Usually, you address failover clusters not through their nodes but rather via the cluster name object (CNO) in Active Directory. Additionally, a corresponding DNS record exists that points to the owner node. You can create the CNO before the cluster setup, and configuring the DNS often causes connectivity issues.

When building a Windows cluster, you must first enter its name in the respective tool, be it Failover Cluster Manager, PowerShell, or Windows Admin Center. It then creates a namesake CNO name in AD and a corresponding host record in DNS.

CNO prestaging ^

The CNO can then be found in the Computer container by default. The Cluster Wizard in Windows Admin Center does not offer an alternative to this location. Therefore, if you want to use a different location, and the cluster will be set up by an admin who does not have the right to create AD objects, you can prestage the CNO.

To do this, right-click the desired OU in Active Directory Users and Computers and select New > Computer.

Creating a new computer object for the cluster name in Active Directory

Creating a new computer object for the cluster name in Active Directory

In the following dialog box, enter the desired name. After confirming, you should activate the option Protect object from accidental deletion in the Object tab of the CNO's properties.

Assigning a name to the cluster object

Assigning a name to the cluster object

It is also important to execute the command Deactivate account from the context menu of the computer account. Otherwise, you will get an error that the account is already in use when you create the cluster.

Assigning rights to a cluster admin ^

If the cluster is created by another admin, it should be ensured that they have sufficient permissions to the CNO. To do this, open its properties, go to the Security tab, add the necessary users or groups, and grant them full access.

Finally, the CNO should be given permissions to the OU it is located in so that the admin is able to add cluster roles. For this task, open the properties of the OU, go to the Security tab, click Advanced, and then Add.

Click the Select Principal link to open the selection dialog for accounts to be authorized and add Computers to the Object Types. Then enter the CNO and confirm in the dialog box if the click on Check Names was successful.

Selecting a CNO as the principal for permissions in the OU

Selecting a CNO as the principal for permissions in the OU

In the list of permissions that will then appear, activate Create Computer Objects in addition to the preselected ones.

The CNO requires the permission to create new computer objects in its OU

The CNO requires the permission to create new computer objects in its OU

Problems with missing DNS records ^

By now, you should be able to create a server cluster with this name. When you're done and you try to connect the cluster, it could fail for several reasons. The cause for failure is relatively obvious if you have been using Windows Admin Center (WAC), as its Cluster Creation Tool fails to create the corresponding DNS entry.

The log will then contain Event 1196 with the following entry:

Cluster network name resource "Cluster name" failed registration of one or more associated DNS name(s) for the following reason: DNS server failure.

Ensure that the network adapters associated with dependent IP address resources are configured with at least one accessible DNS server.

Event 1196 shown here in PowerShell refers to the failed creation of the DNS record

Event 1196 shown here in PowerShell refers to the failed creation of the DNS record

You can query the corresponding entries on a cluster node with PowerShell, like this:

Get-EventLog -LogName system -InstanceId 1196 -Newest 5

Creating DNS entries for the CNO ^

Consequently, the DNS entry will be missing after the cluster configuration is complete; therefore, you have to create it yourself. In the DNS manager, execute the command New Host (A or AAAA). Enter the name of the cluster in the dialog box, and enter the IP address of the owner node's management interface to be able to connect immediately.

The cluster owner is obtained by executing the following command on one of the nodes:

Get-ClusterResource| fl -Property *

Determining the owner node of the cluster with PowerShell

Determining the owner node of the cluster with PowerShell

It is now important to grant the cluster nodes and the CNO full access to the record. This is necessary because cluster ownership changes between the nodes, and therefore, they must all be able to update the DNS entry independently.

To do this, open the properties of the new record, switch to the Security tab, and click Add. Then you must activate Computers again under Object types, so that you can then search for the names of the nodes and the CNO. Finally, confirm your changes.

The cluster nodes and the CNO must be given full access to the CNOs DNS record

The cluster nodes and the CNO must be given full access to the CNOs DNS record

Removing unsuitable DNS servers ^

Connecting to a cluster might also fail because the network configuration of the cluster nodes contains a DNS server for which they have no permissions. These are typically from internet providers or public DNS services, such as Google.

Subscribe to 4sysops newsletter!

In this case, if you use WAC for cluster configuration, you can connect directly to the individual nodes from there and add only the internal DNS servers via the network tool, for example, by using a static entry.

+3
avataravatar
0 Comments

Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account