Share via

Server role needs password reset?

John, Barry (ICT) 0 Reputation points
2026-06-02T14:20:15.2+00:00

an ITHC report shows a file server role (failover clustering) needs a password reset. But the account is associated with a host that it reside on.

Windows for business | Windows Server | Storage high availability | Clustering and high availability
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nam Bui (WICLOUD CORPORATION) 1,195 Reputation points Microsoft External Staff Moderator
    2026-06-18T01:53:28.76+00:00

    Hello John ,

    Thank you for posting your question in the Microsoft Q&A community, and please accept my apologies for the delayed response.

    Regarding your question: taking the Cluster Name resource offline does not directly affect the running virtual machines or the cluster hosts.

    The Cluster Name resource is part of the cluster core resources and is mainly used for cluster name/client access and management purposes. It is not the same as taking the clustered roles, virtual machines, cluster nodes, or the entire cluster offline.

    We also performed a test to confirm the behavior:

    After taking the Cluster Name resource offline, the Cluster Name showed as Offline, while the Cluster IP Address remained Online.

    The existing clustered roles, including the file server role and the virtual machine role, continued running normally.

     

    Therefore, based on this behavior: - Running virtual machines are not stopped. - Cluster hosts/nodes are not shut down or evicted. - Existing clustered roles can continue running. - However, access or management using the Cluster Name may be affected while the Cluster Name resource is offline.

     

    Please note that this applies when only the Cluster Name resource is taken offline. If the entire cluster group, clustered role, virtual machine role, or dependent resources are taken offline, then the impact may be different.

     

    Best regards,

    Titus

    Was this answer helpful?

    0 comments
  2. John, Barry (ICT) 0 Reputation points
    2026-06-02T14:34:17.4633333+00:00

    with the Cluster Name, right‑click the Name resource and select Take Offline. - will this affect running virtual machines and cluster hosts?

    Was this answer helpful?

    0 comments

  3. AI answer

    2026-06-02T14:20:45.6166667+00:00

    In a Windows Server failover cluster, the “file server role” typically uses a Cluster Name Object (CNO) in Active Directory (the cluster name account) and, for clustered file servers, one or more Virtual Computer Objects (VCOs). An ITHC finding about a password reset usually refers to these computer accounts, not to the physical host’s computer account.

    If the report indicates that the clustered file server role needs a password reset, treat it as a password issue with the cluster name account (or the relevant clustered name resource) in Active Directory. The clustering software stores a copy of the password; if AD and the cluster copy get out of sync, events such as:

    Logon failure: unknown user name or bad password.

    will appear, and security scans can flag the account.

    To address this in a supported way:

    1. Ensure appropriate permissions
      • Use an account that is at least a member of the local Administrators group on the cluster nodes and has Reset password permission on the cluster name account in Active Directory (or is a Domain Admin / Creator Owner of that account).
      • As a best practice, pre‑grant the Reset password permission on the cluster name account to cluster administrators using the Active Directory Users and Computers snap‑in.
    2. Repair the cluster name account / AD object
      • Open Failover Cluster Manager.
      • If the cluster is not listed, use Failover Cluster ManagerManage a Cluster and select the cluster.
      • In the center pane, expand Cluster Core Resources.
      • Under Cluster Name, right‑click the Name resource and select Take Offline.
      • Under Cluster Name, right‑click the same Name resource, point to More Actions, and select Repair Active Directory Object.
        • The Repair Active Directory Object option is only available when the Name resource is offline.
      • Bring the Name resource back online when the repair completes.

    This process re‑synchronizes the cluster’s stored password with the AD computer object for the cluster name account, which is what the ITHC report is effectively asking to remediate. It does not change the host’s own computer account password; it only fixes the cluster identity used by the file server role.

    If the issue is with a specific clustered name resource (for example, a particular file server role) rather than the core cluster name, follow the same pattern for that name resource, ensuring the account used has rights to reset passwords in the domain.

    Planning ahead, ensure cluster admins always have the Reset password permission on the cluster name account so future password resets and maintenance can be performed without additional AD changes.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.