With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.
Course Of The Month
7 days, 23 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
cluster service on MS 2012 OS
Posted on 2016-08-25
Dear Experts,
may I please have your opinion on this and help to resolve an issue I have.
is it compulsory to have MS failover cluster running with a specific service account? If yes, could please explain why? OR why it is suggested to run with a created service account?
my current file cluster service on 2012 OS is running as local system. I created my file server cluster with my admin account which is member of domain admins. As this is UAT platform I only noticed a warning message today. ( my admin account is not service account for any service)
I checked the eventview and noticed below error
https://technet.microsoft.com/en-us/library/cc727283(v=ws.10).aspx
my error code 49 and solution in the article is as below:
Error code 49 (Invalid credentials)
This error code might indicate that the user's password expired while the user is still logged on the computer.
To correct invalid credentials:
1.Change the user's password.
2.Lock/unlock the workstation.
3.Check if there are any system services running as the user account.
4.Verify the password in service configuration is correct for the user account
my concern is with number "3" ??
did I miss something with during cluster creation regards to service account?
regards
Kuzum
may I please have your opinion on this and help to resolve an issue I have.
is it compulsory to have MS failover cluster running with a specific service account? If yes, could please explain why? OR why it is suggested to run with a created service account?
my current file cluster service on 2012 OS is running as local system. I created my file server cluster with my admin account which is member of domain admins. As this is UAT platform I only noticed a warning message today. ( my admin account is not service account for any service)
I checked the eventview and noticed below error
https://technet.microsoft.com/en-us/library/cc727283(v=ws.10).aspx
my error code 49 and solution in the article is as below:
Error code 49 (Invalid credentials)
This error code might indicate that the user's password expired while the user is still logged on the computer.
To correct invalid credentials:
1.Change the user's password.
2.Lock/unlock the workstation.
3.Check if there are any system services running as the user account.
4.Verify the password in service configuration is correct for the user account
my concern is with number "3" ??
did I miss something with during cluster creation regards to service account?
regards
Kuzum
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3-
3
7 Comments
Active today
When it comes to standing up a cluster we would never change any service account setups post-deployment. The cluster service interacts with the systems involved on many levels. Leave them as they are out of the box to allow things to function as expected.
thanks Philip.
are you suggesting this because I have service running with system account already?
is it not best to have a service account right at the beginning then?
are you suggesting this because I have service running with system account already?
is it not best to have a service account right at the beginning then?
Active today
My apologies, I misinterpreted the warning.
I suggest starting here for checking to see what account(s) have expired passwords:
https://gallery.technet.microsoft.com/scriptcenter/How-to-check-if-Active-f27b7d39
I suggest starting here for checking to see what account(s) have expired passwords:
https://gallery.technet.microsoft.com/scriptcenter/How-to-check-if-Active-f27b7d39
Active today
Here are a couple of thoughts.
When setting up a cluster I usually provision my cluster object to avoid granting extra permission in AD to the cluster node and always leave the services running as local system. I have read that MS is recommending this be left as local system to lower admin overhead and to avoid the issue of someone changing the service account cluster password and compromising the cluster. GMSA are an option for services that run within the cluster but not for the core cluster services themselves.
In regards to the event id you listed, have you checked to see if there are any orphan RDP session open on the cluster? I have see instance where GP process errors get generated from a disconnected RDP session of a user
When setting up a cluster I usually provision my cluster object to avoid granting extra permission in AD to the cluster node and always leave the services running as local system. I have read that MS is recommending this be left as local system to lower admin overhead and to avoid the issue of someone changing the service account cluster password and compromising the cluster. GMSA are an option for services that run within the cluster but not for the core cluster services themselves.
In regards to the event id you listed, have you checked to see if there are any orphan RDP session open on the cluster? I have see instance where GP process errors get generated from a disconnected RDP session of a user
thanks for your help.
@Philip - I am not sure if this code can help me? I know that my admin account were expired and I reset it. this is the account I used to create cluster. can we find out how my admin account caused the issue with this code?
@compdigit44 I checked and did not see any orphan RDP sessions. I had restarted this server node twice and this is not a live server yet so it would have been my admin account causing issue may be? but I also though we no longer need to create or manage service accounts with 2012 OS?
may be it is best to disable my admin account and get someone else to perform some failover test?
regards
kuzum
@Philip - I am not sure if this code can help me? I know that my admin account were expired and I reset it. this is the account I used to create cluster. can we find out how my admin account caused the issue with this code?
@compdigit44 I checked and did not see any orphan RDP sessions. I had restarted this server node twice and this is not a live server yet so it would have been my admin account causing issue may be? but I also though we no longer need to create or manage service accounts with 2012 OS?
may be it is best to disable my admin account and get someone else to perform some failover test?
regards
kuzum
Active today
Was the admin account logged on to one or both of the hosts when the password expired? That's where that password error would come up.
We always log off Hyper-V standalone and clustered nodes. Microsoft Management Consoles (MMCs) are somewhat notorious for memory leaks among other user centric services.
We always log off Hyper-V standalone and clustered nodes. Microsoft Management Consoles (MMCs) are somewhat notorious for memory leaks among other user centric services.
Featured Post
Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!
Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!
Act now. This offer ends July 14, 2017.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Active Directory security has been a hot topic of late, and for good reason. With
90%
of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target.
To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Suggested Courses
Course of the Month7 days, 23 hours left to enroll
729 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.