Re: 2005 Cluster Install Error
- From: "Anthony Thomas" <ALThomas@xxxxxxxxx>
- Date: Thu, 17 Nov 2005 22:19:31 -0600
Fine. Time to bite the bullet on that one.
I dug around on my own and the both of you are absolutely right. God, I
hate that, but how else do you learn.
Thanks for bringing it to everyone's attention, and for helping me see
through my own pig-headedness.
For what it is worth, I've been trying to follow the "Best Practices"
solution of creating machine local groups to which I add Domain Global
Groups for years to provide as much resource isolation as possible, but for
clusters, that's a bit tricky and redundant. With the use of Domain Local
Groups, this makes it easier.
So, in short, I'm glad for the change; however, you are both absolutely
right in that the documentation totally sucks in this case. It makes sense,
given they do document the machine local groups as SQL Server security
groups and promoting them for clustered installations, but it sure would
have been nice to have noted that somewhere else other than the very last
paragraph in the template.ini.
Thanks again.
Sincerely,
Anthony Thomas
--
"Anthony Thomas" <ALThomas@xxxxxxxxx> wrote in message
news:euSltp36FHA.1020@xxxxxxxxxxxxxxxxxxxxxxx
> Ok, there is a difference between Universal, Global, and Local Domain
> Groups. However, if you have a Single Forest, Single Domain model, they
are
> equivalent.
>
> But, then, the installer would also need AD permission to create these
> Domain Local Groups in addition to the membership in the Machine Local
> Administrators Group and Act as part of the Operating System User Access
> Right.
>
> I am still suspect on whether or not this is a Security Group or Cluster
> Resource Group requirement.
>
> I can see the need to promote Machine Local Groups to Domain Local Groups
> when we are talking about clusters because the level of scope. But then
> again that would require a higher level of privilege.
>
> If true, then I would most certainly agree that the documentation is
Grossly
> lacking.
>
> Sincerely,
>
>
> Anthony Thomas
>
> --
>
> "Andy Ball" <ng@xxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:eN8B5k06FHA.1724@xxxxxxxxxxxxxxxxxxxxxxx
> > Domain Local Groups were introduced in Windows 2000 Active Directory
> >
> > cheers
> > Andy.
> >
> > "Anthony Thomas" <ALThomas@xxxxxxxxx> wrote in message
> > news:exXVCFx6FHA.3276@xxxxxxxxxxxxxxxxxxxxxxx
> > > Yea, I saw that and it didn't make sense. There is no such thing as
> > > "DOMAIN
> > > local groups." There are DOMAIN Global groups, LOCAL groups, Cluster
> > > Resource groups, and, apparently, SQL Server 2005 security groups.
> > >
> > > However, there is a new requirement that not only does the
Installation
> > > Administrator need Local Administrators group membership but also the
> ACT
> > > AS
> > > PART OF THE OPERATING SYSTEM User Security rights assignment for
> clustered
> > > installations that probably caused the initial issue to begin with.
> > >
> > > Sincerely,
> > >
> > >
> > > Anthony Thomas
> > >
> > >
> > > --
> > >
> > > "Andy Ball" <ng@xxxxxxxxxxxxxxxxxxxxx> wrote in message
> > > news:O$aRRzw6FHA.808@xxxxxxxxxxxxxxxxxxxxxxx
> > >> and the portion I presume is talking about the Local Groups that
> created
> > > on
> > >> the Server where SQL is installed. Simon's original post is about the
> > > DOMAIN
> > >> local groups that are required for Clustering.
> > >>
> > >> cheers,
> > >> Andy.
> > >> "Anthony Thomas" <ALThomas@xxxxxxxxx> wrote in message
> > >> news:eETZ86g6FHA.1000@xxxxxxxxxxxxxxxxxxxxxxx
> > >> > At the time, this seemed clearer, but it appears you are speaking
of
> > >> > something else. There is also the Setupsql9.chm file that is
> seperate
> > >> > from
> > >> > the BOL. You are right; it is unclear.
> > >> >
> > >> > Microsoft SQL Server September 2005 Community Technology Preview
> > >> >
> > >
>
http://download.microsoft.com/download/1/f/8/1f8af9ba-751e-440d-ba2c-006d680b7c81/ReadmeSQL2005.htm#_3461_accessing_setup_documentation_cuy1
> > >> >
> > >> > 3.5.15 Corrections to the Names of Security Groups Created During
> Setup
> > >> > During setup, SQL Server 2005 adds the following security groups to
> > >> > Windows:
> > >> > SQLServer2005DTSUser$ComputerName
> > >> >
> > >> > SQLServer2005MSFTEUser$ComputerName$InstanceName
> > >> >
> > >> > SQLServer2005MSOLAPUser$ComputerName$InstanceName
> > >> >
> > >> > SQLServer2005MSSQLServerADHelperUser$ComputerName
> > >> >
> > >> > SQLServer2005MSSQLUser$ComputerName$InstanceName
> > >> >
> > >> > SQLServer2005NotificationServicesUser$ComputerName
> > >> >
> > >> >
> SQLServer2005ReportingServicesWebServiceUser$ComputerName$InstanceName
> > >> >
> > >> > SQLServer2005ReportServerUser$ComputerName$InstanceName
> > >> >
> > >> > SQLServer2005SQLAgentUser$ComputerName$InstanceName
> > >> >
> > >> > SQLServer2005SQLBrowserUser$ComputerName
> > >> >
> > >> > These groups simplify granting permissions required to run SQL
Server
> > >> > Windows services and other executables. They also help secure SQL
> > >> > Server
> > >> > files.
> > >> > In SQL Server Books Online, $ComputerName was omitted from the
names.
> > > The
> > >> > computer name has since been added to the group names to uniquely
> > > identify
> > >> > each group. Unique group names are necessary if SQL Server 2005 is
> > >> > installed
> > >> > on domain controllers. For all references to security groups that
> start
> > >> > with
> > >> > "SQLServer2005," substitute the appropriate group name listed
above.
> > >> >
> > >> > 3.5.17 Restrictions for Service Accounts on a Failover Cluster
> > >> > SQL Server service, SQL Server Agent service, Analysis Services
> > >> > service,
> > >> > and
> > >> > Full-Text Search service must run as domain accounts that are
members
> > >> > of
> > >> > the
> > >> > built-in Administrators group on each node of the cluster.
> > >> >
> > >> >
> > >> > Sincerely,
> > >> >
> > >> >
> > >> > Anthony Thomas
> > >> >
> > >> > --
> > >> >
> > >> > "Andy Ball" <ng@xxxxxxxxxxxxxxxxxxxxx> wrote in message
> > >> > news:uEuMBdV6FHA.1000@xxxxxxxxxxxxxxxxxxxxxxx
> > >> >> must be going blind - i'm looking @ ReadmeSQL2005.htm from the Dev
\
> > > MSDN
> > >> >> edition and Q907284 I can't see it
> > >> >>
> > >> >> Andy.
> > >> >>
> > >> >> "Anthony Thomas" <ALThomas@xxxxxxxxx> wrote in message
> > >> >> news:OaT56MI6FHA.1184@xxxxxxxxxxxxxxxxxxxxxxx
> > >> >> > That information is in the Readme notes as well as the Readme
> errata
> > >> >> > posted
> > >> >> > online.
> > >> >> >
> > >> >> > ALWAYS READ THE README.
> > >> >> >
> > >> >> >
> > >> >> > Anthony Thomas
> > >> >> >
> > >> >> >
> > >> >> > --
> > >> >> >
> > >> >> > "Andy Ball" <ng@xxxxxxxxxxxxxxxxxxxxx> wrote in message
> > >> >> > news:u%23k3gf05FHA.3976@xxxxxxxxxxxxxxxxxxxxxxx
> > >> >> >> Simon,
> > >> >> >>
> > >> >>
> > >> >>
> > >> >>
> > >> >> >> yep I noticed that too. Just an omission in BOL. I sent
feedback
> > >> >> >> via
> > >> > the
> > >> >> > BOL
> > >> >> >> entry for installing a Cluster from template/unattend, suggest
> you
> > > do
> > >> > the
> > >> >> >> same.
> > >> >> >>
> > >> >> >> Andy.
> > >> >> >> "Simon" <Simon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > >> >> >> news:ECC70F54-2E3D-43BE-AE8B-5B91EFC74E60@xxxxxxxxxxxxxxxx
> > >> >> >> >I figured out the problem to the command line - why the GUI
> > >> >> >> >crashed
> > > I
> > >> > do
> > >> >> >> >not
> > >> >> >> > know.
> > >> >> >> >
> > >> >> >> > BOL does not document any of these parameters for the command
> > >> >> >> > line
> > >> >> >> > which
> > >> >> >> > are
> > >> >> >> > REQUIRED for a cluster install:
> > >> >> >> >
> > >> >> >> > SQLBROWSERACCOUNT="DOMAIN\USER"
> > >> >> >> > SQLBROWSERPASSWORD="PASSWORD"
> > >> >> >> >
> > >> >> >> > SQLCLUSTERGROUP="DOMAIN\GROUP"
> > >> >> >> > AGTCLUSTERGROUP="DOMAIN\GROUP"
> > >> >> >> > FTSCLUSTERGROUP="DOMAIN\GROUP"
> > >> >> >> >
> > >> >> >> > However if you look in the template.ini file on your install
cd
> > > you
> > >> >> >> > will
> > >> >> >> > find details of how and when to use them.
> > >> >> >> >
> > >> >> >> > A very dissapointed customer.
> > >> >> >> >
> > >> >> >> >
> > >> >> >> >
> > >> >> >> >
> > >> >> >> > "Simon" wrote:
> > >> >> >> >
> > >> >> >> >> I'm having problems installing 2005 Ent on my Win 2003 SP1 2
> > >> >> >> >> node
> > >> >> >> >> cluster.
> > >> >> >> >> Please note this cluster has a SQL 2000 (SP4) virtual
> > >> > server/instance
> > >> >> >> >> already
> > >> >> >> >> installed. I would like to run them side by side.
> > >> >> >> >>
> > >> >> >> >> installing using the setup wizard I get error about the
> schedule
> > >> > task
> > >> >> >> >> failing to start on the 2nd node. Looking through the log
> files
> > > the
> > >> >> > setup
> > >> >> >> >> program on the 2nd node has thrown an exception error,
> core.log
> > >> > shows
> > >> >> >> >> this:
> > >> >> >> >>
> > >> >> >> >> Complete: ParseBootstrapOptionsAction at: 2005/10/7 13:25:6,
> > >> > returned
> > >> >> >> >> false
> > >> >> >> >> Error: Action "ParseBootstrapOptionsAction" failed during
> > >> >> >> >> execution.
> > >> >> >> >> Error
> > >> >> >> >> information reported during run:
> > >> >> >> >> Could not decrypt command line due to WinException.
> > >> >> >> >> Error Code: -2146893822
> > >> >> >> >> Windows Error Text: Bad Hash.
> > >> >> >> >>
> > >> >> >> >> Source File Name: cryptohelper\cryptpassword.cpp
> > >> >> >> >> Compiler Timestamp: Mon Jul 18 01:10:20 2005
> > >> >> >> >> Function Name: sqls::CryptPassword::UnprotectString
> > >> >> >> >> Source Line Number: 311
> > >> >> >> >>
> > >> >> >> >> Running: ValidateWinNTAction at: 2005/10/7 13:25:6
> > >> >> >> >> Complete: ValidateWinNTAction at: 2005/10/7 13:25:6,
returned
> > > true
> > >> >> >> >> Running: ValidateMinOSAction at: 2005/10/7 13:25:6
> > >> >> >> >> Complete: ValidateMinOSAction at: 2005/10/7 13:25:6,
returned
> > > true
> > >> >> >> >> Running: PerformSCCAction at: 2005/10/7 13:25:6
> > >> >> >> >> Complete: PerformSCCAction at: 2005/10/7 13:25:6, returned
> true
> > >> >> >> >> Running: ActivateLoggingAction at: 2005/10/7 13:25:6
> > >> >> >> >> Error: Action "ActivateLoggingAction" threw an exception
> during
> > >> >> >> >> execution.
> > >> >> >> >> Error information reported during run:
> > >> >> >> >> 00D7CFC8Unable to proceed with setup, there was a command
line
> > >> > parsing
> > >> >> >> >> error. : -2146893822
> > >> >> >> >> Error Code: -2146893822
> > >> >> >> >> Windows Error Text: Bad Hash.
> > >> >> >> >>
> > >> >> >> >> Source File Name: cryptohelper\cryptpassword.cpp
> > >> >> >> >> Compiler Timestamp: Mon Jul 18 01:10:20 2005
> > >> >> >> >> Function Name: sqls::CryptPassword::UnprotectString
> > >> >> >> >> Source Line Number: 311
> > >> >> >> >>
> > >> >> >> >> Delay load of action "UploadDrWatsonLogAction" returned
> nothing.
> > > No
> > >> >> >> >> action
> > >> >> >> >> will occur as a result.
> > >> >> >> >> Message pump returning: 2148073474
> > >> >> >> >>
> > >> >> >> >>
> > >> >> >> >> -------- END OF OUTPUT ---------------------
> > >> >> >> >>
> > >> >> >> >>
> > >> >> >> >> I've trying to work around it I have tried installing from
the
> > >> > command
> > >> >> >> >> line.
> > >> >> >> >> This gets much further with setup starting correctly on both
> > > nodes.
> > >> > I
> > >> >> > get
> > >> >> >> >> as
> > >> >> >> >> far as installing the actual SQL Server Service instance
then
> > >> >> >> >> I'm
> > >> >> > thrown
> > >> >> >> >> an
> > >> >> >> >> error. Summary.log shows:
> > >> >> >> >>
> > >> >> >> >>
> > >> >> >> >> Machine : SERVERA
> > >> >> >> >> Product : SQL Server Database Services
> > >> >> >> >> Error : A domain group is missing for one or more
> > >> > services.
> > >> >> > To
> > >> >> >> >> install SQL Server 2005 as a failover cluster, domain groups
> > >> >> >> >> must
> > >> >> >> >> be
> > >> >> >> >> specified for all the clustered services being installed .To
> > >> > proceed,
> > >> >> >> >> enter
> > >> >> >> >> the missing domain group information.
> > >> >> >> >> The domain group cannot be validated for the service SQL
> Server.
> > >> >> >>
> > >> >>
> > >>
> >
>
>>>>> ----------------------------------------------------------------------
> -
> > > -
> > >> > -
> > >> >> > -------
> > >> >> >> >> Machine : SERVERA
> > >> >> >> >> Product : SQL Server Database Services
> > >> >> >> >> Error : A domain group is missing for one or more
> > >> > services.
> > >> >> > To
> > >> >> >> >> install SQL Server 2005 as a failover cluster, domain groups
> > >> >> >> >> must
> > >> >> >> >> be
> > >> >> >> >> specified for all the clustered services being installed .To
> > >> > proceed,
> > >> >> >> >> enter
> > >> >> >> >> the missing domain group information.
> > >> >> >> >> The domain group cannot be validated for the service SQL
> Server.
> > >> >> >>
> > >> >>
> > >>
> >
>
>>>>> ----------------------------------------------------------------------
> -
> > > -
> > >> > -
> > >> >> > -------
> > >> >> >> >> Machine : SERVERA
> > >> >> >> >> Product : Microsoft SQL Server 2005
> > >> >> >> >> Product Version : 9.00.1399.06
> > >> >> >> >> Install : Failed
> > >> >> >> >> Log File : C:\Program Files\Microsoft SQL
> Server\90\Setup
> > >> >> >> >> Bootstrap\LOG\Files\SQLSetup0014_LON-IMS01A_SQL.log
> > >> >> >> >> Last Action : Validate_ServiceAccounts
> > >> >> >> >> Error String : A domain group is missing for one or more
> > >> > services.
> > >> >> > To
> > >> >> >> >> install SQL Server 2005 as a failover cluster, domain groups
> > >> >> >> >> must
> > >> >> >> >> be
> > >> >> >> >> specified for all the clustered services being installed .To
> > >> > proceed,
> > >> >> >> >> enter
> > >> >> >> >> the missing domain group information.
> > >> >> >> >> The domain group cannot be validated for the service SQL
> Server.
> > >> >> >> >> Error Number : 28130
> > >> >> >> >>
> > >> >> >> >>
> > >> >> >> >> --- END OF OUTPUT
> > >> >> >> >>
> > >> >> >> >>
> > >> >> >> >> In the GUI you get asked for Domain Groups for each service,
> the
> > >> >> >> >> documentation for the command line installer doesn't tell me
> > >> >> >> >> what
> > >> > the
> > >> >> >> >> parameters are for this. Do I need them, is the
documentation
> > >> > missing
> > >> >> >> >> something?? Also I'm not too sure what the ADMINPASSWORD=
> > >> >> >> >> paramater
> > >> >> >> >> is
> > >> >> >> >> for -
> > >> >> >> >> I'm putting in my domain password currently - again teh
> > >> > documentation
> > >> >> >> >> isn't
> > >> >> >> >> too hot for this.
> > >> >> >> >>
> > >> >> >> >> I'm running out of ideas. If anyone has any suggestions
please
> > > let
> > >> > me
> > >> >> >> >> know!
> > >> >> >> >>
> > >> >> >> >> Thanks
> > >> >> >> >>
> > >> >> >>
> > >> >> >>
> > >> >> >
> > >> >> >
> > >> >>
> > >> >>
> > >> >
> > >> >
> > >>
> > >>
> > >
> > >
> >
> >
>
>
.
- Follow-Ups:
- Re: 2005 Cluster Install Error
- From: Andy Ball
- Re: 2005 Cluster Install Error
- From: Geoff N. Hiten
- Re: 2005 Cluster Install Error
- References:
- 2005 Cluster Install Error
- From: Simon
- RE: 2005 Cluster Install Error
- From: Simon
- Re: 2005 Cluster Install Error
- From: Andy Ball
- Re: 2005 Cluster Install Error
- From: Anthony Thomas
- Re: 2005 Cluster Install Error
- From: Andy Ball
- Re: 2005 Cluster Install Error
- From: Anthony Thomas
- Re: 2005 Cluster Install Error
- From: Andy Ball
- Re: 2005 Cluster Install Error
- From: Anthony Thomas
- Re: 2005 Cluster Install Error
- From: Andy Ball
- Re: 2005 Cluster Install Error
- From: Anthony Thomas
- 2005 Cluster Install Error
- Prev by Date: Re: (local) Alias does not function in an virtual sql server?
- Next by Date: Re: Clustering and SA Role
- Previous by thread: Re: 2005 Cluster Install Error
- Next by thread: Re: 2005 Cluster Install Error
- Index(es):
Relevant Pages
|
