Share via


DNS operation refused - Event ID 1196

Question

Wednesday, December 24, 2014 2:05 PM

Receiving the below event on Windows Server 2012 cluster. Please list the steps to resolve this issue.

Log Name:      System
Source:        Microsoft-Windows-FailoverClustering
Date:          12/24/2014 2:58:12 PM
Event ID:      1196
Task Category: Network Name Resource
Level:         Error
Keywords:     
User:          SYSTEM
Computer:      SEXXXXXX50-N1.XX.XXXX

Description:
Cluster network name resource 'AXPROD_SEXXXXXX50-001' failed registration of one or more associated DNS name(s) for the following reason:
DNS operation refused.
.

Ensure that the network adapters associated with dependent IP address resources are configured with at least one accessible DNS server.

All replies (6)

Wednesday, December 24, 2014 8:26 PM ✅Answered

Cause:

The cluster name resource which has been added to the DNS prior to setup active passive cluster ( or any type) need to be updated by the Physical nodes on behalf of the resource record itself. When the active node owns the resources it want to update the A record in the DNS database and DNS record which was created won’t allow any authenticated user to update the DNS record with the same owner

Solution:

Delete the existing A record for the cluster name and re-create it and make sure select the box says “Allow any authenticated user to update DNS record with the same owner name “Don’t worry about breaking anything , this has “ZERO” impact to cluster simply delete the A record and re-create as it is suggested here.

Delete the host record of "AXPROD_SEXXXXXX50-001" and re-create the same in DNS database.


Wednesday, December 24, 2014 3:25 PM | 1 vote

Hi Gyanendra K,

Please perform the below action and see if it helps.

1) Delete the host record of "AXPROD_SEXXXXXX50-001" and re-create the same in DNS database.

2) Right click on that host record, go to security tab and add your "cluster name object". Give full permission to that object.

3) Run the below command in cluster server

cluster /cluster:<cluster name> res  "AXPROD_SEXXXXXX50-001" /registerdns.

Please let us know the result.

Thanks,

Umesh.S.K


Wednesday, December 24, 2014 4:06 PM

Unfortunately, I do not have access to DNS management. Please let me know if there would be any outage if the below step is performed.

1) Delete the host record of "AXPROD_SEXXXXXX50-001" and re-create the same in DNS database.


Wednesday, December 24, 2014 8:22 PM

Not having access to DNS management makes it more difficult to troubleshoot. 

Is this a brand new cluster or a cluster that has been working for some time and this issue just started?

If it just started, talk with your DNS administrator to see if some security settings were changed.

If a new cluster, do you have privileges to Active Directory to register the CNO?  See http://blogs.technet.com/b/askcore/archive/2012/09/25/cno-blog-series-increasing-awareness-around-the-cluster-name-object-cno.aspx for some information on the CNO and DNS.

. : | : . : | : . tim


Friday, December 26, 2014 5:34 AM

Hi Gyanendra K,

Please confirm you are using the enough permission account when you create your cluster, the detail permission require you can refer the following KB:

Failover Cluster Step-by-Step Guide: Configuring Accounts in Active Directory

http://technet.microsoft.com/en-us/library/cc731002(v=ws.10).aspx

I’m glad to be of help to you!

Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]


Sunday, December 28, 2014 9:25 PM

Riesh's recover steps are the correct ones... one minor point, it's actually the computer account associated with the Cluster Name, what we refer to as the Cluster Name Object (CNO) which is used as the security principle to ACL the DNS records in a secure DNS zone. Since there's an existing record, which the CNO does not have permissions to, it cannot update the record.

You can either fix the ACL's and grant the CNO permissions to the existing record, or an easy way to fix it is simply to delete it and cluster will automatically recreate it

Thanks!
Elden