This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 2%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERN%3C/text%3E%3C/svg%3E)
I have a 2 member Exchange 2019 DAG with a third file server serving as the File Witness Server. After the last round of Windows updates, the DAG lost connection to the FSW quorum server and I couldn't bring it back online in Failover Cluster Manager or start it in Exchange Start-ClusterResource as it failed with the error "The cluster resource could not be brought online by the resource monitor".
I attempted to rebuild the File Share Witness resource via Set-DatabaseAvailabilityGroup back to the original values, but I got the error and now I am missing the FSW resource under Cluster Core Resources entirely.
There was a problem changing the quorum model for database availability group Exch-2019-DAG. Error: An error occurred while attempting a cluster operation. Error: Cluster API failed: "ClusterResourceControl(controlcode=CLUSCTL_RESOURCE_SET_PRIVATE_PROPERTIES) failed with 0x533. Error: This user can't sign in because this account is currently disabled"
Does anyone know how to get around the account currently disabled issue? I checked the Cluster Name Object in AD and it is disabled, but I think it is supposed to be that way.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 67%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hi @Rachel N
Any update here, have you checked the application log in event viewer as well?
The official document here introduces about Error messages occur if you try to bring a cluster group online after a cluster stops
he following solution has been provided to resolve your issue:
Unable to bring the FSW of the DAG online..
A summary of the solution is detailed below:
Symptom - FSW cannot come online from the Failover Cluster Manager
Cause - CNO password out of sync with AD
Resolution - Gave currently logged on user full permissions to the CNO and did a repair from Failover Cluster Manager and then created a new FSW
Well, I finally worked up the nerve to enable the CNO in AD, and for whatever reason it enabled flawlessly and let the commands to update the quorum run. So now we have a FSW again, it is showing in both failover cluster manager and in Exchange powershell, and it popped up a nice new GUID folder with the witness file on it on the witness server.
awesome!. Thanks for the update.
I converted your comment to an answer. Please mark it as accepted.
I'm using a domain admin account to manage this, but just in case I gave the user explicit Full permissions on the CNO computer object but I'm still getting the error whenever I try to create a new FSW:
There was a problem changing the quorum model for database availability group Exch-2019-DAG. Error: An error occurred while attempting a cluster
operation. Error: Cluster API failed: "ClusterResourceControl(controlcode=CLUSCTL_RESOURCE_SET_PRIVATE_PROPERTIES) failed with 0x533. Error: This
user can't sign in because this account is currently disabled"
Do I have to enable the Exchange CNO in Active Directory in order to edit it?
I dont think it will let you, but you can try.
Consider opening a case with Microsoft support if all else fails.