SQL 2012 Cluster, Windows 2012 R2 OS, Windows 2008 R2 Domains

Published On: 2014-01-07By:

Recently I was installing SQL Server 2012 on a new Windows 2012 R2 cluster for a client and ran across a bit of a problem. When the SQL Installer was attempting to start SQL Server for the first time SQL Server was throwing Windows errors 1069 and 1194 which basically say…

Cluster network name resource ‘%1’ failed to create its associated computer object in domain ‘%2’ for the following reason: %3.

The text for the associated error code is: %4

Please work with your domain administrator to ensure that:
– The cluster identity ‘%5’ can create computer objects. By default all computer objects are created in the ‘Computers’ container; consult the domain administrator if this location has been changed.
– The quota for computer objects has not been reached.
– If there is an existing computer object, verify the Cluster Identity ‘%5’ has ‘Full Control’ permission to that computer object using the Active Directory Users and Computers tool.

What this basically means is that the account which is trying to create the computer account within the domain doesn’t have the correct permissions needed to create the account. Now in this case the domain has a domain group called “Add Computers To The Domain” which has the “Create Computer” right in all OUs within Active Directory. Adding the CLUSTER$ account for this cluster to this group did nothing. The reason for this is because this group has only a single right “Create Computer”. For Windows 2012 R2 clusters to be able to successfully create computer objects in Active Directory the CLUSTER$ account needs to have what is considered to be “Read” permissions. Specifically this is three different permissions on the OU which are:

  • List Contents
  • Read all properties
  • Read Permissions

In addition this account needs to “Create Computer” right as well.

My solution in this case was to create a new group in Active Directory and grant that group these four rights to the group. This way if the problem comes up again for new clusters (which I’m sure that it will) the fix will simply be to drop the computer account for the cluster into the group, wait for domain replication to finish, then try starting the client access point again.

My solution in this case was to grant the domain group rights to the OU which the SQL Server objects where going to be created in within Active Directory. For some reason when attempting to grant this permission through a group the permission wasn’t granted correctly.

Much thanks to Allan Hirt (@SQLHA) for validating that I’m not crazy and that these were the correct permissions at midnight my time which was 3am his time.


Contact the Author | Contact DCAC

One response to “SQL 2012 Cluster, Windows 2012 R2 OS, Windows 2008 R2 Domains”

  1. Manishkumar1980 says:

    Adding the CLUSTER$ account for this cluster to this group did nothing.

    CLUSTER$ here is your account name or Managed service account or other account .

    Please let me know will be helpful…..


Globally Recognized Expertise

As Microsoft MVP’s and Partners as well as VMware experts, we are summoned by companies all over the world to fine-tune and problem-solve the most difficult architecture, infrastructure and network challenges.

And sometimes we’re asked to share what we did, at events like Microsoft’s PASS Summit 2015.

Awards & Certifications

Microsoft Partner   Denny Cherry & Associates Consulting LLC BBB Business Review    Microsoft MVP    Microsoft Certified Master VMWare vExpert
INC 5000 Award for 2020    American Business Awards People's Choice    American Business Awards Gold Award    American Business Awards Silver Award    FT Americas’ Fastest Growing Companies 2020   
Best Full-Service Cloud Technology Consulting Company       Insights Sccess Award    Technology Headlines Award    Golden Bridge Gold Award    CIO Review Top 20 Azure Solutions Providers
Share via
Copy link