I'm having a permissions issue with the CNO, and I can't pin down the exact problem. I am pretty sure the issue started when we moved the computer objects into a new OU, but even moving them back hasn't
helped, and I've been staring at the issue so
long I need a fresh perspective.
Backstory: we have a 4 node Server 2012 cluster that has been in production for a little over a year. Recently I've seen some event 1206's showing up in the failover manager:
The computer object associated with the cluster network name resource 'Cluster Name' could not be updated in domain '<domain name>. The error code was 'Resource post online'. The cluster identity 'cluster101$' may lack permissions required to update the object. Please work with your domain administrator to ensure that the cluster identity can update computer objects in the domain.
The node that is throwing those errors is the current host server for the cluster. The cluster name object is showing as Online. I can mark it as offline, but when I try and repair the name, I get the error "0x800713b8 The cluster request is not valid for this object." However, I can still successfully bring the CNO back online. Re-running cluster validation tests still pass the cluster.
When trying to change the cluster permissions from within the FCM, I'm getting an access denied error.
The account I'm using is in the Domain Admins group, and I've confirmed that the account has full control to the CNO and the nodes via ADUC. Each node also has full control to the CNO, and the CNO has full control over each node.
I've done a bunch of reading on things, and I think I've got everything correct, but clearly something is still missing. If anyone has more suggestions that would be great.