Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Failure to create SA cluster resource

Status
Not open for further replies.
xmsre

xmsre

ISP
Jul 13, 2003
3,140
US
I finally have a problem to post. Today, I was working on a W2K3/E2K3 cluster. It's a new org, clean AD.

1. DNS is Bind 9.
2. Root domain is Fred.company.org
3. Seperate tree Barney.company.org is where exchange lives.
4. Forestprep has been done.
5. Domainprep done in both domains
6. Policytest succeeds.
7. No errors in netdiag.
8. No errors in DCdiag.
9. Cluster is up, storage is HP EMA series sized for 5000 users.
10. Exchange 2K3 is installed on both nodes.
11. all the SRV records are present
12. DTC is installed on the cluster
13. There are a total of 4 GCs in the forest, replication works great, and no obvious errors anywhere else.


The problem is that when I go to create the SA resource, it fails with Bad network path c0070035. The only thing in the applog is a DSaccess event 2081 showing no GCs found. The Dsaccess 2080 list is also blank. In the system log there is an LSA error dealing with a failure to dynmaicly recister a name, the virtual server name I'm guessing.

Has anyone seen this or have any ideas?



 
Sort by date Sort by votes
With a fresh start this morning I figured it out.

The first part was that the organization had restricted permissions on the site objects. DSAccess uses may methods to find sutable GCs, and querying site is one if them.

After fixing that, the resoure created then failed with a kerberos error. The organization had also restricted the permission to join the domain. I caught the failure in the security log, and granted the cluster account that right. In 2K3, a computer account for the name resource is created because we need the RC4 key for kerberos. On the third try, all went well.

I still get the can't register in DNS error, but this is because the organization is only allowing the DCs to do dynamic updates in bind. I'll get that later. Right now I need to get the pix blades up and going so I can do the NLB front end and catch my flight this afternoon.




 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Satishkumar007
  • Locked
  • Question
Help needed to recover after complete site failure
Replies
0
Views
3K
Satishkumar007
Satishkumar007
PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
3K
PatrickRoggers
PatrickRoggers
T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
3K
DrB0b
DrB0b
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
3K
ComputersUnlimited
ComputersUnlimited
DrB0b
  • Locked
  • Question
Moved to 365 in cloud, cannot get iPhones default mail app to connect
Replies
2
Views
3K
Priyanka_Chauhan
Priyanka_Chauhan

Part and Inventory Search

Sponsor

Back
Top