Today PowerShell has become increasingly important in managing severs and you can use both in-band and out-of-band mechanisms that support PowerShell management for automating administration, monitoring and troubleshooting systems.
PowerShell has a bunch of robust modules that allow getting a lot of troubleshooting information. When working with clusters, especially while debugging, it gets very important to get all the logs that can be retrieved. PowerShell allows managing and troubleshooting the entire cluster. If you want to monitor a cluster remotely, you may be able to run most Cmdlets. However in case where you want to, say retrieve cluster logs, it will not let you perform this operation directly. The issue here is that this command needs to be executed on all the nodes in the cluster.
So in my example I tried the following to start with:
$sessionfirst= New-PSSession -ComputerName ClusNode1 -Authentication Kerberos
Invoke-Command -Session $sessionfirst {Get-ClusterLog}
This command returns back with an error:
Failed to generate the cluster log on node ClusNode2. Access is Denied.
This happens because though the systems are in the same domain and Kerberos authentication is setup for the session; this particular command (for retrieving the logs) requires authenticating with all the servers in the cluster. Though we setup a session to ClusNode1 the session does not set up a remote session to the other systems. This is a security mechanism to avoid inadvertent accesses.
To retrieve the cluster logs remotely using PowerShell automation, you would need to use CredSSP. “CredSSP is a Security Service Provider that allows you to authenticate in a remote machine creating a logon session that contains the user credentials.”
So on the client system, you need to enable the client role and provide the name of the delegate computer. You need to also enable the WSMAN CredSSP server role in the second server thus giving it permissions to use the credentials delegated to it.
$session=New-PSSession -ComputerName $serverFQDN -Authentication Credssp -Credential DomainName\Administrator
Invoke-Command -Session $session {Get-ClusterLog}
OUTPUT:
Mode LastWriteTime Length Name PSComputerName
---- ------------- ------ ---- --------------
-a---- 4/2/2015 6:26 PM 20794868 Cluster.log ClusNode1.DomainName.local
-a---- 4/2/2015 6:26 PM 25370434 Cluster.log ClusNode1.DomainName.local
The attached PowerShell script depicts the complete scenario of retrieving Cluster Logs from a 2 Node cluster.
Additional Resources
Managing Dell PowerEdge VRTX using Windows PowerShell