When I was in training as an Active Directory admin, I was taught that the disk(s) where the Active Directory database and Active Directory transaction logs reside are automatically configured with write-back caching disabled.
Today, roughly 15 years later, I found out that although my teacher was right, things have changed and might be counter-intuitive for most admins of my generation.
The situation
You manage an Active Directory Domain Controller that runs Windows Server 2012, Windows Server 2012 R2, or up, and it is configured as a Generation 2 Virtual Machine on top of a Hyper-V environment, running Windows Server 2012, Windows Server 2012 R2, or up.
The issue
In Event viewer, you receive regular events with event-ID 1539 and source ActiveDirectory_DomainService, stating the Active Directory Domain Services could not disable the software-based disk write cache on the following hard disk. Data might be lost during system failures.
An example of such an event is depicted below, for a virtual Domain Controller, where the Active Directory database and Active Directory transaction logs reside on a separate disk, labeled F:
Additionally, on the virtual Domain Controller, when you open Device Manager (devmgmt.msc) and inspect the disk(s) where the Active Directory database and Active Directory transaction logs reside, you notice a warning stating This device does not allow its write-caching setting to be changed.:
The cause
The events are logged, because the Active Directory service tries to disable write-back caching. It fails in doing so, because the virtual machine is not able to request this from the Hyper-V host, because the disk is not an IDE disk.
Generation 2 Virtual Machines on Hyper-V no longer offer the ability for Hyper-V admins to add IDE disks. The IDE controller is absent and the only type of disks you can use, add and remove on Generation 2 Virtual Machines are SCSI disks.
SCSI disks support Forced Unit Access (FUA) flag for storage. This flag specifies that the drive should write the data to stable media storage before signaling is finished.
As per KB2801713 , Microsoft states the following:
FUA, if set by the guest, is propagated to the host and to the host storage stack. The host physical disk system must satisfy at least one of the following criteria to make sure of virtualized workload data integrity through power faults:
- The system uses server-class disks (SCSI, Fibre Channel).
- The system makes sure that the disks are connected to a battery-backed caching host bus adapter (HBA).
- The system uses a storage controller (for example, a RAID system) as the storage device.
- The system makes sure that power to the disk is protected by an uninterruptible power supply (UPS).
- The system makes sure that the disk's write-caching feature is disabled.
An extra tidbit of information
For Windows Server 2012-based virtual Domain Controllers, an update is available for when you’re running it as a virtual machine on Windows Server 2012 or Windows Server 2008 R2 Hyper-V. It resolves an issue when the disks attached to the Virtual Machine are IDE-connected successfully report to the Virtual Machine that write-back caching is disabled, while it’s not.
After you install KB2853952, the IDE disk will know the underlying hardware does not offer write-back caching and you will experience the above mentioned Event-ID 1539 and warning in Device Manager (devmgmt.msc).
The solution
When you’ve virtualized Domain Controllers with IDE-disks on top of Windows Server 2008 R2 or Windows Server 2012-based Hyper-V hosts, make sure you’ve installed KB2853952 on the Hyper-V Hosts.
You can safely ignore the events in the event log and the warning in device manager, when you’re using Generation 2 virtual Domain Controllers with SCSI-disks on Hyper-V hosts with hardware that supports FUA. (see the list above)
In all other situations where you receive Event-ID 1539, make sure the underlying hardware supports FUA. (see the list above)
Related knowledgebase articles
2801713 Hyper-V storage: Caching layers and implications for data consistency
2853952 Loss of consistency with IDE-attached virtual hard disks when a Hyper-V host server experiences an unplanned restart
Further reading
SCSI vs IDE disks in Domain Controllers running as Virtual Machines on Hyper-V in Windows Server 2008 R2
Deployment Considerations for Virtualized Domain Controllers
Keeping your Virtual Active Directory Domain Controllers Safe
Hat Tip
Much of the information in this blog post came from Hans Vredevoort, my colleague at inovativ, with whom I was able to discuss the situation in depth. Thanks Hans!
Hello,
This statement is a bit misleading: "It fails in doing so, because the virtual machine is not able to request this from the Hyper-V host, because the disk is not an IDE disk." In fact, all requests by a VM to disable the disk cache will be rejected by Hyper-V, regardless of the underlying disk type or whether it is attached by virtual IDE or virtual SCSI, and whether the VM is Gen 1 or 2. This is by design, as that would affect all VMs running on the same disk, and because there's no reliable way for the host to inform the VMs to allow them to adjust if the VHD is live migrated to another disk that doesn't support disabling the cache. So all VMs are expected to assume the disk cache is enabled, and request FUA or flush buffers as necessary and expedient.
The recommendations listed in "Solutions", however, are correct. Since a DC running in Hyper-V will also see that it can't disable the cache, it will send FUA with writes, so you must make sure your VHDs are only ever put on disks that support FUA. If you do that, then updates to the Active Directory database will be written directly to the platter by the disk.
Jeffrey Fox