sql server hub / always on setup

SQL Server Always On setup prerequisites

SQL Server Always On setup starts before the SQL Server wizard. The Windows cluster, edition, DNS names, IP plan, witness, storage, ports, and application connection path need to be agreed before build day.

Use this guide and calculator to plan SQL Server Always On prerequisites for Availability Groups and Failover Cluster Instances before the first production node is changed.

AGFCIWSFCDNSWITNESS

Guide

Guide~12 min readUpdated 2 Jun 2026

LinkedIn X Email

01What SQL Server Always On setup means
02SQL Server Always On prerequisites calculator
03Always On Availability Group vs Failover Cluster Instance
04SQL Server Standard vs Enterprise Always On limits
05WSFC node, domain, and cluster prerequisites
06SQL Server Always On IP, DNS, FQDN, and NIC planning
07Always On listener and FCI virtual network name prerequisites
08WSFC quorum and witness prerequisites
09Availability Group and FCI storage prerequisites
10SQL Server instance, endpoint, and database prerequisites
11Service accounts, AD permissions, and computer objects
12Ports, firewall rules, and client connection prerequisites
13SQL Server Always On pre-build checklist
14When to request a recovery readiness review

What SQL Server Always On setup means

SQL Server Always On is Microsoft's umbrella name for high availability and disaster recovery features. On Windows, production Availability Groups and Failover Cluster Instances use Windows Server Failover Clustering as the cluster layer.

An Availability Group protects databases. Each replica is a SQL Server instance on a separate WSFC node, and data moves through SQL Server log-based replication. A Failover Cluster Instance protects an instance name. The SQL Server service, virtual network name, IP resources, and shared storage move between possible owner nodes.

The setup prerequisites are therefore partly SQL Server and partly Windows infrastructure. Before setup, the team needs node names, domain membership, edition, storage approach, DNS, FQDNs, static IPs or reserved virtual IPs, cluster quorum, service accounts, firewall paths, and the connection name applications will use.

SQL Server Always On prerequisites calculator

Enter the planned Always On type, node count, edition, subnet count, listener or virtual name choice, witness type, and the design details that change the prerequisite list. The calculator gives planning counts and warnings; it does not replace Microsoft cluster validation or licensing review.

Topology

Looks valid

Still run Microsoft cluster validation.

Edition

Standard

Standard AG: Basic Availability Group only, two replicas total, one database per AG, no readable secondary, no secondary backups.

Planning IPs

Node IPs plus planned cluster and listener or FCI virtual IPs.

FQDNs

Node names plus cluster and listener or FCI names.

NICs

2-4

Minimum to practical planning range.

Witness

Selected

File share witness: dedicated SMB share, physically separate from cluster nodes.

Node prerequisites

2 Windows Server nodes in the same WSFC.
Each node domain joined, patched, time-synchronized, and validated by Failover Cluster Validation.
AG nodes must not be domain controllers.
SQL Server 2022+ on every participating instance, with consistent patch level, collation decision, and service account model.

Network, DNS, FQDN, and IP prerequisites

2 static node IP addresses for the Windows hosts.
1 WSFC cluster access point IP address to reserve if the design uses a static cluster name/IP access point across 1 subnet.
1 AG listener IP address and one listener DNS name.
2 node FQDNs, one WSFC cluster FQDN, and 1 listener FQDN name in the plan.
2 NICs minimum. 4 NICs is the practical planning number when a separate client and cluster/replication path is available.

AD objects and permissions

Computer objects for every node.
A WSFC cluster name object with permission to create the required virtual computer object, or a pre-staged object with the right permissions.
A listener virtual computer object and DNS record before application cutover.
If Kerberos is not required, still document the authentication path and whether NTLM fallback is acceptable.
Setup and cluster administrators need enough rights to create or bind cluster names, IP resources, service accounts, and SPNs where Kerberos is required.

Availability Group prerequisites

1 planned database; confirm the edition can support that AG shape.
Databases in full recovery model with a full backup before joining.
HADR endpoint planned on each replica, commonly TCP 5022, with endpoint permissions and firewall rules.
Matching drive letters and file paths across replicas for easier seeding and restore behavior.
No FILESTREAM dependency selected.
No contained database authentication dependency selected.
No shared storage requirement for AG data movement, but backup, seeding, login, job, and linked-server behavior still need a runbook.

Validation and workload checks

Run Microsoft Failover Cluster Validation before build sign-off.
Add a workload-like failover test before production cutover; cluster validation does not prove application behavior.
Confirm each planned AG replica is on a different WSFC node for the same availability group.
Record the intended primary or owner node, failback decision, and rollback path before the first production cutover.

Witness, ports, and cutover checks

File share witness: dedicated SMB share, physically separate from cluster nodes.
Open the SQL instance port, listener or FCI port, AG endpoint port where relevant, DNS, SMB, RPC, and Windows cluster management paths.
Single-subnet designs still need DNS and application connection testing through the final name.
Run cluster validation, document the intended owner/primary, and add a workload-like failover test before production cutover.

Always On Availability Group vs Failover Cluster Instance

Choose the technology before counting IPs. Availability Groups and FCIs both depend on WSFC, but they solve different problems and need different prerequisites.

Design	Protects	Main prerequisites	Use it when
Availability Group	User databases in an availability group.	Separate SQL Server instances, HADR endpoint, full recovery model, backups, listener if applications need stable routing.	Database-level HA or DR is the main target and shared storage is not the design.
Failover Cluster Instance	A SQL Server instance name and its services.	Shared storage, FCI virtual network name, virtual IP resources, SQL Server Setup on possible owner nodes.	Applications need the same instance name after failover or the design depends on instance-level failover.
AG on top of FCI	A more complex combined design.	Both sets of prerequisites, plus careful automatic failover decisions.	Use this only when the design needs both instance-level and database-level HA.

SQL Server Standard vs Enterprise Always On limits

Edition choice is not a purchasing footnote. It changes what the Always On setup can actually be.

Standard Edition Availability Groups are Basic Availability Groups: two replicas total, one database per AG, no readable secondary, no secondary backups, and no distributed AG participation.

Enterprise Edition Availability Groups support the advanced AG shape: multiple databases, more replicas, readable secondaries, and backup offload options where the rest of the design supports them.

Standard Edition FCI planning should stay at two nodes. Enterprise Edition is the usual requirement for broader possible-owner designs.

Keep editions and versions consistent across replicas or possible owner nodes unless the exact mixed-state scenario is part of a documented upgrade path.

WSFC node, domain, and cluster prerequisites

Every planned node needs a supported Windows Server version, the Failover Clustering feature, domain membership, consistent patching, working DNS, working time sync, and enough permissions for cluster creation and SQL Server setup. For Availability Groups, Microsoft documents that participating computers should be WSFC nodes and not domain controllers.

Run cluster validation before treating the design as build-ready. A failed storage, network, system configuration, or inventory validation means the SQL Server setup may succeed while the HA design is still not ready for production.

Cluster validation starter commands

PowerShell template for validating the Windows cluster inputs before SQL Server setup.

# Run from an elevated PowerShell session on a management host or cluster node.
# Replace node names before using.

Test-Cluster -Node SQLNODE01,SQLNODE02 -Include "Storage","Inventory","Network","System Configuration"

# After cluster creation, confirm quorum and node visibility.
Get-ClusterNode
Get-ClusterQuorum
Get-ClusterNetwork

Replace node names with the real planned nodes. For FCI, include the storage tests that match the shared storage design. Keep the validation report with the build notes.

SQL Server Always On IP, DNS, FQDN, and NIC planning

One working production NIC per node is the usual minimum, but that is not the same as a complete production design. Most real Always On builds need a deliberate traffic model for client access, cluster communication, replication, backup, and management.

Count IPs before setup. You need static IPs for nodes, an agreed WSFC cluster access point, and the listener or FCI virtual network name when used. In multi-subnet designs, plan one listener or FCI virtual IP per subnet and make sure client drivers and connection strings are ready for that behavior.

Item	Count to plan	Notes
Node host IPs	One per node per required network.	Use static addressing for production cluster nodes.
Node FQDNs	One per node.	Example: SQLNODE01.example.com.
WSFC cluster name and IP	One cluster name; static IPs when the design uses a static cluster access point.	The cluster name object must be allowed or pre-staged in AD.
AG listener	One DNS name; one IP per subnet.	Only when the AG uses a listener for application connections.
FCI virtual network name	One DNS name; one IP per subnet.	This is the stable name applications use for the FCI.

Always On listener and FCI virtual network name prerequisites

An AG listener is a DNS name, port, and one or more IP addresses that applications use instead of connecting to a specific replica. An FCI virtual network name is the stable instance connection name that follows the SQL Server resource group during failover.

For either design, the name must be unique, registered in DNS, backed by the right virtual computer object, and reachable through the firewall. If port 1433 is used, confirm port ownership and side-by-side instance behavior. If a non-standard port is used, the application connection string has to include it.

WSFC quorum and witness prerequisites

WSFC quorum decides whether the cluster is allowed to stay online. A two-node Always On design without a witness is fragile because losing one vote can leave the cluster without a majority.

For even node counts, plan a witness before setup. File share witness is common for SQL Server Availability Groups because AGs do not require shared disks. Cloud witness can be useful where Azure storage and outbound HTTPS are allowed. Disk witness belongs only where shared disk is part of the design and makes sense.

File share witness: dedicated SMB share, not used for normal files, preferably outside the cluster nodes and failure domain.

Cloud witness: Azure storage account and outbound HTTPS access from the cluster nodes.

Disk witness: shared disk available to cluster nodes; not a general answer for AG-only designs.

Dynamic quorum helps, but it does not remove the need to design quorum intentionally.

Availability Group and FCI storage prerequisites

Availability Groups do not need shared storage for database replication. Each replica has its own database copy, and SQL Server moves log records between replicas. That still leaves storage decisions for data paths, log paths, tempdb, backup locations, seeding, and restore operations.

FCIs are different. An FCI needs shared storage visible to every possible owner node, because the instance moves to another node and brings the same databases online there. The shared storage can be SAN/shared disk, SMB file share, or another supported Windows clustering storage design, but it must pass validation before SQL Server setup.

SQL Server instance, endpoint, and database prerequisites

For Availability Groups, every replica needs Always On enabled, a compatible SQL Server version and edition, endpoint planning, firewall access between replicas, and databases in full recovery model with a full backup taken before joining. Jobs, logins, linked servers, credentials, certificates, operators, and alerts need their own review on each replica.

Availability Group SQL preparation template

Small T-SQL starter template for endpoint and database recovery prerequisites.

-- Run on each SQL Server instance that will host an AG replica.
-- Adjust endpoint name, port, and service account before using.

CREATE ENDPOINT [Hadr_endpoint]
    STATE = STARTED
    AS TCP (LISTENER_PORT = 5022)
    FOR DATABASE_MIRRORING (ROLE = ALL);

-- Every availability database must use full recovery model.
ALTER DATABASE [YourDatabase] SET RECOVERY FULL;
BACKUP DATABASE [YourDatabase] TO DISK = N'\\backupshare\sql\YourDatabase_full.bak' WITH CHECKSUM;

Use the same endpoint port plan on each replica unless there is a documented reason not to. The backup path must be reachable by the restore or seeding process you choose. FCI setup uses SQL Server Setup and shared storage rather than AG database seeding.

Service accounts, AD permissions, and computer objects

Always On setup needs more than a DBA login. The build touches Windows clustering, SQL Server services, DNS, AD computer objects, SPNs, firewall rules, and sometimes storage permissions.

Plan SQL Server Database Engine and SQL Server Agent service accounts before setup.

Decide whether the WSFC cluster name object and listener or FCI virtual computer object will be created automatically or pre-staged.

If Kerberos matters for applications, plan SPNs for the final connection name, not only for the physical node names.

Make sure the setup account has local admin rights and the required cluster, storage, and AD permissions for the chosen design.

Ports, firewall rules, and client connection prerequisites

Port planning should happen before the listener name is handed to application teams. At minimum, plan the SQL instance port, listener or FCI port, AG endpoint port where AGs are used, DNS, SMB, RPC, Windows cluster communication, monitoring, backup, and management paths.

Multi-subnet designs need extra care. The application should use a supported client driver and connection settings such as MultiSubnetFailover=True where appropriate. Otherwise a technically healthy failover can still look like a long application outage.

SQL Server Always On pre-build checklist

Use this as the practical gate before setup day. If one row is vague, the build is probably not ready yet.

Stage	Prerequisites to confirm
Prepare before cluster build	Node names, host IPs, domain membership, patch level, WSFC feature, DNS, time sync, local admin access, and cluster validation.
Prepare before SQL setup	Edition, version, instance names, service accounts, storage choice, data paths, endpoint port, firewall paths, and setup permissions.
Prepare before listener or FCI name creation	Cluster name object, listener or FCI virtual computer object, DNS record, virtual IP plan, port, SPN/Kerberos requirement, and application connection string.
Validate before production cutover	Quorum, failover behavior, listener or FCI name, application login, jobs, backups, monitoring, alerts, and rollback path.

When to request a recovery readiness review

Ask for a recovery readiness review when the node list, edition, subnet plan, and intended HA pattern exist, but the prerequisite list still has gaps. That is the right time to catch edition limits, DNS mistakes, weak quorum, missing storage decisions, and application connection assumptions.

Request readiness review SQL Server consulting

Next step

If the Always On design is still being shaped, start with the SQL Server failover guide and the SQL Server recovery guide. If the prerequisites are mostly known, use the SQL Server recovery readiness page to request a review.