Re: 2005 Cluster Install Error
- From: "Anthony Thomas" <ALThomas@xxxxxxxxx>
- Date: Thu, 17 Nov 2005 07:25:47 -0600
Ok, there is a difference between Universal, Global, and Local Domain
Groups. However, if you have a Single Forest, Single Domain model, they are
equivalent.
But, then, the installer would also need AD permission to create these
Domain Local Groups in addition to the membership in the Machine Local
Administrators Group and Act as part of the Operating System User Access
Right.
I am still suspect on whether or not this is a Security Group or Cluster
Resource Group requirement.
I can see the need to promote Machine Local Groups to Domain Local Groups
when we are talking about clusters because the level of scope. But then
again that would require a higher level of privilege.
If true, then I would most certainly agree that the documentation is Grossly
lacking.
Sincerely,
Anthony Thomas
--
"Andy Ball" <ng@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:eN8B5k06FHA.1724@xxxxxxxxxxxxxxxxxxxxxxx
> Domain Local Groups were introduced in Windows 2000 Active Directory
>
> cheers
> Andy.
>
> "Anthony Thomas" <ALThomas@xxxxxxxxx> wrote in message
> news:exXVCFx6FHA.3276@xxxxxxxxxxxxxxxxxxxxxxx
> > Yea, I saw that and it didn't make sense. There is no such thing as
> > "DOMAIN
> > local groups." There are DOMAIN Global groups, LOCAL groups, Cluster
> > Resource groups, and, apparently, SQL Server 2005 security groups.
> >
> > However, there is a new requirement that not only does the Installation
> > Administrator need Local Administrators group membership but also the
ACT
> > AS
> > PART OF THE OPERATING SYSTEM User Security rights assignment for
clustered
> > installations that probably caused the initial issue to begin with.
> >
> > Sincerely,
> >
> >
> > Anthony Thomas
> >
> >
> > --
> >
> > "Andy Ball" <ng@xxxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:O$aRRzw6FHA.808@xxxxxxxxxxxxxxxxxxxxxxx
> >> and the portion I presume is talking about the Local Groups that
created
> > on
> >> the Server where SQL is installed. Simon's original post is about the
> > DOMAIN
> >> local groups that are required for Clustering.
> >>
> >> cheers,
> >> Andy.
> >> "Anthony Thomas" <ALThomas@xxxxxxxxx> wrote in message
> >> news:eETZ86g6FHA.1000@xxxxxxxxxxxxxxxxxxxxxxx
> >> > At the time, this seemed clearer, but it appears you are speaking of
> >> > something else. There is also the Setupsql9.chm file that is
seperate
> >> > from
> >> > the BOL. You are right; it is unclear.
> >> >
> >> > Microsoft SQL Server September 2005 Community Technology Preview
> >> >
> >
http://download.microsoft.com/download/1/f/8/1f8af9ba-751e-440d-ba2c-006d680b7c81/ReadmeSQL2005.htm#_3461_accessing_setup_documentation_cuy1
> >> >
> >> > 3.5.15 Corrections to the Names of Security Groups Created During
Setup
> >> > During setup, SQL Server 2005 adds the following security groups to
> >> > Windows:
> >> > SQLServer2005DTSUser$ComputerName
> >> >
> >> > SQLServer2005MSFTEUser$ComputerName$InstanceName
> >> >
> >> > SQLServer2005MSOLAPUser$ComputerName$InstanceName
> >> >
> >> > SQLServer2005MSSQLServerADHelperUser$ComputerName
> >> >
> >> > SQLServer2005MSSQLUser$ComputerName$InstanceName
> >> >
> >> > SQLServer2005NotificationServicesUser$ComputerName
> >> >
> >> >
SQLServer2005ReportingServicesWebServiceUser$ComputerName$InstanceName
> >> >
> >> > SQLServer2005ReportServerUser$ComputerName$InstanceName
> >> >
> >> > SQLServer2005SQLAgentUser$ComputerName$InstanceName
> >> >
> >> > SQLServer2005SQLBrowserUser$ComputerName
> >> >
> >> > These groups simplify granting permissions required to run SQL Server
> >> > Windows services and other executables. They also help secure SQL
> >> > Server
> >> > files.
> >> > In SQL Server Books Online, $ComputerName was omitted from the names.
> > The
> >> > computer name has since been added to the group names to uniquely
> > identify
> >> > each group. Unique group names are necessary if SQL Server 2005 is
> >> > installed
> >> > on domain controllers. For all references to security groups that
start
> >> > with
> >> > "SQLServer2005," substitute the appropriate group name listed above.
> >> >
> >> > 3.5.17 Restrictions for Service Accounts on a Failover Cluster
> >> > SQL Server service, SQL Server Agent service, Analysis Services
> >> > service,
> >> > and
> >> > Full-Text Search service must run as domain accounts that are members
> >> > of
> >> > the
> >> > built-in Administrators group on each node of the cluster.
> >> >
> >> >
> >> > Sincerely,
> >> >
> >> >
> >> > Anthony Thomas
> >> >
> >> > --
> >> >
> >> > "Andy Ball" <ng@xxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> > news:uEuMBdV6FHA.1000@xxxxxxxxxxxxxxxxxxxxxxx
> >> >> must be going blind - i'm looking @ ReadmeSQL2005.htm from the Dev \
> > MSDN
> >> >> edition and Q907284 I can't see it
> >> >>
> >> >> Andy.
> >> >>
> >> >> "Anthony Thomas" <ALThomas@xxxxxxxxx> wrote in message
> >> >> news:OaT56MI6FHA.1184@xxxxxxxxxxxxxxxxxxxxxxx
> >> >> > That information is in the Readme notes as well as the Readme
errata
> >> >> > posted
> >> >> > online.
> >> >> >
> >> >> > ALWAYS READ THE README.
> >> >> >
> >> >> >
> >> >> > Anthony Thomas
> >> >> >
> >> >> >
> >> >> > --
> >> >> >
> >> >> > "Andy Ball" <ng@xxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> >> > news:u%23k3gf05FHA.3976@xxxxxxxxxxxxxxxxxxxxxxx
> >> >> >> Simon,
> >> >> >>
> >> >>
> >> >>
> >> >>
> >> >> >> yep I noticed that too. Just an omission in BOL. I sent feedback
> >> >> >> via
> >> > the
> >> >> > BOL
> >> >> >> entry for installing a Cluster from template/unattend, suggest
you
> > do
> >> > the
> >> >> >> same.
> >> >> >>
> >> >> >> Andy.
> >> >> >> "Simon" <Simon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> >> >> news:ECC70F54-2E3D-43BE-AE8B-5B91EFC74E60@xxxxxxxxxxxxxxxx
> >> >> >> >I figured out the problem to the command line - why the GUI
> >> >> >> >crashed
> > I
> >> > do
> >> >> >> >not
> >> >> >> > know.
> >> >> >> >
> >> >> >> > BOL does not document any of these parameters for the command
> >> >> >> > line
> >> >> >> > which
> >> >> >> > are
> >> >> >> > REQUIRED for a cluster install:
> >> >> >> >
> >> >> >> > SQLBROWSERACCOUNT="DOMAIN\USER"
> >> >> >> > SQLBROWSERPASSWORD="PASSWORD"
> >> >> >> >
> >> >> >> > SQLCLUSTERGROUP="DOMAIN\GROUP"
> >> >> >> > AGTCLUSTERGROUP="DOMAIN\GROUP"
> >> >> >> > FTSCLUSTERGROUP="DOMAIN\GROUP"
> >> >> >> >
> >> >> >> > However if you look in the template.ini file on your install cd
> > you
> >> >> >> > will
> >> >> >> > find details of how and when to use them.
> >> >> >> >
> >> >> >> > A very dissapointed customer.
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > "Simon" wrote:
> >> >> >> >
> >> >> >> >> I'm having problems installing 2005 Ent on my Win 2003 SP1 2
> >> >> >> >> node
> >> >> >> >> cluster.
> >> >> >> >> Please note this cluster has a SQL 2000 (SP4) virtual
> >> > server/instance
> >> >> >> >> already
> >> >> >> >> installed. I would like to run them side by side.
> >> >> >> >>
> >> >> >> >> installing using the setup wizard I get error about the
schedule
> >> > task
> >> >> >> >> failing to start on the 2nd node. Looking through the log
files
> > the
> >> >> > setup
> >> >> >> >> program on the 2nd node has thrown an exception error,
core.log
> >> > shows
> >> >> >> >> this:
> >> >> >> >>
> >> >> >> >> Complete: ParseBootstrapOptionsAction at: 2005/10/7 13:25:6,
> >> > returned
> >> >> >> >> false
> >> >> >> >> Error: Action "ParseBootstrapOptionsAction" failed during
> >> >> >> >> execution.
> >> >> >> >> Error
> >> >> >> >> information reported during run:
> >> >> >> >> Could not decrypt command line due to WinException.
> >> >> >> >> Error Code: -2146893822
> >> >> >> >> Windows Error Text: Bad Hash.
> >> >> >> >>
> >> >> >> >> Source File Name: cryptohelper\cryptpassword.cpp
> >> >> >> >> Compiler Timestamp: Mon Jul 18 01:10:20 2005
> >> >> >> >> Function Name: sqls::CryptPassword::UnprotectString
> >> >> >> >> Source Line Number: 311
> >> >> >> >>
> >> >> >> >> Running: ValidateWinNTAction at: 2005/10/7 13:25:6
> >> >> >> >> Complete: ValidateWinNTAction at: 2005/10/7 13:25:6, returned
> > true
> >> >> >> >> Running: ValidateMinOSAction at: 2005/10/7 13:25:6
> >> >> >> >> Complete: ValidateMinOSAction at: 2005/10/7 13:25:6, returned
> > true
> >> >> >> >> Running: PerformSCCAction at: 2005/10/7 13:25:6
> >> >> >> >> Complete: PerformSCCAction at: 2005/10/7 13:25:6, returned
true
> >> >> >> >> Running: ActivateLoggingAction at: 2005/10/7 13:25:6
> >> >> >> >> Error: Action "ActivateLoggingAction" threw an exception
during
> >> >> >> >> execution.
> >> >> >> >> Error information reported during run:
> >> >> >> >> 00D7CFC8Unable to proceed with setup, there was a command line
> >> > parsing
> >> >> >> >> error. : -2146893822
> >> >> >> >> Error Code: -2146893822
> >> >> >> >> Windows Error Text: Bad Hash.
> >> >> >> >>
> >> >> >> >> Source File Name: cryptohelper\cryptpassword.cpp
> >> >> >> >> Compiler Timestamp: Mon Jul 18 01:10:20 2005
> >> >> >> >> Function Name: sqls::CryptPassword::UnprotectString
> >> >> >> >> Source Line Number: 311
> >> >> >> >>
> >> >> >> >> Delay load of action "UploadDrWatsonLogAction" returned
nothing.
> > No
> >> >> >> >> action
> >> >> >> >> will occur as a result.
> >> >> >> >> Message pump returning: 2148073474
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> -------- END OF OUTPUT ---------------------
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> I've trying to work around it I have tried installing from the
> >> > command
> >> >> >> >> line.
> >> >> >> >> This gets much further with setup starting correctly on both
> > nodes.
> >> > I
> >> >> > get
> >> >> >> >> as
> >> >> >> >> far as installing the actual SQL Server Service instance then
> >> >> >> >> I'm
> >> >> > thrown
> >> >> >> >> an
> >> >> >> >> error. Summary.log shows:
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> Machine : SERVERA
> >> >> >> >> Product : SQL Server Database Services
> >> >> >> >> Error : A domain group is missing for one or more
> >> > services.
> >> >> > To
> >> >> >> >> install SQL Server 2005 as a failover cluster, domain groups
> >> >> >> >> must
> >> >> >> >> be
> >> >> >> >> specified for all the clustered services being installed .To
> >> > proceed,
> >> >> >> >> enter
> >> >> >> >> the missing domain group information.
> >> >> >> >> The domain group cannot be validated for the service SQL
Server.
> >> >> >>
> >> >>
> >>
>
>>>>> ----------------------------------------------------------------------
-
> > -
> >> > -
> >> >> > -------
> >> >> >> >> Machine : SERVERA
> >> >> >> >> Product : SQL Server Database Services
> >> >> >> >> Error : A domain group is missing for one or more
> >> > services.
> >> >> > To
> >> >> >> >> install SQL Server 2005 as a failover cluster, domain groups
> >> >> >> >> must
> >> >> >> >> be
> >> >> >> >> specified for all the clustered services being installed .To
> >> > proceed,
> >> >> >> >> enter
> >> >> >> >> the missing domain group information.
> >> >> >> >> The domain group cannot be validated for the service SQL
Server.
> >> >> >>
> >> >>
> >>
>
>>>>> ----------------------------------------------------------------------
-
> > -
> >> > -
> >> >> > -------
> >> >> >> >> Machine : SERVERA
> >> >> >> >> Product : Microsoft SQL Server 2005
> >> >> >> >> Product Version : 9.00.1399.06
> >> >> >> >> Install : Failed
> >> >> >> >> Log File : C:\Program Files\Microsoft SQL
Server\90\Setup
> >> >> >> >> Bootstrap\LOG\Files\SQLSetup0014_LON-IMS01A_SQL.log
> >> >> >> >> Last Action : Validate_ServiceAccounts
> >> >> >> >> Error String : A domain group is missing for one or more
> >> > services.
> >> >> > To
> >> >> >> >> install SQL Server 2005 as a failover cluster, domain groups
> >> >> >> >> must
> >> >> >> >> be
> >> >> >> >> specified for all the clustered services being installed .To
> >> > proceed,
> >> >> >> >> enter
> >> >> >> >> the missing domain group information.
> >> >> >> >> The domain group cannot be validated for the service SQL
Server.
> >> >> >> >> Error Number : 28130
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> --- END OF OUTPUT
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> In the GUI you get asked for Domain Groups for each service,
the
> >> >> >> >> documentation for the command line installer doesn't tell me
> >> >> >> >> what
> >> > the
> >> >> >> >> parameters are for this. Do I need them, is the documentation
> >> > missing
> >> >> >> >> something?? Also I'm not too sure what the ADMINPASSWORD=
> >> >> >> >> paramater
> >> >> >> >> is
> >> >> >> >> for -
> >> >> >> >> I'm putting in my domain password currently - again teh
> >> > documentation
> >> >> >> >> isn't
> >> >> >> >> too hot for this.
> >> >> >> >>
> >> >> >> >> I'm running out of ideas. If anyone has any suggestions please
> > let
> >> > me
> >> >> >> >> know!
> >> >> >> >>
> >> >> >> >> Thanks
> >> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>
.
- Follow-Ups:
- Re: 2005 Cluster Install Error
- From: Anthony Thomas
- Re: 2005 Cluster Install Error
- References:
- 2005 Cluster Install Error
- From: Simon
- RE: 2005 Cluster Install Error
- From: Simon
- Re: 2005 Cluster Install Error
- From: Andy Ball
- Re: 2005 Cluster Install Error
- From: Anthony Thomas
- Re: 2005 Cluster Install Error
- From: Andy Ball
- Re: 2005 Cluster Install Error
- From: Anthony Thomas
- Re: 2005 Cluster Install Error
- From: Andy Ball
- Re: 2005 Cluster Install Error
- From: Anthony Thomas
- Re: 2005 Cluster Install Error
- From: Andy Ball
- 2005 Cluster Install Error
- Prev by Date: Re: clustering Exchange and SQL server using one SAN drive
- Next by Date: Re: (local) Alias does not function in an virtual sql server?
- Previous by thread: Re: 2005 Cluster Install Error
- Next by thread: Re: 2005 Cluster Install Error
- Index(es):
Relevant Pages
|
