Re: Clstr Servce wont start after changing logon account

Scott:

First, with regards to your original question, i'm not sure exactly why the
service won't start after changing the account. However, you did make a
statement saying "Im not sure how to make sure that Prime is in the local
administrators group on a domain controller." Understand that a DC does not
have local accounts.

By any chance did you enable cluster logging? That error could occur if not
done correctly

The Cluster service may not start and event ID 7000 and event ID 7009 are
logged when you enable cluster logging
http://support.microsoft.com/default.aspx?scid=kb;en-us;262962

Just for grins and giggles, try changing the cluster service account to
something different (leaving the SQL account as is)

How to manually re-create the Cluster service account
http://support.microsoft.com/kb/269229/

Second, with regards to clustering a DC, i do agree with Rod regarding not
clustering a DC. Microsoft does support it, and, as you read in article
281662, it can be done. However, you have to look at the big picture and
see what the benefits are and how it affects overall performance. Granted,
I don't have the amount of experience or certifications that Rod and Russ
have, but I have worked with clusters (in the real world) and I see no point
in clustering DCs.

You said "Server1 runs as domain controller unless something goes wrong at
which time it fails over to server2 which is set up to take over DC duties
should a failover occur."
What advantage does that have over having 2 separate DCs? If you have 2
separate DCs and one fails, the other one is still up, running, and
available. Clustering DCs doesn't have any advantage because the same
results will occur if one fails; and you still have the same issue with FSMO
roles - the roles won't transfer to another DC manually if one of them
fails, clustered or not.

In article 281662 (that you read) you recall the point made there "You
cannot cluster domain controllers for fault tolerance...There is no
'failover' of Active Directory."

Clustering DCs has no advantage, and, in your case, could affect overall
performance.
Cluster nodes running as DCs and hosting SQL (according to that article),
"may not result in optimal performance due to resource constraints"
A "best practice" you might want to consider.

Just my $0.02

- seth



"Scott Ford" <removethis.scott@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E6EEC64F-51D1-48D3-BBB6-5275BE797AFB@xxxxxxxxxxxxxxxx
Sure there is, if you don't want to buy another server. When I upgraded my
company's p2p network, they gave me a tight budget to work on. The new
system
had to be a 24/7 system, with failover capabilities to run a retail
ticketing
system. There was no room for downtime. I chose to install an IBM 2 node
cluster and a RAID hard drive system. Server1 runs as domain controller
unless something goes wrong at which time it fails over to server2 which
is
set up to take over DC duties should a failover occur. It has failed over
a
couple times, and we had no problems. It works perfectly and always has.
I'm
pretty sure that the problem I'm asking about is unrelated to whether or
not
my DCs are clustered. And I ask you, if something DOES work, and it saves
you
money then why NOT use it? Microsoft developed the system, and they say it
works. What is the big downside you are trying to relate? Post me an
article
that explains why its not good to have a clustered DC. Not that I will be
changing it (unless of course you want to mail me a decent server I can
set
up as a new DC lol)

Cheers,
Scott Ford



"Rodney R. Fournier [MVP]" wrote:

Never cluster a DC, just because it works does not make a great idea.
What
benefit did you get clustering a DC anyway? There really is no point.

Cheers,

Rodney R. Fournier

MVP - Windows Server - Clustering
http://www.nw-america.com - Clustering Website
http://www.msmvps.com/clustering - Blog
http://www.clusterhelp.com - Cluster Training
ClusterHelp.com is a Microsoft Certified Gold Partner


"Scott Ford" <removethis.scott@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:7823B2A6-0725-4FA7-8F86-E821343F4636@xxxxxxxxxxxxxxxx
I have had my DC's clustered for 3 years, with no trouble. Both nodes on
the
cluster are domain controllers in an active/passive configuration.
Microsoft
article 281662 discusses this as a viable solution, so I'm not sure
where
you
are getting that this is something I have done wrong. The permissions
you
mentioned in your post are already present for the account I am trying
to
use
as the cluster service log on account.
--
Scott Ford



"John Toner [MVP]" wrote:

Well for starters, you clustered a DC.

Make sure the account also has these rights:

- Debug programs
- Impersonate a client after authentication
- Manage auditing and security log

Regards,
John

"Scott Ford" <removethis.scott@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:0F15AA5F-4A5E-4CBC-ABD5-E9041EF24F12@xxxxxxxxxxxxxxxx
I recently decided to make some changes to increase security. One of
those
changes was to be able to change the domain administrator password
without
having to update the account log on information in the services
applet.
I
created a new account. Let's just call it Prime. After creting the
account
and changing the log on information in the services panel, I can not
longer
start the cluster service. As soon as I click start, i get this
error:

Could not start the cluster service on local computer. Error 1053:
The
service did not respond to the start or control request in a timely
fashion"

As printed in Microsoft article 269229 I gave Prime the following
rights
locally on the 2 nodes that are attached to the cluster:
* Act as part of the operating system
. Adjust memory quotas for a process
. Back up files and directories
. Increase scheduling priorities
. Log on as a service
. Restore files and directories


I also added Prime to all administrative domain groups (enterprise
admins,
domain admins, etc)

Im not sure how to make sure that Prime is in the local
administrators
group
on a domain controller. Can anyone tell me what I'm doing wrong
here?
Thanks
!!




--
Scott Ford









.

Relevant Pages

  • Re: 0x8007005 Access is Denied adding new host to Active/Active Cluste
    ... Also ensure that this account is an Administrator ... to create the first node in a cluster or add additional nodes. ... specify the domain user account under which the Cluster service runs. ... Professional, or to administer a cluster locally from a node, you must use ...
    (microsoft.public.windows.server.clustering)
  • Re: Exchange install failed
    ... Cluster Common Failure Exception: The group or resource is not in the ... trying to install Exchange again. ... I had removed the computer account, but didn't realize it had gotten ...
    (microsoft.public.exchange.setup)
  • Re: Exchange install failed
    ... Cluster Common Failure Exception: The group or resource is not in the ... trying to install Exchange again. ...  I had removed the computer account, but didn't realize it had gotten ... as a computer account in AD) an admin on both cluster nodes? ...
    (microsoft.public.exchange.setup)
  • Re: Error 42d during Fail Over SQL 2000 Enterprise in a Server 2003 Ent. Cluster
    ... a valid login that you add back the service account that operates the ... Cluster service. ... Microsoft SQL Server MVP ... Administrator account, have re-entered the username and password 3+ ...
    (microsoft.public.sqlserver.clustering)
  • Re: Building 2-node WIN2K3 Cluster
    ... What about Domain Controller -- should each of these be a DC or not at ... BUT do not DCpromo your cluster nodes, ... the account to run Cluster Service is a "Domain User" which is added to the ... No, MNS only removes the need for a share Quorum disk, you still need Shared ...
    (microsoft.public.windows.server.clustering)