Windows: Cannot bring up Cluster Networkname Resources

Hi,

a customer has, accidentally, deleted multiple Active Directory Computer objects which correspond to Network Name Resources of a Windows Cluster 🙁 .

The cluster network name itself was also affected and no backup of the AD Database to restore the objects was available.

All solutions that I’ve found to get the cluster working again are based on the restore of the AD objects.

But there is also another way respective hack 🙂 . This works for me on a Windows 2008 R2 Cluster.
Typical error are:

  • Event ID 1207 is logged to the Eventlog: “Unable to get Computer Object using GUID” “There is no such object on the server.”
  • Or in the C:\Windows\Cluster\Reports\cluster.log file (exported with cluster.exe log g)
    Network Name <Clustername>: Unable to Logon. winError 1326

It is not sufficient to create new AD Computerobjects, because the ObjectGUID of the Computerobject is different to the GUID stored in the recource properties of Networkname resource in the clusters database.

All further steps in Powershell require that the following code with functions is already loaded. Adjust the LDAP Search variable and  copy and paste it into a powershell window which is started with administrator permissions on a cluster node.

Legend

Domain: subdom.domain.local

Cluster Node 1: node1.subdom.domain.local

Cluster Node 2: node2.subdom.domain.local

Cluster Networkname: cno.subdom.domain.local

$sLDAPRoot="LDAP://DC=subdom,DC=domain,DC=local"
function fGetADComputerObjectFromName([System.String]$sComputerName,[System.String]$sLDAPSearchRoot){
	$oADRoot = New-Object System.DirectoryServices.DirectoryEntry($sLDAPSearchRoot)
	$sSearchStr ="(&(objectCategory=computer)(objectClass=computer)(samaccountname="+$sComputerName+"$))"
	write-host "SEARCH" $sSearchStr
	$oSearch=New-Object directoryservices.DirectorySearcher($oADRoot,$sSearchStr)
	$oFindResult=$oSearch.FindAll()
	if($oFindResult.Count -eq 1){
		write-host "OK, Computer Object found in AD"
		return($oFindResult)
	}
	else{
		return($false);
		write-warning "No computerobject found in AD."
	}
}
# Convert GUID as stored in AD to
# GUID Stored in Cluster Registry
# as described here http://blogs.technet.com/b/csstwplatform/archive/2010/10/15/cluster-network-name-resource-cluster-name-cannot-be-brought-online-unable-to-get-computer-object-using-guid.aspx
function fConvertGuidADToGuidClusterRegistry([byte[]]$aGUIDAsByteArray)
{
	if($aGUIDAsByteArray.Count -ne 16){write-warning "Wrong AD ObjectGUID format."}
	[byte[]]$aBytesConverted=new-object byte[] 16
	for($iLoop=0;$iLoop -le 3;$iLoop++){
		$aBytesConverted[3-$iLoop]=$aGUIDAsByteArray[$iLoop]
	}
	for($iLoop=0;$iLoop -le 1;$iLoop++){
		$aBytesConverted[5-$iLoop]=$aGUIDAsByteArray[$iLoop+4]
	}
	for($iLoop=0;$iLoop -le 1;$iLoop++){
		$aBytesConverted[7-$iLoop]=$aGUIDAsByteArray[$iLoop+6]
	}
	for($iLoop=8;$iLoop -le 15;$iLoop++){
		$aBytesConverted[$iLoop]=$aGUIDAsByteArray[$iLoop]
	}
	return New-Object System.Guid @(,$aBytesConverted)
}
function fCheckNetworkNameGUID([string]$sNetworkName)
{
	# Get AD Object
	$oComputer=fGetADComputerObjectFromName $sNetworkName $sLDAPRoot
	if($oComputer){
		# GUID from AD use ADSIEdit and the detail view of the objectguid Property
		$oGUIDRegistryShouldBe=fConvertGuidADToGuidClusterRegistry $oComputer.Properties["objectguid"].item(0)
		# Get GUID from Registry  HKLM:\Cluster\Resources\ResourceID\parameters\ObjectGUID
		$oNetworkName=Get-ChildItem  HKLM:\Cluster\Resources|%{New-Object -Type PSObject @{"PSPath"=$_.Name;"RESOURCEID"=$_.PSChildName;"NAME"=$_.GetValue("Name");"GUID"=$_.OpenSubKey("Parameters").GetValue("ObjectGUID")}}|where-Object{$_.Name -eq $sNetworkName}
		if($oGUIDRegistryShouldBe.ToString("N") -eq $oNetworkName["GUID"])
		{
			write-host "GUID between AD and Cluster Registry are in sync."
			return $true
		}
		else
		{
			write-warning "GUID mismatch between Cluster Registry and AD"
			write-host -foregroundcolor green "Cluster Resource         : " $oNetworkName["RESOURCEID"]
			write-host -foregroundcolor green "GUID expected in registry: " $oGUIDRegistryShouldBe.ToString("N")
			write-host -foregroundcolor red "GUID found in registry   : " $oNetworkName["GUID"]
			return $false
		}
	}
}

Recreate the computer object in AD and check the GUID with the following Powershell Script. The parameter to the fCheckNetworkNameGUID function is the NetworkName of the resource. Of course the check fails.

PS C:\ fCheckNetworkNameGUID "con"
SEARCH (&(objectCategory=computer)(objectClass=computer)(samaccountname=con$))
OK, Computer Object found in AD
WARNING: GUID mismatch between Cluster Registry and AD
Cluster Resource         :  26d49be5-7428-4aca-9321-b0e2ad77f47d
GUID expected in registry:  da52a193e646a142a3fe71dc62110c36
GUID found in registry   :  c6784f21779746caae76b07a61690d0f
False

This has to be corrected. Save the expected GUID and the Cluster Resource ID to a file. Both was needed later.

Editing the clusters registry under HKLM:\Cluster do not work, the cluster did not recognize any changes there. The changes must be done “offline”.

Do the following steps:

  • Before you begin Logon to one cluster node,  i.e. node1.subdom.domain.local, and shutdown all other nodes in the cluster
  • One the remaining node, set the Startuptype for the cluster service to disabled
    sc config ClusSvc start= disabled
    [SC] ChangeServiceConfig SUCCESS
  • Reboot the node, Login again
  • Start an cmd with administrator rights. Check if the cluster service is not running

    C:\Windows\system32>sc query ClusSvc

    SERVICE_NAME: clussvc
    TYPE               : 20  WIN32_SHARE_PROCESS
    STATE              : 1  STOPPED
    WIN32_EXIT_CODE    : 1077  (0x435)
    SERVICE_EXIT_CODE  : 0  (0x0)
    CHECKPOINT         : 0x0
    WAIT_HINT          : 0x0
  • Backup the clusters config
    robocopy /S C:\Windows\Cluster C:\Windows\Cluster.save
  • Load the clusters Registry Hive C:\Windows\Cluster\CLUSDB
    Either load it with regedit.exe, select HKLM, menu File,  load hive and browse to C:\Windows\Cluster\CLUSDB, Name is clus
    or use reg LOAD HKLM\CLUS C:\Windows\Cluster\CLUSDB
  • The Clusters registry hive is now “mounted” at HKLM\CLUS
  • Locate the previously noticed NetworkName resource at HKLM\CLUS\Resources by its Resource ID with regedit, in this example
    HKLM\CLUS\Resources\26d49be5-7428-4aca-9321-b0e2ad77f47d
  • Change to subkey “Parameters”
  • And set the “ObjectGUID” Value to the already noticed “expected GUID”, in this example
    “ObjectGUID”=da52a193e646a142a3fe71dc62110c36
  • Unload the registry hive
    reg.exe UNLOAD HKLM\CLUS
  • Open MMC SnapIn Active Directory Users an Computers and look for the already created Computer Object.
  • Set Fullcontrol permissions to all Computer objects with failed Networkname Resources for Clusternetworkname (cno.subdom.domain.local) Computer Object and for each nodes (node1.subdom.domain.local, node2.subdom.domain.local) in the cluster.
  • Reset each the Active Directory Computer Objects for each failed Networkname Resource
  • Now, set the cluster service to startup type auto
    sc config ClusSvc start= auto
    [SC] ChangeServiceConfig=SUCCESS
  • And reboot the node

If the node is up. Rerun the powershell fCheckNetworkNameGUID function.

PS C:\ fCheckNetworkNameGUID "con"
SEARCH (&(objectCategory=computer)(objectClass=computer)(samaccountname=con$))
OK, Computer Object found in AD
GUID between AD and Cluster Registry are in sync.
True

If the failed Networkname Resource is the Clusternetworkname itself, select the Cluster in the Cluster MMC Plugin, and choose the “Repair Active Computer Object” in the “More Actions” menu.

For all other Networkname Resource there is no repair option, simply bring the resource online.

Start all other cluster nodes and try to move the Services or Application to them.

Note: This is a deep intervention in the Clusters Database, but the last chance for me to get the cluster up.

Michael

Advertisment to support michlstechblog.info

Add a comment »One comment to this article

  1. Many thanks!!!! you saved me, i’ve wasted more than two weeks to find a solution, we had exactly the same problem as this topic.
    Best regards,

    Reply

Time limit is exhausted. Please reload CAPTCHA.

Original Theme by Schiy · Powered by WordPress