| Home | Register | Members | Search | Windows Vista Tips | File Database | Links |
 |
| Thread Tools | Display Modes |
|
Guest
Posts: n/a
|
|
|
|
||
|
|
| |
|
Guest
Posts: n/a
|
|
|
|
|
||
|
Guest
Posts: n/a
|
"Allyn" <> wrote in message
news  AD28B59-24F0-469A-98FB-...> We had a SAN that went belly up over the weekend, and we're having > problems > getting the cluster back on line. It has been running for some time. There > are 3 errors in the event viewer: Just based on the SAN failure, I am betting that you have some disk signature issues. So, the previous post about using the clusterrecovery.exe tool is a good first step. Does the quorum disk come online? Since the SAN failed, it is likely that the SAN configurations for the HBA WWNs have been lost and not properly reconfigured. Make sure that you reset the LUN masks. If the SAN has been reconfigured, you should be able to at least see the cluster disk from each node. Can you do that? You will also need to be able to see the disk used for the printer spool with any shared drivers that you might have installed there, too. > Event ID: 1205; The Cluster service failed to bring clustered service or > application 'printserver' completely online or offline. One or more > resources > may be in a failed state. This may impact the availability of the > clustered > service or application. So, the name itself isn't coming online? Well, that is completely different from a disk error. Does the name still map to the cluster's virtual IP in DNS? Is the name still valid in AD? > ========== > Event ID: 1207; Cluster network name resource 'printserver' cannot be > brought online. The computer object associated with the resource could not > be > updated in domain 'domain.com' for the following reason: > Unable to obtain the Primary Cluster Name Identity token. This again points to the name resource being the problem here. Can you create a new name resource dependent on the IP and see if it comes online? If so, then you might want to delete the AD computer account and recreate it. If there is a problem with creating a new name resource, then you may have to take other steps. Of course, you can always create another IP resource and name resource to verify that they will come online. This will at least tell you if there is a problem with the cluster services. > The text for the associated error code is: An attempt has been made to > operate on an impersonation token by a thread that is not currently > impersonating a client. > > The cluster identity 'PRINTSERVERCLUS$' may lack permissions required to > update the object. Please work with your domain administrator to ensure > that > the cluster identity can update computer objects in the domain. > ========= This sounds like a Cluster Name Object (CNO) issue. > Event ID: 1069: Cluster resource 'printserver' in clustered service or > application 'printserver' failed. With everything else failing, this is fully expected to also fail. <G> > ========== > > A possible related error is on the domain controller: > > Event ID 4: The Kerberos client received a KRB_AP_ERR_MODIFIED error from > the server . The target name used was host/PRINTSERVERCLUSTER.DOMAIN.COM. > This indicates that the target server failed to decrypt the ticket > provided > by the client. This can occur when the target server principal name (SPN) > is > registered on an account other than the account the target service is > using. > Please ensure that the target SPN is registered on, and only registered > on, > the account used by the server. This error can also happen when the target > service is using a different password for the target service account than > what the Kerberos Key Distribution Center (KDC) has for the target service > account. Please ensure that the service on the server and the KDC are both > updated to use the current password. If the server name is not fully > qualified, and the target domain () is different from the client domain > (DOMAIN.COM), check if there are identically named server accounts in > these > two domains, or use the fully-qualified name to identify the server. Have you run setspn with the name? Good luck. -- Russ Kaufmann MVP, MCT, MCITP x7, MCTS x9, MCSE x4, CTT+ ClusterHelp.com, a Microsoft Gold Certified Partner Email: http://www.clusterhelp.com Blog: http://msmvps.com/clusterhelp |
|
|
|
|
|||
|
Guest
Posts: n/a
|
Hi Russ, Hi Allyn,
I would also bet at "CNO" issues :-) Check this out to "repair" the CNO in your active directory : Failover Cluster Step-by-Step Guide: Configuring Accounts in Active Directory http://technet.microsoft.com/en-us/l...02(WS.10).aspx especially section "Steps for troubleshooting problems related to accounts used by the cluster" Hope that helps Regards Ramazan "Russ Kaufmann" <> wrote in message news:BAA88A25-8BA1-4DA2-800C-... > "Allyn" <> wrote in message > news AD28B59-24F0-469A-98FB-...>> We had a SAN that went belly up over the weekend, and we're having >> problems >> getting the cluster back on line. It has been running for some time. >> There >> are 3 errors in the event viewer: > > Just based on the SAN failure, I am betting that you have some disk > signature issues. So, the previous post about using the > clusterrecovery.exe tool is a good first step. Does the quorum disk come > online? > > Since the SAN failed, it is likely that the SAN configurations for the HBA > WWNs have been lost and not properly reconfigured. Make sure that you > reset the LUN masks. > > If the SAN has been reconfigured, you should be able to at least see the > cluster disk from each node. Can you do that? You will also need to be > able to see the disk used for the printer spool with any shared drivers > that you might have installed there, too. > >> Event ID: 1205; The Cluster service failed to bring clustered service or >> application 'printserver' completely online or offline. One or more >> resources >> may be in a failed state. This may impact the availability of the >> clustered >> service or application. > > So, the name itself isn't coming online? Well, that is completely > different from a disk error. Does the name still map to the cluster's > virtual IP in DNS? Is the name still valid in AD? > >> ========== >> Event ID: 1207; Cluster network name resource 'printserver' cannot be >> brought online. The computer object associated with the resource could >> not be >> updated in domain 'domain.com' for the following reason: >> Unable to obtain the Primary Cluster Name Identity token. > > This again points to the name resource being the problem here. Can you > create a new name resource dependent on the IP and see if it comes online? > If so, then you might want to delete the AD computer account and recreate > it. If there is a problem with creating a new name resource, then you may > have to take other steps. Of course, you can always create another IP > resource and name resource to verify that they will come online. This will > at least tell you if there is a problem with the cluster services. > >> The text for the associated error code is: An attempt has been made to >> operate on an impersonation token by a thread that is not currently >> impersonating a client. >> >> The cluster identity 'PRINTSERVERCLUS$' may lack permissions required to >> update the object. Please work with your domain administrator to ensure >> that >> the cluster identity can update computer objects in the domain. >> ========= > > This sounds like a Cluster Name Object (CNO) issue. > >> Event ID: 1069: Cluster resource 'printserver' in clustered service or >> application 'printserver' failed. > > With everything else failing, this is fully expected to also fail. <G> > >> ========== >> >> A possible related error is on the domain controller: >> >> Event ID 4: The Kerberos client received a KRB_AP_ERR_MODIFIED error from >> the server . The target name used was host/PRINTSERVERCLUSTER.DOMAIN.COM. >> This indicates that the target server failed to decrypt the ticket >> provided >> by the client. This can occur when the target server principal name (SPN) >> is >> registered on an account other than the account the target service is >> using. >> Please ensure that the target SPN is registered on, and only registered >> on, >> the account used by the server. This error can also happen when the >> target >> service is using a different password for the target service account than >> what the Kerberos Key Distribution Center (KDC) has for the target >> service >> account. Please ensure that the service on the server and the KDC are >> both >> updated to use the current password. If the server name is not fully >> qualified, and the target domain () is different from the client domain >> (DOMAIN.COM), check if there are identically named server accounts in >> these >> two domains, or use the fully-qualified name to identify the server. > > Have you run setspn with the name? > > Good luck. > > -- > Russ Kaufmann > MVP, MCT, MCITP x7, MCTS x9, MCSE x4, CTT+ > ClusterHelp.com, a Microsoft Gold Certified Partner > > Email: > http://www.clusterhelp.com > Blog: http://msmvps.com/clusterhelp |
|
|
|
|
|||
|
|
| |
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Problems with Windows Messenger User tagged as being Offline. | DaleB | Windows Live Messenger | 0 | 01-05-2010 10:50 PM |
| Re: Local Access Only, Unidentified Network | Jack-MVP | Windows Vista Networking | 5 | 12-08-2009 11:48 AM |
| problems in network | paulo reis | Virtual PC | 1 | 11-25-2009 05:51 PM |
| Offline files fail to synchronize | Bob | Windows Vista File Management | 19 | 04-30-2009 04:45 AM |
| Command & Conquer Network Problems | Melbourne 21 | Windows Vista Games | 0 | 08-08-2007 08:39 AM |
Linear Mode
