We were seeing this issue in several clusters during 2021 and had a support case with Microsoft about it. It was an issue that was fixed in a cumulative update in December 2021. Issue was that the cluster would sometimes create the DNS-record with wrong computer account and after a failover, the new active node couldn't update the record when it was trying with the correct account.
Since the patch, all have been fine until now and we suspect it's the September cumulative update that reintroduced the old behaviour again.
Windows Server 2016 Cluster DNS Errors
Hi,
We have Windows Server Clusters with 2-5 SQL Server instances clustered on each cluster. We started receiving this error and have tried several things but would like to know if anyone has a resolution?
Error 1:
Cluster network name resource failed registration of one or more associated DNS names(s) because the access to update the secure DNS Zone was denied.
Cluster Network name: 'SQL Cluster Listener Name'
DNS Zone: 'abcd.edu'
Ensure that cluster name object (CNO) is granted permissions to the Secure DNS Zone.
Error 2:
Cluster network name resource failed registration of one or more associated DNS names(s) because the access to update the secure DNS Zone was denied.
Cluster Network name: 'Cluster Name'
DNS Zone: 'domainname'
Ensure that cluster name object (CNO) is granted permissions to the Secure DNS Zone.
5 answers
Sort by: Newest
-
Rille_lkp 1 Reputation point
2022-10-17T10:12:05.157+00:00 -
Anonymous
2022-09-16T14:48:52.027+00:00 Thanks for your help,
I have seen that posted on the internet as a fix, but checking the box "Allow any authenticate user to update DNS record with the same owner name" what does that mean exactly?
- What does any authenticated user with the same owner name mean from a security perspective?
- Would it be better to change the DNS records to static and uncheck the box on the network connection on each server to "register server in dns..." option under the advanced TCP/IP > DNS settings or are there issues if I do this?
- We have several windows clusters and some of the DNS entries are not being updated and are being scavenged by DNS.
- Is there any official microsoft guidance on this issue?
-
Limitless Technology 43,946 Reputation points
2022-09-16T14:11:33.357+00:00 Hello there,
The cluster name resource which has been added to the DNS prior to setup active passive cluster (or any type) need to be updated by the Physical nodes on behalf of the resource record itself. When the active node owns the resources it want to update the A record in the DNS database and DNS record which was created won’t allow any authenticated user to update the DNS record with the same owner
Please follow below steps in order to resolve the issue.
Please delete the CNO ‘A’ record from DNS console.
Add the same record and verify that “Allow any authenticated user to update DNS record with the same owner name” option is selected.
The below thread discusses the same issue and you can try out some troubleshooting steps from this and see if that helps you to sort the Issue.
-----------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer--
-
JimmySalian-2011 41,921 Reputation points
2022-09-15T21:04:47.563+00:00 Hi,
Can you check in DNS if the SQL Cluster resource record has permissions for the account SQLCluster Group to update the records?
Also a similar thread here suggesting to repair the failed cluster - server-2016-cluster-gives-error-on-node
Please try the following steps, check if it could help to repair the CNO:
- From Failover Cluster Manager, locate the name resource.
- Right-click on the resource, and click Properties.
- On the Policies tab, select If resource fails, do not restart, and then click OK.
- Right-click on the resource, click More Actions, and then click Simulate Failure.
- When the name resource shows "Failed," right-click on the resource, click More Actions, and then click Repair.
- After the name resource is online, right-click on the resource, and then click Properties.
- On the Policies tab, select If resource fails, attempt restart on current node, and then click OK.
Hope this helps.
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well. -
Rafael da Rocha 5,076 Reputation points
2022-09-15T21:01:42.603+00:00 Make sure that all cluster nodes and the cluster account have permission to update the relevant zones and records in DNS.
Here's an article that covers all the process:
Create a cluster name object and solve cluster connection problems----------
If any reply helped solve your question, please remember to upvote and/or "Accept Answer".
It helps others facing similar issues find the solution.