Link to home
Start Free TrialLog in
Avatar of Ruwantha Kodikara
Ruwantha KodikaraFlag for United Arab Emirates

asked on

Problem with my Windows Clusters

I have two servers in a Windows server 2016 clusters. Since a couple of days, the active node shows "trust relationship between workstation and primary domain failed"

I can't seem to fix the issue. please help.
ASKER CERTIFIED SOLUTION
Avatar of Alex
Alex
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Zaheer Iqbal
Zaheer Iqbal
Flag of United Kingdom of Great Britain and Northern Ireland image

Has any network changes been made recently on the server ?

Can it communicate with the domain ?

Avatar of Ruwantha Kodikara
Ruwantha Kodikara
Flag of United Arab Emirates image

ASKER

Hi, I have rejoined the node to the domain and it worked but after one day, it appeared again.
Avatar of Ruwantha Kodikara
Ruwantha Kodikara
Flag of United Arab Emirates image

ASKER

I can ping the server and our monitoring tools show no errors in the server, just that it disconnects from the domain.
Avatar of Zaheer Iqbal
Zaheer Iqbal
Flag of United Kingdom of Great Britain and Northern Ireland image

You can also do the below;  However you will need to try and fail the Cluster over if its the Primary node.


Using PowerShell v3+ by executing the following with an admin prompt:
Reset-ComputerMachinePassword

or netdom

netdom resetpwd /s:dc.ad.local /ud:ad\adminaccount /pd:*

Avatar of Zaheer Iqbal
Zaheer Iqbal
Flag of United Kingdom of Great Britain and Northern Ireland image

Ok can you check all your domain controllers are healthy.


You can also try -

Test-ComputerSecureChannel -Repair -Credential (Get-Credential) -Verbose

Open in new window

Avatar of Alex
Alex
Flag of United Kingdom of Great Britain and Northern Ireland image

The above won't work, I think it's actually an issue with your cluster computer account to be honest, when you initially configured the cluster and it created the computer account, any issues or did it work flawlessly?



Avatar of Zaheer Iqbal
Zaheer Iqbal
Flag of United Kingdom of Great Britain and Northern Ireland image

can you check the event log for any related errors and post here.


Thanks

Avatar of Alex
Alex
Flag of United Kingdom of Great Britain and Northern Ireland image
  1. Start the Active Directory Users and Computers snap-in from Administrative Tools.
  2. On the View menu, click Advanced Features.
  3. Locate the computer object that you want the Cluster service account to use.
  4. Right-click the computer object, and then click Properties.
  5. Click the Security tab, and then click Add.
  6. Add the Cluster service account or a group that the Cluster Service account is a member of.
  7. Grant the user or the group the following permissions:

    • Reset Password
    • Validated Write to DNS Host Name
    • Validated Write to Service Principal Name
  8. Click OK.



Try that to start

Avatar of Ruwantha Kodikara
Ruwantha Kodikara
Flag of United Arab Emirates image

ASKER

The cluster was created 4 months ago and it worked without any problems. It just stared only recently.
Avatar of Alex
Alex
Flag of United Kingdom of Great Britain and Northern Ireland image

I think it's the computer account for the cluster itself, you can try to reset that and then try again. 


Test-ComputerSecureChannel -Repair -Server "your computer" -Credential(Get-Credential)

Open in new window


Also, disclaimer here, I'd do it out of hours just in case.