Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, May 4, 2016 9:53 PM
Hi,
I'm attempting to create a new failover cluster with three VM's running Server 2016 TP5. When I run the validation tests I don't have any failures. When I attempt to create the cluster I get the following errors:
| Cluster: | anc-fstest | |
| Node: | ANC-WS16TP5-01.ua.ad.mydomain.edu | |
| IP Address: | 137.229.138.236 | |
| Cluster registration: | DNS and Active Directory Domain Services | |
| Started | 5/4/2016 1:39:37 PM | |
| Completed | 5/4/2016 1:40:02 PM |
Beginning to configure the cluster anc-fstest.
Initializing Cluster anc-fstest.
Validating cluster state on node ANC-WS16TP5-01.ua.ad.mydomain.edu.
Searching the domain for computer object 'anc-fstest'.
Find a suitable domain controller for node ANC-WS16TP5-01.ua.ad.mydomain.edu.
Check whether the computer object anc-fstest for node ANC-WS16TP5-01.ua.ad.mydomain.edu exists in the domain. Domain controller \anc-adua03.ua.ad.mydomain.edu. More data is available.
Bind to domain controller . More data is available.
Operation failed, attempting cleanup.
An error occurred while creating the cluster and the nodes will be cleaned up. Please wait...
An error occurred while creating the cluster and the nodes will be cleaned up. Please wait...
There was an error cleaning up the cluster nodes. Use Clear-ClusterNode to manually clean up the nodes.
An error occurred while creating the cluster.
An error occurred creating cluster 'anc-fstest'.
More data is available
To troubleshoot cluster creation problems, run the Validate a Configuration wizard on the servers you want to cluster.
Most of the error just say "More data is available", not only here, but in Windows Event Viewer so I'm having a hard time figuring out what the actual issue is. Of course, the error message advises to run the Validate a Cluster Configuration Wizard, which succeeds in all areas.
The Domain Controllers are at Forest Level 2008 R2, so I'm not sure if that's an issue with Server 2016. I haven't been able to find anything that says it would be, but it does seem to be failing at the DC so I'm suspicious of that. I do have several other Windows Failover Clusters on both Server 2008R2 servers as well as 2012R2 for SQL environments, which I have not had issues with. I wanted to set this cluster up to test Storage Spaces. If someone could point me in one direction or another to look for a solution I would appreciate it. I'm kind of out of ideas right now.
All replies (27)
Friday, May 6, 2016 7:04 PM ✅Answered
From the logging you can see that create cluster is attempting to find a Computer Object in Active Directory, and is contacting a Domain Controller.
Are the nodes domain joined?
Domain Functional Level of Windows Server 2008 R2 should be fine...
The FailoverClustering-Client debug tracing should provide more details. Check out this blog:
Hope this helps,
Elden
Thursday, May 5, 2016 5:21 AM | 1 vote
Did you prestage your cluster object?
https://technet.microsoft.com/en-us/library/dn466519.aspx
Thursday, May 5, 2016 6:12 AM
Hi Stokkolm,
>>The Domain Controllers are at Forest Level 2008 R2, so I'm not sure if that's an issue with Server 2016.
Not sure if it would be an issue because TP5 was just released, you may test on a Server 2012 R2 domain.
Besides, you may try to build a workgroup failover cluster, here is a blog of the details:
Best Regards,
Leo
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Thursday, May 5, 2016 4:16 PM
Did you prestage your cluster object?
I shouldn't need to as I am using Domain Admin credentials when creating the cluster within the Failover Cluster Manager. I went ahead and did it anyway though, but it still failed with the same error messages.
Friday, May 6, 2016 7:49 PM
I don't see any events in the Critical, Error, Warning, Application, or System logs on the Domain Controller, but I don't really know what I'm looking for as far as an Event ID. I tried googling to figure out what event ID might be used during failover cluster creation to contact the DC, but I just get a bunch of event ID's for domain join requests, etc... Don't see any of those during the time frame that I was attempting to create the cluster.
The nodes are domain joined.
Additionally, I setup a new Server 2012R2 VM and configured everything the same way (even re-using the IP addresses) and I'm able to create a failover cluster no problem, which leads me to believe that this is definitely something weird with Server 2016TP5. I'd be curious to hear about someone else's results with creating a failover cluster on Server 2016TP5.
Saturday, May 7, 2016 3:23 AM
What errors are seeing in the Cluster.log and FailoverClustering-Client debug tracing?? See steps #3 and #4 in this blog:
Thanks!
Elden
Monday, May 9, 2016 10:01 PM
One more question... What OS version are your domain controllers running?
You said that your Domain Functional Level is Win2008 R2... I'm curious what OS version the domain controllers are running, which the cluster nodes have access to
Thanks!
Elden
Wednesday, April 12, 2017 2:37 PM
Did you ever manage to find the problem? I am encountering exactly the same issue with Windows Server 2016 1607.
Thursday, August 3, 2017 9:51 AM | 1 vote
Try using New-Cluster cmdlet with -administrativeaccesspoint dns
https://technet.microsoft.com/en-us/itpro/powershell/windows/failoverclusters/new-cluster
Nadav
Friday, September 1, 2017 3:34 PM
@Vesa - did you ever get a response. I, too, and having the same issue with Server 2017 1607. All the requisites seem to be in place, but consistently fails with the same error the OP shows. I was able to activate the verbose logging (via CLI found on a MS blog), and the logs did show some additional info, but nothing that resulted in an epiphany moment. Error 234 came up a lot, but Google didn't help much there.
Saturday, September 2, 2017 3:38 PM
I opened a case with MS support. They searched a while and discovered it was a permission issue in AD. At this time we already had decided to create a brand new forest and dump the old one (due to numerous problems with the old forest, caused by non-professional administrator), so I told MS to close the case, so we actually never found out the root cause. However, it would have been possible to create the cluster and register it only with dns and not AD, that was successful. Check if that would be suitable for you, if you can't find the reason for failing.
Wednesday, September 6, 2017 6:58 PM
Thanks Vesa - As we have a non-MS DNS system, I found I had to add the host record in DNS for the CNO to even allow me to get to actually attempting the cluster creation. I tried both with the CNO in AD and without and got the same result. Tried with the CNO AD object disabled, same result. I did find some information on the security needed (on the CNO and the OU), tried that with the same result. I'll open a call with MS and see what the deal is. Thanks for your feedback.
Saturday, November 4, 2017 1:36 AM | 2 votes
We had this problem and it ended up being from the standard CIS Group Policy Hardening for Windows 2016.
Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment
Deny Access to this computer from the Network = BUILTIN\GUESTS, NT Authority\Local Account
Make this entry blank and then the Cluster would build just fine. No idea why this would break it, but it does.
Monday, November 20, 2017 11:31 AM
Dear all,
we're facing the same issue and MS technical support is unable to find a solution.
My hosts are Windows Server 2016 and my domain is running a functional level of Windows Server 2008 R2.
The validation runs fine but the creation fails reporting the following errors:
CreateClusterNameInADCore (317): Failed to find suitable DC. Error 234.
FindDC (655): Searching for object RESA-HPVC on first choice DC failed. Error 234.
followed by:
ConnectRemoteCluster (877): Couldn't resolve RPC binding to cluster 'RESA-HPVA.resa.fr', Status = 1753
I know the problem comes from our current AD as it's working when I create a new domain from a new AD installation.
In addition, we have another cluster (Windows Server 2008 R2) running fine in the current domain.
I'd appreciate any recommendation/solutions.
thank you,
Thierry
Thursday, December 14, 2017 12:53 PM
Still no solution to this? Experiencing the same problem.
Regards
Fusse
Tuesday, January 9, 2018 12:12 PM
I have a similar issue with 2 node multi-site Windows 2016 cluster after applying the CIS Group policy hardening. Tried clearing the above recommended setting, but still no luck. Is there any other GPO setting that I would need to check to get this working?
I keep getting the below error while adding the secondary node,
"You don't have administrative priviledges on the server "xxxxx.xxxxx"
I have tried disjoin/rejoin the servers from the domain too.
Tuesday, January 30, 2018 12:04 PM
hello, still no solution. But it seems that MS knows somethings about this issue as they are writing a KB, not yet available to the public.
Thierry
Tuesday, February 13, 2018 5:49 AM | 1 vote
We had this problem and it ended up being from the standard CIS Group Policy Hardening for Windows 2016.
Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment
Deny Access to this computer from the Network = BUILTIN\GUESTS, NT Authority\Local Account
Make this entry blank and then the Cluster would build just fine. No idea why this would break it, but it does.
Windows 2012 R2 introduced a new SID into the environment for cluster servers. For cluster servers the setting needs to be Deny Access to this computer from the Network "Builtin\Guests, NT Authority\Local account and member of Administrators group".
Monday, March 12, 2018 8:06 PM
We're seeing this issue in our Windows 2016 AD with Win2016 Datacenter servers. Validation completes successfully, but the build fails.
- Cluster report shows the 'bind to domain controller . more data is available.' error.
- Prestaged the CNO, no difference with or without.
- We've also tried the build with and without the 'Deny Access to this computer from the Network' policy set. Still fails.
- Cluster DiagnosticsVerbose logs are not showing much details/errors.
- Tried alternate pair of Win2016 servers in two domains of forest, same error.
- Seems to be a permissions error in AD since the failure happens right after the cluster build dialog that states 'Find a suitable domain controller for node <nodename>'
Previous reply suggests that MS may know about this issue and they are preparing a KB. Any truth to that?
Thanks, -jim
Wednesday, March 14, 2018 3:07 PM
We have the same error too when we try to create cluster in our Windows 2012 R2 AD with Win2016 Datacenter servers.
Like you, we have the 'bind to domain controller . more data is available.' error.
we searching since few days but nothing...
We create a new fresh AD 2012 R2 and in this, the cluster creation is OK... No error.
But new fresh AD is not a solution for us.
Our actual AD exist since version 2003 and had many upgrade to windows 2012 R2 now.
Thanks for help.
PS : Create a new cluster with Win 2012 R2 Datacenter servers is OK in our AD ! The problem is just with Win 2016
Friday, March 16, 2018 2:39 AM
Interesting that you're seeing similar errors with a Window 2012 R2 domain.
After some additional testing, we've found that the two domains in our forest that have been upgraded to Windows 2016 DCs and have the Domain Functional Level set to 2016 mode, the build fails. However, in a domain that has Windows 2016 DCs but the Domain Functional Level remaining at Windows 2012 R2, the cluster build successfully completes on a pair of Win2016 servers.
Does the Domain Functional Level factor into the creation of the Failover Cluster?
Thanks, -jim
Monday, April 9, 2018 11:32 PM
For those of you still struggling with this issue: it appears that we won't see that MSKB article published any time soon, as it is still in a very raw state. However, here are a few things to check.
Start by looking at your DNS zones, particularly for any old / legacy entries that may point at DomainDNSZones and ForestDNSZones. Server 2016 cluster does exhaustive scans of these records, and if it finds any references pointing to old (or even existing) domain controllers which do not align with current state of these zones, those are your culprits.
Apparently, Server 2016 cluster wizard behavior was changed, likely in support of DNS-only / mixed domain scenarios, to look for these DNS zone "owner" records, followed by an attempt to bind to these Active Directory partitions (which may not exist) in search of matching DNS records. Failure to connect to non-existent partition produces the error "Failed to find suitable DC. Error 234."
Monday, April 16, 2018 2:35 PM
Thanks for the update.
It would be nice that if whatever change was included in the cluster wizard was also checked in the validation step. Currently, the validations tests all run clean but the cluster build fails.
One would expect that the cluster validation would test what was required for DNS ans Service Records and report the issues. It would make this whole process much easier.
So why the disconnect between the validation and build processes?
Thanks, -jim
Thursday, April 26, 2018 3:28 PM
I was facing this issue and just resolved it today.
So, this was my problem...
Windows 2016 looks at DNS and Active Directory. I was getting the same issues as everyone else and couldn't figure out what was going on.
Then I looked at the DNS zone the cluster was authenticating to. Within that zone it was missing two important sub-zones which was the DomainDnsZones and the ForestDnsZones. They were missing because originally it was created in Windows 2003 then upgraded.
What I had to do was first, using ADSIedit.msc, I removed both those zones out of the partition and waited for it to replicate (about 5 minutes)
Next, I clicked on the DNS root and selected "Create Default Application Directory Partitions"
Once that replicated, I went back to the cluster and successfully created it.
So it came down to DNS. Hope that helps
Thursday, May 3, 2018 5:34 PM
Just to try and close the loop on this one. In 2012R2 and below, we were using ADSI to talk with active directory for things such as create cluster, validate, etc. In 2016, we changed this to LDAP due to Nano server coming on board. So there are some things that you could get by with in 2012R2 and below that you can no longer do with 2016 and up Clusters. If this has caused a regression impacting you, please open a case with Microsoft product Support and treat it as a bug to be escalated up.
Thanks, John Marlin Microsoft Server Beta Team
Sunday, March 22, 2020 3:59 PM
Hi,
I know this is an old post but I was wondering if anyone found a solution to this. I am trying to create a new cluster in two newly built Windows 2016 servers and it is failing with the same errors. We have created many other clusters in our environment on Windows 2012 R2. The problem appears to only be with Windows 2016.
Thanks,
Amanda
Thursday, June 11, 2020 12:58 AM
I just had this issue on Server 2016.
I left the domain joining a work group and after reboot rejoined the domain and the cluster creation succeeded
I did notice when i browsed for the node it was searching the node (local) but after rejoining the domain it searched the domain.
when it came up with the node I changed it to entire directory but it still failed
after rejoin joy