Confusion with Cluster Security Policy while Installing SQL Server 2008 R2 on Windows 2012 R2 Cluster RRS feed

  • Question

  • Good morning,

    I'm trying to install SQL Server 2008 R2 on a Windows 2012 R2 cluster, but have hit a bit of a barrier.

    Everything has gone swimmingly, up until the "Cluster Security Policy" page.  I am EXPECTING to see the following:

    But am, in fact, seeing this:

    Where has the "Use Service SIDs" default option gone?  I'm certain its the same install media that I've used a hundred times, but now this option has vanished?

    What would the recommendation be to do in its absence?  Just create 2 AD groups with appropriate names and carry on?

    Any help here would be massively appreciated!


    Tuesday, August 14, 2018 10:12 AM

All replies

  • Expected image did not upload

    Tuesday, August 14, 2018 10:16 AM
  • Expected image did not upload

    Can you try to upload the image/screenshot again so we understand the issue better? is it in .png extension?

    Please remember to click "Mark as Answer" if my response answered your question or click "Vote as helpful" if it helped you in any way.

    Tuesday, August 14, 2018 11:54 AM
  • Hi Andy,


    From your description, my understanding is that the recommended option didn’t exist in the Cluster Security Policy page when installing SQL Server 2008 R2 on a Windows 2012 R2 cluster. If anything is misunderstood, please tell me.


    Windows Server 2008 and later versions - Service SIDs (server security IDs) are the recommended and default setting. Could you please try to use another media of SQL Server 2008 R2 to install and check if the recommended option appears.


    Besides, for the domain groups, you can enter the domain and group name in the DomainName\GroupName format. And please pay attention to the follow guidelines when you specify the domain groups:


    • The domain and group name must already exist. You may have to ask your domain administrator for the names of the existing domain groups or to create new global domain groups, not universal domain groups, for your failover cluster.
    • The account under which SQL Server Setup is running must have permissions to add accounts to the domain groups.
    • Each service should use a different domain group. You can use one domain group for all services, but your installation will not be as secure.
    • The domain groups are not shared with any other application. Always use domain global groups.


    Best Regards,


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact

    Wednesday, August 15, 2018 10:04 AM