Monday, August 19, 2013

A server-side database availability group administrative operation failed. Error: The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: The computer account ‘DAG01′ could not be validated. Access was denied. Check that the current user (NT AUTHORITY\SYSTEM) has permissions to create computer accounts in the domain or to claim the computer account.

Issue: -
Not able to add Mailbox server into Database Availability Group in Exchange 2013.

Error Message: -

A server-side database availability group administrative operation failed. Error: The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: The computer account ‘DAG01′ could not be validated. Access was denied. Check that the current user (NT AUTHORITY\SYSTEM) has permissions to create computer accounts in the domain or to claim the computer account. [Server: EXCHMBX02.learnexchange.com]

A server-side database availability group administrative operation failed. Error: The computer account ‘DAG01′ could not be validated. Access was denied. Check that the current user (NT AUTHORITY\SYSTEM) has permissions to create computer accounts in the domain or to claim the computer account.




Error Statement: -

In Exchange 2013 Microsoft introduced CNO, If your DAG members are running Windows Server 2012, you must pre-stage the CNO prior to adding the first server to the DAG.
The CNO is a computer account created in Active Directory and associated with the cluster's Name resource. The cluster's Name resource is tied to the CNO, which is a Kerberos-enabled object that acts as the cluster's identity and provides the cluster's security context. The formation of the DAG's underlying cluster and the CNO for that cluster is performed when the first member is added to the DAG. When the first server is added to the DAG, remote PowerShell contacts the Microsoft Exchange Replication service on the Mailbox server being added. The Microsoft Exchange Replication service installs the failover clustering feature (if it isn't already installed) and begins the cluster creation process. The Microsoft Exchange Replication service runs under the LOCAL SYSTEM security context, and it's under this context in which cluster creation is performed.

Resolution: -

   1.  Create Computer account (CNO) and disable it.

   2.  Assign full control of the computer account to the computer account of the first Mailbox server you're adding to the DAG.

   3.  Assign full control of the computer account to the Exchange Trusted Subsystem USG.


   4.  Now try to add first exchange mailbox server and followed by second server.

Thanks,
Keep Visiting