SQLServerWiki

“The Only Thing That Is Constant Is Change”

How To Pre-Stage SQL Virtual computer object (VCO) on Windows 2008 Cluster For SQL 2008 Failover Cluster Installation

Posted by database-wiki on September 30, 2011

NOTE: In a security tightened organization(s), SQL Server 2008 installation will fail with the following error. This happens because the cluster name object (CNO) that resides in computer objects container in active directory does not have permission to bring the virtual server computer object (VCO) as resource in the windows 2008 cluster.

– From Setup log -> detail.txt

2009-06-26 11:43:28 Slp:    at Microsoft.SqlServer.Configuration.Cluster.ClusterResource.Online(Int32 timeout)
2009-06-26 11:43:28 Slp:    at Microsoft.SqlServer.Configuration.SqlEngine.SQLEngineClusterFeature.Cluster

2009-06-26 11:43:28 Slp: Inner exception:
2009-06-26 11:43:28 Slp:                Exception: System.Runtime.InteropServices.COMException.
2009-06-26 11:43:28 Slp:                Source: MSClusterLib.

– From cluster log

000007a8.00000d18::2009/06/26-15:16:37.240 INFO  [RES] Network Name <SQL Network Name (EG-SQLT***)>: Found existing computer account EG-SQLT*** on DC \\eg-***-***.TL*.*son.Com.
000007a8.00000d18::2009/06/26-15:16:37.255 INFO  [RES] Network Name <SQL Network Name (EG-SQLT***)>: Computer account EG-SQLT*** is disabled. Attempting to re-enable.
000007a8.00000d18::2009/06/26-15:16:37.302 ERR   [RES] Network Name <SQL Network Name (EG-SQLT***)>: Computer account EG-SQLT*** couldn’t be re-enabled. status 5
000007a8.00000d18::2009/06/26-15:16:37.333 ERR   [RHS] Online for resource SQL Network Name (EG-SQLT***) failed.
00000658.000009f0::2009/06/26-15:16:37.333 INFO  [RCM] HandleMonitorReply: ONLINERESOURCE for ‘SQL Network Name (EG-SQLT***)’, gen(0) result 5018.

– From system event log

Error  6/26/2009 12:43:38 PM      Microsoft-Windows-FailoverClustering     1069   Resource Control Manager       Cluster resource ‘SQL Network Name (EG-SQLT***)’ in clustered service or application ‘SQL Server (MSSQLSERVER)’ failed.

Error  6/26/2009 12:43:37 PM      Microsoft-Windows-FailoverClustering     1194   Network Name Resource       “Cluster network name resource ‘SQL Network Name (EG-SQLT***)’
failed to create its associated computer object in domain ‘TLR.Thomson.Com’ for the following reason: Computer account is disabled and couldn’t be re-enabled.
The text for the associated error code is: Access is denied.
Please work with your domain administrator to ensure that:
– The cluster identity ‘EG-SQLT***-B01C$’ can create computer objects. By default all computer objects are created in the ‘Computers’ container; consult the domain administrator if this location has been changed.
– The quota for computer objects has not been reached.
– If there is an existing computer object, verify the Cluster Identity ‘EG-SQLT***-B01C$’ has ‘Full Control’ permission to that computer object using the Active Directory Users and Computers tool.”
Error  6/26/2009 12:43:29 PM      Microsoft-Windows-FailoverClustering     1069   Resource Control Manager       Cluster resource ‘SQL Network Name (EG-SQLT***)’ in clustered service or application ‘SQL Server (MSSQLSERVER)’ failed.
Error  6/26/2009 12:43:29 PM      Microsoft-Windows-FailoverClustering     1194   Network Name Resource       “Cluster network name resource ‘SQL Network Name (EG-SQLT***)’ failed to create its associated computer object in domain ‘TLR.Thomson.Com’ for the following reason: Computer account is disabled and couldn’t be re-enabled.

The text for the associated error code is: Access is denied.

Tips:

Instead of installing SQL Server 2008 on a cluster create a client access point to see if we dont get any access denied for sql virtual server name. ( IP address is needed, it should be the same one which you are going to used for sql virtual server name during the setup.

Option 1
=======

1. Create an empty Service or application group

2. Add the Disk Resources

3. Ensure that the Physical Disks do not have any dependencies

4. In Active Directory Create the Computer Object that will reflect the SQL Virtual Computer Name

5. In the Active Directory Computers And Users Snap-in

a. Select View / Advanced Features

6. Right Click on the SQL VCO we just created and select Properties

7. On The Security Tab Click Add

8. In The Add Dialog Box Click The Object Types Button and Ensure that computers is selected.

9. Now type in the name of the Cluster (The Cluster Virtual Network Name or CNO you specified when creating the cluster, Not the SQL Virtual Network Name) or VCO then click OK

10. Now Right Click on the Cluster Computer account and ensure that it has the following rights to the SQL Virtual Network Name object.

(Note: Failure to add all the rights below can cause the cluster service resource monitor process to crash)

Read

Allowed To Authenticate

Change Password

Recieve As

Reset Password

Send As

Validate write To DNS Host Name

Validate Write To Service Principle Name

Read Account Restrictions

Write Account Restrictions

Read DNS Host Name Attributes

Read MS-TS-GatewayAccess

Read Personal Information

Read Public Information

11. Click Apply (Now we are going to add additional special privileges)

12. Now click the Advanced Button

13. Click Add

14. In The Add Dialog Box Click The Object Types Button and Ensure that computers is selected.

15. Now type in the name of the Cluster (The Cluster Virtual Network Name you specified when creating the cluster, Not the SQL Virtual Network Name) then click OK

16. Ensure that the Rights / Permissions are selected as allow:

List Contents

Read All Properties

Read Permissions

All Extended Rights

Allowed to Authenticate

Change Password

Recieve AS

Reset Password

17. Click OK

18. Click OK on the Advanced Security Settings

19. Now Select the Delegation Tab

20. Select Trust This Computer for Delegation to any service (Kerberos Only)

21. Now Click OK on the final Dialog Box to Close it

22. You can now close out of the Active Directory Users and Computers Snap-in

23. From a Command Prompt change to the Drive and directory containing the SQL Setup Executable (Setup.exe)

24. Type Setup /SkipRules=Cluster_VerifyOnError /Action=InstallFailoverCluster

25. Hit Enter

26. Proceed with normal SQL Installation Dialogs.

27. After installation Change the Physical Disk Resources to Depend on the EMC Resource (All resources must be offline to perform this action) You can Now proceed to Add the other Nodes into the SQL Failover Cluster.

Option 2
=======

1. Create an empty Service or application group

2. Add the Disk Resources and EMC Resources to this group

3. Ensure that the Physical Disks do not have any dependencies

4. Add a New Client Access Point Resource

a. For the Name enter the SQL Virtual Network Name you are going to use for SQL

b. For the IP enter the IP of the SQL Virtual instance you are going to use for SQL

5. Once it is Created you Must Bring it online

6. After it is Online Open the Active Directory Users and Computers Snap-in

7. Right Click on the SQL Virtual Network Name Computer Object and Select Properties

8. Now Select the Delegation Tab

9. Select Trust This Computer for Delegation to any service (Kerberos Only)

10. Now Click OK

11. You can now close out of the Active Directory Users and Computers Snap-in

12. From a Command Prompt change to the Drive and directory containing the SQL

Setup Executable (Setup.exe)

13. Type Setup /SkipRules=Cluster_VerifyOnError /Action=InstallFailoverCluster

14. Hit Enter

15. Proceed with normal SQL Installation Dialogs.

16. After installation Change the Physical Disk Resources to Depend on the EMC Resource (All resources must be offline to perform this action)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: