Part 2: Deploy a Highly Available SCVMM Instance Step-by-Step

Previous Post in Series:  Part 1:  Deploy SQL Server 2016 Availability Groups

Welcome to part 2 of the Server 2016 Features Series. As with SQL, we’re going to make use of Failover Clustering to deploy a clustered SCVMM environment in an Active-Passive setup.

Let’s dive right in!


Again as with SQL, you’ll need to deploy 2 domain joined Virtual Machines (or physical if that’s your preference). Here are the resources I’m using, modify as required for your environment.


Virtual MachinevCPURAM (GB)Storage (GB)
SCVMM128No additional storage
SCVMM228No additional storage

  • Install Failover Cluster manager on both nodes
Install-WindowsFeature -Name Failover-Clustering -IncludeManagementTools
  • Create a Failover Cluster from both SQL nodes – full guide HERE
Test-Cluster –Node SCVMM1, SCVMM2
New-Cluster –Name MyCluster –Node Server1, Server2 –StaticAddress -NoStorage
  • Apply all available Windows Updates to the VMs

Add Permissions for Cluster CNO

I covered this earlier as part of the SQL cluster deployment guide, you’ll find it HERE

Create a Cluster Quorum

I covered this earlier as part of the SQL cluster deployment guide, you’ll find it HERE

Install Windows Automated Deployment Kit (ADK)

You can get the ADK version 1607 HERE. Once downloaded, run the installer and select only the following features:

  • Deployment Tools
  • Windows Preinstallation Environment (Windows PE)

Install SQL 2014 Command Line Tools

You can download this from HERE. Before running this installer though, the prerequisite has a prerequisite…I know right! You’ll also need an ODBC driver, get it HERE

First, install the ODBC driver and then the Command line tools.

Configure Distributed Key Management for SCVMM

As we’re installing a highly available deployment of SCVMM, we need to store it’s encryption keys in Active Directory. These keys are used for encrypting some of the data stored in the SCVMM database and are tied to the computer or computers on which SCVMM is installed. Some of the items encrypted are:

  • Product Keys
  • Guest OS passwords
  • Run As accounts

To do this, is uses the Data Protection Application Programming Interface or DPAPI.

This next step will require a domain admin to create an item in Active Directory. If you can do this yourself, great, if not, pass these instructions on to your AD admin:

Launch “adsiedit.msc” from a server that has access to the domain the SCVMM servers are members of

Right click “ADSI Edit” and select “Connect to”


Connect to a domain controller, it will look something like the screenshot below


Right-click on the domain in the left pane and select “New” and then “Object”


Select “container” and click “Next”


Type in a name for your container, e.g. SCVMMDKM and click “Next” and then “Finish”

The domain account you use to install SCVMM will need to have “Full Control” permissions over the object you just created.

You will also need the Distinguished Name of the object you just created as the SCVMM installer will need it. It will look something like this:


You can get this by viewing the properties of the object, navigating to the “distinguishedName” field under the “Attribute Editor” tab and clicking “View”. Best to copy it to your clipboard as mentioned above, you’ll need it soon.


Required accounts and permissions

You will be asked to supply a SCVMM Service account during install (We’ll refer to this as our SCVMM Service Account):

  • This needs to be a domain account as our deployment is highly available
  • This account needs to be a local administrator on the SCVMM servers
  • This should be an account created specifically for this purpose

You will be asked to specify an account for connecting to the remote SQL server (We’ll refer to this as our SQL Service Account):

  • This needs to be a domain account
  • This account needs to be a sysadmin on the SQL server
  • This should be an account created specifically for this purpose

Before running the SCVMM installer, make sure you’re logged onto the server as a domain account that is a local administrator on the server.

Now that we’ve got all the prerequisites out of the way, let’s get on with the install.

Installing Virtual Machine Manager

If you’re installing the System Center 2016 evaluation for SCVMM, you can download it from HERE

First, mount your ISO and run the setup file, this will extract the required SCVMM setup files to the default directory: “System Center 2016 Virtual Machine Manager”

Once extracted, browse to the above folder and run “setup.exe”. When the installer launches, select “Install” from the menu


On the “Select features to install” page, select “VMM management server”, the console will automatically be selected too

At this point you’ll be told you’re installing VMM on a cluster node. This is confirming you want to install SCVMM as highly available…say “yes” to this.


Database Configuration Page

Enter your availability group listener FQDN you created HERE for the “Server name”

Enter the details for the SQL Service account you created earlier

Select the correct instance name from the “Instance name” drop-down. This should auto-populate however.

Select “New database”, the default given name is “VirtualManagerDB” and click “Next”


Cluster Configuration Page

Enter a name for your clustered SCVMM role. This will be the name you connect to from within the SCVMM console e.g. HAVMM.domain.local

Enter an IP address for the clustered role. This will be an IP address in the same subnet as your VMM server and cluster. Click “Next”


Configure Service Account and DKM Page

Enter the details of the SCVMM service account you created earlier

Place a tick in “Store my keys in Active Directory” and paste the Distinguished Name of the DKM container you created earlier. Now click “Next”


The defaults can be accepted on the “Port Configuration” page for the most part, but change if required within your own organisation.


The “Library configuration” page should be skipped as you have to manually set up a library share when deploying a highly available VMM instance.


All going well, you should be looking at an identical screenshot to the one below. If there are any failures or warning, these will be displayed in a box on this page.


Before going any further, there is always a setting I prefer to disable within the SCVMM console. This is the “Automatic creation of logical network” as I find it can make your logical networks a little messy depending on the state of your Hyper-V hosts when imported…maybe I’m just a control freak 🙂

Launch the VMM console and connect to the VMM cluster role name you configured above during the installer

Browse to “Settings” and then “General” in the left pane. Now select “Network Settings”


Untick “Create logical networks automatically” and select “Finish”


Install SCVMM on Second Node

For the second node, follow exactly the same process as before but with the following exceptions:

On the “Database configuration” page, you’ll only have to enter the password for the SQL Service account

On the “Configure service account and DKM” page, you’ll only have to enter the password for the SCVMM Service account

At the end of the install, you should again be looking at a screen identical to the one above.

Congratulations, you now have a highly available SCVMM instance backed by a highly available SQL database – Go have a coffee 🙂

Good coffee? Now for the fun part, building out a Scale-Out File Server cluster and adding it into the SCVMM console for management.

4 Replies to “Part 2: Deploy a Highly Available SCVMM Instance Step-by-Step”

  1. In this example you’re creating a cluster from two VMs. Is this how you’d do it in production, or would you run it on two physical machines, or as VMs in another cluster? If the last case, why create a nested cluster rather than a single HA VM in the higher-level cluster?

    1. Hi Tony,

      It totally depends on the amount of downtime (if any) that you’re willing to accept. Having them as VMs on a separate cluster, within an Availability set would provide the highest level of HA, as not only is the VM highly available but the SCVMM application itself is too. It also makes life a little easier when you need to patch the SCVMM nodes as you can just fail the SCVMM role over the other node…takes the pressure off a little. Realistically though, if you’re running a single SCVMM server that’s connecting to an HA database, that might be enough and would simplify the deployment/support overhead.

  2. why we need to use container why not OU ? ( because container cannot delegate security automatically) please give the reason with the documentation .

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.