- SAP Managed Tags
In this blog, I present you a new tool for checking your existing Windows Server Failover Cluster setup, with or without SAP resources: The Cluster Check Tool.
The Cluster Check Tool collects configuration and logging data from your Windows Server Failover Cluster. Based on the collected information, the Cluster Check Tool validates your configuration and checks for common misconfigurations, for example:
- Cluster specific: Quorum configuration, Properties for Resource Groups and Resources, Resource Group Dependencies
- Cluster Nodes: Operating System Version, Version of SAPRC.dll, Windows Service Startup types, Permissions for file System objects and network share
- Network configuration: Forward/Backward Name Resolution of IP Addresses and Hostnames
Disclaimer: This tool is not part of the SAP Products and thus not officially supported by SAP. It was designed to help our customers and supporters to identify potential misconfigurations. Use it at your own risk.
Get and run the Cluster Check Tool
Get the latest version
You can find the latest version of the Cluster Check Tool attached to SAP Note 2624843 - How to check a Windows Failover Cluster configuration?
Advance information
For more details about how to upgrade the .NET Framework and the WMF, see:
- .NET Framework - System requirements: https://docs.microsoft.com/en-us/dotnet/framework/get-started/system-requirements
- .NET Framework - Installation guide: https://docs.microsoft.com/en-us/dotnet/framework/install/
- .NET Framework - Download: https://dotnet.microsoft.com/en-us/download
- Install and Configure WMF 5.1: https://docs.microsoft.com/en-us/powershell/scripting/windows-powershell/wmf/setup/install-configure...
System Requirements
Every node of the Cluster must fulfill the following system requirements:
- Windows Server 2012 or later, x64 only
- .NET Framework 4.5.2 or later on the cluster node which is used to start the Cluster Check Tool
- The Windows Feature ".NET Framework 3.5 (includes .NET 2.0 and 3.0)" or ".NET Framework 4.x"
- You can use the following PowerShell command to check the installation state of this Windows Features:
- .NET Framework 3.5: Get-WindowsFeature -Name NET-Framework-Core
- .NET Framework 4.x: Get-WindowsFeature -Name NET-Framework-45-Core
- You can use the following PowerShell command to check the installation state of this Windows Features:
- Windows Management Framework 3.0 or later. You can get the Windows Management Framework 3.0 using the link https://www.microsoft.com/en-us/download/details.aspx?id=34595
- PowerShell 3.0 or later.
- PowerShell Remoting must be enabled
- The user used to run the Cluster Check Tool must be at least a member of the Active Directory group “Domain Users” and member of the local “Administrators” group on each node of the cluster.
- Disk space: The required disks space mainly depends on the size of the created cluster logs and the size of the work folders of your SAP installation. Depending on the number of cluster nodes, the size of each cluster log file and the size of you SAP systems work folders, the size of the collected data can exceed several Gigabytes!
Note: If the Cluster Check Tool is executed on a system which is not member of a Windows Server Failover Cluster, all cluster related checks will be skipped. There are also some checks which return false warnings if the Cluster Check Tool is not run on a cluster node!
Running the Cluster Check Tool
Beforehand: It is not necessary to run the Cluster Check Tool on more than one node of the cluster.
Extract the archive to a local directory on one node of the cluster, for example C:\Cluster Check Tool.
Open an elevated PowerShell, navigate to the directory containing the Cluster Check Tool and run the PowerShell script Run-ClusterCheckTool.ps1:
cd "C:\Cluster Check Tool"
.\Run-ClusterCheckTool.ps1
Please note: The Cluster Check Tool runs some prerequisite checks on the local system before starting the data collection on the cluster. If one of the prerequisite checks fails the execution will be canceled and the prerequisite check results will be displayed. You can rerun the tool after you have fixed the reported issues.
If you have troubles using the Run-ClusterCheckTool.ps1 PowerShell script, you can run the Cluster Check Tool directly from an administrative (!) command prompt. Please do not forget to specify the -outdir parameter when calling ClusterCheckTool.exe (this is the location to which the Cluster Check Tool will write the collected data and the created archive file).
cd "C:\Cluster Check Tool"
.\ClusterCheckTool.exe -outdir "c:\temp\cct"
Wait until the Cluster Check Tool has collected all required information from your cluster. This may take some minutes depending on the performance of your cluster nodes. After the cluster check tool completed his work successfully, the report is opened automatically.
You should find a ClusterReport_<Timestamp> directory in the directory where the Run-ClusterCheckTool.ps1 is located. This directory contains all data that was collected by the Cluster Check Tool:
ClusterReport_<Timestamp>
- Cluster
- ClusterKeyExport.reg: An export of the registry HKLM\Cluster
- Logs: This directory contains the cluster log files
- Nodes
This directory contains one subdirectory<clusternodename> for each node storing the collected data - SAPSystems
This directory contains one subdirectory <SID> for each detected SAP System storing the collected data - ClusterReport.html
The Cluster Check Report - PrerequisiteCheck.html
The results of the prerequisite checks
The ZIP-Archive ClusterReport_<Timestamp>.zip is a compressed version of the ClusterReport_<Timestamp> directory. For example, you can attach this archive file to your incidents to provide us additional information about your cluster environment.
How it works
First, the Cluster Check Tool runs a set of prerequisite checks to ensure that it can collect the required data (Step 1). These also includes the check for the system requirements.
If the prerequisite checks passed successfully, the Cluster Check Tool collects information from the Windows Server Failover Cluster (Step 2😞 The resource groups, resources, and nodes of the cluster and some properties for each of these objects.
For each cluster node detected in step 2, detailed system information is queried mainly using WMI and Remote PowerShell calls (Step 3).
Based on the data from Step 2 and Step 3, the Cluster Check Tool detects the running SAP Systems and collects relevant information for each of these SAP Systems.
Known Issues
Windows Defender - User and Group membership reconnaissance (SAMR)
The CCT collects necessary user and group information for all relevant accounts on the analyzed cluster nodes. This user and groups queries are processed by the Windows Domain Controllers of the AD. Depending on the configuration of Windows Defender for Identity, this may trigger a "User and Group membership reconnaissance (SAMR) event" (https://learn.microsoft.com/en-us/defender-for-identity/reconnaissance-discovery-alerts#user-and-gro...).
This event (triggered by running the CCT) can be safely ignored.
Bluesky| User | Count |
|---|---|
| 47 | |
| 38 | |
| 37 | |
| 30 | |
| 30 | |
| 28 | |
| 26 | |
| 26 | |
| 24 | |
| 24 |
