Consider one of the following scenarios.
The following is the only relevant error message that appears in the node's System Event Log if the node experiencing this issue is already a cluster member (Scenario 1 listed above).
If the node is not a cluster member yet and you try to add it (Scenario 2 listed above), the following event might be logged in addition to the above one.
If you run Failover Cluster Validation Wizard it founds no issues since all the necessary firewall rules are in place and enabled.
(It would help, though, if the issue is with Firewall Rules or network connectivity indeed. See the links section in the end of this article for more details on such cases).
If the Failover Cluster Validation Wizard doesn't detect the issue it is most likely due to the state of Windows Firewall. It can be a problem with the switch configuration. (In example Auto DoS / Storm Protection in some HP's switch will block the UDP's packet conversation in the initial handshake)
Launch Server Manager MMC for the servers in question. Navigate to Configuration → Windows Firewall With Advanced Security. From the Actions pane, click Properties. Ensure that for all profiles (not only the Domain one) the Inbound connections setting is not set to Block all connections. Acceptable options are either Block (default) or Allow. If the switch, in a HP it should look that way :
If you are unsure whether the cluster problems are caused by Windows Firewall you may use the following command to temporary disable the firewall on all cluster nodes at once.
Below is the listing of the Windows Firewall exception properties. This exception is created by default when Windows Failover Clustering feature is installed. This means that the exception is in place even before the node is joined to the cluster.
netsh advfirewall firewall show rule name="Failover Clusters (UDP-In)" verbose
Rule Name: Failover Clusters (UDP-In) ---------------------------------------------------------------------- Description: Inbound rule for Failover Clusters to allow internal cluster communication by the cluster virtual network adapter. [UDP 3343] Enabled: Yes Direction: In Profiles: Domain,Private,Public Grouping: Failover Clusters LocalIP: Any RemoteIP: Any Protocol: UDP LocalPort: 3343 RemotePort: 3343 Edge traversal: No Program: System InterfaceTypes: Any Security: NotRequired Rule source: Local Setting Action: Allow
Ok.
If, for whatever reason, Windows Firewall settings in your environment block the intra-cluster communications, you'd want to make sure your exceptions have the same or less restrictive settings.
The following articles describe similar yet different scenarios.
Richard Mueller edited Revision 12. Comment: Fixed duplicate <a name> tags in HTML
Richard Mueller edited Revision 11. Comment: Replace RGB values with color names in HTML to restore colors
Yagmoth555 edited Revision 9. Comment: adding content
Pronichkin edited Revision 6. Comment: Added Windows Firewall exception example. Added AskPFEPlat blog link.
Pronichkin edited Revision 4. Comment: prettified the PowerShell code
Pronichkin edited Revision 3. Comment: enhanced formatting
Pronichkin edited Revision 2. Comment: fixed the powershell code
Pronichkin edited Revision 1. Comment: Added the command to temporary disalbe Windows Firewall on all cluster nodes
Pronichkin edited Original. Comment: Fixed title