question

DBA-Bandy avatar image
0 Votes"
DBA-Bandy asked MichaelLawpaugh-5281 commented

SQL 2019 Availability Group failover failing to update DNS of Availability Group Listener (DNS Operation Refused).

Hello.

We are running SQL Server 2019 CU11 on Windows Server 2019.

We have recently run into an issue where availability group failovers are failing to update DNS for the listener.
We have some servers that will update without issue when a failover occurs.
However on our more recently builds we have added the following update - June 8, 2021—KB5003646 (OS Build 17763.1999). This appear to be when the issue started occurring.
We have gone back to our previous image and the failovers do work and as soon as we add KB5003646 and reboot the issue starts occurring.

In the properties of the listener (within the AG Role) in the Failover Cluster Manager we see DNS Status: DNS Operation Refused.

Any assistance would be appreciated.

Thank you.

Andy.

sql-server-generalwindows-server-2019windows-server-clustering
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered MichaelLawpaugh-5281 commented

Hello DBA-Bandy,

First I would check if the servers you are updating have installed the pre-requisite update stacks:

The May 11, 2021 servicing stack update (SSU) (KB5003243), or the latest SSU (KB5003711)

On the other hand, is not a strange issue regarding DNS Operation Refused, usually because the computer account or CNO has no access to update the DNS record.

In this case, there are 2 options:
1. Check the ACL for the Cluster name DNS record (Properties of the record>Security tab> add the CNO computer names as Full Control.

  1. Delete the DNS record and create again:
    Simply delete the A record, recreate again and ensure to check the box for “Allow any authenticated user to update DNS record with the same owner name"

Hope it helps in your case!
Best regards,

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello.

Thanks for the reply.

Yes we have installed the prerequisites. This is something we did look into.
Also we do have the Cluster Object having Full Control for CNO.

We will also be trying the delete method shortly.

However, we are trying to figure out why this issue only occurs on servers that have not had the KB5003646 (or later) applied.

Thanks.

0 Votes 0 ·

Were you able to resolve this issue by simply re-creating a DNS record manually? If so, which specific record did you re-create?

Thanks

0 Votes 0 ·
Yufeishao-0810 avatar image
0 Votes"
Yufeishao-0810 answered Yufeishao-0810 commented

Hi @DBA-Bandy,

Case:
The cluster name resource which has been added to the DNS prior to setup active passive cluster ( or any type) need to be updated by the Physical nodes on behalf of the resource record itself. When the active node owns the resources it want to update the A record in the DNS database and DNS record which was created won’t allow any authenticated user to update the DNS record with the same owner

Solution:
Delete the existing A record for the cluster name and re-create it and make sure select the box says “Allow any authenticated user to update DNS record with the same owner name “Don’t worry about breaking anything , this has “ZERO” impact to cluster simply delete the A record and re-create as it is suggested here.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello,

Thanks for the reply.

This is something we had found on other forums and have yet to attempt. We will be trying this soon.


However, we are trying to figure out why this issue only occurs on servers that have not had the KB5003646 (or later) applied.

Thanks.

0 Votes 0 ·

It may fail to start the failover cluster service after installation (KB5001342) or later, because a Cluster Network Driver is not found. The cluster server is unable to talk to the DNS servers

0 Votes 0 ·