I was wondering if someone can provide me quick 101 or some references that explain Cluster SQL Server Network, AD and Kerberos Authentication. Background:
I have created a 2 node MS 2K3 Cluster with SQL2K8 test system. When I first attempted to bring the SQL Network Name online, the following error occurred.
Event Type: Error
Event Source: ClusSvc
Event Category: Network Name Resource
Event ID: 1194
Time: 3:10:08 AM
The computer account for Cluster resource 'SQL Network Name (SQLNetworkName)' in domain domain.corp could not be created for the following reason: Unable to create computer account.
The text for the associated error code is: Access is denied.
The Cluster Service Account may lack the proper access rights to Active Directory. The domain administrator should be contacted to assist with resolving this issue.
I disabled the Kerberos Authentication and the SQL Network Name and subsequently the SQL server cluster was able to be put online with no errors. I am not experienced with AD and our domain administrator is not very accommodating with knowledge or assistance. Clearly, I understand the “Sql Network Name” is not in our Domain.
But, I am uncertain what AD constructs\component should be created?
Also, I understand basically Kerberos Authentication is a security\authentication protocol (challenge\response model). It appears there is dependence between AD and SQL Network Name? I assume this option enable will require fully qualified entry SQL Network Name in our Corp domain for it to work?
Last, what are the system risks if Kerberos Authentication is not enabled…could this impact testing applications in the cluster? Essentially, I do not want to cause issues by not correctly implementing the SQL Cluster.
Any info or reference would be greatly appreciated and thanks in advance.