SQL Server – How to Resolve Cluster Account Permission Issues

Can anyone advise please?

I am in the process of creating a SQL 2016 SP2 SQL FCI. The WSFC was created by the server team and handed over to me. I ran the cluster configuration validation tests and got the following warning:

"The cluster network name xxx does not have Create Computer Objects permissions on the Organizational Unit OU=xxx …. This can result in issues during the creation of additional network names in this OU"

As it was only a warning, I decided to attempt the SQL installation regardless. On first attempt, it wouldn't let me create the SQL Cluster virtual network name until the Domain admin gave me the create computer objects rights in AD. After that I passed that stage and ran the installation to the end. However, at the tail end I got an error:

"Error installing SQL Server Database Engine Service Features.
The cluster resource 'SQL Server' could not be brought online due to an error bringing the dependency resource 'SQL Network Name (abc)' online. Refer to Cluster Events in the Failover Cluster Manager for more information. Error code:0x86D80058"

Cluster Events:
Cluster network name resource failed registration of one or more associated DNS name(s) because the access to update the secure DNS Zone was denied.
Cluster Network name: 'Cluster Name'
DNS Zone: 'xyz'

Ensure that cluster name object (CNO) is granted permission to the Secure DNS Zone.

So, from my research, it would seem that the warning given by the cluster configuration validation tests is the cause of the problem. My question therefore is how to fix the problem. Does the server admin's account used in creating the windows cluster need to be a domain admin? Or just giving them create computer objects is enough? I think they already have create computer objects, so I'm not sure if they need to be domain admins? Will giving them Read All Properties in addition to Create Computer objects fix the issue? Kindly advise please.

Lastly, when the correct permission has been given, how do I fix the errors in the SQL installation? Do I need to uninstall it or is there a quicker way? What impact could uninstall have when I come to re-install. Is there anything I need to watch out for in uninstalling?

Thank you.

Best Answer

Plase, try granting the Create Computer objects permission to the cluster name machine object at the OU level. (the OU where you placed the cluster machine object)

Make sure the cluster machine Object has been granted the Read all Properties permission.

Ref: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731002(v=ws.10)?redirectedfrom=MSDN

If you are facing again the DNS registration error, that can come from differente sources. One common case is that there is a static DNS reservation on the domain controller.

Identify the source of the static reservation and try to ensure that this does not happen again. Cluster DNS records should be dynamic.
Identify the static DNS record in your Active Directory Integrated DNS forward lookup zone. Ask for help from your DNS or AD team if necessary.
Delete the static record Take the Cluster Name Object representing the DNS record offline in Failover Cluster manager. Be aware that any dependent resources will also go offline.
Bring everything back online. This should trigger a new DNS registration attempt. You could also wait for the cluster to attempt this automatically, but client connections may fail while you are waiting.
Verify that the DNS record is created as a dynamic record. It should have a current Timestamp.

Best Answer

Related Solutions

Sql-server – Trouble Creating AG Listener: The WSFC Cluster could not bring the Network Name resource

Sql-server – The Cluster service failed to bring clustered service or application ‘SQL Server (MSSQLSERVER)’ completely online or offline

Related Question