question

FranciscoAlejandroJuanFerrer-2506 avatar image
0 Votes"
FranciscoAlejandroJuanFerrer-2506 asked ·

Permissions error in cluster

Hi here, One companion was installed one month ago a HyperV cluster with 2 host. Seemed to be all ok, but today I just installed SCOM on physical servers, and this cluster shows an error. I checked on hyperv FailoverCluter console and It show this:

https://i.imgur.com/GRZouIv.png

Any idea? I checked if both host have access to AD ports, also I checked for permissions in AD, from both host and for cluster computer.. and I dont see anything. I compared to more clusters I have and I dont have idea what could be the problem.

Has Anyone seen this error before? Thanks!


windows-server-hyper-vwindows-server-clusteringmsc-virtual-machine-manager-clustering
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FranciscoAlejandroJuanFerrer-2506 avatar image
0 Votes"
FranciscoAlejandroJuanFerrer-2506 answered ·

Anyone? =(

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

sambruins avatar image
1 Vote"
sambruins answered ·

Can you check the virtual cluster name in ad and see if the object “cluster_hv-pre” has hv-pre-02 in the security permission to update the object

Also check the cluster dns name and make sure both nodes can update that.

Did the account used to create the cluster have rights in the domain?

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi friend,

First, thanks for your help.

Last nigtht I checked and cluster object has permissions for my partner who is not working anynore for us, and this user its disabled. So I removed him permissions for if this disabled user can cause problems.

This morning I checked and errors stills happening. So like u told me I added hvpre2 computer permissions to cluster object and I will check later if error has been disappeared, but I dont see hvpre1 computer permissions and I dont give permissions from hosts to others cluster object before.

"Also check the cluster dns name and make sure both nodes can update that."

What do you mean? I check access to AD ports and all its ok.

Thanks again

0 Votes 0 ·
XiaoweiHe-MSFT avatar image
1 Vote"
XiaoweiHe-MSFT answered ·

Hi,

  1. Please check if the Cluster CNO exists in ADUC and is enabled. If yes, please try to add the CNO in the Computer OU, and give the full control permission to the CNO.

75387-image.png

  1. Then, in the Cluster, please try to offline the CNO, and right click Repair CNO.

75388-image.png

Thanks for your time!
Best Regards,
Anne


If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



image.png (58.6 KiB)
image.png (85.1 KiB)
·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FranciscoJuan-8426 avatar image
0 Votes"
FranciscoJuan-8426 answered ·

Hi, thanks for your support.

I just add permissions like u said me but when I bring Cluster Offline and I click "repair" this errores prompts:

75486-2021-03-08-13-23-42-mremoteng-confconsxml-new-hype.png

The user who created cluster, its disabled on AD because he dont work with us anymore


Like u can see on this pic, I give full access to cluter object in cluster OU. No idea what else I can try:

75521-2021-03-08-14-11-00-mremoteng-confconsxml-dc1.png


Thanks again



·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FranciscoAlejandroJuanFerrer-2506 avatar image
0 Votes"
FranciscoAlejandroJuanFerrer-2506 answered ·

Hi there, im still stuck on this crazy mistake.

Any idea more? Thanks

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

XiaoweiHe-MSFT avatar image
1 Vote"
XiaoweiHe-MSFT answered ·

Hi,

From your screenshot, I found the CNO isn't a computer account, it's a user account, CNO should be computer account like this:

76600-image.png

When you add the CNO in the cluster OU, please check "computer" here:

76685-image.png

Besides, please check if the cluster nodes can ping the DC.

Thanks for your time!
Best Regards,
Anne


If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our [documentation][20] to enable e-mail notifications if you want to receive the related email notification for this thread.
[20]: https://docs.microsoft.com/en-us/answers/articles/67444/email-notifications.html


image.png (85.0 KiB)
image.png (76.6 KiB)
·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FranciscoJuan-8426 avatar image
1 Vote"
FranciscoJuan-8426 answered ·

Dear friend, I just found this posst (yours too)

https://docs.microsoft.com/en-us/answers/questions/120834/the-computer-object-associated-with-the-cluster-ne.html

And port 464 was the f**ng problem. Mi fw has a rule to all AD ports but not 464.

Very thanks my friend!

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Glad to hear the issue resolved, cheers! It's my pleasure to be of help to you!

Then you may accept reply as answer, so that other meet the similar issue can find the solution quickly.

Best Regards,
Anne



1 Vote 1 ·