none
SQL 2008 Cluster errors on failover - Name resource failed

    Question

  • I have installed 4 instances of SQL 2008 SP1 failover cluster on Windows Server 2008 x64 Enterprise SP2 platform. Cluster consists of 2 nodes. The installation was successfull, 2nd node was added without any visible problem.  All the cluster group resources are onlinebeing in the first node. But when I try to move one cluster  instance from one node to another - SQL Server Name instance fails to start.

    There are some errors from the event log:

    Log Name:      System
    Source:        Microsoft-Windows-Security-Kerberos
    Event ID:      4
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      SQLNode2.testdomain.local
    Description:
    The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server SQLNode2$. The target name used was cifs/SQLCluster1.testdomain.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (testdomain.local) is different from the client domain (testdomain.local), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.


    Log Name:      System
    Event ID:      1207
    Task Category: Network Name Resource
    Level:         Error
    Keywords:     
    User:          SYSTEM
    Computer:      SQLNode2.testdomain.local
    Description:
    Cluster network name resource 'SQL Network Name (SQLCluster1)' cannot be brought online. The computer object associated with the resource could not be updated in domain 'testdomain.local' for the following reason:
    Unable to decrypt resource data.

    The text for the associated error code is: Keyset does not exist

     
    The cluster identity 'WINCLUSTER$' may lack permissions required to update the object. Please work with your domain administrator to ensure that the cluster identity can update computer objects in the domain.


    Log Name:      System
    Source:        Microsoft-Windows-FailoverClustering
    Event ID:      1069
    Task Category: Resource Control Manager
    Level:         Error
    Keywords:     
    User:          SYSTEM
    Computer:      SQLNode2.testdomain.local
    Description:
    Cluster resource 'SQL Network Name (SQLCluster1)' in clustered service or application 'SQLCluster1' failed.

    SPNs seems to be registered correctly:

    C:\Windows>setspn -l testdomain\sccmsql
    Registered ServicePrincipalNames for CN=sccmsql,OU=TestOU,DC=testdomain,DC=local:
            MSSQLSvc/SQLCluster1:60222
            MSSQLSvc/SQLCluster1.testdomain.local:60222

    DNS is not active directory integrated, dynamic updates are not allowed. But Host A and PTR records are created.

    Any suggestions will be much appreciated.

    Saturday, August 14, 2010 6:57 PM

Answers

All replies