The computer object associated with the resource could not be updated in domain

failover failovercluster windows-cluster
11,570

I'm answering my own question as, after a few more hours of investigation, I managed to find a fix to it. I will try to document the things I did for anybody else who runs into this same problem.

There were a combination of actions that I did, not entirely sure what fixed it of all this, but I assume is the "Repair Active Directory Object" on Failover Cluster Manager

  • First I re-composed the computer network accounts for both SQL ClusterNodes (DMT-AClusNode and DMT-BClusNode) in Active Directory by loggin as a local admin and issuing this: netdom resetpwd /s:dmtdevops.com /ud:dmtdevops.com\admnistrator /pd:*

  • Then I went to the Active Directory Domain Controller (Active Directory Users and Computers) and used the "Delegate Control..." (right click on Domain Name on the left panel) to delegate as much control as possible to both the computer accounts on the nodes (DMT-ACLUSNODE and DMT-BCLUSNODE) and also the computer accounts for the Cluster Name Object (DMT-SQLCLUSTER1) and the Virtual Computer Object (DMT-1NETNAME).

  • I also made changes in the Group Policy Management (DMTDevOps.com --> Group Policy Objects --> Default Domain Policy --> Right Click --> Edit...) then (Default Domain Policy --> Computer Configuration --> Policies --> Windows Settings --> Security Settings --> Local Policies --> User Right Assignment --> Add Workstations to Domain policy) On that policy I added all the computer accounts that I mentioned on the previous step (DMT-ACLUSNODE, DMT-BCLUSNODE, DMT-SQLCLUSTER1 and DMT-1NETNAME)

  • Finally (and this is what I believe fixed the problem) I selected "Repair Active Directory Object" on Failover Cluster Manager"

Share:
11,570

Related videos on Youtube

Martin Surasky
Author by

Martin Surasky

Updated on September 18, 2022

Comments

  • Martin Surasky
    Martin Surasky almost 2 years

    After a few hours of unsuccessfull Googling and scouring all over the Internet, I have to go back to my good old friend at StackExchange. My problem is associated with a dissfuctional Microsoft Failover Cluster running on a pair of Windows Server 2008 R2 Enterprise Nodes.

    In a nutshell: The network Name resource can't be brought online. Every time I try to do that (by right-click the netname and selecting "Bring This Resource Online") I fail. The event Viewer logs this entry:

    EventID: 1207
Source: Failover Clustering

Cluster network name resource 'SQL Network Name (DMT-1NETNAME)' cannot be brought online. The computer object associated with the resource could not be updated in domain 'DMTDevOps.com' for the following reason:
Unable to obtain the Primary Cluster Name Identity token.
The text for the associated error code is: An attempt has been made to operate on an impersonation token by a thread that is not currently impersonating a client.
The cluster identity 'DMT-SQLCLUSTER1$' may lack permissions required to update the object. Please work with your domain administrator to ensure that the cluster identity can update computer objects in the domain.

    I looked all over for the EventID and the descriptions found here, and it is not like there is no documentation online on how to fix it, the problem is that the solutions are related to giving the computer object for the service or application certain privileges (which I did) but nothing has changed.

    I fully control the domain (it is a test environment) and I'm the only one using it so there is no change that "someone" has unadvertantly changed something (like destroying computer accounts or changing Active Directory to prevent a new computer object from being created (something that was suggested on many blogs related to this error).

    When I try to "Validate this cluster" the report shows that there are no errors... so all is good on that front as well. Also computers can connect to the domain just fine.

    The only thing that changed since last time this worked is that this nodes are VMS and I used a previous snapshot of them (when the cluster was working just fine). For some reason the trust relationship after loading those snapshots was broken and I had to run netdom resetpwd to make that work again, but other than that, all is exactly the same as it was when the cluster was just fine.

    Here is a log that was generated by the cluster, hopefully this sheds some additional light to somebody knowledgeable and willing to help: Cluster.log. Notice the tail of that log (at 15:54), that's exactly when I attempted to bring the resource (Server Name) online.

    All help is appreciated!

  • Edwin van Mierlo
    Edwin van Mierlo about 7 years
    I believe the last step is indeed the step which fixed your problem, however without more detailed info it would be hard to proof. Furthermore I would be cautious about step 2/3, as this may have compromised some AD security, you will have to be careful that your cluster nodes/apps are not comprised and using the priviledges you have added in step 2... anyway; thanks for posting back with your solution.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

"Applications and Services" is missing from Failover Cluster Manager
Hyper V Live Migration Only Goes One Way (Error 21502)
How do you put a cluster disk in maintenance mode in Windows Server 2012 R2?
Where can I find the "Create Computer Object" Permission in Windows Server 2016?
Windows Failover Cluster - Create Cluster Wizard: error occurred while creating the cluster
Could not get domain controller name from machine
Un-cluster storage added to Windows Failover Cluster Manager
Why are my HyperV VM's randomly losing connectivity?
Spring Batch - Clustered Environment - Failover mechanism
How to specify port in JDBC connection URL for failoverPartner server in SQL Server