Recently, I was trying to simulate a client’s environment for which I need to have windows cluster with cloud witness. It didn’t go well, and I encountered an error message. In this blog, I will share the solution of error – “The client and server cannot communicate, because they do not possess a common algorithm” which I received while adding cloud witness. I was following below documentation: Deploy a Cloud Witness for a Failover Cluster
Here is the screenshot of the error message.
The text of the message is as follows.
An error was encountered while modifying the quorum settings.
Your cluster quorum settings have not been changed.
The client and server cannot communicate, because they do not possess a common algorithm.
Based on my earlier experience, this error can be seen when client and server do not talk using the same version of TLS protocols. Based on my search I found that the communication between storage account and cluster nodes happens on using TLS 1.0. The error appeared because TLS 1.0 was disabled on the server. To overcome this, we can use below PowerShell commands to use TLS1.2 for cloud quorum setup.
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Set-ClusterQuorum -Cluster ClusterName -CloudWitness -AccountName "NameOfStorageAccount" -AccessKey "AccessKeyForStorageAccount"As you can see command ran successfully and witness for setup correctly.
Have you encountered some other error while deploying cloud witness?
Reference: Pinal Dave (https://blog.sqlauthority.com)
6 Comments. Leave new
Hi Pinal,
I have configured windows cluster on win2019 , its uses new feature distributed server name for cluster name and does not have static IP. Am not able to configure quorum witness getting this error.
Set-ClusterQuorum : ERROR CODE : 0x80131500; NATIVE ERROR CODE : 1.
WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer clustername.com. Verify that the computer exists on the network and that the name provided is spelled correctly.
Ali did you ever figure this out?
Yes, after running the above TLS command and also clustername was not properly crated in AD but IT
Dave,
Great solution as always. My error message was “The TLS version of the connection is not permitted on this storage account.”
Your solution only works if you execute both lines in Powershell in the server.
When I executed “[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12” in PowerShell (in the cluster server), then tried to add the witness in the Failover Cluster Manager UI (from my desktop), and it would give me the error again. So, it all has to be performed inside of one of the cluster servers.
P.S. You content has been invaluable for me for over 15 years. Thank you very much!
yesssss! I escalated to microsoft last night and spent 4 hours working with him to fix this issue and this page did the trick! My cloud witness is now in place. thanks!
Great information here thanks so much.
I am receiving a general winrm kerberos error when trying to setup a cloud witness to a private endpoint. 443 is open between blob and sql nodes, but I am seeing
‘winrm cannot process the request. the following error with error code 0x80090322 occurred while using kerberos authenticationan unknown security error occurred’
Any ideas?