Following a couple of departmental redundancies, our policy is to change 'system' passwords to something new. I was asked to modify the Domain Administrator account for my 2003 domain which was also being used as the Cluster Service account. I decided to create a different account clusadmin, and gave it the correct rights as per the MS Knowledgebase article 269229. I stopped the Cluster Service on both nodes, changed the service account and brought up the cluster without issue. I then changed the domain administrator password. Everything went well for four days (about 100 hours) and then all the cluster resources started failing. The error for each service was '9016 DNS signature failed to verify.' The only way I managed to get round the problem was to change the Cluster Service account back to the domain administrator (with the new password), restart the first node, and all came up fine. The second node was then brought up successfully. What could cause this behaviour, after 4 successful days? I gave the clusadmin account all the rights I believe it should have had. Does some backend process run after 100 hours or something that could cause this? Thanks.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Cluster service Account failure
- Thread starter Wazzer
- Start date
Hi,
I do not know if you have already SP1 or SP2 but the follwoing KB Articles explains a similar issue like yours.
Events are logged in the system event log, and you cannot bring a network resource online by using Cluster Administrator in Windows Server 2003, Enterprise Edition or in Windows 2000 Advanced Server (KB 871111)
DNS removes a Network Name resource at the end of the default scavenging interval in Windows Server 2003 (KB 838851)
Your issue looks like an issue with your A Records in DNS.
Delete the A records referring to the cluster network names, and then the next time they come online, the records will be correctly created and subsequently updated.You should also enable "DNS Registration must succeed" on the Network Name Recources.
OR
Give the new cluster service account Full Control permissions on the individual A records of the cluster network names (and remove the permissions assigned to the
old cluster service account)
Regards,
Cengiz Kuskaya
I do not know if you have already SP1 or SP2 but the follwoing KB Articles explains a similar issue like yours.
Events are logged in the system event log, and you cannot bring a network resource online by using Cluster Administrator in Windows Server 2003, Enterprise Edition or in Windows 2000 Advanced Server (KB 871111)
DNS removes a Network Name resource at the end of the default scavenging interval in Windows Server 2003 (KB 838851)
Your issue looks like an issue with your A Records in DNS.
Delete the A records referring to the cluster network names, and then the next time they come online, the records will be correctly created and subsequently updated.You should also enable "DNS Registration must succeed" on the Network Name Recources.
OR
Give the new cluster service account Full Control permissions on the individual A records of the cluster network names (and remove the permissions assigned to the
old cluster service account)
Regards,
Cengiz Kuskaya
- Status
Similar threads
- Locked
- Question
- Locked
- Question