Windows Server 2016 Cluster DNS Errors

Anonymous
2022-09-15T20:44:43.493+00:00

Hi,

We have Windows Server Clusters with 2-5 SQL Server instances clustered on each cluster. We started receiving this error and have tried several things but would like to know if anyone has a resolution?

Error 1:

Cluster network name resource failed registration of one or more associated DNS names(s) because the access to update the secure DNS Zone was denied.

Cluster Network name: 'SQL Cluster Listener Name'
DNS Zone: 'abcd.edu'

Ensure that cluster name object (CNO) is granted permissions to the Secure DNS Zone.

Error 2:
Cluster network name resource failed registration of one or more associated DNS names(s) because the access to update the secure DNS Zone was denied.

Cluster Network name: 'Cluster Name'
DNS Zone: 'domainname'

Ensure that cluster name object (CNO) is granted permissions to the Secure DNS Zone.

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,368 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,081 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,021 questions
Windows Server Clustering
Windows Server Clustering
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Clustering: The grouping of multiple servers in a way that allows them to appear to be a single unit to client computers on a network. Clustering is a means of increasing network capacity, providing live backup in case one of the servers fails, and improving data security.
956 questions
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 43,921 Reputation points
    2022-09-16T14:11:33.357+00:00

    Hello there,

    The cluster name resource which has been added to the DNS prior to setup active passive cluster (or any type) need to be updated by the Physical nodes on behalf of the resource record itself. When the active node owns the resources it want to update the A record in the DNS database and DNS record which was created won’t allow any authenticated user to update the DNS record with the same owner

    Please follow below steps in order to resolve the issue.

    Please delete the CNO ‘A’ record from DNS console.

    Add the same record and verify that “Allow any authenticated user to update DNS record with the same owner name” option is selected.

    The below thread discusses the same issue and you can try out some troubleshooting steps from this and see if that helps you to sort the Issue.

    https://learn.microsoft.com/en-us/answers/questions/749204/failover-cluster-dns-error-event-1257-keeps-coming.html

    -----------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    2 people found this answer helpful.
  2. Rafael da Rocha 5,076 Reputation points
    2022-09-15T21:01:42.603+00:00

    Make sure that all cluster nodes and the cluster account have permission to update the relevant zones and records in DNS.

    Here's an article that covers all the process:
    Create a cluster name object and solve cluster connection problems

    ----------

    If any reply helped solve your question, please remember to upvote and/or "Accept Answer".
    It helps others facing similar issues find the solution.

  3. JimmySalian-2011 41,916 Reputation points
    2022-09-15T21:04:47.563+00:00

    Hi,

    Can you check in DNS if the SQL Cluster resource record has permissions for the account SQLCluster Group to update the records?

    Also a similar thread here suggesting to repair the failed cluster - server-2016-cluster-gives-error-on-node

    Please try the following steps, check if it could help to repair the CNO:

    1. From Failover Cluster Manager, locate the name resource.
    2. Right-click on the resource, and click Properties.
    3. On the Policies tab, select If resource fails, do not restart, and then click OK.
    4. Right-click on the resource, click More Actions, and then click Simulate Failure.
    5. When the name resource shows "Failed," right-click on the resource, click More Actions, and then click Repair.
    6. After the name resource is online, right-click on the resource, and then click Properties.
    7. On the Policies tab, select If resource fails, attempt restart on current node, and then click OK.

    Hope this helps.

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

  4. Anonymous
    2022-09-16T14:48:52.027+00:00

    Thanks for your help,

    I have seen that posted on the internet as a fix, but checking the box "Allow any authenticate user to update DNS record with the same owner name" what does that mean exactly?

    • What does any authenticated user with the same owner name mean from a security perspective?
    • Would it be better to change the DNS records to static and uncheck the box on the network connection on each server to "register server in dns..." option under the advanced TCP/IP > DNS settings or are there issues if I do this?
    • We have several windows clusters and some of the DNS entries are not being updated and are being scavenged by DNS.
    • Is there any official microsoft guidance on this issue?
    0 comments
  5. Rille_lkp 1 Reputation point
    2022-10-17T10:12:05.157+00:00

    We were seeing this issue in several clusters during 2021 and had a support case with Microsoft about it. It was an issue that was fixed in a cumulative update in December 2021. Issue was that the cluster would sometimes create the DNS-record with wrong computer account and after a failover, the new active node couldn't update the record when it was trying with the correct account.
    Since the patch, all have been fine until now and we suspect it's the September cumulative update that reintroduced the old behaviour again.