We have a WS2012 Hyper-V cluster. The cluster has DNS name of hvcluster.domain.local, cluster CNO object in AD called hvcluster$, 2 nodes called node1.domain.local (computer account node1$) and node2.domain.local (computer account node2$)
The cluster CNO is in a failed state. As a consequence, its dynamic DNS record is missing and Live Migration doesn't work. The primary problem is that when I use the Repair option on the CNO, the repair will fail with the following error:
"There was an error repairing the active directory object for "Cluster Name'. Details: There was an error resetting the active directory password for 'Cluster name'. Error code: 0x80005000'
This isn't a new cluster, it's been running for about 2 years now, but this problem manifested recently. I'm aware of the AD requirements for the cluster and for testing purposes I've additionally granted Full Access on the hvcluster computer account to the cluster computer account itself and to both cluster nodes' computer objects (through a group that both nodes are members of).
The account I used for the Repair action (and all other actions) is a member of the Domain Admins group.
Since that didn't help, I've checked that Authenticated Users group is member of the local "Users" group on the cluster nodes. Additionally I've tried modifying local group policy per http://blogs.technet.com/b/askcore/archive/2013/04/04/new-network-name-resource-fails-to-come-online.aspx. That didn't help either.
I've also checked that http://support.microsoft.com/kb/2838043 is installed on both cluster nodes.
From the cluster log (excerpt):
000014a8.00001014::2015/03/03-12:52:32.368 INFO [RES] Network Name <Cluster Name>: AccountAD: OU name for VCO is OU=Hyper-V,DC=domain,DC=local000014a8.00001014::2015/03/03-12:52:32.383 INFO [RES] Network Name: [NN] Setting crypto access members for decrypt. New container = false.
000014a8.00001014::2015/03/03-12:52:32.383 INFO [RES] Network Name: [NNLIB] Priming local KDC cache to \\DC01.domain.local for domain domain.local
000014a8.00001014::2015/03/03-12:52:32.383 INFO [RES] Network Name: [NNLIB] PopulateKerbKDCLookupCache - DC flags 0
000014a8.00001014::2015/03/03-12:52:32.383 INFO [RES] Network Name: [NNLIB] LsaCallAuthenticationPackage success with a request of size 100, result size 0 (status: 0, subStatus: 0)
000014a8.00001014::2015/03/03-12:52:32.383 INFO [RES] Network Name: [NNLIB] Priming local KDC cache to \\DC01.domain.local for domain label domain
000014a8.00001014::2015/03/03-12:52:32.383 INFO [RES] Network Name: [NNLIB] LsaCallAuthenticationPackage success with a request of size 78, result size 0 (status: 0, subStatus: 0)
000014a8.0000227c::2015/03/03-12:52:32.399 INFO [RES] Network Name <Cluster Name>: Getting Read/Write private properties
000014a8.00001014::2015/03/03-12:52:32.414 WARN [RES] Network Name: [NNLIB] LogonUserEx fails for user HVCLUSTER$: 1326 (useSecondaryPassword: 0)
000014a8.0000227c::2015/03/03-12:52:32.430 INFO [RES] Network Name <Cluster Name>: Getting Read only private properties
000014a8.00001014::2015/03/03-12:52:32.446 WARN [RES] Network Name: [NNLIB] LogonUserEx fails for user HVCLUSTER$: 1326 (useSecondaryPassword: 1)
000014a8.00001014::2015/03/03-12:52:32.446 INFO [RES] Network Name: [NNLIB] Logon failed for user HVCLUSTER$ (Error 1326), DC \\DC01.domain.local, domain domain.local
000014a8.00001014::2015/03/03-12:52:32.446 ERR [RES] Network Name: [NN] GetToken - Logging on as the CNO failed with error 1326
000014a8.00001014::2015/03/03-12:52:32.446 INFO [RES] Network Name <Cluster Name>: AccountAD: End of Slow Operation, state: Initializing/Writing, prevWorkState: Writing
000014a8.00001014::2015/03/03-12:52:32.446 WARN [RES] Network Name <Cluster Name>: AccountAD: Slow operation has exception ERROR_INVALID_HANDLE(6)' because of '::ImpersonateLoggedOnUser( GetToken() )'
000014a8.0000227c::2015/03/03-12:52:32.446 INFO [RES] Network Name: Agent: OnInitializeReply, Failure on (6b0ee668-0731-4252-b066-dd657fd23f25,AccountAD): 6
000014a8.0000227c::2015/03/03-12:52:32.446 INFO [RES] Network Name <Cluster Name>: Configuration: InitializeReplyCreation of NetName (type Singleton), result: 6, IsCanceled: false
00001fdc.000018ac::2015/03/03-12:52:32.446 INFO [GEM] Sending 1 messages as a batched GEM message
000014a8.0000227c::2015/03/03-12:52:32.446 INFO [RES] Network Name <Cluster Name>: Configuration: Setting 'StatusKerberos' in clusdb returned status 0
000014a8.0000227c::2015/03/03-12:52:32.446 INFO [RES] Network Name <Cluster Name>: Configuration: Deleting ResourceData, CreatingDC, ObjectGUID for a newly created netname from cluster database
00001fdc.000018ac::2015/03/03-12:52:32.446 INFO [GEM] Sending 1 messages as a batched GEM message
000014a8.000021c4::2015/03/03-12:52:32.461 INFO [RES] Network Name <Cluster Name>: Getting Read/Write private properties
00001fdc.000018ac::2015/03/03-12:52:32.461 INFO [GEM] Sending 1 messages as a batched GEM message
000014a8.0000227c::2015/03/03-12:52:32.477 INFO [RES] Network Name: Agent: OnInitializeReply, Failure on (6b0ee668-0731-4252-b066-dd657fd23f25,Configuration): 6
000014a8.0000227c::2015/03/03-12:52:32.477 INFO [RES] Network Name <Cluster Name>: SyncReplyHandler Configuration, result: 6
000014a8.00001568::2015/03/03-12:52:32.477 INFO [RES] Network Name <Cluster Name>: PerformOnline - Initialization of Configuration module finished with result: 6
000014a8.00001568::2015/03/03-12:52:32.477 ERR [RES] Network Name <Cluster Name>: Online thread Failed: ERROR_SUCCESS(0)' because of 'Initializing netname configuration for Cluster Name failed with error 6.'
000014a8.00001568::2015/03/03-12:52:32.477 INFO [RES] Network Name <Cluster Name>: All resources offline. Cleaning up.
000014a8.00001568::2015/03/03-12:52:32.477 ERR [RHS] Online for resource Cluster Name failed.
Any ideas? Btw. I've been through many articles like: https://support.microsoft.com/kb/2838043/, https://social.technet.microsoft.com/forums/windowsserver/en-us/2ad0afaf-8d86-4f16-b748-49bf9ac447a3/ws2012-cluster-network-dns-issues, http://blogs.technet.com/b/askcore/archive/2013/04/04/new-network-name-resource-fails-to-come-online.aspx, http://blogs.technet.com/b/askcore/archive/2012/09/25/cno-blog-series-increasing-awareness-around-the-cluster-name-object-cno.aspx etc.