Validation Errors in Windows Server 2008 Cluster (EventIDs 7024, 1090)
- Hello,
Having the following problem creating a new cluster in Windows Server 2008. Both nodes are Windows Server 2008 Enterprise with shared storage currently presented to both. Both the Multipath I/O and Failover Cluster features are installed.
When I attempt to add either node1 or node2 to validate, I get the following error:
"An error occurred get [sic] the cluster node state for 'node1.fqdn.com'. Access is Denied."
I am logged in as a Domain Administrator account, which is also a local admin on both nodes. Both RPC and the Remote Registry service are set to automatic and started... The Cluster service is set to automatic, but is not started. When I attempt to start the cluster service I get the following errors:
[EventID 7024] "The Cluster Service service terminiated with service-specific error 2 (0x2)."
[EventID 1090] "The Cluster Service cannot be started on this node because a registry operation failed with error '2'."
If I skip validation and attempt to create the cluster, I get the following error:
"You do not have administrative privileges on the server node1.fqdn.com"
I have tried doing this from both nodes and I still get the same errors. I'm not seeing any failure audits during this time either, only the errors I've posted above. Any idea what I'm missing here?- 已編輯AnthonyP100 2009年7月2日 下午 06:27update
解答
- Hi Chuck,
I've just resolved this issue. These were brand new servers with absolutely no previous cluster on them. Your last reply, regarding checking into the Remote Registry service and the account that now runs it pointed me in direction of the SecurePipeServers\winreg key, which controls remote registry access. I found that the winreg key was restricted to only Administrators (f) and Backup Operators (r), but was missing LOCAL SERVICE. Once I added LOCAL SERVICE with read permissions, it got passed the initial validation checks without any errors.
Thanks for all the replies. -Anthony
- 已標示為解答AnthonyP100 2009年7月7日 下午 05:24
- 已編輯AnthonyP100 2009年7月7日 下午 05:24edit
所有回覆
- I have ran into this on both physical servers, as well as VM's:
if this is physical hosts, make sure that the clocks are synchronized to the domain controllers
if these are VM's disable the clock sync between physical and VM, and ensure the VM's are sync'ed to the domain controller(s)
let me know if this sorts out your problem
rgds,
edwin. - Hey Edwin,
These are physical hosts and I have verified that all clocks are correctly synched with the DCs. Still getting the same errors. Any other ideas?
-Anthony - All netowrks working ?
Remote registry service started on both ?
and/or stop firewall, to see if it makes a difference
rgds,
Edwin. - Edwin,
The networks are all working fine.. DNS and WINS are all up and working, so it's not a name resolution problem. I can UNC into and out of any other servers so I don't think it's an SMB issue either. I've turned off IPv6 and shutdown the firewall services on both nodes too. Both the remote registry and RPC services are set to automatic and started. I've rebooted a few times to see if it might free up the issue, however, no such luck as of yet.
I'm thinking I've covered all my bases here, I just can't figure out what's going on.. The Event Viewer only shows errors when I try to start the Cluster Service... When I try to add the nodes either for validation or to create the cluster, no error or warning events are being logged.
EDIT: HELPMSG comes back to show that 0x2 = "The system cannot find the file specified", though I don't see any indication of where or what file it's looking for.
Thanks,
Anthony- 已編輯AnthonyP100 2009年7月6日 下午 01:26update
- Anyone have any other ideas??
- Verify the logon information is for Local Service on the Remote Registry service and not Local System on all nodes in the cluster.
Chuck Timon Senior, Support Escalation Engineer (SEE) Microsoft Corporation - Hi Chuck,
Thanks for the reply. I just verified this and the Remote Registry service is running as the Local Serivice.
-Anthony - At anytime, have you created a cluster and then for some reason Destroyed it and are now trying to create it again? Did you ever test to see if you can create single node cluster using just one node and then adding the second later? Have you ever had a cluster created and then Evicted one of the nodes?
Chuck Timon Senior, Support Escalation Engineer (SEE) Microsoft Corporation - Hi Chuck,
I've just resolved this issue. These were brand new servers with absolutely no previous cluster on them. Your last reply, regarding checking into the Remote Registry service and the account that now runs it pointed me in direction of the SecurePipeServers\winreg key, which controls remote registry access. I found that the winreg key was restricted to only Administrators (f) and Backup Operators (r), but was missing LOCAL SERVICE. Once I added LOCAL SERVICE with read permissions, it got passed the initial validation checks without any errors.
Thanks for all the replies. -Anthony
- 已標示為解答AnthonyP100 2009年7月7日 下午 05:24
- 已編輯AnthonyP100 2009年7月7日 下午 05:24edit
- Thats exactly what happened to me there was a cluster before and then destroyed and now i getting the error 'Acces is denied'
- I'm having problem starting clussvc on my windows 2008 ee. I had 3 nodes in cluster. I can use two of them now but not the third one. It was part of the cluster then I disbled the service. However when I tried to used cluster again the service won't start.
Fails with following event logs.
- The Cluster Service service terminated with service-specific error 2 (0x2).
- The Cluster Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 240000 milliseconds: Restart the service.
I uninstall and install clussvc.
I unjoined and joined the domain
I renamed box.
Nothing works. - I started with new install of Windows 2008. I removed the old box from domain and added new one. Installed "Failover cluster" feature but still same issue. The cluster service won't start and would fail with same event logs.
7024 - The Cluster Service service terminated with service-specific error 2 (0x2).
1090 - The Cluster Service service terminated unexpectedly.
I used the same domain. Is that the problem. - If I try to add the new machine to existing cluster or create a new cluster with the node, it says
"The computer <name.domain.local> is joined to a cluster."
Does this mean, it is part of a cluster already. Do I need to cleanup AD. - You should probably start a new thread to get some additional assistance!
- Dear Anthony,
It seems I'am also facing a similar problem as you were facing. So, I would like to resolve the problem as you have resolved. However, I don't know how to add the "Local Service" account with "Read" permissions in the "winreg" key.
So, kindly inform me how to add the Local Serivice account.
Waiting for your reply.
Warm Regards,
Madan - Start > Run > Type regedit
Navigate to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
Right-click on the winreg key, click Security and add the Local Service account. It should be there by default unless someone removed it.
