Here is another tricky issue you might encounter when working with Windows Server Failover Cluster. If you are creating a cluster and do not have domain admin rights, you may get the following error even if someone pre-staged objects for you and you have successfully created the cluster.
“Cluster network name resource failed registration of one or more associated DNS names(s) because the access to update the secure DNS Zone was denied.
Cluster Network name: ‘Cluster Name’
DNS Zone: ‘maq.com’
Ensure that cluster name object (CNO) is granted permissions to the Secure DNS Zone.”
To resolve the issue follow these steps:
- Delete the existing “A” record for the cluster name
- Re-create “A” record by making sure that you have selected the box “Allow any authenticated user to update DNS records with the same owner name”. This action does not have any impact on the cluster so don’t worry about breaking anything.
- Add the Cluster Name Object (CNO) and cluster nodes having “FULL Control” in the ACLs on the Security tab of the created DNS record.