    If all the drive letters are already assigned, the Setup program will fail.

  • SQL Server doesn't support use of mount volume / mount point root directories for SQL Server databases. For more information review Permission error occurs when you use a volume mount point in SQL Server Setup

  • Additional mount point considerations for SQL Server failover clustering:

    • SQL Server Setup requires that the base drive of a mounted drive has an associated drive letter. For failover cluster installations, this base drive must be a clustered drive. Volume GUIDs aren't supported in this release.

    • The base drive, the one with the drive letter, can't be shared among failover cluster instances. This is a normal restriction for failover clusters, but isn't a restriction on stand-alone, multi-instance servers.

    • The clustered installations of SQL Server are limited to the number of available drive letters. Assuming that you use only one drive letter for the operating system, and all other drive letters are available as normal cluster drives or cluster drives hosting mount points, you're limited to a maximum of 25 instances of SQL Server per failover cluster.

      Tip

      The 25 instance limit can be overcome by using SMB file share option. If you use SMB file share as the storage option, you can install up to 50 SQL Server failover cluster instances.

    • Formatting a drive after mounting additional drives isn't supported.

    • The SQL Server resource in SQL Server 2005 and later versions depends on the SQL network name resource and on the physical disk resources that hold the data. Mount points and the host drive must be displayed as a cluster physical disk resource. Additionally, the physical disk that has a drive letter and each mounted volume must also be added as a SQL Server dependency.

    • If you perform a new installation, the correct dependency permissions are set on the physical disks that have an associated drive letter and on the mount points. The dependency permissions are set automatically during setup.

    • If only the root physical disks dependency is added and the mount points dependency is not added, database corruption will occur on failover. Database corruption may also occur during a SQL Server restart should disk resources go offline and return to online state even without failing over.

  • Best practices for mount points:

    • If you move a mount point from one shared disk to another shared disk, make sure that the shared disks are located in the same group.

    • Try to use the root (host) volume exclusively for mount points. The root volume is the volume that hosts the mount points. This practice greatly reduces the time that is required to restore access to the mounted volumes if you have to run the Chkdsk.exe tool. This also reduces the time that is required to restore from backup on the host volume.

    • If you use the root (host) volume exclusively for mount points, the size of the host volume must be at least 5 megabytes (MB). This reduces the probability that the volume will be used for anything other than the mount points.

SQL Server failover cluster installation supports Local Disk only for installing the tempdb files. Ensure that the path specified for the tempdb data and log files is valid on all the cluster nodes. During failover, if the tempdb directories aren't available on the failover target node, the SQL Server resource will fail to come online. For more information, see Storage Types for Data Files and Database Engine Configuration - Data Directories.

Review security considerations

To use encryption, install the server certificate with the fully qualified DNS name of the WSFC cluster on all nodes in the SQL Server failover cluster. For example, if you have a two-node cluster, with nodes named "Test1.DomainName.com" and "Test2.DomainName.com" and a SQL Server failover cluster instance named "Virtsql", you must get a certificate for "Virtsql.DomainName.com" and install the certificate on the test1 and test2 nodes. Then you can select the Force protocol encryption check box on the SQL Server Configuration Manager to configure your failover cluster for encryption.

Important

Do not select the Force protocol encryption check box until you have certificates installed on all participating nodes in your failover cluster instance.

For SQL Server installations in side-by-side configurations with previous versions, SQL Server services must use accounts found only in the global domains group. Additionally, accounts used by SQL Server services must not appear in the local Administrators group. Failure to comply with this guideline will result in unexpected security behavior.

To create a failover cluster, you must be a local administrator with permissions to log in as a service, and to act as part of the operating system on all nodes of the failover cluster instance.

On Windows Server 2008 and later versions, service SIDs are generated automatically for use with SQL Server services. For SQL Server failover cluster instances upgraded from previous versions of SQL Server, existing domain groups and ACL configurations will be preserved.

Domain groups must be within the same domain as the machine accounts. For example, if the machine where SQL Server will be installed is in the SQLSVR domain, which is a child of MYDOMAIN. You must specify a group in the SQLSVR domain. The SQLSVR domain may contain user accounts from MYDOMAIN.

SQL Server failover clustering can't be installed where cluster nodes are domain controllers.

Review content in Security Considerations for a SQL Server Installation.

To enable Kerberos authentication with SQL Server, see How to use Kerberos authentication in SQL Server in the Microsoft Knowledge Base.

SQL Server failover cluster instance (FCI) requires the cluster nodes to be domain joined. The following configurations are not supported:

  • SQL FCI on workgroup clusters.
  • SQL FCI on Multi-Domain cluster.
  • SQL FCI on Domain + Workgroup Clusters.

Review network, port, and firewall considerations

Verify that you have disabled NetBIOS for all private network cards before beginning SQL Server Setup.

The network name and IP address of your SQL Server shouldn't be used for any other purpose, such as file sharing. If you want to create a file share resource, use a different, unique network name and IP address for the resource.

Important

We recommend that you do not use file shares on data drives, because they can affect SQL Server behavior and performance.

Even though SQL Server supports both Named Pipes and TCP/IP Sockets over TCP/IP within a cluster, we recommend that you use TCP/IP Sockets in a clustered configuration.

ISA server isn't supported on Windows Clustering and is also not supported on SQL Server failover clusters.

The Remote Registry service must be up and running.

Remote Administration must be enabled.

For SQL Server instances using a non-default port, use the network configuration of the SQL Server Configuration Manager to determine the port used by the SQL Server instance you want to unblock. Enable the TCP port for IPALL in the firewall if you want to connect to your SQL Server instance using the SQL Server Browser Service, which uses a different IP address than the clustered instance, and UDP port 1434.

Failover cluster Setup operations include a rule that checks network binding order. Although binding orders might seem correct, you might have disabled or "ghosted" NIC configurations on the system. "Ghosted" NIC configurations can affect the binding order and cause the binding order rule to issue a warning. To avoid this situation, use the following steps to identify and remove disabled network adapters:

  1. At a command prompt, type: set devmgr_Show_Nonpersistent_Devices=1

  2. Type and run: start devmgmt.msc

  3. Expand the list of network adapters. Only the physical adapters should be in the list. If you have a disabled network adapter, Setup will report a failure for the network binding order rule. Control Panel/Network Connections will also show that adapter was disabled. Confirm that Network Settings in the Control Panel show the same list of enabled physical adapters that devmgmt.msc shows.

  4. Remove disabled network adapters before you run SQL Server Setup.

  5. After the Setup finishes, return to Network Connections in Control Panel and disable any network adapters that aren't currently in use.

Verify your operating system

Make sure that your operating system is installed properly and is designed to support failover clustering. The following table is a list of SQL Server editions and the operating systems that support them.

SQL Server edition Windows Server 2022 Datacenter Windows Server 2022 Datacenter: Azure Edition Windows Server 2022 Standard
SQL Server 2014 (12.x) Enterprise (64-bit) x64 1 No No No
SQL Server 2014 (12.x) Enterprise (32-bit) No No No
SQL Server 2016 (13.x) Enterprise No No No
SQL Server 2016 (13.x) Standard No No No
SQL Server 2017 (14.x) Enterprise Yes Yes Yes
SQL Server 2017 (14.x) Standard Yes Yes Yes
SQL Server 2019 (15.x) Enterprise Yes Yes Yes
SQL Server 2019 (15.x) Standard Yes Yes Yes
SQL Server 2022 (16.x) Enterprise Yes Yes Yes
SQL Server 2022 (16.x) Standard Yes Yes Yes
SQL Server edition Windows Server 2019 Datacenter Windows Server 2019 Standard Windows Server 2016 Datacenter Windows Server 2016 Standard
SQL Server 2014 (12.x) Enterprise (64-bit) x64 1 Yes Yes Yes Yes
SQL Server 2014 (12.x) Enterprise (32-bit) Yes Yes
SQL Server 2016 (13.x) Enterprise Yes Yes Yes Yes
SQL Server 2016 (13.x) Standard Yes Yes Yes Yes
SQL Server 2017 (14.x) Enterprise Yes Yes Yes Yes
SQL Server 2017 (14.x) Standard Yes Yes Yes Yes
SQL Server 2019 (15.x) Enterprise Yes Yes Yes Yes
SQL Server 2019 (15.x) Standard Yes Yes Yes Yes
SQL Server 2022 (16.x) Enterprise Yes Yes Yes Yes
SQL Server 2022 (16.x) Standard Yes Yes Yes Yes

1 SQL Server clusters aren't supported in WOW mode. That includes upgrades from previous versions of SQL Server failover clusters that were originally installed in WOW. For those, the only upgrade option is to install the new version side by side and migrate.

Additional considerations for multi-subnet configurations

The sections below describe the requirements to keep in mind when installing a SQL Server multi-subnet failover cluster. A multi-subnet configuration involves clustering across multiple subnets, therefore involves using multiple IP addresses and changes to IP address resource dependencies.

SQL Server edition and operating system considerations

For a list of features supported by the editions of SQL Server on Windows, see:

To create a SQL Server multi-subnet failover cluster, you must first create the Windows Server multi-site failover cluster on multiple subnets.

SQL Server failover cluster depends on the Windows Server failover cluster to make sure that the IP dependency conditions are valid if there's a failover.

Windows Server 2008 R2 and later versions require that all the cluster servers must be in the same Active Directory domain. Therefore, SQL Server multi-subnet failover cluster requires that all the cluster nodes be in the same Active Directory domain even if they are in different subnets.

IP address and IP address resource dependencies

  1. The IP Address resource dependency is set to OR in a multi-subnet configuration. For more information, see Create a New SQL Server Failover Cluster (Setup)

  2. Mixed AND-OR IP address dependencies aren't supported. For example, <IP1> AND <IP2> OR <IP3> isn't supported.

  3. More than one IP address per subnet isn't supported.

    If you decide to use more than one IP address configured for the same subnet, you may experience client connection failures during SQL Server startup.

For more information about Windows Server 2008 R2 multi-site failover, see Windows Server 2008 R2 Failover Clustering Site and Design for a Clustered Service or Application in a Multi-Site Failover Cluster.

Configure Windows Server Failover Cluster

Microsoft Cluster Service (WSFC) must be configured on at least one node of your server cluster. You must also run SQL Server Enterprise, SQL Server Business Intelligence, or SQL Server Standard with WSFC. SQL Server Enterprise support failover clusters with up to 16 nodes. SQL Server Business Intelligence and SQL Server Standard supports two-node failover clusters.

The resource DLL for the SQL Server service exports two functions used by WSFC Cluster Manager to check for availability of the SQL Server resource. For more information, see Failover Policy for Failover Cluster Instances.

WSFC must be able to verify that the failover clustered instance is running by using the IsAlive check. This requires connecting to the server by using a trusted connection. By default, the account that runs the cluster service isn't configured as an administrator on nodes in the cluster, and the BUILTIN\Administrators group doesn't have permission to log into SQL Server. These settings change only if you change permissions on the cluster nodes.

Configure Domain Name Service (DNS) or Windows Internet Name Service (WINS). A DNS server or WINS server must be running in the environment where your SQL Server failover cluster will be installed. SQL Server Setup requires dynamic domain name service registration of the SQL Server IP interface virtual reference. DNS server configuration should allow cluster nodes to dynamically register an online IP address map to Network Name. If the dynamic registration can't be completed, the Setup fails, and the installation is rolled back. For more information, see KB947048 (archived link).

Install Microsoft Distributed Transaction Coordinator (MSDTC)

Before installing SQL Server on a failover cluster, determine whether the Microsoft Distributed Transaction Coordinator (MSDTC) cluster resource must be created. If you're installing only the Database Engine, the MSDTC cluster resource isn't required. If you're installing the Database Engine and SSIS, Workstation Components, or if you'll use distributed transactions, you must install MSDTC. MSDTC isn't required for Analysis Services-only instances.

On Windows Server 2008 and later versions, you can install multiple instances of MSDTC on a single failover cluster. The first instance of MSDTC that is installed will be the cluster default instance of MSDTC. SQL Server will take advantage of an instance of MSDTC installed to the SQL Server local cluster resource group by automatically using the instance of MSDTC. However, individual applications can be mapped to any instance of MSDTC on the cluster.

The following rules are applied for an instance of MSDTC to be chosen by SQL Server:

  • Use MSDTC installed to the local group, else

  • Use the mapped instance of MSDTC, else

  • Use the cluster's default instance of MSDTC, else

  • Use the local machine's installed instance of MSDTC

Important

If the MSDTC instance that is installed to the local cluster group of SQL Server fails, SQL Server does not automatically attempt to use the default cluster instance or the local machine instance of MSDTC. You would need to completely remove the failed instance of MSDTC from the SQL Server group to use another instance of MSDTC. Likewise, if you create a mapping for SQL Server and the mapped instance of MSDTC fails, your distributed transactions will also fail. If you want SQL Server to use a different instance of MSDTC, you must either add an instance of MSDTC to the local cluster group of the SQL Server or delete the mapping.

Configure Microsoft Distributed Transaction Coordinator

After you install the operating system and configure your cluster, you must configure MSDTC to work in a cluster by using the Cluster Administrator. Failure to cluster MSDTC won't block SQL Server Setup, but SQL Server application functionality may be affected if MSDTC isn't properly configured.

See also

Next steps