A Windows File Share Witness is a file share that is available to all nodes in a high availability (HA) cluster. The job of the Witness is to provide an additional quorum vote when necessary in order to ensure that a cluster continues to run in the event of a site outage.
There are numerous articles and blogs about how to create a cloud witness in Azure and the procedure is relatively painless unless you are aware of one little gotcha!
I planned to decommission the last remaining on-premise file server, however it was hosting the file witness share for my HCI failover 2016 cluster. The steps and the subsequent issues i faced and work around are listed below:
Remove the current file witness from the cluster config so there is no witness configured for the cluster. You will receive an error but this can be safely ignored. Please remember to not conduct any cluster maintenance whilst there is no quorum configured.
Setup an Azure file storage account for the witness share.
We com back to the cluster and configure the cloud witness from the cluster. From the cluster configuration select the cloud witness option. During setup of the cloud witness i received the following error.
4. The cluster server could not reach the Azure storage over port 443, so opened this one every HCI node on the cluster, I also found the HTTPS 443 been blocked on the corporate firewall.
5. I managed to to bypass proxy for all our three nodes and established a successful connection to Azure storage.
6. I again tried to create the cloud witness and this time we received a different error.
7. This error was caused by the fact that we had created an ARM storage account model rather than the classic deployment model which works for witness file shares (Choose classic deployment model).
8. After the classic account was created i again tried creating the cloud file witness share from the failover cluster manager and this time it completed successfully!