Access Denied trying to connect to a cluster with Failover Cluster Manager after upgrading to 2019

Mike Boehm 46 Reputation points
2024-09-04T14:43:18.4533333+00:00

Hi,

I have a utility server that was running Server 2016. I have another utility server that's on 2019. Both had no issues connecting ot any of the clusters we have in our environment via Failover Cluster Manager.

Yesterday, I upgraded the 2016 server to 2019. After doing so, everything on the server seemed fine until I tried to connect to a cluster. Now, when I open FCM and try to connect to ANY of our clusters, I get an Access Denied errorimage

If I try to do a Validate on the cluster, it tells me I don't have admin rights.

User's image

What might have happened during the 2016 to 2019 upgrade that would have broken this? If I log onto the server that was already running 2019, I can connect to all of our clusters without any problems, so it's not a 2019 compatibility issue. It's only the server that was upgraded from 2016 to 2019 that is giving the trouble. I can access it from other utility boxes, so it's not a problem with my ID.

I'm at a loss as to what I can check to get this fixed before I just revert back to 2016...

Thanks.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,804 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,528 questions
Windows Server Clustering
Windows Server Clustering
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Clustering: The grouping of multiple servers in a way that allows them to appear to be a single unit to client computers on a network. Clustering is a means of increasing network capacity, providing live backup in case one of the servers fails, and improving data security.
1,012 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Zunhui Han 2,400 Reputation points Microsoft Vendor
    2024-09-04T15:59:33.83+00:00

    Hi Mike Boehm,

    Thank you for posting in Q&A forum.

    I suspect that the inconsistent system patch levels of your cluster nodes caused the cluster nodes to fail to join the cluster. I suggest that you open the event log of the node to see if there is an error of 10036.

    User's image

    The June 2022 patch (2022.06) modified the configuration settings of DCOM (Hardening changes enabled by default). The Distributed Component Object Model (DCOM) remote protocol is a protocol that uses remote procedure calls (RPC) to expose application objects. For detailed information, you can refer to the following documents:

    https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

    If the system detects that a DCOM client application is trying to activate a DCOM server using an authentication level lower than RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, a DCOM 10036 event may be logged, and the cluster may be unable to connect to the failover cluster or add nodes (this is because the Failover Cluster Manager belongs to MMC, and basically MMC is highly dependent on COM/DCOM and WMI technologies, so it will be affected).I recommend that you upgrade all nodes in the cluster to the latest patch or to the same level.

    Best regards

    Zunhui

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.


  2. Mike Boehm 46 Reputation points
    2024-09-04T16:07:55.9866667+00:00

    I will check that. When I did the upgrade, I selected YES to the question asking if it should go get Updates during the upgrade process. I guess that option doesn't actually work? I just assumed the server would be up to date when it was done.

    Thanks.

    0 comments No comments

  3. Mike Boehm 46 Reputation points
    2024-09-05T02:21:54.5+00:00

    The Utility server that I upgraded from 2016 to 2019 did not install Windows Updates as part of the update process. Once I manually got it updated, it was able to connect to the cluster without any problems.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.