Creating a Cluster with WMI

WMI offers the flexibility to manage a cluster through a programming interface from scripts as well as from more structured programming languages.  In this post I will talk about creating a cluster using WMI and some of the issues associated with the distributed nature of the cluster and WMI.

All of the classes in the cluster WMI provider are defined in the rootmscluster namespace.  The main classes in the provider which you will most likely find most useful are:

The cluster WMI provider also has a few associator classes which can be used to group objects of classes.  For example to get all of the resources in a specific resource group we would use the MSCluster_ResourceGroupToResource associator class.  Associator classes are a topic for another post.

In order to connect to the cluster WMI provider impersonation level and authentication level need to be specified.  The impersonation level must be set to Impersonate and the authentication level must be set to Packet Privacy.  This can be done in the connection options.


Set objWMIService = GetObject(“winmgmts:” _

    & “{impersonationLevel=impersonate,” _

    & “authenticationLevel=pktPrivacy}!” _

    & “\” & strComputer & “rootmscluster”)


Since impersonation is used there are some functions which can only be called from the local node.  Due to security reasons most domains only allow one impersonated connection.  Since the remote connection is impersonating the security context from the previous connection, another remote connection cannot be made.  When a remote connection is created, that becomes the one permitted impersonated connection.  Therefore any additional remote connections are not allowed.  This becomes an issue for some functions in the cluster WMI provider.  This is not an issue for domains in which the administrator has turned on delegation.  For more information see domain delegation and impersonation issues on MSDN:

The methods in the cluster WMI provider which suffer from these impersonation  issues are MSCluster_Cluster.CreateCluster, MSCluster_Cluster.AddNode, MSCluster_Cluster.EvictNode, and MSCluster_Cluster.DestroyCluster.  If you connect to the cluster from one of the cluster nodes you should be OK since you can still make the one remote connection. 

In the case of CreateCluster we make a remote connection to the node(s) being added one at a time.  Even in the case of creating a 1-node cluster, if the DCOM connection is remote, CreateCluster will fail with an access denied error. 

For AddNode, since a remote connection is needed to the node which will be added to the cluster, if the original DCOM connection is not to a local node then AddNode will fail with an access denied error. 

EvictNode can be executed successfully remotely only if the DCOM connection is made to the node which will be evicted.  Otherwise the node will be evicted but not cleaned up.  Therefore the node will need to be manually cleaned up.  This can be performed by running cluster.exe node <nodename> /force.  This can be a dangerous command since it will remove any cluster setting from the node.  It is only recommended to be used in a few cases. 

The DestroyCluster method has similar issues to that of EvictNode.  If your DCOM connection is made to a 1-node cluster then DestroyCluster will succeed.  Otherwise, if the DCOM remote connection is made to a multi-node, the cluster will be destroyed, however the remote nodes (excluding the one you are connected to) will not be cleaned up.  You will need to manually cleanup the remaining nodes using cluster.exe node <nodename> / force.  


The CreateCluster method is a static method on the MSCluster_Cluster class.  It takes four input parameters.  Here is the MOF definition of CreateCluster

void CreateCluster(

            [IN, Description (“Cluster name.”) ]

            string ClusterName ,

            [IN, Description (“Node name(s) that will form the cluster.”) ]

            string NodeNames[] ,

            [IN, Description (“IP address(es) that the cluster will use.”) ]

            string IPAddresses[] ,

            [IN, Description (“IP address subnet mask(s) or prefix lengths that the cluster will use.”) ]

            string SubnetMasks[]

    ) ;


The following VBScript will call create a cluster.  In this script first we get a connection to the cluster specifying the impersonation level as impersonate and the authentication level as packet privacy in the connection options.  Next we get an instance of the cluster object so we can fill in the input parameters.  Once the input parameters are filled in then the method is executed.  The IPAddress, NodeNames, and SubnetMasks parameters are arrays so multiple can be specified. 


NOTE: The IPAddresses and SubnetMasks must be in the correct order.  In other words the first entry in the IPAddresses array has the subnet mask of and the first entry in the SubnetMasks array.   Also the number of entries in the IPAddresses array must be the same as the number of entries in the SubnetMasks array.


If you choose to use a dynamic address specify only the network address in the IPAddresses and in the SubnetMasks the matching subnet mask.  For example if you have a dynamic address on the network then the entry in the IPAddresses array would be and the entry in the SubnetMasks array would be


Dim szServerName

Dim objClus

Dim objInParam

Dim objOutParams


strComputer = InputBox(“Enter the cluster to connect to”)

Set objWMIService = GetObject(“winmgmts:” _

    & “{impersonationLevel=impersonate,” _

    & “authenticationLevel=pktPrivacy}!” _

    & “\” & strComputer & “rootmscluster”)


‘ Obtain an Instance to the cluster object

Set objClus = objWMIService.Get(“MSCluster_cluster”)


‘ Obtain the input params to the CreateCluster method

Set objInParam = _



‘ Fill the input params

objInParam.Properties_.item(“ClusterName”) = InputBox(“Enter the cluster name”)

objInParam.Properties_.item(“IPAddresses”) = Array(<ipaddress1>, <ipaddress2> )

objInParam.Properties_.item(“NodeNames”) = Array(<nodename>)

objInParam.Properties_.item(“SubnetMasks”) = Array(<subnetmask1>,  <subnetmask2>)


Set objOutParams = objClus.ExecMethod_(“CreateCluster”, objInParam )


If Error = 0 Then

  Wscript.Echo “The cluster was successfully created”



  Wscript.Echo “The cluster was not created: ” _   & Error


End If



Noah Davidson