Guest JayDee Posted September 1, 2007 Posted September 1, 2007 After removing the Cluster Service account from the "Domain Admins" group and leaving it as a local admin on the two cluster nodes, I received the following errors on a few of the virtual network names and the resources attempted to failover after stopping. Once we added the service account back to domain admins, the problem resolved. ERROR -------- EVENT ID: 1069, CATEGORY: FAILOVER MGR, SOURCE: CLUSSVC Cluster resource 'NYP175FIL1NBCGE - Vname' in Resource Group 'USNYCPCLW002FL8' failed. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. -------- WARNING -------- EVENT ID: 1119, CATEGORY: NETWORK NAME RESOURCE, SOURCE: CLUSSVC The registration of DNS name nyp175fil1nbcge.nbcuni.ge.com for resource 'NYP175FIL1NBCGE - Vname' over adapter 'Public' failed for the following reason: DNS signature failed to verify. -------- I located and read the following KB articles: http://support.microsoft.com/kb/871111 and http://support.microsoft.com/kb/302389/ The articles suggest the following two options: either delete the records and let the cluster server recreate them or disable RequireDNS with cluster res "NETWORK_NAME_RESOURCE" /priv RequireDNS=0. Is there a way to modify the DNS entry ACL's through command line so I can script it all and remove the account from "Domain Admins" without affecting production? ... or any other relatively simple solution that does not require affecting production? Thanks. -jd
Guest Meinolf Weber Posted September 1, 2007 Posted September 1, 2007 Re: Microsoft Cluster Resources and DNS registration errors Hello JayDee, Did you check that the account still has the required security rights? http://support.microsoft.com/kb/269229 http://support.microsoft.com/kb/307532 Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. > After removing the Cluster Service account from the "Domain Admins" > group and leaving it as a local admin on the two cluster nodes, I > received the following errors on a few of the virtual network names > and the resources attempted to failover after stopping. Once we added > the service account back to domain admins, the problem resolved. > > ERROR > -------- > EVENT ID: 1069, CATEGORY: FAILOVER MGR, SOURCE: CLUSSVC > Cluster resource 'NYP175FIL1NBCGE - Vname' in Resource Group > 'USNYCPCLW002FL8' failed. > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > -------- > WARNING > -------- > EVENT ID: 1119, CATEGORY: NETWORK NAME RESOURCE, SOURCE: CLUSSVC > The registration of DNS name nyp175fil1nbcge.nbcuni.ge.com for > resource 'NYP175FIL1NBCGE - Vname' over adapter 'Public' failed for > the following reason: > > DNS signature failed to verify. > -------- > I located and read the following KB articles: > http://support.microsoft.com/kb/871111 and > http://support.microsoft.com/kb/302389/ > > The articles suggest the following two options: either delete the > records and let the cluster server recreate them or disable RequireDNS > with cluster res "NETWORK_NAME_RESOURCE" /priv RequireDNS=0. > > Is there a way to modify the DNS entry ACL's through command line so I > can script it all and remove the account from "Domain Admins" without > affecting production? ... or any other relatively simple solution that > does not require affecting production? > > Thanks. > > -jd >
Guest Meinolf Weber Posted September 1, 2007 Posted September 1, 2007 Re: Microsoft Cluster Resources and DNS registration errors Hello JayDee, See the other posting and please do not multipost. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. > After removing the Cluster Service account from the "Domain Admins" > group and leaving it as a local admin on the two cluster nodes, I > received the following errors on a few of the virtual network names > and the resources attempted to failover after stopping. Once we added > the service account back to domain admins, the problem resolved. > > ERROR > -------- > EVENT ID: 1069, CATEGORY: FAILOVER MGR, SOURCE: CLUSSVC > Cluster resource 'NYP175FIL1NBCGE - Vname' in Resource Group > 'USNYCPCLW002FL8' failed. > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > -------- > WARNING > -------- > EVENT ID: 1119, CATEGORY: NETWORK NAME RESOURCE, SOURCE: CLUSSVC > The registration of DNS name nyp175fil1nbcge.nbcuni.ge.com for > resource 'NYP175FIL1NBCGE - Vname' over adapter 'Public' failed for > the following reason: > > DNS signature failed to verify. > -------- > I located and read the following KB articles: > http://support.microsoft.com/kb/871111 and > http://support.microsoft.com/kb/302389/ > > The articles suggest the following two options: either delete the > records and let the cluster server recreate them or disable RequireDNS > with cluster res "NETWORK_NAME_RESOURCE" /priv RequireDNS=0. > > Is there a way to modify the DNS entry ACL's through command line so I > can script it all and remove the account from "Domain Admins" without > affecting production? ... or any other relatively simple solution that > does not require affecting production? > > Thanks. > > -jd >
Recommended Posts