Access denied when adding a second node

Discussion in 'Clustering' started by Pascal MIETLICKI, Apr 29, 2010.

  1. Hi all,

    We have an existing cluster with 1 node but when we try to add a second
    node we have an error.
    With the command : cluster /add /node:boxi2
    It returns :
    Configuration du noud boxi2
    ---------------------------------------
    12% Validation de l'‚tat du cluster sur le noud boxi2.Cette phase a
    ‚chou‚ pour l'objet cluster ®ÿboxi2ÿ¯ avec le statut d'erreur
    -2147024891 (0x80070005).
    Cette phase a ‚chou‚ pour l'objet cluster ®ÿboxi2ÿ¯ avec le statut
    d'erreur -2147024891 (0x80070005).
    Nettoyage en cours de boxi2.
    L'erreur systŠme 5 s'est produite (0x00000005).

    Sorry it's in French, but the last part of the error is : Access denied
    (just after cleanup of boxi2 node).

    With the graphic tool (in cluster management), we have : "An error
    occured when adding node "boxi2" to the cluster "clusterboxi".

    We have several questions :
    Is it required to have the cluster service started on the second node
    (the one we are trying to add to the cluster)?
    Would it be a problem with registry permission?

    We tried to find solutions on technet but we didn't find any.

    Thank you in advance for all the help you could provide.

    Best regards,
    P.MIETLICKI
    P.EMILE
     
    Pascal MIETLICKI, Apr 29, 2010
    #1
    1. Advertisements

  2. Pascal MIETLICKI

    RCan Guest

    Hi Pascal,

    sounds for me like an cleanup issue. Was the node which you cannot join to
    the cluster before an member of an cluster before ?
    If you are still runnig an windows 2003 cluster please try to run the
    cluster.exe with the /force /cleanup parameters.
    http://technet.microsoft.com/en-us/library/cc739895(WS.10).aspx
    cluster node /force[cleanup] /evict

    And check this :
    Subsequent nodes cannot join a cluster, and events 1070 and 1009 are logged
    with Windows Server 2003
    http://support.microsoft.com/kb/886717/en-us

    MS Cluster Server Troubleshooting and Maintenance
    http://technet.microsoft.com/en-us/library/cc723248.aspx

    Regards
    Ramazan
     
    RCan, Apr 29, 2010
    #2
    1. Advertisements

  3. Hi,

    Thank you for the answer.
    We forgot to say that we are under Windows server 2008. We made some
    more tests, we created a new cluster in order to test if we can add the
    node that normally has an "Access denied" with the initial cluster and
    it worked.

    But we can't remove the initial cluster (the person in charge does not
    allow us to do this), and when we try to add a second node to this "odd"
    cluster, we have the "Access denied" message... So it's very strange and
    we don't know how to "repair" this cluster.
    We tried the solution you sent (cluster node boxi2 /forcecleanup /evict,
    the evict option indicates that the node is not inside the cluster) and
    it didn't change anything (still the "Access denied" message).

    My suggestion would be to delete the initial cluster and re-create a new
    one with the 2 nodes inside but I'm not allowed to do it, so the only
    option is to figure out what's going on with the existing cluster and
    repair it.

    Thank you very much for your help.
     
    Pascal MIETLICKI, Apr 30, 2010
    #3
  4. Pascal MIETLICKI

    RCan Guest

    Can you please share more details what happens on eventlog / cluster log
    sides (cluster log /gen) ?

    PS : Are you domain administrator when you do this and why are you "not
    allowed" to reinstall the cluster ?

    Regards
    Ramazan
     
    RCan, May 1, 2010
    #4
  5. Hi,

    We did have the right to re-create it (administrative agreement) but we
    still have a problem when we try to add a second node (whatever node it is).

    For example, if I create a cluster with 2 nodes inside directly, we have :
    "error status -2147024891 (0x80070005).
    System error 5 happened (0x00000005)."

    If I create a cluster with only one node (boxi1 or boxi2), it works
    fine. But I have the same error message when I try to add the second node.

    In Event log, we have :
    "Le nœud « BOXI2 » n’a pas pu établir de session de communication
    lorsqu’il a joint le cluster. Cela est dû à un problème
    d’authentification. Assurez-vous que les nœuds exécutent des versions
    compatibles du logiciel de service de cluster."

    Which means :
    "Node boxi2 failed to establish a communication session while joining
    the cluster. This was due to an authentication failure. Please verify
    that the nodes are running compatible versions of the cluster service
    software."

    We have no idea of what we can do to solve it. We checked the rights in
    AD, we deleted the cluster and its objects in AD, but it happens
    everytime we try to create a new one (whatever name we give to it).

    I'm looking forward for your help.

    Regards,
     
    Pascal MIETLICKI, May 3, 2010
    #5
  6. Hi all,

    I forgot to mention that all the validation tests (with the 2 nodes we
    try to join) are done correctly (via the validation tool). It says that
    it would normally function like a charm. But we have the "access
    refused" and the "failed to establish a communication session while
    joining the cluster".

    We have almost the same problem than :
    http://social.technet.microsoft.com...g/thread/a7bd3fa5-4349-4115-ae25-67670c3aab85

    We really need your help, we have no clue.

    Thank you very much.

    Regards,
     
    Pascal MIETLICKI, May 4, 2010
    #6
  7. OK, so let's go to some basic troubleshooting steps.
    1. Can you ping from one server to the other by using the public IP address?
    2. Can you ping from one server to the other by using the private/heartbeat
    IP address?
    3. Did you uncheck the register this network connection in DNS for the
    private network adapter?
    4. Can you run, "Net view \\servername" from one node to the other?
    5. Have you tried disabling the Windows firewall on all network connections?

    Hopefully some of these steps will get you going the right direction.

    --
    Russ Kaufmann
    MVP, MCT, MCITP x7, MCTS x9, MCSE x4, CTT+
    ClusterHelp.com, a Microsoft Gold Certified Partner

    Email:
    http://www.clusterhelp.com
    Blog: http://msmvps.com/clusterhelp
     
    Russ Kaufmann, May 4, 2010
    #7
  8. No, it was check, I unchecked it. Our private network is in
    10.0.0.0/255.0.0.0
    Yes, the shares are different between the 2 nodes
    Yes, it is already disabled


    I re-tried to create the cluster and still have the "access denied".
    I saw that maybe we could re-build the Active Directory (it is one of
    the solution on
    http://social.technet.microsoft.com...g/thread/a7bd3fa5-4349-4115-ae25-67670c3aab85
    but the problem re-appeared for them 3 days later, so we are skeptical.

    Still no clue...

    If you have any suggestion, it would be great.

    Thank you very much for your help, this is good to know that we can rely
    on a community when we have problems like that.
     
    Pascal MIETLICKI, May 5, 2010
    #8
  9. If you have disabled IPv6, and you have disabled the DHCP Client service,
    you may see similar behaviour

    Start the DHCP Client service and re-try

    HTH,
    Edwin.
     
    Edwin vMierlo [MVP], May 5, 2010
    #9
  10. Hi,

    We have not disabled the DHCP client service but we don't use IPv6 nor
    the DHCP (our ip addresses are statics).

    Still no idea about what to do to solve this problem.

    If anyone has a suggestion, we would be very glad to hear it.

    Thank you.

    Le 05/05/2010 09:33, Edwin vMierlo [MVP] a écrit :
     
    Pascal MIETLICKI, May 5, 2010
    #10
  11. It is not about using DHCP.

    Is DHCP Client service started ?
    If not please start and retry

    thanks,
    Edwin.
     
    Edwin vMierlo [MVP], May 6, 2010
    #11
  12. Yes it is started on both nodes.

    Still "Access denied".

    Thanks,
    pascal
     
    Pascal MIETLICKI, May 10, 2010
    #12
  13. This could be WMI, can you check (to rule this in or out):

    The target is operating within a "disjoint" namespace, meaning that the
    domain that the computer is a member of does not participate within the
    FQDN.

    NetBIOS Name = AppServer1
    Domain = HQ
    Normal FQDN = AppServer1.hq.domian.com
    Target FQDN = AppServer1.domain.com
    Computer Object = this is registered based on domain name,
    so the computer object knows only AppServer1.hq.domain.com

    WMI does a validation check to make sure that the Computer Object is the
    FQDN that you connect to. If it is not, then an Access Denied error occurs.
     
    Edwin vMierlo [MVP], May 12, 2010
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.