Microsoft KB Archive/871111

= Events are logged in the system event log, and you cannot bring a network resource online by using Cluster Administrator in Windows Server 2003, Enterprise Edition or in Windows 2000 Advanced Server =

Article ID: 871111

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows 2000 Advanced Server

-



SYMPTOMS
You cannot bring a network resource online on a computer that is running Microsoft Windows Server 2003, Enterprise Edition or on a computer that is running Microsoft Windows 2000 Advanced Server. Additionally, the following events are logged in the system event log:

Event Type: Warning

Event Source: ClusSvc

Event Category: (19)

Event ID: 1119

Date: 5/13/2004

Time: 10:09:44 AM

Computer:

Description: The registration of DNS name. .com for resource  over adapter   failed for the following reason:

DNS signature failed to verify.

For more information, see Help and Support Center at http://support.microsoft.com.

Data:

0000: 00002338

Event Type: Error

Event Source: ClusSvc

Event Category: (19)

Event ID: 1196

Date: 5/13/2004

Time: 10:09:44 AM

Computer:

Description: The required registration of the DNS name(s) associated with Cluster resource  failed for the following reason:

DNS signature failed to verify.

Please check with your network adminstrator for the best recovery action. For more information, see Help and Support Center at http://support.microsoft.com.

Event Type: Error

Event Source: ClusSvc

Event Category: (3)

Event ID: 1069

Date: 5/13/2004

Time: 10:09:44 AM

Computer:

Description:

Cluster resource  in Resource Group   failed.

For more information, see Help and Support Center at http://support.microsoft.com.



CAUSE
This issue may occur if a failure occurs during DNS name registration of the cluster resource.



RESOLUTION
To resolve this issue, fix any problems that are related to DNS name registration. To do this, follow these steps:  Check to make sure the zone properties for dynamic registration allows Secure only updates or Nonsecure and secure updates. To do this, follow these steps:  Log on to the DNS server, and then start the DNS utility. To do this, click Start, click Run, type dnsmgmt.msc, and then click OK. Under the object for the DNS server that contains the cluster host (A) record, expand Forward Lookup Zones, and then click the forward lookup zone that contains the cluster host record. Right-click the zone, and then click Properties. Click the General tab, make sure that one of the following options are selected in the Dynamic updates list, and then click OK:  Secure only Nonsecure and secure</li></ul> </li></ol> </li> If DNS is configured for dynamic updates, the Cluster service account must have permission to register records in DNS because network names are registered in DNS by the Cluster service account. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

302389 Description of the properties of the Cluster Network Name resource in Windows Server 2003

</li> Typically, events that state that &quot;DNS signature failed to verify&quot; are logged when a permission error occurs on the DNS record. This event may be logged if the Cluster service account does not have sufficient permissions in the access control list (ACL) of the DNS record. To resolve this issue, remove and then re-create the DNS record for the cluster. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Log on to the DNS server, and then start the DNS utility.</li> Under the object for the DNS server that contains the cluster host (A) record, expand Forward Lookup Zones, and then click the forward lookup zone that contains the cluster host record.</li> In the right pane, right-click the cluster host record, and then click Delete.</li> Click Yes to confirm the removal of this record.</li> Quit the DNS utility.</li> Log on to the cluster node, and then restart the Cluster service. To do this, click Start, click Run, type services.msc, and then click OK.</li> In the Services (Local) list, right-click Cluster service, and then click Restart.</li> Log on to the DNS server, and then make sure that the host record for the cluster has been created successfully. Also, make sure that all nodes use the same Cluster service account.

Note If you do not see the DNS record for the cluster that is using the DNS utility, use the LDP utility. In this scenario, the ACL may be modified so that you cannot see this record by using the DNS utility. You must use the LDP utility to delete the DNS record for the cluster.</li></ol> </li></ol>

<div class="workaround_section">

WORKAROUND
To work around this issue, click to clear the DNS Registration Must Succeed check box in Cluster Administrator. To do this, follow these steps:
 * 1) Start Cluster Administrator. To do this, click Start, point to Programs, point to Administrative Tools, and then click Cluster Administrator.
 * 2) Right-click the cluster resource, and then click Properties.
 * 3) Double-click the cluster resource, click the Parameters tab, and then click to clear the DNS Registration Must Succeed check box.
 * 4) Click OK.
 * 5) Right-click the cluster resource, and then click Bring Online.

<div class="references_section">