Hello,
I have created a 2008 R2 Failover cluster and I am trying to add a Fail over File server to this.
I get the dreaded
Cluster network name resource 'OfMaClusterFS' failed to create its associated computer object in domain 'xxx.domain' for the following reason: Unable to create computer account.
The text for the associated error code is: Access is denied.
Please work with your domain administrator to ensure that:
- The cluster identity 'OFMACLUSTER$' can create computer objects. By default all computer objects are created in the 'Computers' container; consult the domain administrator if this location has been changed.
- The quota for computer objects has not been reached.
- If there is an existing computer object, verify the Cluster Identity 'OFMACLUSTER$' has 'Full Control' permission to that computer object using the Active Directory Users and Computers tool.
I have created clusters frequently in the past, on my own Domains that I am a domain admin of. Now I am trying to make one on our larger corporate domain that I am not a domain admin of and get this error.
By default, domain users can not add computer accounts to our domain. I do however have an limited account that can add computers to the domain... but I have tried all the tricks I can think of to try and add the Network name to AD and no luck.#
I have tried running the cluster service with this account, but it is still trying to use the OFMACLUSTER$ identity to create the Network name. I have tried manually creating the network name using my limited account, but that doesn't work either, same error. I don't have the ability to change permissions on the computer name I added for the network name to AD.
I have raised a ticket to our wintel team to try and get them to help, but they aren't exactly the most responsive bunch. I'm just wondering what the best way around this problem is if I am not a domain admin and I can't make the changes I need, or what concise instructions I can give to the domain admins so that they can help me out without saying that it is a security breach etc.
I would appreciate any advice on this as it's now urgent and also something I will have to do in the future fairly regularly and don't want to get caught in the situation in the future.