When a high-demanded service or website is hosted on a server, they are usually designed such that there are multiple balancing nodes. These nodes make sure that when one node fails, there are other nodes that can take care of. In the case of Windows Server, the node balancing works through a quorum system. In this guide, we will talk about the Windows File Share Witness feature.
File Share Witness & Quorum system
A quorum system is a vote-based system where a number of notes should be present to make sure they work in case of failure. Sometimes, the voting system comes to halt when there is an “even number” of total votes. The point of voting is simple. It makes sure that nodes are not overloaded. Introducing a File Share Witness act as a tiebreaker. It can provide an additional quorum vote when necessary. This makes sure that a cluster continues to run in the event of a site outage.
So if you have four nodes which are balanced in a 2-2 format, and if one of the nodes fail, other 2 nodes should be able to balance it. However, with 2-2 format, it gets stuck. If IT admins can deploy a File Share Witness which can add a vote to 2 of those existing nodes, a quorum will be reached, and nodes can take care of everything. Read more about Legacy & Modern FSW here.
What is File Share Witness feature in Windows Server?
One of the key requirement for FSW to work is that it should be part is that it must be domain joined and a part of the same forest. This criterion was important because the failover Cluster utilizes Kerberos for the Cluster Name Object (CNO) to connect and authenticate the share. This sometimes might not be possible because of several reasons including
- Poor internet connection.
- The domain controller is not available.
- No active directory CNO object
- and lastly no shared drives for a disk witness.
Keeping these scenarios in mind, Microsft added a feature in Windows 2019 which quorum system work even when it’s not part of a domain. This was possible by using a local user account on the server the FSW is connected to.
IT admins can create a local (not administrative) user account, give that local account full rights to the share, connect the cluster to the share. Here are the steps:
- Log on to SERVER and create a local user account (i.e. FSW-ACCT)
- Create a folder on the SERVER and share it out
- Give the local user account (FSW-ACCT) full rights to the share
- Log in to one of your cluster nodes and run the PowerShell command:
Set-ClusterQuorum -FileShareWitness \\SERVER\SHARE -Credential $(Get-Credential)
- You will be prompted for the account and password for which you should enter SERVER\FSW-ACCT and the password.
Further, if there is no extra server available, a USB drive connected to a router works as well. Once connected, you can set up your share name, username, and password for access. This works with SMB 2.0 and above.
You can read more about File Share Witness feature on MSDN.