🟠 High   ⏱ 5–30 min  Last verified: 18 May 2026
Affected versions: Windows Server 2022

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Cluster reports witness unavailable after Azure Storage key rotation. Quorum resiliency drops and node failures become higher risk.

Environment & Reproduction

Seen in clusters using Cloud Witness with manual credential updates. Reproduces after rotating keys without updating cluster quorum config.

Get-ClusterQuorum
Get-ClusterLog -UseLocalTime -Destination C:Temp

Root Cause Analysis

Stored access key in cluster witness settings no longer matches active storage account key. Network ACL or TLS policy can compound the issue.

Quick Triage

Validate internet egress, DNS resolution, and current cloud witness account state.

Resolve-DnsName .blob.core.windows.net
Test-NetConnection .blob.core.windows.net -Port 443

Step-by-Step Diagnosis

Compare active key in Azure with cluster configuration and inspect clustering events for authentication failures.

Get-WinEvent -LogName System -MaxEvents 200 | ? {$_.ProviderName -match 'FailoverClustering'}
Get-Cluster | fl *
Illustrative mockup for windows-server-2022 β€” terminal_or_powershell
Cloud witness key validation output β€” Illustrative mockup β€” Progressive Robot

Solution – Primary Fix

Reapply Cloud Witness using the new storage key and confirm quorum health.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Set-ClusterQuorum -CloudWitness -AccountName  -AccessKey 
Get-ClusterQuorum
Illustrative mockup for windows-server-2022 β€” event_or_log_viewer
Cloud witness reconnect confirmation β€” Illustrative mockup β€” Progressive Robot

Solution – Alternative Approaches

Temporarily move to file share witness while cloud connectivity or key rotation process is corrected.

Set-ClusterQuorum -NodeAndFileShareMajority \fsw01clusterwitness

Verification & Acceptance Criteria

Witness status is online, quorum type expected, and cluster survives node pause test.

Get-ClusterQuorum
Suspend-ClusterNode -Name  -Drain
Resume-ClusterNode -Name

Rollback Plan

Revert witness method to previously documented file share or disk witness if cloud auth remains unstable.

Set-ClusterQuorum -NodeMajority

Prevention & Hardening

Automate key rotation runbook with immediate cluster witness update and post-change health checks.

Also check for proxy interception, TLS inspection breaks, or firewall egress changes that block blob endpoints.

View all Windows Server 2022 tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Microsoft Learn: Cloud Witness, Azure Storage security key rotation, and Windows Server 2022 clustering operations.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.