In the past week, I changed the configuration of a Failover Cluster in Windows Server 2016 that operated with a File share witness to use a Cloud Witness. In this post, I will show you how I configured a cloud witness for a failover cluster using Windows PowerShell and an Azure storage account.

This tutorial assumes that you already have a Microsoft Azure account configured and Azure PowerShell installed on your computer.


  • A Storage Account in Microsoft Azure. If you need to create a new Storage Account, check out this link.
  • A Failover Cluster in Windows Server 2016/2019

Azure Storage Account

The storage account used for this purpose must meet the following requirements.

  • Type: General purpose
  • Performance: Standard
  • Replication: Locally-redundant storage (LRS)

To configure the Cloud Witness we need to know the name of the storage account and one of the two access keys associated with the storage account.

Gets the access keys for an Azure Storage account.

To obtain this data we use Azure PowerShell. If you want to know how to install the PowerShell Azure module on your machine, check out this link.

The simplest way to get started is to sign in interactively at the command line.

This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account.
If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task we will use the following commands:

List the storage accounts in your subscription

To retrieve the list of storage accounts in the current subscription, using the Get-AzureStorageAccount cmdlet with the following syntax:


Obtain the access key of your Azure storage account

As you know An Azure Storage account comes with two account keys. To retrieve the keys, use the Get-AzStorageAccountKey cmdlet with the following syntax:


Specifies which key to retrieve. The acceptable values for this parameter are:


For Azure PowerShell version 1.3.2, and previous versions use the following syntax:

Configure Cloud Witness as a quorum witness

You should connect to one of the servers that are part of the cluster and run the following PowerShell commands as administrator.

To inspect the existing configuration of quorum witness, use the Get-ClusterQuorum cmdlet with the following syntax:


You can view the witness resource in the Failover Cluster Manager snap-in.

Failover Cluster Manager snap-in

To configure Cloud Witness as a Quorum Witness, use the Set-ClusterQuorum cmdlet:

First, use the Set-ClusterQuorum cmdlet with the -NoWitness parameter to avoid blocking errors.


And then set the Cloud Witness configuration with the following syntax:


You can verify the newly witness resource in the Failover Cluster Manager snap-in.

Cloud Witness

Important: Cloud Witness uses HTTPS (port 443) to establish communication with Azure blob service.

If you want to know more about Failover Clustering in Windows Server, check out this link: