Retrieving Cluster Error 1135 From Servers

In some of the recent posts you will have noted that there have been some issues with VMware, and also network cards dropping packets in packets received discarded.  One symptom of this is that nodes will be removed from the cluster and EventID 1135 is logged into the System log.  EventID 1135  states that the Cluster node was removed from the active failover cluster membership.  In Exchange 2010/2013 this impacts the Database Availability Group (DAG) as the databases will be moved off that server.

This is not good, and is something that warrants investigation.

To facilitate this I wrote a quick script to review the number of EventID 1135 on Exchange servers in a DAG.

Get 1135 Cluster Errors

The script is available on GitHub.

It will loop through all Exchange 2010 servers that have the mailbox role, and for each of these servers then determine how may 1135 errors are present in the system event log.  The default value is to search back for the past 90 days.

As noted in this post for filtering PowerShell, you can edit the query to select different Exchange servers.

In order to try and improve performance a FilterHashTable was used rather than Where-object:

$Events = Get-WinEvent -ComputerName $ExchangeServer.Name -ErrorAction silentlycontinue -FilterHashtable @{logname='system'; ID=$EventIDToSearch; StartTime=$SearchDate}

The output data is saved into an array called $Output.  You can edit the script to choose where the data is displayed.  Either directly under each server as it is queried, at the end of processing or to a CSV file.  By default the other are REMMED out, and the contents of $Output are written to a CSV in the directory where the script is executed from.

Comments and feedback are always welcome!



Rhoderick Milne [MSFT]

Leave a Reply

Your email address will not be published. Required fields are marked *