Microsoft Cluster Resources and DNS registration errors

  • Thread starter Thread starter JayDee
  • Start date Start date
J

JayDee

Guest
After removing the Cluster Service account from the "Domain Admins"
group and leaving it as a local admin on the two cluster nodes, I
received the following errors on a few of the virtual network names
and the resources attempted to failover after stopping. Once we added
the service account back to domain admins, the problem resolved.


ERROR
--------
EVENT ID: 1069, CATEGORY: FAILOVER MGR, SOURCE: CLUSSVC

Cluster resource 'NYP175FIL1NBCGE - Vname' in Resource Group
'USNYCPCLW002FL8' failed.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
--------

WARNING
--------
EVENT ID: 1119, CATEGORY: NETWORK NAME RESOURCE, SOURCE: CLUSSVC

The registration of DNS name nyp175fil1nbcge.nbcuni.ge.com for
resource 'NYP175FIL1NBCGE - Vname' over adapter 'Public' failed for
the following reason:

DNS signature failed to verify.
--------


I located and read the following KB articles: http://support.microsoft.com/kb/871111
and http://support.microsoft.com/kb/302389/

The articles suggest the following two options: either delete the
records and let the cluster server recreate them or disable RequireDNS
with cluster res "NETWORK_NAME_RESOURCE" /priv RequireDNS=0.

Is there a way to modify the DNS entry ACL's through command line so I
can script it all and remove the account from "Domain Admins" without
affecting production? ... or any other relatively simple solution that
does not require affecting production?

Thanks.

-jd
 
Re: Microsoft Cluster Resources and DNS registration errors

Hello JayDee,

Did you check that the account still has the required security rights?
http://support.microsoft.com/kb/269229

http://support.microsoft.com/kb/307532

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

> After removing the Cluster Service account from the "Domain Admins"
> group and leaving it as a local admin on the two cluster nodes, I
> received the following errors on a few of the virtual network names
> and the resources attempted to failover after stopping. Once we added
> the service account back to domain admins, the problem resolved.
>
> ERROR
> --------
> EVENT ID: 1069, CATEGORY: FAILOVER MGR, SOURCE: CLUSSVC
> Cluster resource 'NYP175FIL1NBCGE - Vname' in Resource Group
> 'USNYCPCLW002FL8' failed.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> --------
> WARNING
> --------
> EVENT ID: 1119, CATEGORY: NETWORK NAME RESOURCE, SOURCE: CLUSSVC
> The registration of DNS name nyp175fil1nbcge.nbcuni.ge.com for
> resource 'NYP175FIL1NBCGE - Vname' over adapter 'Public' failed for
> the following reason:
>
> DNS signature failed to verify.
> --------
> I located and read the following KB articles:
> http://support.microsoft.com/kb/871111 and
> http://support.microsoft.com/kb/302389/
>
> The articles suggest the following two options: either delete the
> records and let the cluster server recreate them or disable RequireDNS
> with cluster res "NETWORK_NAME_RESOURCE" /priv RequireDNS=0.
>
> Is there a way to modify the DNS entry ACL's through command line so I
> can script it all and remove the account from "Domain Admins" without
> affecting production? ... or any other relatively simple solution that
> does not require affecting production?
>
> Thanks.
>
> -jd
>
 
Re: Microsoft Cluster Resources and DNS registration errors

Hello JayDee,

See the other posting and please do not multipost.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

> After removing the Cluster Service account from the "Domain Admins"
> group and leaving it as a local admin on the two cluster nodes, I
> received the following errors on a few of the virtual network names
> and the resources attempted to failover after stopping. Once we added
> the service account back to domain admins, the problem resolved.
>
> ERROR
> --------
> EVENT ID: 1069, CATEGORY: FAILOVER MGR, SOURCE: CLUSSVC
> Cluster resource 'NYP175FIL1NBCGE - Vname' in Resource Group
> 'USNYCPCLW002FL8' failed.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> --------
> WARNING
> --------
> EVENT ID: 1119, CATEGORY: NETWORK NAME RESOURCE, SOURCE: CLUSSVC
> The registration of DNS name nyp175fil1nbcge.nbcuni.ge.com for
> resource 'NYP175FIL1NBCGE - Vname' over adapter 'Public' failed for
> the following reason:
>
> DNS signature failed to verify.
> --------
> I located and read the following KB articles:
> http://support.microsoft.com/kb/871111 and
> http://support.microsoft.com/kb/302389/
>
> The articles suggest the following two options: either delete the
> records and let the cluster server recreate them or disable RequireDNS
> with cluster res "NETWORK_NAME_RESOURCE" /priv RequireDNS=0.
>
> Is there a way to modify the DNS entry ACL's through command line so I
> can script it all and remove the account from "Domain Admins" without
> affecting production? ... or any other relatively simple solution that
> does not require affecting production?
>
> Thanks.
>
> -jd
>
 
Back
Top