Re: Cluster Serivce Account
- From: josh.lipton@xxxxxxxxx
- Date: 28 Feb 2007 12:25:02 -0800
On Feb 28, 3:35 am, "Edwin vMierlo"
<EdwinvMie...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I agree with Chuck, add the cluster-account to the local admin group, not
through membership of another group.
Although I cannot recall the specifics, I can recall running into some
similar situation once.
Rgds,
Edwin.
"Chuck Timon [MSFT]" <cti...@xxxxxxxxxxxxxxxxxxxx> wrote in messagenews:ejcKc7sWHHA.4028@xxxxxxxxxxxxxxxxxxxxxxx
Got it...ok, what if the cluster service account was specifically added todomain
the local admin group and not part of it by virtual of membership in
admins (not recommended BTW)?
This is very similar to the problem we discovered with cluster service
failing to start because of VSS as first reported in Q812877. But you
should have the hotfix for that in your build of R2.
So, what if we specifically add the cluster service account to localadmins?
<josh.lip...@xxxxxxxxx> wrote in message
news:1172603031.283530.133750@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Feb 27, 1:23 pm, "Chuck Timon [MSFT]" <cti...@xxxxxxxxxxxxxxxxxxxx>
wrote:
Let me ask this....
Was this cluster created before or after applying SP1?
If you have SP1 installed, then you have the fix in 890761 but you may
still
want to review the procedures.
theAlso, even if you moved the cluster computer accounts to an OU and
blocked
inheritance, if they picked up a policy in the default computers OU
before
being moved, that policy may still be implemented because it is not a
clean
removal of policies especially those mentioned in the KB...so review
KB.
theIf you should choose to rebuild your cluster again, pre-stage the
computer
accounts in an OU that has inheritance blocked, create and configure
cluster prior to applying SP1 and after all is configured, apply SP1 +
Post
SP1 hotfixes which for cluster are listed in -
http://support.microsoft.com/kb/923830/en-us
Let us know.
Chuck Timon, Jr.
Microsoft Corporation
Longhorn Readiness Team
This posting is provided "AS IS" with no warranties, and confers no
rights.
<josh.lip...@xxxxxxxxx> wrote in message
news:1172597460.081462.258520@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Feb 27, 11:00 am, josh.lip...@xxxxxxxxx wrote:
On Feb 27, 9:58 am, "Edwin vMierlo"
<EdwinvMie...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Below is the cluster log entries......
in2007-02-26 15:55:51.024 [INFO] [BC] A runtime error has
occurred
file
'd:\srvrtm\base\cluster\mgmt\cluscfg\basecluster\cservice.cpp',
toline 417. Error code is 0x8007042b.
The error string is 'A problem occurred when the wizard
attempted
start a service.'.
Anything in the cluster log before this runtime error ?
andI tryed logged on to the console with the domain admin account
amlogged onto the console with the cluster admin account. I also
have
the server in its own OU where all domain GPOs are blocked. I
domainstill getting the same error and it will only work with the
admin account.
Josh Lipton
Systems Consultant
CORE BTS-- Hide quoted text -
- Show quoted text -
theThis was the other error codes i found sorry forget to add them to
post.
Cluster Service Specific Exit Code= 0x000002
Error 0x00042b occurred trying to start the 'ClusSvc' service
Cluster Service Win32 Exit Code= 0x00042b
JL- Hide quoted text -
- Show quoted text -
I just rebuilt the server and to creaTED the cluster with no problem.
This is was very weird maybe someone can give some insight on what
could have happened.
JL- Hide quoted text -
Chuck, I am using Server 2003 R2 so it was done post SP1. I dont
think KB 890761 applies to me because i dont have those policies set
in my GPO's.
When I rebult the first node in the cluster the defualt domain policy
was on the only policy that was applied. I never change the default
domain policy so it is the microsoft default.
What I still find to be odd is that the default domain admin account
was the only account that could create the cluster service. Even if I
add the cluster service account to the domain admin group it did not
work.
Josh Lipton
Systems Conslutant
CORE BTS.
- Show quoted text -- Hide quoted text -
- Show quoted text -
Nope the cluster service account was added to the local admin group.
It was not done by a virtual of membership in the domain.
That is was was killing me. Something I noticed is when I got it to
work with the domain admin account and tried to change the cluster
service account, then started the service with debug turned on it said
that the account was not set to act as part of the OS. The accout was
set for that in the local policies and an ran RSOP and nothing was
effect the local security policy since it was in a OU with no GPO's
and i blocked inherince.
Josh Lipton
Systems Conslutant
CORE BTS
.
- References:
- Cluster Serivce Account
- From: josh . lipton
- Re: Cluster Serivce Account
- From: Rodney R. Fournier
- Re: Cluster Serivce Account
- From: josh . lipton
- Re: Cluster Serivce Account
- From: Edwin vMierlo
- Re: Cluster Serivce Account
- From: josh . lipton
- Re: Cluster Serivce Account
- From: Edwin vMierlo
- Re: Cluster Serivce Account
- From: josh . lipton
- Re: Cluster Serivce Account
- From: josh . lipton
- Re: Cluster Serivce Account
- From: Chuck Timon [MSFT]
- Re: Cluster Serivce Account
- From: josh . lipton
- Re: Cluster Serivce Account
- From: Chuck Timon [MSFT]
- Re: Cluster Serivce Account
- From: Edwin vMierlo
- Cluster Serivce Account
- Prev by Date: Re: Microsoft Network Load Balancing is Unreliable!!
- Next by Date: Re: Microsoft Network Load Balancing is Unreliable!!
- Previous by thread: Re: Cluster Serivce Account
- Next by thread: Re: 2003 Ent 4 way cluster
- Index(es):
