Solved

cluster service on MS 2012 OS

Posted on 2016-08-25
7
75 Views
Last Modified: 2016-09-06
Dear Experts,

may I please have your opinion on this and help to resolve an issue I have.

is it compulsory to have MS failover cluster running with a specific service account?  If yes, could please explain why? OR why it is suggested to run with a created service account?
my current file cluster service on 2012 OS is running as local system.  I created my file server cluster with my admin account which is member of domain admins. As this is UAT platform I only noticed a warning message today.  ( my admin account is not service account for any service)

I checked the eventview and noticed below error

https://technet.microsoft.com/en-us/library/cc727283(v=ws.10).aspx

my error code 49 and solution in the article is as below:

Error code 49 (Invalid credentials)

This error code might indicate that the user's password expired while the user is still logged on the computer.

To correct invalid credentials:
1.Change the user's password.
2.Lock/unlock the workstation.
3.Check if there are any system services running as the user account.
4.Verify the password in service configuration is correct for the user account

my concern is with number "3"  ??

did I miss something with during cluster creation regards to service account?
regards

Kuzum
0
Comment
Question by:kuzum
  • 3
  • 3
7 Comments
 
LVL 38

Expert Comment

by:Philip Elder
ID: 41770859
When it comes to standing up a cluster we would never change any service account setups post-deployment. The cluster service interacts with the systems involved on many levels. Leave them as they are out of the box to allow things to function as expected.
0
 

Author Comment

by:kuzum
ID: 41771308
thanks Philip.

are you suggesting this because I have service running with system account  already?
 
is it not  best to have a service account  right at the beginning then?
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 41773362
My apologies, I misinterpreted the warning.

I suggest starting here for checking to see what account(s) have expired passwords:

https://gallery.technet.microsoft.com/scriptcenter/How-to-check-if-Active-f27b7d39
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 19

Expert Comment

by:compdigit44
ID: 41773999
Here are a couple of thoughts.

When setting up a cluster I usually provision my cluster object to avoid granting extra permission in AD to the cluster node and always leave the services running as local system. I have read that MS is recommending this be left as local system to lower admin overhead and to avoid the issue of someone changing the service account cluster password and compromising the cluster. GMSA are an option for services that run within the cluster but not  for the core cluster services themselves.

In regards to the event id you listed, have you checked to see if there are any orphan RDP session open on the cluster? I have see instance where GP process errors get generated from a disconnected RDP session of a user
0
 

Author Comment

by:kuzum
ID: 41774421
thanks for your help.

@Philip - I am not sure if this code can help me? I know that my admin account were expired and I reset it. this is the account I used to create cluster. can we find out how my admin account caused the issue with this code?

@compdigit44  I checked and did not see any orphan RDP sessions. I had restarted this server node twice and this is not a live server yet so it would have been my admin account causing issue may be?  but I also though we no longer need to create or manage service accounts with 2012 OS?  

may be it is best to disable my admin account and get someone else to perform some failover test?  

regards
kuzum
0
 
LVL 38

Accepted Solution

by:
Philip Elder earned 500 total points
ID: 41775275
Was the admin account logged on to one or both of the hosts when the password expired? That's where that password error would come up.

We always log off Hyper-V standalone and clustered nodes. Microsoft Management Consoles (MMCs) are somewhat notorious for memory leaks among other user centric services.
0
 

Author Closing Comment

by:kuzum
ID: 41785840
it was logged in and expired. thank you
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question