In working on an older Microsoft SQL Cluster server configuration recently, I ran into an issue with a lab copy of the SQL Cluster not bringing the SQL resources online as expected. After rejoining the domain and sychronizing everything with the lab environment, the SQL resources failed with the error: eventid 1207 “The computer account for Cluster resource ‘SQL Network Name’ in domain could not be configured for the following reason: Unable to find computer account on DC where it was created.” Also, another detail to the error was that the Cluster Service Account may lack the proper access rights to Active Directory. Let’s take a look at the resolution to SQL Cluster computer account could not be configured.
SQL Cluster computer account could not be configured
The weird thing for me was the cluster had been copied the same way in this lab environment as another environment. The other copy was bringing the resource online as expected. What gives?
Computer Account and Permissions
Well as it turns out, it has to do with the computer account and permissions. What I found in my lab environment was the computer account for the SQL Server Network name wasn’t in Active Directory. Of course, this is pretty spot on with the error message unlike many other Microsoft error messages.
Also, as the error states, I had to make sure the cluster service account had permissions in Active Directory to create the computer account.
To verify this, you need to login to a domain controller on your domain the cluster is joining, open the Default Domain Controller’s Policy and make sure under the Computer Configuration >> Policies >> Security Settings >> Local Policies >> User Rights Assignment >> Add workstations to domain.
Make sure your cluster account has permissions defined here. I already had authenticated users defined which is there by default, however, I took the extra step to explicitly add the cluster service account to this policy.
Aside from making sure I had the proper permissions in this policy setting, I manually added the computer account for the SQL Cluster name. To do this we simply prestage a computer account in the domain for the SQL Cluster name and also define which user or group can join the computer to the domain. The new computer object dialog box looks like the below. Notice how I have defined the User or Group as the cluster service account user.
After creating the computer account as show above, verifying the permissions in the domain controller policy, and a reboot, the SQL cluster resource came online without any issues.
Microsoft clusters and specifically SQL clusters can be a bit tricky especially when you are copying them from one domain to the other. Hopefully, the above will help anyone that runs into the issue of SQL Cluster computer account could not be configured in the event logs.