Dist Cache/AppFabric not installing on new WFE in a DMZ

https://sharepoint.stackexchange.com/questions/238259

12-01-2021
|

Pregunta

Does anybody have any experience with adding a WFE which is in a DMZ?

Trying to do this for a client and whilst the correct ports seem to be open, the install/config script dies on the step to provision the Distributed Cache.

All of the appropriate ports (22233 to 22236, inclusive) are open in the firewall and telnet tests indicated that they are working.

Trying a "user-cachecluster" yields an "ErrorCode:SubStatus:Failed to connect to hosts in the cluster" exception.

Trying "connect-afcacheclusterconfiguration" gives the same exception and "Get-AFCacheHostStatus" gives "ErrorCode:SubStatus:Cache host is not reachable." for each of the existing servers in the farm.

A literature search on these errors yields some results but nothing that has helped nor anything relevant to the scenario of adding a server in a DMZ.

In case it helps...

https://blogs.msdn.microsoft.com/sambetts/2015/04/02/sharepoint-appfabric-error-failed-to-connect-to-hosts-in-the-cluster/

discusses using "Export-CacheClusterConfig" to confirm the config in case there is a rogue entry.

In this case, the new server I wish to add is missing and there does not appear to be any incorrect entries.

I started to go down the "rabbit hole" of trying to add it myself but then ran into other similar issues.

As you can expect, this is becoming quite stressful and urgent; any ideas/advice would be appreciated! Thanks in advance...

Solución

Okay, to answer the follow up questions above:

1/. The client specifically requested this architecture. This was adding to an existing, working farm where the existing servers were in the same network zone.

2/. Bi-directional comms on ports 22233 to 22236, inclusive was provisioned/opened.

3/. I used the same AutoSPInstaller script (but with new server added, of course) as the original farm deploy.

The resolution was:

1/. As per https://technet.microsoft.com/en-us/library/jj717234.aspx, inbound ICMPv4 traffic was turned on.

2/. To be able to add a distributed cache service instance the new server needs access to be able to edit the registry on the cache host PC 2a/. Enable service “Remote Registry” 2b/. Enable windows firewall rule “Remote Service Management (NP-in)” 2c/. Allow port 445 inbound/outbound though firewall

Licenciado bajo: CC-BY-SA con atribución

No afiliado a sharepoint.stackexchange