W
WinWin Pro
Guest
Hi,
We are having a problem with Windows cluster(Windows 2012 R2)with encrypted shared storage as follows:
At the beginning, all shared storage drives were mounted in the Windows cluster and the failover between 2 cluster nodes were always successful. Later on, bitlocker encryption was added to the shared storage by the following methods.
1) install BitLocker feature in Windows Server on each cluster server
2) set "AES 256" in "Choose drive encryption method and cipher strength" in group policy ("Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption") on each cluster server
3) turn on maintenance mode on the clustered disk to be encrypted in failover cluster manager
4) disable shadow copies on the clustered disk if it is enabled
5) run powershell
6) type "manage-bde -on <drive:> -recoverypassword
7) type "manage-bde <drive:> -protectors -add -sid <clusternode$>
8) turn on shadow copies of the clustered disk if necessary
9) turn off maintenance mode of the clustered disk in failover cluster manager
The Windows cluster with bitlocker encrypted shared disks had been used for almost 5 years without any issue until yesterday. The cluster failover(for maintenance reason) was unsuccessful and all shared disk failed in the cluster node. We had to unlock the shared drive by encryption key, removed them from the cluster and decrypt the drives before adding back to the cluster. We also could not perform the same method mentioned above for encryption in the cluster anymore. The clustered disk would go to fail state once we performed the same method above.
My question is:
How could we encrypt the shared storage in the cluster node and prevent the encryption failure from happening again?
Continue reading...
We are having a problem with Windows cluster(Windows 2012 R2)with encrypted shared storage as follows:
At the beginning, all shared storage drives were mounted in the Windows cluster and the failover between 2 cluster nodes were always successful. Later on, bitlocker encryption was added to the shared storage by the following methods.
1) install BitLocker feature in Windows Server on each cluster server
2) set "AES 256" in "Choose drive encryption method and cipher strength" in group policy ("Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption") on each cluster server
3) turn on maintenance mode on the clustered disk to be encrypted in failover cluster manager
4) disable shadow copies on the clustered disk if it is enabled
5) run powershell
6) type "manage-bde -on <drive:> -recoverypassword
7) type "manage-bde <drive:> -protectors -add -sid <clusternode$>
8) turn on shadow copies of the clustered disk if necessary
9) turn off maintenance mode of the clustered disk in failover cluster manager
The Windows cluster with bitlocker encrypted shared disks had been used for almost 5 years without any issue until yesterday. The cluster failover(for maintenance reason) was unsuccessful and all shared disk failed in the cluster node. We had to unlock the shared drive by encryption key, removed them from the cluster and decrypt the drives before adding back to the cluster. We also could not perform the same method mentioned above for encryption in the cluster anymore. The clustered disk would go to fail state once we performed the same method above.
My question is:
How could we encrypt the shared storage in the cluster node and prevent the encryption failure from happening again?
Continue reading...