question

ReBITIT-5758 avatar image
0 Votes"
ReBITIT-5758 asked fagundfe answered

Exchange 2016 Unable to add Member Servers in DAG

Hi All,

While adding Exchange member server in new DAG getting below error

Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
ERROR
A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API failed: "CreateCluster() failed with 0x42a. Error: The service has returned a service-specific error code". [Server:]

Microsoft.Exchange.Cluster.Replay.DagTaskOperationFailedException: A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API failed: "CreateCluster() failed with 0x6ba. Error: The RPC server is unavailable". ---> Microsoft.Exchange.Cluster.Shared.ClusterApiException: An error occurred while attempting a cluster operation. Error: Cluster API failed: "CreateCluster() failed with 0x6ba. Error: The RPC server is unavailable" ---> System.ComponentModel.Win32Exception: The RPC server is unavailable

This Exchange Servers are not part of any cluster and Network Teaming is also not configured. Prestage of DAG is also done. Solution for the same would be appreciated.

office-exchange-server-administrationoffice-exchange-server-connectivityoffice-exchange-server-deployment
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ManuPhilip avatar image
0 Votes"
ManuPhilip answered ManuPhilip commented

I suggest the following troubleshooting steps
1. Make sure that, you started EMS with elevated privileges (Run as Administrator)
2. Make sure that, "Exchange Trusted Subsystem" is a member of the local Administrator Group
3. Try and give the new mailbox Server permission to the CNO Object. See the Technet Article for instructions: pre-stage-dag-cnos


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Dear Manu,

Thanks for your reply. I will check the above steps and get back to you with update.

0 Votes 0 ·

Dear Manu,

Followed all the mentioned steps but it didn't work. Also we are using enterprise administrator account. Is there any other solution which can be provided.

Thanks.

0 Votes 0 ·

Are you well following the document here: create-dags
If so, let's know at what stage it fails


0 Votes 0 ·
KaelYao-MSFT avatar image
0 Votes"
KaelYao-MSFT answered KaelYao-MSFT commented

@ReBITIT-5758
Hi,
I noticed that you mentioned "Network Teaming is also not configured".
Did you configured a valid ip address for the DAG?
If so,please make sure the servers are in the same subnet and have access to it.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Dear Kael,

IP is properly configured and DAG are on same subnet.

Thanks,

0 Votes 0 ·

Greetings,

We are still facing this issue, Just for testing when we are trying to configure failover cluster, below is the error which we are receiving
"You do not have administrative privilege on the server"
Note -: We have tried to configure from all the administrator accounts.
Solution for the same would be really appreciated.

0 Votes 0 ·

Hi,
Did you install the failover cluster feature on the server manually and added the server to the dag cluster?
If so,I suppose it may be the result of the permission problem.

To my knowledge,this process is not necessary.
As by default if a server is successfully added to a dag, the failover cluster will be installed and configured automatically on the server.

0 Votes 0 ·

Hi,
I am writing here to confirm with you how thing going now?
Have you followed Ashok's suggestions?


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·
ReBITIT-5758 avatar image
0 Votes"
ReBITIT-5758 answered

Greetings,

We are still facing this issue, Just for testing when we are trying to configure failover cluster, below is the error which we are receiving
"You do not have administrative privilege on the server"
Note -: We have tried to configure from all the administrator accounts.
Solution for the same would be really appreciated.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AshokM-8240 avatar image
1 Vote"
AshokM-8240 answered AYZEGE-6328 commented

Hi,

Please find below my suggestions,

For permission error, Check if the account you are using is a member of "Organization Management"

For error CreateCluster() failed with 0x42a. Error: The service has returned a service-specific error code
1. Check if IPv6 is enabled on all servers
2. Check the GPO for any deny policy on the local logins because a local user account CLIUSR will be created
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment/Security Options -> Deny Log on Locally/Deny access to this computer from the network

For error CreateCluster() failed with 0x6ba. Error: The RPC server is unavailable
1. Check if there are any network firewall communication issues. Could be possible if the session is getting established on a different interface if you have multiple NIC's on the server
2. This error could be due to reachability or service is not listening on the server. Telnet on port 135 and check if its allowed. also, dynamic RPC ports to be allowed along with the DAG port
3. Temporarily disable Windows firewall/AV on the server

If the response is helpful, please click "Accept Answer" and upvote it.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Just to check if there are any updates. If the above suggestion helps, please click on "Accept Answer" and upvote it. Thanks for understanding.

1 Vote 1 ·

My baseline hardening settings prevented the creation of the user CLIUSR. Thank you.

0 Votes 0 ·
fagundfe avatar image
0 Votes"
fagundfe answered

Hello, in my case, was resolved doing the following: Adding Full Permissions to the Exchange Trusted Subsystem onto the CNO of the DAG:

127150-image.png



Regards,
Franklin


image.png (38.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.