Re: Clstr Servce wont start after changing logon account
- From: Scott Ford <removethis.scott@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 30 May 2006 12:29:01 -0700
Seth-
I didn't enable cluster logging. The cluster service still starts fine under
the administrator account, which is what makes me think its some kind of
authentication issue. Don asked that I run a netdiag and post it here which i
will do at earliest possible time.
For your questions about why the DC is clustered. The 2 node cluster are the
network's only servers. This was not by my design. At the time I was brand
new to the job and went with the recommendations of a local MCSE from the
company we purchased the servers from. I read all teh MS Articles i could
find to understand what his plan was. I totally understand that it would be
better to have seperate machine as DC and it would be that way if there were
a seperate machine. Failover still results in their retail ticketing system
working, even though AD does not fail over with it.
** If i offended anyone it was not my intention. My apologies if so... I'm
frustrated and trying to learn and the two seem to not go well together.
--
Scott Ford
"seth" wrote:
Scott:.
First, with regards to your original question, i'm not sure exactly why the
service won't start after changing the account. However, you did make a
statement saying "Im not sure how to make sure that Prime is in the local
administrators group on a domain controller." Understand that a DC does not
have local accounts.
By any chance did you enable cluster logging? That error could occur if not
done correctly
The Cluster service may not start and event ID 7000 and event ID 7009 are
logged when you enable cluster logging
http://support.microsoft.com/default.aspx?scid=kb;en-us;262962
Just for grins and giggles, try changing the cluster service account to
something different (leaving the SQL account as is)
How to manually re-create the Cluster service account
http://support.microsoft.com/kb/269229/
Second, with regards to clustering a DC, i do agree with Rod regarding not
clustering a DC. Microsoft does support it, and, as you read in article
281662, it can be done. However, you have to look at the big picture and
see what the benefits are and how it affects overall performance. Granted,
I don't have the amount of experience or certifications that Rod and Russ
have, but I have worked with clusters (in the real world) and I see no point
in clustering DCs.
You said "Server1 runs as domain controller unless something goes wrong at
which time it fails over to server2 which is set up to take over DC duties
should a failover occur."
What advantage does that have over having 2 separate DCs? If you have 2
separate DCs and one fails, the other one is still up, running, and
available. Clustering DCs doesn't have any advantage because the same
results will occur if one fails; and you still have the same issue with FSMO
roles - the roles won't transfer to another DC manually if one of them
fails, clustered or not.
In article 281662 (that you read) you recall the point made there "You
cannot cluster domain controllers for fault tolerance...There is no
'failover' of Active Directory."
Clustering DCs has no advantage, and, in your case, could affect overall
performance.
Cluster nodes running as DCs and hosting SQL (according to that article),
"may not result in optimal performance due to resource constraints"
A "best practice" you might want to consider.
Just my $0.02
- seth
"Scott Ford" <removethis.scott@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E6EEC64F-51D1-48D3-BBB6-5275BE797AFB@xxxxxxxxxxxxxxxx
Sure there is, if you don't want to buy another server. When I upgraded my
company's p2p network, they gave me a tight budget to work on. The new
system
had to be a 24/7 system, with failover capabilities to run a retail
ticketing
system. There was no room for downtime. I chose to install an IBM 2 node
cluster and a RAID hard drive system. Server1 runs as domain controller
unless something goes wrong at which time it fails over to server2 which
is
set up to take over DC duties should a failover occur. It has failed over
a
couple times, and we had no problems. It works perfectly and always has.
I'm
pretty sure that the problem I'm asking about is unrelated to whether or
not
my DCs are clustered. And I ask you, if something DOES work, and it saves
you
money then why NOT use it? Microsoft developed the system, and they say it
works. What is the big downside you are trying to relate? Post me an
article
that explains why its not good to have a clustered DC. Not that I will be
changing it (unless of course you want to mail me a decent server I can
set
up as a new DC lol)
Cheers,
Scott Ford
"Rodney R. Fournier [MVP]" wrote:
Never cluster a DC, just because it works does not make a great idea.
What
benefit did you get clustering a DC anyway? There really is no point.
Cheers,
Rodney R. Fournier
MVP - Windows Server - Clustering
http://www.nw-america.com - Clustering Website
http://www.msmvps.com/clustering - Blog
http://www.clusterhelp.com - Cluster Training
ClusterHelp.com is a Microsoft Certified Gold Partner
"Scott Ford" <removethis.scott@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:7823B2A6-0725-4FA7-8F86-E821343F4636@xxxxxxxxxxxxxxxx
I have had my DC's clustered for 3 years, with no trouble. Both nodes on
the
cluster are domain controllers in an active/passive configuration.
Microsoft
article 281662 discusses this as a viable solution, so I'm not sure
where
you
are getting that this is something I have done wrong. The permissions
you
mentioned in your post are already present for the account I am trying
to
use
as the cluster service log on account.
--
Scott Ford
"John Toner [MVP]" wrote:
Well for starters, you clustered a DC.
Make sure the account also has these rights:
- Debug programs
- Impersonate a client after authentication
- Manage auditing and security log
Regards,
John
"Scott Ford" <removethis.scott@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:0F15AA5F-4A5E-4CBC-ABD5-E9041EF24F12@xxxxxxxxxxxxxxxx
I recently decided to make some changes to increase security. One oflonger
those
changes was to be able to change the domain administrator password
without
having to update the account log on information in the services
applet.
I
created a new account. Let's just call it Prime. After creting the
account
and changing the log on information in the services panel, I can not
start the cluster service. As soon as I click start, i get thisfashion"
error:
Could not start the cluster service on local computer. Error 1053:
The
service did not respond to the start or control request in a timely
group
As printed in Microsoft article 269229 I gave Prime the following
rights
locally on the 2 nodes that are attached to the cluster:
* Act as part of the operating system
. Adjust memory quotas for a process
. Back up files and directories
. Increase scheduling priorities
. Log on as a service
. Restore files and directories
I also added Prime to all administrative domain groups (enterprise
admins,
domain admins, etc)
Im not sure how to make sure that Prime is in the local
administrators
on a domain controller. Can anyone tell me what I'm doing wrongThanks
here?
!!
--
Scott Ford
- References:
- Re: Clstr Servce wont start after changing logon account
- From: John Toner [MVP]
- Re: Clstr Servce wont start after changing logon account
- From: Scott Ford
- Re: Clstr Servce wont start after changing logon account
- From: Rodney R. Fournier [MVP]
- Re: Clstr Servce wont start after changing logon account
- From: Scott Ford
- Re: Clstr Servce wont start after changing logon account
- From: seth
- Re: Clstr Servce wont start after changing logon account
- Prev by Date: Re: Clstr Servce wont start after changing logon account
- Next by Date: Re: Cluster Absolute Beginner
- Previous by thread: Re: Clstr Servce wont start after changing logon account
- Next by thread: Re: MSMQ Reads Fail on Node 2 of a Two Node NLB Cluster
- Index(es):
Relevant Pages
|
Loading
