SQLTeam.com | Weblogs | Forums

SQL 2008 Cluster Installation - SPN Issue


#1

Dear All,

I am trying to setup a 2-Node SQL 2008 Cluster on Windows 2008R2 (64-bit) using the sliptstream (SP3). I am getting the following error in the end:

The cluster resource 'SQL Server' could not be brought online. Error: The group or resource is not in the correct state to perform the requested operation. (Exception from HRESULT: 0x8007139F)

When I check the SQL Server log, I see the following:

The SQL Server Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0x2098, state: 15. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication

Below is the output of setspn command that suggests SPN is registered:

D:>setspn -L <Service Account Name>

Registered ServicePrincipalNames for CN=,OU=Services Accounts,DC=,DC=

Can you please guide me how to resolve this issue?


#2

Hi,
Even SPN is not setup, you should still be able to bring the instance online, it just that it will not use Kerberos.

Looks to me is the cluster service that do not have permission to SQL and cannot verify its healthiness, what you can check is that once you try to bring up the SQL instance from cluster manager, if you can see the SQL instance started then after a while it got stopped again, then its more on the permission issue with the cluster account cannot access SQL.

As for setting up SPN, here is a link that might can help you.
Hope this helps.


#3

Dear Dennisc,

Detailed investigation showed it was a permission issue in the Active directory. We were getting following error in even viewer:

Start of Logs

Cluster network name resource 'SQL Network Name (SQL Cluster Name)' failed to create its associated computer object in domain 'Domain Name' for the following reason: unable to update the password for computer account.

The text for the associated error code is: Access is denied.

Please work with your domain administrator to ensure that:

  • The cluster identity 'Windows Cluster Name$' can create computer objects. By default all computer objects are created in the 'Computers' container; consult the domain administrator if this location has been changed.

  • The quota for computer objects has not been reached.

  • If there is an existing computer object, verify the Cluster Identity 'Windows Cluster Name$' has 'Full Control' permission to that computer object using the Active Directory Users and Computers tool.

End of Logs

We consulted with our system team and the following link and were able to resolve the issue

Thank you.