Given below are the port requirements for connectivity among the nodes of a WSFC (as per my experience with a WSFC comprising 4 nodes running Windows Server 2012 Standard). This connectivity is required for node join (during cluster creation) and normal cluster operations.
|1.||3343||TCP and UDP|
|4.||49152-65535||TCP and UDP|
NOTE: The dynamic port range above may be customized, but I don’t know if it has to be as big as the default range.
Well, I was involved in building a multi-site (2 sites) WSFC using Windows Server 2012 Standard to host a SQL Server 2012 AlwaysOn Availability Group. After opening the required ports on the firewalls in both sites, we could not create a cluster. i.e. we could not join a node from the other site. When we opened all ports on our firewalls (just to test), the cluster could be created. When I raised a ticket with Microsoft and their technician pointed me to the same Microsoft KB Article which we referred to in the first place.
Our SysAdmins did not experience similar problems when creating Windows Server 2008 clusters, but those clusters were local to a site.
So, I enabled Windows Firewall Logging on the node on which I attempted to create a cluster and then tried to add a node from the remote site. From outbound connection logging, I observed that apart from the ports specified in the Microsoft KB article, the cluster creation was trying to “ping” the remote node. And ICMP was not allowed between our nodes across sites! When ICMP was enabled, our cluster was created.
I’m primarily from a *nix background and do not know if it is well known in the “Windows world” that ICMP is a requirement for WSFC. However, Microsoft’s KB article on port requirements should have been comprehensive and mentioned ICMP.
UPDATE (07-AUG-2013): Microsoft Support just called me and acknowledged that this important information (ICMP required for WSFC) is missing from their public documentation and they would update the same KB article.