22 Nov 2015

Configuring Cloud Witness on Server 2016 Cluster fails: Server failed to authenticate the request

While preparing my Demo Environment for the next TechNet Event, in fact re-bulding it with Technical Preview 4, I stumbled over an error while configuring the Cloud Witness for the storage clusters. Cloud Witness is a new feature of Server 2016. To have a Quorum for your clusters you can now leverage a file share resource on your Azure Storage Account. See here for more information about Cloud Witness.

However, I have configured this functionality now quite a few times, but this time I got the following error:

Set-ClusterQuorum : Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the
signature.
RequestId:e1258a19-0001-0020-720b-2596d2000000
Time:2015-11-22T09:56:01.1548088Z
At line:1 char:1
+ Set-ClusterQuorum -Cluster $Cluster1 -CloudWitness -AccountName drmir …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [Set-ClusterQuorum], ClusterCmdletException
+ FullyQualifiedErrorId : Set-ClusterQuorum,Microsoft.FailoverClusters.PowerShell.SetClusterQuorumCommand

The reason for this error to occur is so simple, that I really thought if it is worth to create a post, but on the other hand it could help people to save time while digging in the wrong corner.

The root cause of this was a time sync issue between my Cluster nodes and Azure. In other words, I messed up with NTP configuration on my Lab Domain Controller. After I fixed the timing, the command run as expected.

Set-ClusterQuorum -Cluster yourcluster -CloudWitness -AccountName yourstorageaccount -AccessKey YouWontgetmyKeyHereofCourse:-)=='

Inaccurate time settings can lead to other errors interacting with your Azure Storage Account as well, as it does with your on-premises services using Kerberos of course.

Hope this helps!